US-based organizations using AI services risk violating GDPR when processing data of EU citizens, even if the patient is physically in the US. A Boston hospital discovered this when a routine audit revealed that its AI system, hosted on US infrastructure like AWS and OpenAI APIs, processed protected health information of 47 German patients. This constitutes an illegal data transfer under GDPR Article 44, potentially leading to significant fines. The article highlights that GDPR applies based on the data subject's location, not the organization's. AI
影响 US organizations using AI services risk substantial GDPR fines if they process EU citizen data without compliant transfer mechanisms.
排序理由 Article details a specific regulatory compliance issue with significant financial implications for organizations using AI services with international data subjects. [lever_c_demoted from significant: ic=1 ai=0.4]
AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →
