Europe

 

Resource Center / Topic Pages / Europe

Image

Europe

TOPIC PAGE

Navigate Page

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering Europe.


News Articles

View all News Articles

EU reaches provisional agreement to speed up cross-border GDPR enforcement


EU lawmakers announce deal on cross-border GDPR enforcement procedures


Europe must drastically adapt enforcement strategy against Big Tech


EU AI literacy not a far jump for established privacy professionals, regulator says


EU commissioner lays out suite of AI governance, consumer protection goals


European Commission’s latest AI initiatives look to drive competitiveness, broader integration


The advocate general’s opinion in EDPS v SRB: Changing the GDPR and facilitating European innovation?


Operational impacts of the EDPB’s opinion on data protection in AI models


European Commission proposes UK adequacy deadline extension


European commissioner discusses EU-US Data Privacy Framework, potential GDPR reform


The AEPD’s approach to AI: Smarter models, better compliance


France’s new age verification standard: Tightening controls on access to explicit image sites


The EU Digital Services Act: Ready to meet reporting obligations?


European Commission withdraws AI Liability Directive from consideration


Navigating the new EU cybersecurity standards: The NIS2 Directive and Cyber Resilience Act


Preparing for compliance: Key differences between EU, Chinese AI regulations


Court upholds EDPB’s authority after challenge from Ireland’s DPC


Liability for nonmaterial damage under the GDPR: Approaches of EU, UK courts


What’s in a name?’: EDPB publishes draft guidelines on pseudonymization


EDPB’s 2024 coordinated enforcement offers window into right of access


European General Court renders impactful decision on data transfer litigation


EDPB weighs in on key questions on personal data in AI models


EDPB releases opinion on personal data use in AI model development


Ireland’s DPC details legitimate interest prong of its LinkedIn enforcement action


A deep dive into Europe’s approach on personal data processing in AI systems


What to know about the EU Cyber Resilience Act


UK Data Use and Access Bill offers familiar proposals, eye toward EU adequacy


German court decision signals move toward risk-based approach to data transfers


EDPB issues draft guidelines on legitimate interest, opinion on processors


European Commission report reviews progress of EU-US DPF


Report offers drafting recommendations for EU’s general-purpose AI Code of Practice


EU Data Act: All your threshold questions answered


The state of web scraping in the EU


EU AI Act shines light on human oversight needs


European Health Data Space: Revolutionizing health care, scientific research in the EU


Navigating AI’s uncharted waters: Insights from China’s Model AI Law, EU AI Act


EDPB opinion on legality of pay-or-consent models in EU GDPR context


Will the EU AI Act work? Lessons learned from past legislative initiatives, future challenges


IAPP GPS 2024: European regulators discuss AI Act enforcement, fines


How stakeholders are welcoming EU AI Act


European Parliament approves landmark AI Act, looks ahead to implementation


The ‘hidden obligation’ rides again! EU representatives under GDPR, DSA, NIS2 and others


Toward a risk-based approach? Challenging the ‘zero risk’ paradigm of EU DPAs in international data transfers and foreign governments’ data access


Implications of EDPB’s looming ‘pay or OK’ guidelines


EU countries vote unanimously to approve AI Act


EU AI Act: Draft consolidated text leaked online


EU crusade against web cookies faces uncertain future


EDPB coordinated enforcement sheds light on DPO compliance


European Commission upholds 11 adequacy decisions


Key takeaways from the CJEU’s recent automated decision-making rulings


EU reaches deal on world’s first comprehensive AI regulation


Empowering users: A universal interface for digital ad preferences


EU DPAs seek proper clampdown on adtech industry


Reynders announces European Commission’s latest international data transfer plans


EDPB issues binding decision banning Meta’s targeted advertising practices


Ireland’s DPC issues 345M euro TikTok children’s privacy fine


Beyond GDPR: Unauthorized reidentification and the Mosaic Effect in the EU AI Act


Is this the end of consent-less tracking by online platforms in the EU?


EU-US Data Privacy Framework adopted, what now?


