Post updated 31.03.2025 Table of Contents The basicsDifferences in scope, overlaps in applicationRoles and ResponsibilitiesDocumentation requirementsTransparency obligationsLawful processing of personal data is dubiousPurpose limitation, data minimization principles,...
From the perspective of the general public and society as a whole, so-called Artificial Intelligence (AI) was largely invisible until OpenAI removed the veil over GPT-3.5/ChatGPT in 2022. Since then, the interest and use of AI, and General Purpose AI (GPAI), has...
Oslo District Court has found Grindr’s sharing of personal data illegal as a result of the Norwegian Consumer Council complaint from 2020. Accordingly, Grindr has to pay EUR 5 million, as fined by the Council. Our guardians of personal data and privacy: NDPA, NPAB,...
This is blog post #20 in our series on the GDPR and is a continuation of the blog post # 19 which ended with this: After the Norwegian (NO) DPA (Data Protection Authority) imposed a ban on Meta’s behavioral advertising and put a fine on Meta, the company brought the...
Runbox was recently informed via our Internet Service Provider that a global botnet (robot network) consisting of hundreds of thousands of computers has been disrupted by the FBI. In a coordinated operation taking place on August 29 in the US and several European...
This is blog post #17 in our series on the GDPR. Summary of the case In our blog post on 23 October 2022, we referred to the Data Protection Authorities (DPAs) of Austria, Denmark, France, and Italy who were concluding that the use of Google’s Universal Analytics (UA...
This is blog post #18 in our series on the GDPR. “Don’t tell anything to a chatbot you want to keep private.” [source] Writing about AI in general and about chatbots specifically is like shooting at a moving target because of the speed of development. However, at...
This is blog post #16 in our series on the GDPR. At Runbox we are always concerned about data privacy – “privacy is priceless” – and we put some effort into keeping ourselves updated on how the EU’s General Data Protection Regulation (GDPR) affects privacy related...
This is blog post #15 in our series on the GDPR. Four European Data Protection Authorities (DPAs) have thus far concluded that the transfer of personal data to the United States via Google Analytics is unlawful according to the General Data Protection Regulation...