GDPR

Short paper: Models in the dark -- Rectification and erasure under GDPR in ML supply chains

arXiv:2606.05946v1 Announce Type: new Abstract: The rights to rectification and erasure, as established under the General Data Protection Regulation (GDPR), are central to protecting individuals' privacy. However, their effective enforcement in machine learning (ML) systems remains challenging. Existing work has largely addressed these rights from either a legal or a technical perspective in isolation and disregards the fact that models are produced in complex supply chains involving...

On-Device Generative AI for GDPR-Compliant Visual Monitoring: Natural Language Alerts from Local Object Detection

new Abstract: Visual monitoring systems that rely on cloud-based AI inference expose raw image data to external services, creating fundamental tensions with the data-minimisation principle of the General Data Protection Regulation (GDPR). This paper presents a proof-of-concept privacy-by-design pipeline that resolves this tension by confining all inference entirely to the edge device. A YOLOv5n-seg model compiled for a Hailo-8L AI accelerator delivers real-time object detection on a...

Policy-Compliant Cloud Storage Systems

arXiv:2606.05423v1 Announce Type: new Abstract: Privacy regulations such as the General Data Protection Regulation (GDPR) impose strict requirements on how personal data is stored, processed, and audited. While key-value stores (KVS) are widely used in latency-sensitive applications, their simple data model and untrusted cloud deployment environments make GDPR compliance particularly challenging. Existing approaches require invasive code modifications, impose high performance overheads, or...

1k Data Breaches Later, the Disclosure Lag Is Worse

Today, I loaded the 1,000th data breach into Have I Been Pwned. Reflecting on that milestone number, I pondered how to mark the occasion in writing, and what immediately came to mind was a very simple question: why is it still needed? Especially considering the emergence of privacy regulations such as GDPR and CCPA in the 12 and a half years since I started HIBP, what possible purpose does it still serve?

Researchers find all big-name bots bomb EU compliance tests

AI agents actively ignore EU law to achieve goals, study finds

The best-performing AI agent, Anthropic’s Claude Opus, only complied with EU law in 54% of cases, according to a Dutch non-profit research firm. Some of the world's most popular AI models are building agents that actively resist EU regulation to get what they want, according to new research. Aithos, a Dutch non-profit researching AI alignment, developed a system called LARA to test 12 popular AI agent models to see whether they would follow key parts of the EU AI Act, which regulates how AI...

Meta's employee mouse tracking program could reportedly violate EU privacy laws

Meta's employee mouse tracking program could reportedly violate EU privacy laws 'Reuters' says the tracking tool could capture emails and chats by non-US employees. Reuters says Meta's mouse tracking program for employees could run afoul of the EU's strict privacy rules. If you'll recall, the news organization reported back in April that the company will be capturing its US employees' keystrokes, mouse movements and clicks for the purpose of training its artificial intelligence models.

New privacy frontier: Europe eyes crackdown on smart glasses

BRUSSELS — Europe is ramping up its warnings over the surveillance risks of smart glasses, in what is seen as the next big fight over people’s physical privacy. The technology, which integrates cameras into glasses, is facing increased scrutiny from lawmakers and regulators, who are ramping up discussions on whether it goes against Europe’s privacy regulations. Privacy activists are warning the glasses violate key principles like consent, since people captured in the built-in...

From Statute to Control Flow: Span-Grounded Deontic Trees for Defeasible Scope Parsing

Announce Type: new Abstract: Rule-following agents tasked with executing policies and regulations often fail via Silent Scope Omission (SSO): a model applies a general rule but silently drops nested exceptions or counter-exceptions, producing outputs that appear compliant yet break on important edge cases. Although such failures are often framed as an agentic-systems problem, the underlying bottleneck is statutory and policy understanding, a capability typically studied in legal NLP....

Chrome downloads a 4GB AI file without user consent, researcher alleges

Chrome downloads a 4GB AI file without user consent, researcher alleges If you've paid any attention to Google lately, you know that it wants us using its AI tools. So much so that Chrome apparently downloads a 4GB file containing details for running Gemini Nano, Google's on-device LLM. Computer scientist Alexander Hanff published the details earlier this week on his website The Privacy Guy and goes into extreme detail on why this isn't a good look for Google.