GDPR fine calculation: A look at the EDPB’s new guidelines and the UK’s approach


European Commission adopts EU-US adequacy decision


The definition of ‘anonymization’ is changing in the EU: Here’s what that means


European Parliament vote pushes AI Act significant step forward


In scope or not? An EU AI Act decision tree and obligations


Europe’s rulebook for artificial intelligence takes shape


NGO seeks more Ukrainian privacy awareness amid Russian invasion


EDPB launches coordinated enforcement on role of DPOs


UK introduces draft data protection reform


EDPB welcomes ‘improvements’ to EU-US adequacy decision, concerns remain


EU policymakers have adtech in sight for future regulation


CJEU issues ruling on DPOs and conflict of interest


UK PM overhauls government departments, including focus on innovation and tech


A practical guide to anonymization standards across the EU and UK


10 takeaways from the Irish DPC decisions on Meta


Irish DPC, EDPB Meta decisions raise complex, fundamental questions


Irish DPC fines Meta 390M euros over legal basis for personalized ads


EU-US draft adequacy decision arrives, EU process begins in earnest


A look at European Parliament’s AI Act negotiations


The EU’s temptation to break end-to-end encryption


Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data


A view from Brussels: The latest on the DSA, DMA and Privacy Shield


The value of a UK representative: A response to the DPDI Bill


A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup


Proposed EU AI Act blurs lines between AI developers and data processors under GDPR


UK unveils data reform bill, proposes AI regulation


A view from Brussels — Reflections on the incoming Czech Republic presidency


CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’


Consent as legal basis for EU and UK employment


UK, German DPAs talk regulatory priorities, privacy complexities


The UK data policy and possible divergences with the European Union


EDPS, EDPB chair talk privacy policy in the EU, beyond


EU Parliament, Council reach deal on Digital Markets Act


EU, US agree ‘in principle’ to new trans-Atlantic data agreement


Data portability in the EU: An obscure data subject right


A conversation with Ukrainian Dmytro Korchynskyi


Key takeaways from CNIL’s draft recommendation on smart cameras


Disclosing information on behavioral profiles: the Polish cookie case


The EU’s anti-money laundering regulation and data protection: Part II


CNIL is latest authority to rule Google Analytics violates GDPR


EU Data Governance Act: What privacy professionals need to know


Inside the EU’s rocky path to regulate artificial intelligence


Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent


Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations


Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’


CNIL sets parameters for processors’ reuse of data for product improvement


CNIL’s ePrivacy fines reveal potential enforcement trend


The EU’s digital strategy and what it means for privacy


EDPB discusses data transfer guidance considerations, key points


CNIL releases its own privacy maturity self-assessment model


Irish DPC WhatsApp decision: What do you need to know?


Digital welfare fraud detection and the Dutch SyRI judgment


EU considers canceling trade, data flow talks with US


What can we learn from the Garante’s recent 2.5M euro fine?


Comparing the role of the DPO under the GDPR and Turkish law


European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D


European Commission adopts UK adequacy decisions


EDPB rapporteur details board’s supplementary measures


EDPB rapporteur details board’s supplementary measures


EDPB’s data transfer recommendations adopt a risk-based approach with teeth


Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers


EU-US data transfer deal still work in progress, despite new alliance


What’s behind the EU’s new Cloud Code of Conduct?


Russia amends data protection law to increase personal data subjects’ rights


New urgency about data localization with Portuguese decision


EU grappling with potential one-stop shop reform


Why the EDPB should avoid torpedoing BCRs for processors


NIS representation in the EU and UK — Was the March 31 deadline a turning point?


Why this French court decision has far-reaching consequences for many businesses


GDPR representatives in EU and UK after Brexit


Look but don’t touch — Russia to restrict processing of public data


European Commission releases draft UK adequacy decisions


Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?


EU Council ambassadors agree to negotiating position on ePrivacy Regulation


Comparing EU regulatory norms with incident reporting obligations


How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs


CJEU’s advocate general: One-stop shop means one-stop shop


CJEU opinion clarifies cross-border enforcement scenarios


UK, EU reach interim data flow agreement


Encrypt your data to make GDPR and Russian Data Localization Law compatible


Irish DPC finalizes 450K euro GDPR fine against Twitter


Proposal for an EU Data Governance Act — a first analysis


European Commission expected to unveil Digital Services Act in December


European Commission publishes proposed replacement SCCs


Nonprofit group approved for new collective action ability in Belgium


EU regulators ponder potential avenues to address AI


2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation


EU, US initiate talks on potential ‘enhanced’ Privacy Shield


Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate


Europe aims to take global lead with strategies on AI, data


European Commission publishes data strategy, AI white paper


Croatian Presidency tempers expectations on ePrivacy progress


How the ePrivacy Regulation talks failed … again


EDPS candidates tabbed, interviews to come


Portugal’s data protection law went into effect


How to interpret Sweden’s first GDPR fine on facial recognition in school


EU aims to regulate AI ethics


EU stresses lawfulness in new ethical AI guidelines


GDPR implementation in Lithuania: Almost a year in review


Belgium finalizes GDPR implementation: A practitioner’s view


Privacy’s role in the Article 7 proceedings against Hungary


EDPB secretariat, Dutch DPA foreshadow EDPB plenary


EDPS: We need to move the needle on ethics


Lithuania adopts new Law on Legal Protection of Personal Data


European Data Protection Board issues update after second plenary meeting


In these three countries, employee consent may be the only way to transfer their data


Blockchain: Practical use cases for the privacy pro — Learning from Estonia


When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine


Inside the ePrivacy Regulation’s furious lobbying war


LIBE votes to push Lauristin’s ePrivacy Regulation forward


MEPs debate ePrivacy Regulation’s merits ahead of July 10 deadline


Introducing: The ePrivacy Regulation’s key player


Why Russia blocked four messengers


Will the ePrivacy Reg overshadow the GDPR in the age of IoT?


The ePrivacy Regulation: It’s not just about cookies anymore


Why LinkedIn was banned in Russia


European Commission proposes formal ePrivacy Regulation


View More


Research Articles

View all Research Articles

Top 10 operational impacts of the EU AI Act – Regulatory implementation and application alongside EU digital strategy


Top 10 operational impacts of the EU AI Act – Post-market monitoring, information sharing, and enforcement


Top 10 operational impacts of the EU AI Act – AI Assurance across the risk categories


Top 10 operational impacts of the EU AI Act – Governance: EU and national stakeholders


Top 10 operational impacts of the EU AI Act – Obligations for general-purpose AI models


Top 10 operational impacts of the EU AI Act – Obligations on nonproviders of high-risk AI systems


Top 10 operational impacts of the EU AI Act – Understanding and assessing risk


Top 10 operational impacts of the EU AI Act – Subject matter, definitions, key actors and scope


Global AI Governance Law and Policy: EU


Pay, OK or a third way: Context, analysis from the EDPB’s opinion


EU elections explainer: Heading into the next term, reading the smoke signals


Global AI Governance Law and Policy: UK


EU elections explainer: 2024, a transition year into EU leadership overhaul


Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions


EU-US data adequacy litigation begins


Contentious areas in the EU AI Act trilogues


A practical comparison of the EU, China and ASEAN standard contractual clauses


The Atlantic Declaration: Data bridges, privacy and AI


Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?


Going back to basics for the EDPB’s year of the DPO


CNIL’s Secretary General rolls out plans for 2023 at DPI France


Top ten takeaways from the draft UK GDPR reform


Practical considerations from EU enforcement: One-stop shop


Practical considerations from EU enforcement: legal bases and transparency


The EU-US Data Privacy Framework: A new era for data transfers?


Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?


