Europe

Resource Center / Topic Pages / Europe

Image

Europe

TOPIC PAGE

Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.

The IAPP Resource Center includes additional European-focused topic pages for the EU AI Act, EU General Data Protection Regulation, the EU ePrivacy Regulation and the United Kingdom.

Back to Top


Additional News and Resources

European Parliament: Ninth parliamentary term recap


EU AI Act: Next Steps for Implementation


EU AI Act: The web of regulatory intersections


EU AI Act Compliance Matrix


EU AI Act Stakeholder Map


EU NIS2 Directive: 101


What the new European Commission could mean for digital regulation


Ireland’s DPC details legitimate interest prong of its LinkedIn enforcement action


A deep dive into Europe’s approach on personal data processing in AI systems


Are you ready for NIS2? The impact of Europe’s new cybersecurity directive


Meta reshapes EU personalized advertising offerings again


What to know about the EU Cyber Resilience Act


Council of Europe’s Framework Convention on AI and its global implications


Top 10 operational impacts of the EU AI Act – Regulatory implementation and application alongside EU digital strategy


German court decision signals move toward risk-based approach to data transfers


European Commission report reviews progress of EU-US DPF


EDPB issues draft guidelines on legitimate interest, opinion on processors


Report offers drafting recommendations for EU’s general-purpose AI Code of Practice


Sharing is (health)caring? A look into the new European Health Data Space


EU Data Act: All your threshold questions answered


The state of web scraping in the EU


Navigating Government Access to Private Data in the EU


Global AI Governance Law and Policy: UK


EU elections explainer: 2024, a transition year into EU leadership overhaul


EU elections explainer: Heading into the next term, reading the smoke signals


GDPR Genius


Key dates for EU initiatives


GDPR at Five


Pay, OK or a third way: Context, analysis from the EDPB’s opinion


European Health Data Space: Revolutionizing health care, scientific research in the EU


Navigating AI’s uncharted waters: Insights from China’s Model AI Law, EU AI Act


Get ready for the EU AI Act: Priorities for compliance


Adtech: Practical takeaways from recent EU developments


Inside the EU AI Act negotiations: A conversation with Laura Caroli


Consent or Pay: The EDPB weighs in


Will the EU AI Act work? Lessons learned from past legislative initiatives, future challenges


EDPB opinion on legality of pay-or-consent models in EU GDPR context


IAPP GPS 2024: European regulators discuss AI Act enforcement, fines


The EU AI Act: A view from the lawmaker on next steps


How stakeholders are welcoming EU AI Act


Preparing to implement the EU AI Act


The EU AI Act: A major moment in the digital world


The EU AI Act: A view from the lawmaker on next steps


Breaking down the EU AI Act


EU Data Act: 101


EU Data Governance Act: 101


EU Digital Services Act: 101


EU Digital Markets Act: 101


EU-US Data Privacy Framework – Guidance and Resources


Countries At-a-Glance: Privacy and Consumer Trust


EU decision-making at a glance: How do EU laws get approved?


EU Data Initiatives in Context


A practical comparison of the EU, China and ASEAN standard contractual clauses


Practical considerations from EU enforcement: One-stop shop


Practical considerations from EU enforcement: legal bases and transparency


EU Standard Contractual Clauses (Word documents)


The ‘hidden obligation’ rides again! EU representatives under GDPR, DSA, NIS2 and others


Toward a risk-based approach? Challenging the ‘zero risk’ paradigm of EU DPAs in international data transfers and foreign governments’ data access


Implications of EDPB’s looming ‘pay or OK’ guidelines


CNIL publishes priority control themes for 2024


IAB Europe releases updated best practices guide


ASEAN publishes EU transborder data flow guide


ANPD publishes legitimate interest guidance


EU countries vote unanimously to approve AI Act


EDPB creates website auditing tool for GDPR compliance


EU AI Act: Draft consolidated text leaked online


EU crusade against web cookies faces uncertain future


EDPB coordinated enforcement sheds light on DPO compliance


European Commission upholds 11 adequacy decisions


Austria’s DPA releases cookies, data protection FAQ


The CJEU rules on the liability of controllers


Key takeaways from the CJEU’s recent automated decision-making rulings


Revisiting EDPB, ICO approaches to administrative fines


The EU AI Act: ‘We have a deal!’ Now what?


