Latest news and stories about gdpr in Portugal for expats and residents.
The Entity for Political Accounts and Financing requested an opinion from the Commission to understand if donors could be revealed. Issues related to the GDPR led to the concealment of entities.
Regulation (EU) 2024/1689 (the AI Act) and Regulation (EU) 2016/679 (the GDPR) create a demanding regulatory framework for the use of AI in European judicial systems. The AI Act classifies AI systems used in the administration of justice as high-risk, requiring strict compliance with risk management, data quality, technical documentation, transparency, and human oversight. Furthermore, the GDPR imposes stringent rules on the international transfer of sensitive judicial data, particularly when processing occurs on servers outside the EEA. This regulatory intersection suggests that AI providers must localise data processing infrastructure within the EU to ensure digital sovereignty and maintain control over the administration of justice.
The spin-off TekPrivacy, incubated at Uptec – Science and Technology Park of the University of Porto, was one of 20 companies selected for the Protechting acceleration programme. It competed against more than 600 candidates from around the world for this initiative by the Fidelidade group in partnership with the Fosun Foundation and Hospital da Luz Learning Health.
Doctors at the Portuguese Institute of Oncology (IPO) in Porto received communications from an external company called 'Questão Resolvida' on March 5th, despite not having authorised the use or transmission of their email addresses. The Northern Doctors' Union (SMN) has denounced the incident, stating that it occurred without the doctors' prior consent or legal clarification. The union has demanded explanations from the IPO board and has reported the matter to the National Data Protection Commission (CNPD), citing potential violations of the GDPR and national data protection laws. Meanwhile, the IPOs in Coimbra and Lisbon are set to invest 16.52 million euros in medical and robotic equipment.
The project, in its current wording, does not fully ensure compliance with the requirements of the General Data Protection Regulation.
Luís Rosa and Saragoça da Matta discuss the statute of limitations affecting 200 of the 225 GDPR breaches attributed to Lisbon City Council. The case concerns the disclosure of activists' data to the Russian Embassy.
The municipality argued there was no obligation to pay the fine — about €1.25 million for 225 breaches of the GDPR.
A classification error on YouTube allowed the collection of personal data without the consent of guardians.