Commission proposal for a regulation on the European health data space


The way the third-party cookie crumbles: Part 1 – EU and UK developments


The EU’s DMA and DSA: Why this should be of interest to privacy pros


EU adequacy decision for South Korea


EDPB’s data transfer recommendations adopt a risk-based approach with teeth


ePrivacy Regulation — Q&A on select topics


The Irish High Court judgment on EU-US data flows


Next-gen privacy: Examining the EU’s ePrivacy Regulation


Political and legal framework of German DPAs: The question of centralization


DPAs on the Ground


EU representative on ‘How to operationalize Article 27’ of the GDPR


Privacy 2030: A New Vision for Europe


In Memoriam: Giovanni Buttarelli, 1957–2019


What the GDPR Requires of and Leaves to the Member States


European Commission weighs in on Microsoft Ireland case


A brief history of the General Data Protection Regulation (1981-2016)


View More


Tools and Trackers

View all Tools and Trackers

Digital Governance in Europe: A Stakeholder Map of European Institutions and Regulators


EU Product Liability Directive Reform: 101


European Strategy for Data – Overview of New Regulations


EU NIS2 Directive: 101


EU AI Act Compliance Matrix


Global Cross-Border Privacy Rules – Guidance and Resources


Implementing Trans-Atlantic Transfers


European Parliament term recap


EU AI Act: 101


EU AI Act: The web of regulatory intersections


EU AI Act Stakeholder Map


Navigating Government Access to Private Data in the EU


EU Data Act: 101


Key dates for EU initiatives


EU AI Act cheat sheet


EU Digital Services Act: 101


EU Digital Markets Act: 101


Countries At-a-Glance: Privacy and Consumer Trust


EU-US Data Privacy Framework – Guidance and Resources


GDPR at Five


EU decision-making at a glance: How do EU laws get approved?


GDPR Genius


UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework


EU Data Governance Act: 101


DPA and government guidance on ‘Schrems II’


EU Standard Contractual Clauses (Word documents)


Frequently Asked Questions & Resources on ‘Schrems II’


ICO, CNIL, German and Spanish DPA revised cookies guidelines: Convergence and divergence


The impact of the CJEU’s decision on ‘Schrems II’


Cookie Guidance from Greece


EU Member State DPIA Whitelists, Blacklists and Guidance


GDPR Awareness Guide


View More


Podcasts, Videos, Web Conferences

View all: Podcasts, Videos, Web Conferences

EU Data Act: Dive into the new rules on data access and use


Are you ready for NIS2? The impact of Europe’s new cybersecurity directive


Sharing is (health)caring? A look into the new European Health Data Space


EU AI Act compliance: How can a privacy program give a head-start?


Get ready for the EU AI Act: Priorities for compliance


Adtech: Practical takeaways from recent EU developments


Inside the EU AI Act negotiations: A conversation with Laura Caroli


Consent or Pay: The EDPB weighs in


Preparing to implement the EU AI Act


The EU AI Act: A view from the lawmaker on next steps


The EU AI Act: A major moment in the digital world


Breaking down the EU AI Act


Luca Bertuzzi on the EU AI Act’s political deal and what’s next


The EU AI Act: ‘We have a deal!’ Now what?


EU data transfers: The latest and what comes next


The EU-U.S. Data Privacy Framework in practice


The EU Artificial Intelligence Act: A look into the EU negotiations


Unpacking the DPC’s data transfers decision


The EDPB Coordinated Enforcement Action on the role of DPOs


EDPB/DPC decisions on data transfers: What is expected?


EU-U.S. Data Privacy Framework: New Independent, Binding Redress Mechanism


Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023


Privacy Around the Globe: United Kingdom


EDPB’s Meta decisions explained: Resolving the adtech dispute


The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache


The EU-US Data Privacy Framework and next steps for data transfers


IAPP country leaders weigh in: What’s next for data protection in Europe?


EU Artificial Intelligence Act Proposal: What could it change?


A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road


From the AI Act to the DSA: Catching up on the EU’s digital agenda


New EDPB Guidelines: What is a data transfer under the GDPR?


Talks for DPOs by Dutch DPOs


The EU AI Regulation — What’s New and What’s Not?


EU-U.S. Data Transfers: The Road Ahead


The Privacy Advisor Podcast: Debrief on ePrivacy Regulation, Schrems II case


View More


Back to Top