ResourceCenter

All the tools and information you need in one easy-to-find place

Europe

Resource Center / Topic Pages / Europe

Europe

TOPIC PAGE

Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.

The IAPP Resource Center includes additional European-focused topic pages for the EU AI Act, the EU General Data Protection Regulation and the United Kingdom.

Europe Data Protection Digest newsletter
Be in-the-know on EU privacy news by subscribing to the Europe Data Protection Digest newsletter.
Subscribe here

Featured Resources

Back to top

BOOK

European Data Protection

This third edition includes updates about GDPR enforcement actions and guidance relative to GDPR regulations from authorities and regulators.
Read More

TOOL

European Strategy for Data

This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data.
Read More

Incident Notification Requirements Across EU Laws

This chart is meant as a guide to provide an overview of digital incident notification and information sharing requirements across several EU digital laws.
Read More

RESOURCE ARTICLE

Global AI Governance Law and Policy: EU

This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in the EU.
Read More

Digital Governance in Europe: Stakeholder Map

This chart provides an overview of EU institutions, their roles, their specific areas of responsibility, and their current leadership.
Read More

ARTICLE SERIES

Top 10 operational impacts of the EU AI Act

This series provides walkthrough of the most important components of the EU AI Act.
Read More

Back to Top

Back to top

Additional News and Resources

EU and US cybersecurity

EU Data Act: Dive into the new rules on data access and use

WEB CONFERENCE

UK data reform: What’s proposed

RESOURCE ARTICLE

European Parliament: Ninth parliamentary term recap

EU AI Act: Next Steps for Implementation

INFOGRAPHIC

EU AI Act: The web of regulatory intersections

INFOGRAPHIC

EU AI Act Compliance Matrix

EU AI Act Stakeholder Map

EU AI Act: 101

EU Product Liability Directive Reform: 101

EU NIS2 Directive: 101

EU Data Act: 101

EU Data Governance Act: 101

EU Digital Services Act: 101

EU Digital Markets Act: 101

European Commission’s latest AI initiatives look to drive competitiveness, broader integration

The advocate general’s opinion in EDPS v SRB: Changing the GDPR and facilitating European innovation?

European Commission’s latest AI initiatives look to drive competitiveness, broader integration

Operational impacts of the EDPB’s opinion on data protection in AI models

European Commission proposes UK adequacy deadline extension

European commissioner discusses EU-US Data Privacy Framework, potential GDPR reform

The AEPD’s approach to AI: Smarter models, better compliance

France’s new age verification standard: Tightening controls on access to explicit image sites

The EU Digital Services Act: Ready to meet reporting obligations?

European Commission withdraws AI Liability Directive from consideration

Preparing for compliance: Key differences between EU, Chinese AI regulations

Navigating the new EU cybersecurity standards: The NIS2 Directive and Cyber Resilience Act

Court upholds EDPB’s authority after challenge from Ireland’s DPC

Liability for nonmaterial damage under the GDPR: Approaches of EU, UK courts

What’s in a name?’: EDPB publishes draft guidelines on pseudonymization

EDPB’s 2024 coordinated enforcement offers window into right of access

Bindl v Commission: Reaction and insights from Thomas Bindl

EDPB opinion on personal data and AI models: how consequential is it?

European General Court renders impactful decision on data transfer litigation

EDPB weighs in on key questions on personal data in AI models

EDPB releases opinion on personal data use in AI model development

What the new European Commission could mean for digital regulation

Ireland’s DPC details legitimate interest prong of its LinkedIn enforcement action

A deep dive into Europe’s approach on personal data processing in AI systems

Are you ready for NIS2? The impact of Europe’s new cybersecurity directive

Meta reshapes EU personalized advertising offerings again

What to know about the EU Cyber Resilience Act

Council of Europe’s Framework Convention on AI and its global implications

Top 10 operational impacts of the EU AI Act – Regulatory implementation and application alongside EU digital strategy

RESOURCE ARTICLE

German court decision signals move toward risk-based approach to data transfers

European Commission report reviews progress of EU-US DPF

EDPB issues draft guidelines on legitimate interest, opinion on processors

Report offers drafting recommendations for EU’s general-purpose AI Code of Practice

Sharing is (health)caring? A look into the new European Health Data Space

WEB CONFERENCE

EU Data Act: All your threshold questions answered

The state of web scraping in the EU

Navigating Government Access to Private Data in the EU

INFOGRAPHIC

Global AI Governance Law and Policy: UK

RESOURCE ARTICLE

EU elections explainer: 2024, a transition year into EU leadership overhaul

RESOURCE ARTICLE

EU elections explainer: Heading into the next term, reading the smoke signals

RESOURCE ARTICLE

GDPR Genius

TOOL

Key dates for EU initiatives

TOOL

GDPR at Five

INFOGRAPHIC

Pay, OK or a third way: Context, analysis from the EDPB’s opinion

European Health Data Space: Revolutionizing health care, scientific research in the EU

Navigating AI’s uncharted waters: Insights from China’s Model AI Law, EU AI Act

Get ready for the EU AI Act: Priorities for compliance

Adtech: Practical takeaways from recent EU developments

WEB CONFERENCE

Inside the EU AI Act negotiations: A conversation with Laura Caroli

PODCAST EPISODE

Consent or Pay: The EDPB weighs in

Will the EU AI Act work? Lessons learned from past legislative initiatives, future challenges

EDPB opinion on legality of pay-or-consent models in EU GDPR context

IAPP GPS 2024: European regulators discuss AI Act enforcement, fines

The EU AI Act: A view from the lawmaker on next steps

How stakeholders are welcoming EU AI Act

Preparing to implement the EU AI Act

The EU AI Act: A major moment in the digital world

The EU AI Act: A view from the lawmaker on next steps

Breaking down the EU AI Act

EU-US Data Privacy Framework – Guidance and Resources

Countries At-a-Glance: Privacy and Consumer Trust

INFOGRAPHIC

EU decision-making at a glance: How do EU laws get approved?

EU Data Initiatives in Context

INFOGRAPHIC

A practical comparison of the EU, China and ASEAN standard contractual clauses

RESOURCE ARTICLE

Practical considerations from EU enforcement: One-stop shop

ORIGINAL CONTENT

Practical considerations from EU enforcement: legal bases and transparency

ORIGINAL CONTENT

EU Standard Contractual Clauses (Word documents)

TOOL

The ‘hidden obligation’ rides again! EU representatives under GDPR, DSA, NIS2 and others

Toward a risk-based approach? Challenging the ‘zero risk’ paradigm of EU DPAs in international data transfers and foreign governments’ data access

Implications of EDPB’s looming ‘pay or OK’ guidelines

CNIL publishes priority control themes for 2024

IAB Europe releases updated best practices guide

ASEAN publishes EU transborder data flow guide

ANPD publishes legitimate interest guidance

EU countries vote unanimously to approve AI Act

EDPB creates website auditing tool for GDPR compliance

EU AI Act: Draft consolidated text leaked online

EU crusade against web cookies faces uncertain future

EDPB coordinated enforcement sheds light on DPO compliance

European Commission upholds 11 adequacy decisions

Austria’s DPA releases cookies, data protection FAQ

The CJEU rules on the liability of controllers

Key takeaways from the CJEU’s recent automated decision-making rulings

Revisiting EDPB, ICO approaches to administrative fines

The EU AI Act: ‘We have a deal!’ Now what?

Luca Bertuzzi on the EU AI Act’s political deal and what’s next

PODCAST EPISODE

EU reaches deal on world’s first comprehensive AI regulation

Empowering users: A universal interface for digital ad preferences

Reynders announces European Commission’s latest international data transfer plans

CJEU rules individuals have right to free copy of their personal data

Survey finds many EU companies not yet compliant with NIS2

EDPB issues binding decision banning Meta’s targeted advertising practices

Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions

Key points of the DPC’s GDPR decision on TikTok and children’s data

CNIL publishes FAQ for French entities EU-US DPF implementation

Italy’s DPA releases guide for privacy in schools

European Commission releases DMA compliance report template

Ireland’s DPC publishes case study handbook

Ireland’s DPC issues 345M euro TikTok children’s privacy fine

Contentious areas in the EU AI Act trilogues

Switzerland DPA releases data protection impact assessment guide

Ireland’s DPC discusses back-to-school photo safety

The Atlantic Declaration: Data bridges, privacy and AI

Unpacking the DPC’s data transfers decision

Ready for the new Swiss data protection law? Implications for organizations outside Switzerland

Beyond GDPR: Unauthorized reidentification and the Mosaic Effect in the EU AI Act

Is this the end of consent-less tracking by online platforms in the EU?

The EU-U.S. Data Privacy Framework in practice

European Commission adopts EU-US adequacy decision

The definition of ‘anonymization’ is changing in the EU: Here’s what that means

In scope or not? An EU AI Act decision tree and obligations

The EU Artificial Intelligence Act: A look into the EU negotiations

Europe’s rulebook for artificial intelligence takes shape

Unpacking the DPC’s data transfers decision

Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?

The EDPB Coordinated Enforcement Action on the role of DPOs

Ireland’s DPC issues employee data protection guidance

European Data Protection Supervisor’s Annual Report (2022)

AEPD Annual Reports

AEPD publishes guidance on public-sector legislation DPIAs

Irish DPC publishes Article 30 guidance

Irish DPC publishes guides on children’s data protection rights

Going back to basics for the EDPB’s year of the DPO

RESOURCE ARTICLE

AEPD publishes guidance to help public administrations manage data risks

NGO seeks more Ukrainian privacy awareness amid Russian invasion

EDPB launches coordinated enforcement on role of DPOs

CNIL’s Secretary General rolls out plans for 2023 at DPI France

ICO releases new UK GDPR certification scheme

UK introduces draft data protection reform

Top ten takeaways from the draft UK GDPR reform

Irish DPC Annual Report 2022

The process behind the EDPB’s coordinated enforcement framework

EU policymakers have adtech in sight for future regulation

FPF: Regulatory Strategies of European Data Protection Authorities

WHITE PAPER

MEPs urge European Commission to reject EU-US adequacy

CJEU issues ruling on DPOs and conflict of interest

UK PM overhauls government departments, including focus on innovation and tech

Denmark’s Datatilsynet outlines 2023 priorities

Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023

CNIL releases report on sanctions, corrective measures

Privacy Around the Globe: United Kingdom

European Commission publishes guidelines for Digital Services Act user reporting

Sweden’s DPA publishes DPO survey

What the EU has in store for 2023

A practical guide to anonymization standards across the EU and UK

EDPB’s Meta decisions explained: Resolving the adtech dispute

10 takeaways from the Irish DPC decisions on Meta

Irish DPC, EDPB Meta decisions raise complex, fundamental questions

Irish DPC fines Meta 390M euros over legal basis for personalized ads

Belarus implements cross-border transfer rules

EU-US draft adequacy decision arrives, EU process begins in earnest

The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache

PODCAST EPISODE

A look at European Parliament’s AI Act negotiations

Europe seeks a way out of the data retention pickle

German state DPA releases processor code of conduct

The EU’s temptation to break end-to-end encryption

Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data

The EU-US Data Privacy Framework and next steps for data transfers

IAPP country leaders weigh in: What’s next for data protection in Europe?

A view from Brussels: The latest on the DSA, DMA and Privacy Shield

European Commission Report: A European strategy for data

The value of a UK representative: A response to the DPDI Bill

A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup

Is data localization coming to Europe?

Slovenia DPA creates guide for conducting data impact assessments

Dentons: Europe Cookie Law Comparison tool

TOOL

Cookies, the GDPR and the ePrivacy Directive

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

Proposed EU AI Act blurs lines between AI developers and data processors under GDPR

UK unveils data reform bill, proposes AI regulation

EU Artificial Intelligence Act Proposal: What could it change?

Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?

Garante Annual Reports (Italian DPA)

Guide to EU Cookie Laws

A view from Brussels — Reflections on the incoming Czech Republic presidency

A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road

Ukraine’s human rights commissioner releases martial law data protection guidance

Consent as legal basis for EU and UK employment

CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’

Datatilsynet (Norway) – Data Protection Officer Survey 2020/21

CNIL publishes cookie wall evaluation scheme

Berlin DPA offers cross-border data transfer guidance

CNIL Activity Report (2021)

HDPA releases guidelines on website-tracking compliance

CNIL Interactive Map – Data protection around the world

TOOL

AEPD launches health data guidance hub

EU plans to improve health data access

Norwegian DPA issues guidance on minors’ consent

UK, German DPAs talk regulatory priorities, privacy complexities

The UK data policy and possible divergences with the European Union

European Parliament issues report on AI Act

EDPS, EDPB chair talk privacy policy in the EU, beyond

Ukraine uses Clearview AI to identify Russian soldiers killed in invasion

EU, US agree ‘in principle’ to new trans-Atlantic data agreement

EU Parliament, Council reach deal on Digital Markets Act

Norwegian DPA issues employee monitoring guidance

Key takeaways from CNIL’s draft recommendation on smart cameras

A conversation with Ukrainian Dmytro Korchynskyi

The data provisions in the EU’s upcoming Big Tech law

Data portability in the EU: An obscure data subject right

Commission proposal for a regulation on the European health data space

A conversation with Ukrainian Dmytro Korchynskyi

Disclosing information on behavioral profiles: the Polish cookie case

CNIL’s Guide on Data Protection Officers

Irish DPC fines Meta 17M euros over 2018 data breaches

Danish DPA Annual Reports (Datatilsynet)

EDPS report: EU Institutions’ resilience to COVID-19

The EU’s anti-money laundering regulation and data protection: Part II

CNIL publishes its 2022 to 2024 strategic plan

AEPD – Innovation and Technology Resources

EU Data Governance Act: What privacy professionals need to know

CNIL is latest authority to rule Google Analytics violates GDPR

Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent

Inside the EU’s rocky path to regulate artificial intelligence

Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations

Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’

Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’

CNIL sets parameters for processors’ reuse of data for product improvement

CNIL sets parameters for processors’ reuse of data for product improvement

CNIL’s ePrivacy fines reveal potential enforcement trend

CNIL’s ePrivacy fines reveal potential enforcement trend

Irish DPC releases 2022-2027 regulatory strategy

Irish DPC finalizes children’s privacy guidelines

From the AI Act to the DSA: Catching up on the EU’s digital agenda

New EU data blockage as German court would ban many cookie management providers

The EU’s digital strategy and what it means for privacy

The way the third-party cookie crumbles: Part 1 – EU and UK developments

The EU’s DMA and DSA: Why this should be of interest to privacy pros

Germany’s telecom privacy law takes effect

EDPB discusses data transfer guidance considerations, key points

New EDPB Guidelines: What is a data transfer under the GDPR?

CNIL releases its own privacy maturity self-assessment model

CNIL publishes DPO guidance

CNIL publishes guide to support organizations in GDPR compliance

CIPL releases recommendations on e-Privacy Regulation

Venice uses cellphone data, surveillance cameras to track tourists

Irish DPC WhatsApp decision: What do you need to know?

Digital welfare fraud detection and the Dutch SyRI judgment

CNIL publishes ‘data protection management maturity model’

Norwegian DPA updates data transfer guidance

Malta DPA publishes cookie consent guidance

The state of Serbia’s Personal Data Protection Law after two years

What can we learn from the Garante’s recent 2.5M euro fine?

European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D

Commentary on Dutch DPA’s fine for not appointing an EU representative

German DPA tells government organizations to shut down Facebook pages

Talks for DPOs by Dutch DPOs

WEB CONFERENCE

EDPB’s data transfer recommendations adopt a risk-based approach with teeth

Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers

Belgian DPA Annual Report

European Commission to take legal action against Belgium over DPA independence

EDPS Factsheet – Data protection audits explained

INFOGRAPHIC

Garante issues DPO guidance

What’s behind the EU’s new Cloud Code of Conduct?

ePrivacy Regulation — Q&A on select topics

Germany passes data protection, privacy law for telecommunications

The Irish High Court judgment on EU-US data flows

Exploring Belarus’ data protection law

New urgency about data localization with Portuguese decision

How to know you are a ‘data intermediary’ under the Data Governance Act

Google supports temporary ePrivacy derogation to fight child exploitation online

EDPB adopts data transfer statement, publishes GDPR guidance

Estonia approves bill enabling creation of biometric ID system

Belarus adopts draft personal data protection law

Why the EDPB should avoid torpedoing BCRs for processors

Privacy self-assessment toolkit for SMEs in Ukraine

Why this French court decision has far-reaching consequences for many businesses

Ukraine human rights commissioner unveils recommendations for access to information

GDPR representatives in EU and UK after Brexit

Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?

Next-gen privacy: Examining the EU’s ePrivacy Regulation

EU Council ambassadors agree to negotiating position on ePrivacy Regulation

Dutch data scandal highlights structural problems around privacy compliance

German data strategy addresses aligning DPAs

Comparing EU regulatory norms with incident reporting obligations

How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs

CJEU’s advocate general: One-stop shop means one-stop shop

Authorities release educational kit for digital citizens

CJEU opinion clarifies cross-border enforcement scenarios

Irish DPC finalizes 450K euro GDPR fine against Twitter

Proposal for an EU Data Governance Act — a first analysis

ENISA Report — Guidelines for securing the IoT

Nonprofit group approved for new collective action ability in Belgium

Political and legal framework of German DPAs: The question of centralization

ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence

France’s Council of State calls on CNIL to assist with Health Data Hub

Ukrainian GDPR: The reality and future of privacy legislation in Ukraine

European Commission: Recommendations for a safe and ethical transition towards driverless mobility

German state DPA guidance on protected usable data post-‘Schrems II’

2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation

Frequently Asked Questions & Resources on ‘Schrems II’

ORIGINAL CONTENT

Datatilsynet (Norway) – Annual Privacy Survey

DPA and government guidance on ‘Schrems II’

Switzerland launches contact-tracing app

DPC Ireland 2018-2020 Regulatory Activity Under GDPR

DPAs on the Ground

WHITE PAPER

EDPB concerned over Hungary’s GDPR ban

Country of Georgia’s voting records published online

Cookie Guidance from Greece

Pope, tech companies call for ‘ethical’ regulation on facial recognition

Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate

Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate

Proposal would make medical data available online in the Netherlands

North Macedonia adopts data protection law

CNIL – Facial Recognition: For a debate living up to the challenges

Serbian commissioner issues country’s SCCs

Croatian Presidency tempers expectations on ePrivacy progress

Switzerland joins EU’s ‘Convention 223’ treaty

How the ePrivacy Regulation talks failed … again

Dispatch from Albania: ICDPPC calls for increased global cooperation

GDPR incorporated into Greek law

Spain’s DPA releases guidance on data processing for wellness, education apps

Portugal’s data protection law went into effect

How to interpret Sweden’s first GDPR fine on facial recognition in school

GDPR Fine Calculator (Fining Schedule of German DPAs)

TOOL

The Privacy Advisor Podcast: Debrief on ePrivacy Regulation, Schrems II case

PODCAST EPISODE

GDPR implementation in Lithuania: Almost a year in review

Czech Parliament approves bills implementing GDPR

Spain’s constitutional right to data protection and application of the GDPR

What happens to ePrivacy under the Romanian presidency?

Finland’s revamped Data Protection Act now in effect

First GDPR fine in Portugal issued against hospital for three violations

Serbia enacts new data protection law

Report focuses on Belarus violating human rights via surveillance

Belgium finalizes GDPR implementation: A practitioner’s view

Privacy’s role in the Article 7 proceedings against Hungary

Lithuania adopts new Law on Legal Protection of Personal Data

In these three countries, employee consent may be the only way to transfer their data

Blockchain: Practical use cases for the privacy pro — Learning from Estonia

When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine

Inside the ePrivacy Regulation’s furious lobbying war

LIBE votes to push Lauristin’s ePrivacy Regulation forward

MEPs debate ePrivacy Regulation’s merits ahead of July 10 deadline

Introducing: The ePrivacy Regulation’s key player

Will the ePrivacy Reg overshadow the GDPR in the age of IoT?

The ePrivacy Regulation: It’s not just about cookies anymore

European Commission proposes formal ePrivacy Regulation

Back to top

Back to Top

Back to top