Luca Bertuzzi on the EU AI Act’s political deal and what’s next


EU reaches deal on world’s first comprehensive AI regulation


Empowering users: A universal interface for digital ad preferences


Reynders announces European Commission’s latest international data transfer plans


CJEU rules individuals have right to free copy of their personal data


Survey finds many EU companies not yet compliant with NIS2


EDPB issues binding decision banning Meta’s targeted advertising practices


Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions


Key points of the DPC’s GDPR decision on TikTok and children’s data


CNIL publishes FAQ for French entities EU-US DPF implementation


Italy’s DPA releases guide for privacy in schools


European Commission releases DMA compliance report template


Ireland’s DPC publishes case study handbook


Ireland’s DPC issues 345M euro TikTok children’s privacy fine


Contentious areas in the EU AI Act trilogues


Switzerland DPA releases data protection impact assessment guide


Ireland’s DPC discusses back-to-school photo safety


The Atlantic Declaration: Data bridges, privacy and AI


Unpacking the DPC’s data transfers decision


Ready for the new Swiss data protection law? Implications for organizations outside Switzerland


Beyond GDPR: Unauthorized reidentification and the Mosaic Effect in the EU AI Act


Is this the end of consent-less tracking by online platforms in the EU?


The EU-U.S. Data Privacy Framework in practice


European Commission adopts EU-US adequacy decision


The definition of ‘anonymization’ is changing in the EU: Here’s what that means


In scope or not? An EU AI Act decision tree and obligations


The EU Artificial Intelligence Act: A look into the EU negotiations


Europe’s rulebook for artificial intelligence takes shape


Unpacking the DPC’s data transfers decision


Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?


The EDPB Coordinated Enforcement Action on the role of DPOs


Ireland’s DPC issues employee data protection guidance


European Data Protection Supervisor’s Annual Report (2022)


AEPD Annual Reports


AEPD publishes guidance on public-sector legislation DPIAs


Irish DPC publishes Article 30 guidance


Irish DPC publishes guides on children’s data protection rights


Going back to basics for the EDPB’s year of the DPO


AEPD publishes guidance to help public administrations manage data risks


NGO seeks more Ukrainian privacy awareness amid Russian invasion


EDPB launches coordinated enforcement on role of DPOs


CNIL’s Secretary General rolls out plans for 2023 at DPI France


ICO releases new UK GDPR certification scheme


UK introduces draft data protection reform


Top ten takeaways from the draft UK GDPR reform


Irish DPC Annual Report 2022


The process behind the EDPB’s coordinated enforcement framework


EU policymakers have adtech in sight for future regulation


FPF: Regulatory Strategies of European Data Protection Authorities


MEPs urge European Commission to reject EU-US adequacy


CJEU issues ruling on DPOs and conflict of interest


UK PM overhauls government departments, including focus on innovation and tech


Denmark’s Datatilsynet outlines 2023 priorities


Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023


CNIL releases report on sanctions, corrective measures


Privacy Around the Globe: United Kingdom


European Commission publishes guidelines for Digital Services Act user reporting


Sweden’s DPA publishes DPO survey


What the EU has in store for 2023


A practical guide to anonymization standards across the EU and UK


EDPB’s Meta decisions explained: Resolving the adtech dispute


10 takeaways from the Irish DPC decisions on Meta


Irish DPC, EDPB Meta decisions raise complex, fundamental questions


Irish DPC fines Meta 390M euros over legal basis for personalized ads


Belarus implements cross-border transfer rules


EU-US draft adequacy decision arrives, EU process begins in earnest


The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache


A look at European Parliament’s AI Act negotiations


Europe seeks a way out of the data retention pickle


German state DPA releases processor code of conduct


The EU’s temptation to break end-to-end encryption


Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data


The EU-US Data Privacy Framework and next steps for data transfers


IAPP country leaders weigh in: What’s next for data protection in Europe?


