The Future of Privacy Forum released a report on the efficacy of Article 25 of the EU General Data Protection Regulation's data protection by design and by default obligations. The report draws on more than 92 data protection authority cases, court rulings and guidance issued by 16 European Economic Area states. The report details how "European DPAs diverge in how they interpret the preventive nature of Article 25," and "some are reluctant to find violations in cases of isolated incidents or where Article 5 GDPR principles are not violated, while others apply Article 25 preventively before further GDPR breaches or ... data processing."
Report finds DPAs inconsistently apply GDPR data protection by design obligations
RELATED STORIES
Privacy in Arkansas: Is Arkansas ready for a consumer privacy law?
A view from DC: CFPB calls for states to regulate financial privacy
Notes from the IAPP Canada: OPC's WADA investigation 'raises some interesting issues'
A view from Brussels: European Commission's new tech policy center of gravity
First fine imposed under Thailand's Personal Data Protection Act