German Court Awards €10,000 for Unlawful Disclosure of Employee’s Health Data
A German court ruled that an employee was entitled to €10,000 in damages after the unauthorized sharing of their health data. The employee’s health information, shared via email, was disseminated to nearly 10,000 members of an association.
The court emphasized that the sharing of sensitive health data constitutes harm in itself under GDPR, even without evidence of additional damages. This aligns with the CJEU’s stance on non-material damages.
EDPB Issues Opinion 28/2024 on AI Models
The European Data Protection Board (EDPB) released its Opinion 28/2024, addressing the application of GDPR to artificial intelligence (AI) models. Key points include:

• Transparency: Organizations must provide clear and accessible information about AI systems.
• Fairness and Bias: AI models should be tested for and protected against bias to prevent discrimination.
• Purpose Limitation and Data Minimization: AI systems should use only the data necessary for their specific purpose.
• Accountability: Organizations must establish clear roles and responsibilities for data controllers and processors.

If you haven't already, now is a good time for organisations developing AI tools to use these guideline to review practices around transparency, fairness, and bias mitigation to ensure GDPR compliance.
Irish DPC Concludes Investigation into Meta’s “View-As” Feature
The Irish DPC investigated Meta’s "View-As" feature after a security flaw exposed personal data from 50 million users to unauthorized parties. Findings included:
Lack of Adequate Safeguards: Insufficient measures to protect user data.
Violation of GDPR Security Principles: Breach of data protection and accountability requirements.

Find all resources from this episode at: https://conformally.com/privacy-navigator
Learn more about Conformally at https://conformally.com