A view from Brussels: The latest on the DSA, DMA and Privacy Shield


European Commission Report: A European strategy for data


The value of a UK representative: A response to the DPDI Bill


A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup


Is data localization coming to Europe?


Slovenia DPA creates guide for conducting data impact assessments


Dentons: Europe Cookie Law Comparison tool


UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework


EU Artificial Intelligence Act Proposal: What could it change?


Proposed EU AI Act blurs lines between AI developers and data processors under GDPR


UK unveils data reform bill, proposes AI regulation


Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?


Garante Annual Reports (Italian DPA)


Guide to EU Cookie Laws


A view from Brussels — Reflections on the incoming Czech Republic presidency


A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road


Ukraine’s human rights commissioner releases martial law data protection guidance


Consent as legal basis for EU and UK employment


CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’


Datatilsynet (Norway) – Data Protection Officer Survey 2020/21


CNIL publishes cookie wall evaluation scheme


Berlin DPA offers cross-border data transfer guidance


CNIL Activity Report (2021)


HDPA releases guidelines on website-tracking compliance


CNIL Interactive Map – Data protection around the world


AEPD launches health data guidance hub


EU plans to improve health data access


Norwegian DPA issues guidance on minors’ consent


UK, German DPAs talk regulatory priorities, privacy complexities


The UK data policy and possible divergences with the European Union


European Parliament issues report on AI Act


EDPS, EDPB chair talk privacy policy in the EU, beyond


Ukraine uses Clearview AI to identify Russian soldiers killed in invasion


EU, US agree ‘in principle’ to new trans-Atlantic data agreement


EU Parliament, Council reach deal on Digital Markets Act


Norwegian DPA issues employee monitoring guidance


Key takeaways from CNIL’s draft recommendation on smart cameras


A conversation with Ukrainian Dmytro Korchynskyi


The data provisions in the EU’s upcoming Big Tech law


Data portability in the EU: An obscure data subject right


Commission proposal for a regulation on the European health data space


A conversation with Ukrainian Dmytro Korchynskyi


Disclosing information on behavioral profiles: the Polish cookie case


CNIL’s Guide on Data Protection Officers


Irish DPC fines Meta 17M euros over 2018 data breaches


Danish DPA Annual Reports (Datatilsynet)


EDPS report: EU Institutions’ resilience to COVID-19


The EU’s anti-money laundering regulation and data protection: Part II


CNIL publishes its 2022 to 2024 strategic plan


AEPD – Innovation and Technology Resources


EU Data Governance Act: What privacy professionals need to know


CNIL is latest authority to rule Google Analytics violates GDPR


Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent


Inside the EU’s rocky path to regulate artificial intelligence


Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations


Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’


Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’


CNIL sets parameters for processors’ reuse of data for product improvement


CNIL sets parameters for processors’ reuse of data for product improvement


CNIL’s ePrivacy fines reveal potential enforcement trend


Irish DPC releases 2022-2027 regulatory strategy


Irish DPC finalizes children’s privacy guidelines


From the AI Act to the DSA: Catching up on the EU’s digital agenda


New EU data blockage as German court would ban many cookie management providers


The EU’s digital strategy and what it means for privacy


The way the third-party cookie crumbles: Part 1 – EU and UK developments


The EU’s DMA and DSA: Why this should be of interest to privacy pros


Germany’s telecom privacy law takes effect


EDPB discusses data transfer guidance considerations, key points


New EDPB Guidelines: What is a data transfer under the GDPR?


CNIL releases its own privacy maturity self-assessment model


CNIL publishes DPO guidance


CNIL publishes guide to support organizations in GDPR compliance


Venice uses cellphone data, surveillance cameras to track tourists


Irish DPC WhatsApp decision: What do you need to know?


Digital welfare fraud detection and the Dutch SyRI judgment


CNIL publishes ‘data protection management maturity model’


Norwegian DPA updates data transfer guidance


Malta DPA publishes cookie consent guidance


The state of Serbia’s Personal Data Protection Law after two years


What can we learn from the Garante’s recent 2.5M euro fine?


