Daily Dashboard
The day’s top stories from around the world
AI Governance Dashboard – New
Stay on top of the latest AI governance news and developments of the profession.
The Privacy Advisor
Original reporting and feature articles on the latest privacy developments
Privacy Perspectives
Where the real conversations in privacy happen
Privacy Tech
Exploring the technology of privacy
Canada Dashboard Digest
A roundup of the top Canadian privacy news
Europe Data Protection Digest
A roundup of the top European data protection news
Asia-Pacific Dashboard Digest
A roundup of the top privacy news from the Asia-Pacific region
Latin America Dashboard Digest
A roundup of the top privacy news from Latin America
U.S. Privacy Digest
A roundup of US privacy news
Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.
IAPP Job BoardLooking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.
IAPP CalendarReview a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Artificial Intelligence Governance Professional
Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.
European Data Protection (CIPP/E)Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.
U.S. Private-Sector Privacy (CIPP/US)Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.
Canadian Privacy (CIPP/C)Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.
Privacy Program Management (CIPM)Develop the skills to design, build and operate a comprehensive data protection program.
Privacy in Technology (CIPT)Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.
Foundations of Privacy and Data ProtectionIntroductory training that builds organizations of professionals with working privacy knowledge.
Privacy Law Specialist Training (PLS)Meet the stringent requirements to earn this American Bar Association-certified designation.
CIPP Certification
The global standard for the go-to person for privacy laws, regulations and frameworks
CIPM Certification
The first and only privacy certification for professionals who manage day-to-day operations
CIPT Certification
As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.
FIP Designation
Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.
Privacy Law Specialist
The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.
AIGP Certification
Ensures individuals responsible for AI systems can reduce the risks associated with this technology.
Certificação CDPO/BR
Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.
Certification CDPO/FR
Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
This tool identifies global data protection authorities and privacy legislation.
The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Access all reports and surveys published by the IAPP.
This report shines a light on the location, performance and significance of privacy governance within organizations.
This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK
Explore the full range of U.K. data protection issues, from global policy to daily operational details.
Global Privacy Summit
Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.
AI Governance Global
A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.
Canada Privacy Symposium
Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.
Asia Privacy Forum
Hear top experts discuss global privacy issues and regulations affecting business across Asia.
Privacy. Security. Risk. (P.S.R.)
P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.
Europe Data Protection Congress
Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.
ANZ Summit
Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.
Speak at an IAPP EventView our open calls and submission instructions.
Sponsor an EventIncrease visibility for your organization — check out sponsorship opportunities today.
Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.
The IAPP Resource Center includes additional European-focused topic pages for the EU General Data Protection Regulation, the EU ePrivacy Regulation and the United Kingdom.
This third edition includes updates about GDPR enforcement actions and guidance relative to GDPR regulations from authorities and regulators.
Read More
This chart provides an overview of the EU AI Act, which lays down down a comprehensive legal framework for the development, marketing and use of AI in the EU in conformity with EU values.
Read More
EU elections explainer: A transition year
The first article in this two-part series provides analysis on the 2024 transition year of EU leadership overhaul.
Read More
This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data.
Read More
Navigating Government Access to Private Data in the EU
This infographic aims to highlight some important instruments related to law enforcement and government access to private data, particularly in the EU.
Read More
The IAPP created this timeline of key dates for the primary EU regulations and initiatives affecting privacy.
Read More
Europe Data Protection Digest newsletter
Be in-the-know on EU privacy news by subscribing to the Europe Data Protection Digest newsletter.
EU elections explainer: Heading into the next term, reading the smoke signals
IAPP GPS 2024: European regulators discuss AI Act enforcement, fines
The EU AI Act: A view from the lawmaker on next steps
How stakeholders are welcoming EU AI Act
European Institutions Privacy Stakeholder Map
Preparing to implement the EU AI Act
The EU AI Act: A major moment in the digital world
EU AI Act: Next Steps for Implementation
The EU AI Act: A view from the lawmaker on next steps
EU-US Data Privacy Framework – Guidance and Resources
Countries At-a-Glance: Privacy and Consumer Trust
EU decision-making at a glance: How do EU laws get approved?
