The Standardised Messenger Audit project aims at helping to inspect the messenger services used within businesses from a data protection perspective.

The EDPB launched the Standardised Messenger Audit project in the context of the Support Pool of Experts programme at the request of the German Federal Data Protection Authority (DPA).

Project completed by the external expert Prof. Mathieu Cunche in November 2023, who worked closely with the German Federal DPA, which provided significant input and feedback.

Objective

The project provides a test catalogue of mandatory, recommended, and optional requirements which a GDPR-compliant messenger frontend would have to meet. The catalogue may support data protection authorities in their work, but also companies that want to review and improve their product.

The Standardised Messenger Audit project includes two deliverables: 
 

The AI Auditing project aims to map, develop and pilot tools that help evaluate the GDPR compliance of AI systems and applications are GDPR compliant.

The EDPB launched this project in the framework of the Support Pool of Experts programme, at the initiative of the Spanish Data Protection Authority (DPA).

Project completed by the external expert Dr. Gemma Galdon Clavell in February 2023.

Objective

This project helps all parties understand and assess data protection safeguards in the context of the AI Act. In particular, it may help DPAs to inspect AI systems by defining a methodology in the form of a check-list to perform an audit of an algorithm and proposing tools that would enhance transparency.

This project includes several deliverables:  

Under the Data Protection Officer (DPO) training project, data protection officers in Croatia were trained with the aim to raise the overall level of compliance of their organisations, especially in hospitals and educational institutions.

The EDPB launched the Data Protection Officer training project in the context of the Support Pool of Experts programme, at the request of the Croatian Data Protection Authority (DPA).

Project conducted by external expert Prof. Tihomir Katulić and completed in December 2023

The DPO training extensive programme was designed in Croatian with training material and Q&As for DPOs, it includes several deliverables:

The AI risks project assesses the data protection risks of AI for Optical Character Recognition (OCR) and Name Entity Recognition (NER).

OCR is a technology used to convert images or scanned documents containing text into machine-readable text.
NER is used to identify named entities such as names, organizations and locations within a document and classify them into predefined categories.

The EDPB launched this project in the context of the Support Pool of Experts programme at the request of the EDPS.

Project completed by the external expert Isabel Barbera in September 2023.

Objective

This project helps data controllers who use AI for these purposes to perform an assessment of data protection risks and, data protection authorities to evaluate the validity and effectiveness of this assessment in the course of their investigations. 
For both technologies, the external expert identified specific data protection and privacy risks posed by the procurement, the development and the use of the specific technology.

The AI Risks project includes several deliverables: