Europe Data Protection Digest newsletter

Be in-the-know on EU privacy news by subscribing to the Europe Data Protection Digest newsletter.

Additional News and Resources

EU elections explainer: Heading into the next term, reading the smoke signals

IAPP GPS 2024: European regulators discuss AI Act enforcement, fines

The EU AI Act: A view from the lawmaker on next steps

How stakeholders are welcoming EU AI Act

GDPR Genius

European Institutions Privacy Stakeholder Map

GDPR at Five

Preparing to implement the EU AI Act

The EU AI Act: A major moment in the digital world

EU AI Act: Next Steps for Implementation

The EU AI Act: A view from the lawmaker on next steps

Breaking down the EU AI Act

EU Data Act: 101

EU Data Governance Act: 101

EU NIS2 Directive: 101

EU Digital Services Act: 101

EU Digital Markets Act: 101

EU-US Data Privacy Framework – Guidance and Resources

Countries At-a-Glance: Privacy and Consumer Trust

EU decision-making at a glance: How do EU laws get approved?

EU Data Initiatives in Context

A practical comparison of the EU, China and ASEAN standard contractual clauses

Practical considerations from EU enforcement: One-stop shop

Practical considerations from EU enforcement: legal bases and transparency

EU Standard Contractual Clauses (Word documents)

The ‘hidden obligation’ rides again! EU representatives under GDPR, DSA, NIS2 and others

Toward a risk-based approach? Challenging the ‘zero risk’ paradigm of EU DPAs in international data transfers and foreign governments’ data access

Implications of EDPB’s looming ‘pay or OK’ guidelines

CNIL publishes priority control themes for 2024

IAB Europe releases updated best practices guide

ASEAN publishes EU transborder data flow guide

ANPD publishes legitimate interest guidance

EU countries vote unanimously to approve AI Act

EDPB creates website auditing tool for GDPR compliance

EU AI Act: Draft consolidated text leaked online

EU crusade against web cookies faces uncertain future

EDPB coordinated enforcement sheds light on DPO compliance

European Commission upholds 11 adequacy decisions

Austria’s DPA releases cookies, data protection FAQ

The CJEU rules on the liability of controllers

Key takeaways from the CJEU’s recent automated decision-making rulings

Revisiting EDPB, ICO approaches to administrative fines

The EU AI Act: ‘We have a deal!’ Now what?

Luca Bertuzzi on the EU AI Act’s political deal and what’s next

EU reaches deal on world’s first comprehensive AI regulation

Empowering users: A universal interface for digital ad preferences

Reynders announces European Commission’s latest international data transfer plans

CJEU rules individuals have right to free copy of their personal data

Survey finds many EU companies not yet compliant with NIS2

EDPB issues binding decision banning Meta’s targeted advertising practices

Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions

Key points of the DPC’s GDPR decision on TikTok and children’s data

CNIL publishes FAQ for French entities EU-US DPF implementation

Italy’s DPA releases guide for privacy in schools

European Commission releases DMA compliance report template

Ireland’s DPC publishes case study handbook

Ireland’s DPC issues 345M euro TikTok children’s privacy fine

Contentious areas in the EU AI Act trilogues

Switzerland DPA releases data protection impact assessment guide

Ireland’s DPC discusses back-to-school photo safety

The Atlantic Declaration: Data bridges, privacy and AI

Unpacking the DPC’s data transfers decision

Ready for the new Swiss data protection law? Implications for organizations outside Switzerland

Beyond GDPR: Unauthorized reidentification and the Mosaic Effect in the EU AI Act

Is this the end of consent-less tracking by online platforms in the EU?

The EU-U.S. Data Privacy Framework in practice

European Commission adopts EU-US adequacy decision

The definition of ‘anonymization’ is changing in the EU: Here’s what that means

In scope or not? An EU AI Act decision tree and obligations

The EU Artificial Intelligence Act: A look into the EU negotiations

Europe’s rulebook for artificial intelligence takes shape

Unpacking the DPC’s data transfers decision

Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?

The EDPB Coordinated Enforcement Action on the role of DPOs

Ireland’s DPC issues employee data protection guidance

UK data protection reform: An overview

European Data Protection Supervisor’s Annual Report (2022)

AEPD Annual Reports

AEPD publishes guidance on public-sector legislation DPIAs

Irish DPC publishes Article 30 guidance

Irish DPC publishes guides on children’s data protection rights

Going back to basics for the EDPB’s year of the DPO

AEPD publishes guidance to help public administrations manage data risks

NGO seeks more Ukrainian privacy awareness amid Russian invasion

EDPB launches coordinated enforcement on role of DPOs

CNIL’s Secretary General rolls out plans for 2023 at DPI France

ICO releases new UK GDPR certification scheme

UK introduces draft data protection reform

Top ten takeaways from the draft UK GDPR reform

Irish DPC Annual Report 2022

The process behind the EDPB’s coordinated enforcement framework

EU policymakers have adtech in sight for future regulation

FPF: Regulatory Strategies of European Data Protection Authorities

MEPs urge European Commission to reject EU-US adequacy

CJEU issues ruling on DPOs and conflict of interest

UK PM overhauls government departments, including focus on innovation and tech

Denmark’s Datatilsynet outlines 2023 priorities

Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023

CNIL releases report on sanctions, corrective measures

Privacy Around the Globe: United Kingdom

European Commission publishes guidelines for Digital Services Act user reporting

Sweden’s DPA publishes DPO survey

What the EU has in store for 2023

A practical guide to anonymization standards across the EU and UK

EDPB’s Meta decisions explained: Resolving the adtech dispute

10 takeaways from the Irish DPC decisions on Meta

Irish DPC, EDPB Meta decisions raise complex, fundamental questions

Irish DPC fines Meta 390M euros over legal basis for personalized ads

Belarus implements cross-border transfer rules

EU-US draft adequacy decision arrives, EU process begins in earnest

The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache

A look at European Parliament’s AI Act negotiations

Europe seeks a way out of the data retention pickle

German state DPA releases processor code of conduct

The EU’s temptation to break end-to-end encryption

Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data

The EU-US Data Privacy Framework and next steps for data transfers

IAPP country leaders weigh in: What’s next for data protection in Europe?

A view from Brussels: The latest on the DSA, DMA and Privacy Shield

European Commission Report: A European strategy for data

The value of a UK representative: A response to the DPDI Bill

A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup

Is data localization coming to Europe?

Slovenia DPA creates guide for conducting data impact assessments

Dentons: Europe Cookie Law Comparison tool

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

EU Artificial Intelligence Act Proposal: What could it change?

Proposed EU AI Act blurs lines between AI developers and data processors under GDPR

UK unveils data reform bill, proposes AI regulation

Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?

Garante Annual Reports (Italian DPA)

Guide to EU Cookie Laws

A view from Brussels — Reflections on the incoming Czech Republic presidency

A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road

Ukraine’s human rights commissioner releases martial law data protection guidance

Consent as legal basis for EU and UK employment

CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’

Datatilsynet (Norway) – Data Protection Officer Survey 2020/21

CNIL publishes cookie wall evaluation scheme

Berlin DPA offers cross-border data transfer guidance

CNIL Activity Report (2021)

HDPA releases guidelines on website-tracking compliance

CNIL Interactive Map – Data protection around the world

AEPD launches health data guidance hub

EU plans to improve health data access

Norwegian DPA issues guidance on minors’ consent

UK, German DPAs talk regulatory priorities, privacy complexities

The UK data policy and possible divergences with the European Union

European Parliament issues report on AI Act

EDPS, EDPB chair talk privacy policy in the EU, beyond

Ukraine uses Clearview AI to identify Russian soldiers killed in invasion

EU, US agree ‘in principle’ to new trans-Atlantic data agreement

EU Parliament, Council reach deal on Digital Markets Act

Norwegian DPA issues employee monitoring guidance

Key takeaways from CNIL’s draft recommendation on smart cameras

A conversation with Ukrainian Dmytro Korchynskyi

The data provisions in the EU’s upcoming Big Tech law

Data portability in the EU: An obscure data subject right

Commission proposal for a regulation on the European health data space

A conversation with Ukrainian Dmytro Korchynskyi

Disclosing information on behavioral profiles: the Polish cookie case

CNIL’s Guide on Data Protection Officers

Irish DPC fines Meta 17M euros over 2018 data breaches

Danish DPA Annual Reports (Datatilsynet)

EDPS report: EU Institutions’ resilience to COVID-19

The EU’s anti-money laundering regulation and data protection: Part II

CNIL publishes its 2022 to 2024 strategic plan

AEPD – Innovation and Technology Resources

EU Data Governance Act: What privacy professionals need to know

CNIL is latest authority to rule Google Analytics violates GDPR

Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent

Inside the EU’s rocky path to regulate artificial intelligence

Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations

Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’

Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’

CNIL sets parameters for processors’ reuse of data for product improvement

CNIL sets parameters for processors’ reuse of data for product improvement

CNIL’s ePrivacy fines reveal potential enforcement trend

Irish DPC releases 2022-2027 regulatory strategy

Irish DPC finalizes children’s privacy guidelines

From the AI Act to the DSA: Catching up on the EU’s digital agenda

New EU data blockage as German court would ban many cookie management providers

The EU’s digital strategy and what it means for privacy

The way the third-party cookie crumbles: Part 1 – EU and UK developments

The EU’s DMA and DSA: Why this should be of interest to privacy pros

Germany’s telecom privacy law takes effect

EDPB discusses data transfer guidance considerations, key points

New EDPB Guidelines: What is a data transfer under the GDPR?

CNIL releases its own privacy maturity self-assessment model

CNIL publishes DPO guidance

CNIL publishes guide to support organizations in GDPR compliance

Venice uses cellphone data, surveillance cameras to track tourists

Irish DPC WhatsApp decision: What do you need to know?

Digital welfare fraud detection and the Dutch SyRI judgment

CNIL publishes ‘data protection management maturity model’

Norwegian DPA updates data transfer guidance

Malta DPA publishes cookie consent guidance

The state of Serbia’s Personal Data Protection Law after two years

What can we learn from the Garante’s recent 2.5M euro fine?

European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D

Commentary on Dutch DPA’s fine for not appointing an EU representative

German DPA tells government organizations to shut down Facebook pages

Talks for DPOs by Dutch DPOs

EDPB’s data transfer recommendations adopt a risk-based approach with teeth

Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers

Belgian DPA Annual Report

European Commission to take legal action against Belgium over DPA independence

EDPS Factsheet – Data protection audits explained

Garante issues DPO guidance

What’s behind the EU’s new Cloud Code of Conduct?

Germany passes data protection, privacy law for telecommunications

The Irish High Court judgment on EU-US data flows

Exploring Belarus’ data protection law

New urgency about data localization with Portuguese decision

How to know you are a ‘data intermediary’ under the Data Governance Act

EDPB adopts data transfer statement, publishes GDPR guidance

Estonia approves bill enabling creation of biometric ID system

Belarus adopts draft personal data protection law

Why the EDPB should avoid torpedoing BCRs for processors

Privacy self-assessment toolkit for SMEs in Ukraine

Why this French court decision has far-reaching consequences for many businesses

Ukraine human rights commissioner unveils recommendations for access to information

GDPR representatives in EU and UK after Brexit

Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?

Dutch data scandal highlights structural problems around privacy compliance

German data strategy addresses aligning DPAs

Comparing EU regulatory norms with incident reporting obligations

How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs

CJEU’s advocate general: One-stop shop means one-stop shop

Authorities release educational kit for digital citizens

CJEU opinion clarifies cross-border enforcement scenarios

Irish DPC finalizes 450K euro GDPR fine against Twitter

Proposal for an EU Data Governance Act — a first analysis

ENISA Report — Guidelines for securing the IoT

Nonprofit group approved for new collective action ability in Belgium

Political and legal framework of German DPAs: The question of centralization

ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence

France’s Council of State calls on CNIL to assist with Health Data Hub

Ukrainian GDPR: The reality and future of privacy legislation in Ukraine

European Commission: Recommendations for a safe and ethical transition towards driverless mobility

German state DPA guidance on protected usable data post-‘Schrems II’

2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation

Frequently Asked Questions & Resources on ‘Schrems II’

Datatilsynet (Norway) – Annual Privacy Survey

DPA and government guidance on ‘Schrems II’

Switzerland launches contact-tracing app

DPC Ireland 2018-2020 Regulatory Activity Under GDPR

DPAs on the Ground

EDPB concerned over Hungary’s GDPR ban

Country of Georgia’s voting records published online

Cookie Guidance from Greece

Pope, tech companies call for ‘ethical’ regulation on facial recognition

Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate

Proposal would make medical data available online in the Netherlands

North Macedonia adopts data protection law

CNIL – Facial Recognition: For a debate living up to the challenges

Serbian commissioner issues country’s SCCs

Switzerland joins EU’s ‘Convention 223’ treaty

Dispatch from Albania: ICDPPC calls for increased global cooperation

GDPR incorporated into Greek law

Spain’s DPA releases guidance on data processing for wellness, education apps

Portugal’s data protection law went into effect

How to interpret Sweden’s first GDPR fine on facial recognition in school

GDPR Fine Calculator (Fining Schedule of German DPAs)

GDPR implementation in Lithuania: Almost a year in review

Czech Parliament approves bills implementing GDPR

Spain’s constitutional right to data protection and application of the GDPR

Finland’s revamped Data Protection Act now in effect

First GDPR fine in Portugal issued against hospital for three violations

Serbia enacts new data protection law

Report focuses on Belarus violating human rights via surveillance

Belgium finalizes GDPR implementation: A practitioner’s view

Privacy’s role in the Article 7 proceedings against Hungary

Lithuania adopts new Law on Legal Protection of Personal Data

In these three countries, employee consent may be the only way to transfer their data

Blockchain: Practical use cases for the privacy pro — Learning from Estonia

When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine