Many businesses are using artificial intelligence (AI) in some form in order to create business efficiencies. Some businesses use generative AI for copywriting, software writing, or employ Chatbots. These programmes work by being ‘trained’ by the inputting of large amounts of data. Other AI in use includes tools to summarise data or to perform analysis. Some businesses use off-the shelf AI tools and others augment the tools with their own specific datasets.
Continue readingTag: Data Protection (Page 1 of 2)
In February 2020, COVID-19 arrived in Ireland, quickly leading to the COVID-19 pandemic, which caused one of the longest lockdowns experienced in Europe. The lockdown led to most of Ireland’s workforce not being able to work in their buildings or offices, causing a majority of them to work from home. Before 2020, remote work was once seen as a luxury or a niche option but is now the norm, and the demand for remote work has been increasing since then, with most businesses now offering remote work as a way to cut down on extra costs. Remote work saw a large impact on the legal sector, with most firms still recovering to pre-pandemic operations. In response to remote work becoming more popular within Ireland, the Irish government aimed to establish a legal framework to govern remote work practices.
Continue readingGDPR puts a variety of obligations on businesses. Due to the far-reaching penalties arising under data protection law, it is important for business-owners to recognise where a need for action is triggered. One area that causes confusion or may be overlooked is the requirement for a data transfer agreement (DTA). A business may need a DTA in the following situations:
Continue readingThe EU Artificial Intelligence Act came into force this week without much fuss. It creates obligations on all organisations that use or create artificial intelligence such as predictive analytics, virtual assistants, chatbots, HR tools, fraud detection tools, medical diagnostic tools, financial credit scoring, online retail recommendation engines, and targeted advertising.
Continue readingOrdinarily at this time of year, I advocate a total switch off from all things work. However, the one thing that does not take a break over the Christmas period is the obligation to report a data breach to the Data Protection Commissioner. All data breaches must be notified within 72 hours.
A Data Protection Agreement is necessary when an organisation allows any third party to access or process personal data. This includes storage of files in the cloud, the use of work management systems, marketing or bulk-email software, as well as any situation where you allow access to an individual’s personal data by anyone outside of your organisation. If you are sharing personal data, it is your obligation to ensure that there is a DPA in place.
Under GDPR, children benefit from all the same protections as adults in respect of their personal data. However, organisations must take particular care in respect of processing the personal data of children, a child being a person under the age of eighteen years.
In recent months, I have noticed an increase in fees being charged for the compliance with data subject access requests, by some organisations. The purported fee is named as being to cover the cost of redaction, administration or copying, and is in many cases unlawful. Continue reading
Under GDPR, employers are entitled to monitor employee activity if they have a lawful basis for doing so and the purpose of their monitoring is clearly communicated to employees in advance-before any data is recorded the data subject must be warned. A system used to monitor the building for security purposes will usually be easy to justify. The use of CCTV systems in other circumstances – for example, to constantly monitor employees – can be more difficult to justify and could involve a breach of the Data Protection Acts. Should an employee object to the use of CCTV cameras in a particular area, the GDPR test places the burden on the employer to demonstrate that it has “compelling legitimate grounds” for processing that override the employees’ rights, or for the establishment, exercise or defence of legal claims.
General Data Protection Regulation
On Friday May 25th 2018 GDPR came into force. Although the key principles of data protection don’t change, there are changes to the regulatory policies. Below, we look at the main changes we will now see in Irish Law.