EU Data Initiatives in Context
A practical comparison of the EU, China and ASEAN standard contractual clauses
Practical considerations from EU enforcement: One-stop shop
Practical considerations from EU enforcement: legal bases and transparency
EU Standard Contractual Clauses (Word documents)
The ‘hidden obligation’ rides again! EU representatives under GDPR, DSA, NIS2 and others
Implications of EDPB’s looming ‘pay or OK’ guidelines
CNIL publishes priority control themes for 2024
IAB Europe releases updated best practices guide
ASEAN publishes EU transborder data flow guide
ANPD publishes legitimate interest guidance
EU countries vote unanimously to approve AI Act
EDPB creates website auditing tool for GDPR compliance
EU AI Act: Draft consolidated text leaked online
EU crusade against web cookies faces uncertain future
EDPB coordinated enforcement sheds light on DPO compliance
European Commission upholds 11 adequacy decisions
Austria’s DPA releases cookies, data protection FAQ
The CJEU rules on the liability of controllers
Key takeaways from the CJEU’s recent automated decision-making rulings
Revisiting EDPB, ICO approaches to administrative fines
The EU AI Act: ‘We have a deal!’ Now what?
Luca Bertuzzi on the EU AI Act’s political deal and what’s next
EU reaches deal on world’s first comprehensive AI regulation
Empowering users: A universal interface for digital ad preferences
Reynders announces European Commission’s latest international data transfer plans
CJEU rules individuals have right to free copy of their personal data
Survey finds many EU companies not yet compliant with NIS2
EDPB issues binding decision banning Meta’s targeted advertising practices
Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions
Key points of the DPC’s GDPR decision on TikTok and children’s data
CNIL publishes FAQ for French entities EU-US DPF implementation
Italy’s DPA releases guide for privacy in schools
European Commission releases DMA compliance report template
Ireland’s DPC publishes case study handbook
Ireland’s DPC issues 345M euro TikTok children’s privacy fine
Contentious areas in the EU AI Act trilogues
Switzerland DPA releases data protection impact assessment guide
Ireland’s DPC discusses back-to-school photo safety
The Atlantic Declaration: Data bridges, privacy and AI
Unpacking the DPC’s data transfers decision
Ready for the new Swiss data protection law? Implications for organizations outside Switzerland
Beyond GDPR: Unauthorized reidentification and the Mosaic Effect in the EU AI Act
Is this the end of consent-less tracking by online platforms in the EU?
The EU-U.S. Data Privacy Framework in practice
European Commission adopts EU-US adequacy decision
The definition of ‘anonymization’ is changing in the EU: Here’s what that means
In scope or not? An EU AI Act decision tree and obligations
The EU Artificial Intelligence Act: A look into the EU negotiations
Europe’s rulebook for artificial intelligence takes shape
Unpacking the DPC’s data transfers decision
Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?
The EDPB Coordinated Enforcement Action on the role of DPOs
Ireland’s DPC issues employee data protection guidance
UK data protection reform: An overview
European Data Protection Supervisor’s Annual Report (2022)
AEPD publishes guidance on public-sector legislation DPIAs
Irish DPC publishes Article 30 guidance
Irish DPC publishes guides on children’s data protection rights
Going back to basics for the EDPB’s year of the DPO
AEPD publishes guidance to help public administrations manage data risks
NGO seeks more Ukrainian privacy awareness amid Russian invasion
EDPB launches coordinated enforcement on role of DPOs
CNIL’s Secretary General rolls out plans for 2023 at DPI France
ICO releases new UK GDPR certification scheme
UK introduces draft data protection reform
Top ten takeaways from the draft UK GDPR reform
The process behind the EDPB’s coordinated enforcement framework
EU policymakers have adtech in sight for future regulation
FPF: Regulatory Strategies of European Data Protection Authorities
MEPs urge European Commission to reject EU-US adequacy
CJEU issues ruling on DPOs and conflict of interest
UK PM overhauls government departments, including focus on innovation and tech
Denmark’s Datatilsynet outlines 2023 priorities
Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023
CNIL releases report on sanctions, corrective measures
Privacy Around the Globe: United Kingdom
European Commission publishes guidelines for Digital Services Act user reporting
Sweden’s DPA publishes DPO survey
What the EU has in store for 2023
A practical guide to anonymization standards across the EU and UK
EDPB’s Meta decisions explained: Resolving the adtech dispute
10 takeaways from the Irish DPC decisions on Meta
Irish DPC, EDPB Meta decisions raise complex, fundamental questions
Irish DPC fines Meta 390M euros over legal basis for personalized ads
Belarus implements cross-border transfer rules
EU-US draft adequacy decision arrives, EU process begins in earnest
The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache
A look at European Parliament’s AI Act negotiations
Europe seeks a way out of the data retention pickle
German state DPA releases processor code of conduct
The EU’s temptation to break end-to-end encryption
Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data
The EU-US Data Privacy Framework and next steps for data transfers
IAPP country leaders weigh in: What’s next for data protection in Europe?