European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D


Commentary on Dutch DPA’s fine for not appointing an EU representative


German DPA tells government organizations to shut down Facebook pages


Talks for DPOs by Dutch DPOs


EDPB’s data transfer recommendations adopt a risk-based approach with teeth


Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers


Belgian DPA Annual Report


European Commission to take legal action against Belgium over DPA independence


EDPS Factsheet – Data protection audits explained


Garante issues DPO guidance


What’s behind the EU’s new Cloud Code of Conduct?


Germany passes data protection, privacy law for telecommunications


The Irish High Court judgment on EU-US data flows


Exploring Belarus’ data protection law


New urgency about data localization with Portuguese decision


How to know you are a ‘data intermediary’ under the Data Governance Act


EDPB adopts data transfer statement, publishes GDPR guidance


Estonia approves bill enabling creation of biometric ID system


Belarus adopts draft personal data protection law


Why the EDPB should avoid torpedoing BCRs for processors


Privacy self-assessment toolkit for SMEs in Ukraine


Why this French court decision has far-reaching consequences for many businesses


Ukraine human rights commissioner unveils recommendations for access to information


GDPR representatives in EU and UK after Brexit


Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?


Dutch data scandal highlights structural problems around privacy compliance


German data strategy addresses aligning DPAs


Comparing EU regulatory norms with incident reporting obligations


How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs


CJEU’s advocate general: One-stop shop means one-stop shop


Authorities release educational kit for digital citizens


CJEU opinion clarifies cross-border enforcement scenarios


Irish DPC finalizes 450K euro GDPR fine against Twitter


Proposal for an EU Data Governance Act — a first analysis


ENISA Report — Guidelines for securing the IoT


Nonprofit group approved for new collective action ability in Belgium


Political and legal framework of German DPAs: The question of centralization


ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence


France’s Council of State calls on CNIL to assist with Health Data Hub


Ukrainian GDPR: The reality and future of privacy legislation in Ukraine


European Commission: Recommendations for a safe and ethical transition towards driverless mobility


German state DPA guidance on protected usable data post-‘Schrems II’


2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation


Frequently Asked Questions & Resources on ‘Schrems II’


Datatilsynet (Norway) – Annual Privacy Survey


DPA and government guidance on ‘Schrems II’


Switzerland launches contact-tracing app


DPC Ireland 2018-2020 Regulatory Activity Under GDPR


DPAs on the Ground


EDPB concerned over Hungary’s GDPR ban


Country of Georgia’s voting records published online


Cookie Guidance from Greece


Pope, tech companies call for ‘ethical’ regulation on facial recognition


Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate


Proposal would make medical data available online in the Netherlands


North Macedonia adopts data protection law


CNIL – Facial Recognition: For a debate living up to the challenges


Serbian commissioner issues country’s SCCs


Switzerland joins EU’s ‘Convention 223’ treaty


Dispatch from Albania: ICDPPC calls for increased global cooperation


GDPR incorporated into Greek law


Spain’s DPA releases guidance on data processing for wellness, education apps


Portugal’s data protection law went into effect


How to interpret Sweden’s first GDPR fine on facial recognition in school


GDPR Fine Calculator (Fining Schedule of German DPAs)


GDPR implementation in Lithuania: Almost a year in review


Czech Parliament approves bills implementing GDPR


Spain’s constitutional right to data protection and application of the GDPR


Finland’s revamped Data Protection Act now in effect


First GDPR fine in Portugal issued against hospital for three violations


Serbia enacts new data protection law


Report focuses on Belarus violating human rights via surveillance


Belgium finalizes GDPR implementation: A practitioner’s view


Privacy’s role in the Article 7 proceedings against Hungary


Lithuania adopts new Law on Legal Protection of Personal Data


In these three countries, employee consent may be the only way to transfer their data


Blockchain: Practical use cases for the privacy pro — Learning from Estonia


When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine