Enforcement Topic Page

On this topic page you can find the IAPP’s collection of coverage, analysis and resources related to privacy enforcement.

Featured Resources


Global Privacy and Data Protection Enforcement Database

This tool contains a collection of enforcement actions from all over the world.
Read More


Navigating Government Access to Private Data in the EU

This infographic aims to highlight some important instruments related to law enforcement and government access to private data, particularly in the EU.
Read More


Exploring challenges with law enforcement access to data

This article provides context on the issue of law enforcement access to data, the next steps, and insight from the Ditchley Foundation convening.
Read More


AI regulatory enforcement around the world

This article analyzes the regulatory approaches Canada, China, the EU, U.K. and U.S. are taking as they build up their nascent AI enforcement regimes.
Read More


The EDPB Coordinated Enforcement Action on the role of DPOs

This LinkedIn Live discussion addresses the role and requirements of the DPO, both in theory and in practice, and how the EDPB’s coordinated enforcement action will play into it.
Read More


Practical considerations from EU enforcement: One-stop shop

This article breaks down the key practical takeaways and things to look out for on the GDPR’s one-stop shop mechanisms.
Read More

Additional News and Resources

EU DPAs seek proper clampdown on adtech industry

UK First-tier Tribunal overturns ICO enforcement action against Clearview AI

Exploring challenges with law enforcement access to data

Children’s privacy: The latest in enforcement, compliance

Illinois federal judge overturns $228M damages award in first BIPA case

Court decision pushes CPRA regulations enforcement to March 2024

Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?

Meta fined GDPR-record 1.2 billion euros in data transfer case

Keynote Panel Discussion on GDPR (IAPP Global Privacy Summit 2023)

As generative AI grows in popularity, privacy regulators chime in

Europol report warns against criminal uses of generative AI

EDPB launches coordinated enforcement on role of DPOs

The process behind the EDPB’s coordinated enforcement framework

Practical considerations from EU enforcement: legal bases and transparency

Meta’s EU data transfer case faces Article 65 dispute resolution mechanism

EDPB’s Meta decisions explained: Resolving the adtech dispute

10 takeaways from the Irish DPC decisions on Meta

Irish DPC, EDPB Meta decisions raise complex, fundamental questions

‘Pen testing’ your privacy program: Steps to test your privacy compliance before the onset of litigation or enforcement actions

Consequences of the CJEU preliminary ruling on public company registers

Unpacking DPC Ireland’s Meta decisions: AdTech and beyond

Breaking down enforcement of Meta’s legal basis for personalized ads

Irish DPC fines Meta 390M euros over legal basis for personalized ads

Takeaways from Epic Games settlement: Teen privacy arrives at the FTC

Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data

Lessons from the First CCPA Enforcement Settlement: GPC and Beyond

New York Attorney General James on protecting consumer privacy, enforcement and possible federal legislation

EDPB to focus coordinated enforcement on DPO appointments

CCPA enforcement action: A case study at the intersection of privacy and marketing

California attorney general announces first CCPA enforcement action

European Commission files report on Law Enforcement Directive

State attorneys general secure $8M data breach settlement

Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?

Roe v. Wade’s overturn: The impact on data protection and law enforcement

Google Analytics enforcement fallout: ‘Cry and pray’

10 years after: The EU’s ‘crunch time’ on GDPR enforcement

Authorities collaborate on EU GDPR investigation

A look behind the EDPB’s move to enhance enforcement cooperation

Colorado attorney general details his CPA enforcement priorities at IAPP GPS22

Hidden privacy lessons in the FTC’s CafePress security enforcement

Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms

Greek DPA issues largest fine yet

What do the Google Analytics enforcement cases mean for privacy compliance?

Data Transfer Enforcement, Risk and Compliance: What You Need to Know Now

Dodging the one-stop shop

CNIL is latest authority to rule Google Analytics violates GDPR

Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent

Fines, flossing and films — The importance of storytelling to privacy hygiene

The Austrian Google Analytics decision: The race is on

OAIC’s Facebook privacy claims can proceed

Increased fines for Australian data breaches useful but not structurally changing in nature

Greek DPA issues multi-million euro fines against largest cell provider

State attorneys general sue Google with ‘dark patterns’ claims

Upcoming year to be ‘complex’ in privacy

FTC Chair Lina Khan opens up on tech enforcement

EDPS sanctions Parliament over data transfers, cookie consent

CNIL’s ePrivacy fines reveal potential enforcement trend

A deeper look at CNIL’s cookies enforcement

Details emerge on appeal of WhatsApp’s 225M euro GDPR fine

EDPS discusses current, future state of GDPR enforcement

FTC Privacy Rulemaking – The Steps to Get There

FTC considering privacy, AI rulemaking for 2022

The way the third-party cookie crumbles: Part 1 – EU and UK developments

Status of the California Privacy Protection Agency’s work

CIPL Discussion Paper: GDPR Enforcement Cooperation and the One-Stop-Shop Learning from the First Three Years

Insights into the Future of Data Protection Enforcement: Regulatory Strategies of European Data Protection Authorities for 2021-2022

CCPA Enforcement Infographic