A view from Brussels: The latest on the DSA, DMA and Privacy Shield
European Commission Report: A European strategy for data
The value of a UK representative: A response to the DPDI Bill
A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup
Is data localization coming to Europe?
Slovenia DPA creates guide for conducting data impact assessments
Dentons: Europe Cookie Law Comparison tool
UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework
EU Artificial Intelligence Act Proposal: What could it change?
Proposed EU AI Act blurs lines between AI developers and data processors under GDPR
UK unveils data reform bill, proposes AI regulation
Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?
Garante Annual Reports (Italian DPA)
A view from Brussels — Reflections on the incoming Czech Republic presidency
A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road
Ukraine’s human rights commissioner releases martial law data protection guidance
Consent as legal basis for EU and UK employment
CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’
Datatilsynet (Norway) – Data Protection Officer Survey 2020/21
CNIL publishes cookie wall evaluation scheme
Berlin DPA offers cross-border data transfer guidance
HDPA releases guidelines on website-tracking compliance
CNIL Interactive Map – Data protection around the world
AEPD launches health data guidance hub
EU plans to improve health data access
Norwegian DPA issues guidance on minors’ consent
UK, German DPAs talk regulatory priorities, privacy complexities
The UK data policy and possible divergences with the European Union
European Parliament issues report on AI Act
EDPS, EDPB chair talk privacy policy in the EU, beyond
Ukraine uses Clearview AI to identify Russian soldiers killed in invasion
EU, US agree ‘in principle’ to new trans-Atlantic data agreement
EU Parliament, Council reach deal on Digital Markets Act
Norwegian DPA issues employee monitoring guidance
Key takeaways from CNIL’s draft recommendation on smart cameras
A conversation with Ukrainian Dmytro Korchynskyi
The data provisions in the EU’s upcoming Big Tech law
Data portability in the EU: An obscure data subject right
Commission proposal for a regulation on the European health data space
A conversation with Ukrainian Dmytro Korchynskyi
Disclosing information on behavioral profiles: the Polish cookie case
CNIL’s Guide on Data Protection Officers
Irish DPC fines Meta 17M euros over 2018 data breaches
Danish DPA Annual Reports (Datatilsynet)
EDPS report: EU Institutions’ resilience to COVID-19
The EU’s anti-money laundering regulation and data protection: Part II
CNIL publishes its 2022 to 2024 strategic plan
AEPD – Innovation and Technology Resources
EU Data Governance Act: What privacy professionals need to know
CNIL is latest authority to rule Google Analytics violates GDPR
Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent
Inside the EU’s rocky path to regulate artificial intelligence
Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations
Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’
Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’
CNIL sets parameters for processors’ reuse of data for product improvement
CNIL sets parameters for processors’ reuse of data for product improvement
CNIL’s ePrivacy fines reveal potential enforcement trend
Irish DPC releases 2022-2027 regulatory strategy
Irish DPC finalizes children’s privacy guidelines
From the AI Act to the DSA: Catching up on the EU’s digital agenda
New EU data blockage as German court would ban many cookie management providers
The EU’s digital strategy and what it means for privacy
The way the third-party cookie crumbles: Part 1 – EU and UK developments
The EU’s DMA and DSA: Why this should be of interest to privacy pros
Germany’s telecom privacy law takes effect
EDPB discusses data transfer guidance considerations, key points
New EDPB Guidelines: What is a data transfer under the GDPR?
