The Future of Privacy Forum released a report on the efficacy of Article 25 of the EU General Data Protection Regulation's data protection by design and by default obligations. The report draws on more than 92 data protection authority cases, court rulings and guidance issued by 16 European Economic Area states. The report details how "European DPAs diverge in how they interpret the preventive nature of Article 25," and "some are reluctant to find violations in cases of isolated incidents or where Article 5 GDPR principles are not violated, while others apply Article 25 preventively before further GDPR breaches or ... data processing."
Report finds DPAs inconsistently apply GDPR data protection by design obligations
Related stories
Notes from the IAPP Canada: Ontario IPC shares enforcement philosophy with law students
Notes from the IAPP Europe: Wrapping up November with the IAPP DPC
Ireland's DPC details legitimate interest prong of its LinkedIn enforcement action
What the new European Commission could mean for digital regulation
IAPP DPC 2024: Reynders discusses GDPR enforcement harmonization, adequacy developments