CNIL releases its own privacy maturity self-assessment model
CNIL publishes guide to support organizations in GDPR compliance
Venice uses cellphone data, surveillance cameras to track tourists
Irish DPC WhatsApp decision: What do you need to know?
Digital welfare fraud detection and the Dutch SyRI judgment
CNIL publishes ‘data protection management maturity model’
Norwegian DPA updates data transfer guidance
Malta DPA publishes cookie consent guidance
The state of Serbia’s Personal Data Protection Law after two years
What can we learn from the Garante’s recent 2.5M euro fine?
European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D
Commentary on Dutch DPA’s fine for not appointing an EU representative
German DPA tells government organizations to shut down Facebook pages
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers
European Commission to take legal action against Belgium over DPA independence
EDPS Factsheet – Data protection audits explained
What’s behind the EU’s new Cloud Code of Conduct?
Germany passes data protection, privacy law for telecommunications
The Irish High Court judgment on EU-US data flows
Exploring Belarus’ data protection law
New urgency about data localization with Portuguese decision
How to know you are a ‘data intermediary’ under the Data Governance Act
EDPB adopts data transfer statement, publishes GDPR guidance
Estonia approves bill enabling creation of biometric ID system
Belarus adopts draft personal data protection law
Why the EDPB should avoid torpedoing BCRs for processors
Privacy self-assessment toolkit for SMEs in Ukraine
Why this French court decision has far-reaching consequences for many businesses
Ukraine human rights commissioner unveils recommendations for access to information
GDPR representatives in EU and UK after Brexit
Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?
Dutch data scandal highlights structural problems around privacy compliance
German data strategy addresses aligning DPAs
Comparing EU regulatory norms with incident reporting obligations
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
CJEU’s advocate general: One-stop shop means one-stop shop
Authorities release educational kit for digital citizens
CJEU opinion clarifies cross-border enforcement scenarios
Irish DPC finalizes 450K euro GDPR fine against Twitter
Proposal for an EU Data Governance Act — a first analysis
ENISA Report — Guidelines for securing the IoT
Nonprofit group approved for new collective action ability in Belgium
Political and legal framework of German DPAs: The question of centralization
ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence
France’s Council of State calls on CNIL to assist with Health Data Hub
Ukrainian GDPR: The reality and future of privacy legislation in Ukraine
European Commission: Recommendations for a safe and ethical transition towards driverless mobility
German state DPA guidance on protected usable data post-‘Schrems II’
2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation
Frequently Asked Questions & Resources on ‘Schrems II’
Datatilsynet (Norway) – Annual Privacy Survey
DPA and government guidance on ‘Schrems II’
Switzerland launches contact-tracing app
DPC Ireland 2018-2020 Regulatory Activity Under GDPR
EDPB concerned over Hungary’s GDPR ban
Country of Georgia’s voting records published online
Pope, tech companies call for ‘ethical’ regulation on facial recognition
Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate
Proposal would make medical data available online in the Netherlands
North Macedonia adopts data protection law
CNIL – Facial Recognition: For a debate living up to the challenges
Serbian commissioner issues country’s SCCs
Switzerland joins EU’s ‘Convention 223’ treaty
Dispatch from Albania: ICDPPC calls for increased global cooperation
GDPR incorporated into Greek law
Spain’s DPA releases guidance on data processing for wellness, education apps
Portugal’s data protection law went into effect
How to interpret Sweden’s first GDPR fine on facial recognition in school
GDPR Fine Calculator (Fining Schedule of German DPAs)
GDPR implementation in Lithuania: Almost a year in review
Czech Parliament approves bills implementing GDPR
Spain’s constitutional right to data protection and application of the GDPR
Finland’s revamped Data Protection Act now in effect
First GDPR fine in Portugal issued against hospital for three violations
Serbia enacts new data protection law
Report focuses on Belarus violating human rights via surveillance
Belgium finalizes GDPR implementation: A practitioner’s view
Privacy’s role in the Article 7 proceedings against Hungary
Lithuania adopts new Law on Legal Protection of Personal Data
In these three countries, employee consent may be the only way to transfer their data
Blockchain: Practical use cases for the privacy pro — Learning from Estonia
When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine