Europe

Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.

The IAPP Resource Center includes additional European focused topic pages:

Subscribe to the Europe Data Protection Digest e-newsletter!
Keep up to date with the most important privacy and data protection news from the European region by subscribing to the Europe Data Protection Digest e-newsletter.

Featured Resources Latest News & Resources Regional Resources

Featured Resources

European Institutions Privacy Stakeholder Map

To better understand the entities involved in EU privacy rulemaking, this chart provides an overview of the institutions, the nature of their role, the specific areas of responsibilities, and current leadership.
Read More

How do EU laws get approved?

This chart describes the main steps of the codecision procedure, the most common decision-making procedure among EU Institutions.
Read More

European Strategy for Data

This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data.
Read More

Latest News & Resources

EU-US Data Privacy Framework – Guidance and Resources

On October 7, 2022, the White House released an executive order implementing the long-awaited EU-U.S. Data Privacy Framework. The European Commission concurrently announced that it will launch its adequacy determination procedure for EU personal data transferred to the United States under the arrangement. This page will stay updated with the latest guidance documents and resources covering what these new rules say, how they work and what comes next as the adequacy review process proceeds. Read More

Save This

	UK data protection reform: An overview (IAPP, April 2023)
	European Data Protection Supervisor’s Annual Report (2023) (EDPS, April 2023)
	Irish DPC publishes Article 30 guidance (IAPP, April 2023)
	Irish DPC publishes guides on children’s data protection rights (IAPP, April 2023)
	Going back to basics for the EDPB’s year of the DPO (IAPP, March 2023)
	NGO seeks more Ukrainian privacy awareness amid Russian invasion (IAPP, March 2023)
	EDPB launches coordinated enforcement on role of DPOs (IAPP, March 2023)
	CNIL’s Secretary General rolls out plans for 2023 at DPI France (IAPP, March 2023)
	ICO releases new UK GDPR certification scheme (IAPP, March 2023)
	UK introduces draft data protection reform (IAPP, March 2023)
	Top ten takeaways from the draft UK GDPR reform (IAPP, March 2023)
	Irish DPC Annual Report 2022 (Irish DPC, March 2023)
	The process behind the EDPB’s coordinated enforcement framework (IAPP, February 2023)
	EU policymakers have adtech in sight for future regulation (IAPP, February 2023)
	FPF: Regulatory Strategies of European Data Protection Authorities (Future of Privacy Forum, February 2023)
	MEPs urge European Commission to reject EU-US adequacy (IAPP, February 2023)
	CJEU issues ruling on DPOs and conflict of interest (IAPP, February 2023)
	UK PM overhauls government departments, including focus on innovation and tech (IAPP, February 2023)
	Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023 (IAPP, February 2023)
	Privacy Around the Globe: United Kingdom (IAPP, February 2023)
	European Commission publishes guidelines for Digital Services Act user reporting (IAPP, February 2023)
	What the EU has in store for 2023 (IAPP, January 2023)
	A practical guide to anonymization standards across the EU and UK (IAPP, January 2023)
	EDPB’s Meta decisions explained: Resolving the adtech dispute (IAPP, January 2023)
	10 takeaways from the Irish DPC decisions on Meta (IAPP, January 2023)
	Irish DPC, EDPB Meta decisions raise complex, fundamental questions (IAPP, January 2023)
	Irish DPC fines Meta 390M euros over legal basis for personalized ads (IAPP, January 2023)
	EU-US draft adequacy decision arrives, EU process begins in earnest (IAPP, December 2022)
	The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache (IAPP, December 2022)
	A look at European Parliament’s AI Act negotiations (IAPP, November 2022)
	Europe seeks a way out of the data retention pickle (IAPP, November 2022)
	The EU’s temptation to break end-to-end encryption (IAPP, November 2022)
	The EU-US Data Privacy Framework and next steps for data transfers (IAPP, October 2022)
	IAPP country leaders weigh in: What’s next for data protection in Europe? (IAPP, October 2022)
	A view from Brussels: The latest on the DSA, DMA and Privacy Shield (IAPP, October 2022)
	European Commission Report: A European strategy for data (European Commission, October 2022)
	The value of a UK representative: A response to the DPDI Bill (IAPP, September 2022)
	Bloc of EU lawmakers throws support behind total facial recognition ban (IAPP, September 2022)
	CEPS publishes EU AI Act report (IAPP, September 2022)
	Is data localization coming to Europe? (IAPP, August 2022)
	Dentons: Europe Cookie Law Comparison tool (Dentons, August 2022)
	UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework (IAPP, July 2022)
	EU Artificial Intelligence Act Proposal: What could it change? (IAPP, July 2022)
	Proposed EU AI Act blurs lines between AI developers and data processors under GDPR (IAPP, July 2022)
	UK unveils data reform bill, proposes AI regulation (IAPP, July 2022)
	Sanctions under EU GDPR and recent data regulations: A case of double jeopardy? (IAPP, July 2022)
	Irish DPC files draft order to halt Meta’s data transfers to US (IAPP, July 2022)
	Guide to EU Cookie Laws (Privacy Policies, July 2022)
	A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road (IAPP, June 2022)
	A view from Brussels: EDPB adopts guidelines on fines, Council of the European Union approves DGA (IAPP, May 2022)
	JOIC releases 2021 data breach report (IAPP, May 2022)
	EU institutions publish final text for Digital Markets Act (IAPP, May 2022)
	EU plans to improve health data access (IAPP, May 2022)
	European Data Protection Board Annual Report (2021) (EDPB, May 2022)
	Consent as legal basis for EU and UK employment (IAPP, May 2022)
	CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’ (IAPP, May 2022)
	The UK data policy and possible divergences with the European Union (IAPP, April 2022)
	European Parliament issues report on AI Act (IAPP, April 2022)
	EDPS, EDPB chair talk privacy policy in the EU, beyond (IAPP, April 2022)
	EU, US agree ‘in principle’ to new trans-Atlantic data agreement (IAPP, May 2022)
	EU Parliament, Council reach deal on Digital Markets Act (IAPP, March 2022)
	The data provisions in the EU’s upcoming Big Tech law (IAPP, March 2022)
	Data portability in the EU: An obscure data subject right (IAPP, March 2022)
	Commission proposal for a regulation on the European health data space (IAPP, March 2022)
	A conversation with Ukrainian Dmytro Korchynskyi (IAPP, March 2022)
	Key takeaways from CNIL’s draft recommendation on smart cameras (IAPP, March 2022)
	EDPS report: EU Institutions’ resilience to COVID-19 (EDPS, March 2022)
	The EU’s anti-money laundering regulation and data protection: Part II (IAPP, February 2022)
	EU Data Governance Act: What privacy professionals need to know (IAPP, February 2022)
	CNIL is latest authority to rule Google Analytics violates GDPR (IAPP, February 2022)
	Inside the EU’s rocky path to regulate artificial intelligence (IAPP, February 2022)
	The 2022 lookout for EU policy: what you need to know (IAPP, January 2022)
	Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’ (IAPP, January 2022)
	EU Standard Contractual Clauses (Word documents) (IAPP)
	CNIL sets parameters for processors’ reuse of data for product improvement (IAPP, January 2022)
	CNIL’s ePrivacy fines reveal potential enforcement trend (IAPP, January 2022)
	The EU’s digital strategy and what it means for privacy (IAPP, December 2021)
	From the AI Act to the DSA: Catching up on the EU’s digital agenda (IAPP, December 2021)
	New EU data blockage as German court would ban many cookie management providers (IAPP, December 2021)
	The way the third-party cookie crumbles: Part 1 – EU and UK developments (IAPP, December 2021)
	The EU’s DMA and DSA: Why this should be of interest to privacy pros (IAPP, December 2021)
	Germany’s telecom privacy law takes effect (IAPP, December 2021)
	EDPB discusses data transfer guidance considerations, key points (IAPP, November 2021)
	LinkedIn Live: ‘New EDPB Guidelines: What is a data transfer under the GDPR?’ (IAPP, November 2021)
	New EDPB guidelines define international transfers: Dancing in place (IAPP, November 2021)
	CNIL releases its own privacy maturity self-assessment model (IAPP, November 2021)
	The future of data protection in the EU’s digital market strategy (IAPP, November 2021)
	Dispatch from Brussels: Some clarification for EU data transfers on the horizon (IAPP, November 2021)
	ENISA Threat Landscape Report 2021 (European Union Agency for Cybersecurity, October 2021)
	Facebook to hire 10K EU workers over next 5 years (IAPP, October 2021)
	Irish DPC proposes 36M euro GDPR fine against Facebook (IAPP, October 2021)
	CNIL Interactive Map – Data protection around the world (CNIL, September 2021)
	Irish DPC WhatsApp decision: What do you need to know? (IAPP, September 2021)
	The Brussels lowdown: Data policy this fall (IAPP, September 2021)
	UK launches wide-ranging data reform initiative (IAPP, September 2021)
	Facebook updates cookie controls in Europe (IAPP, September 2021)
	The state of Serbia’s Personal Data Protection Law after two years (IAPP, August 2021)
	FAQs for UK ICO’s data transfer consultation – including approach to EU SCCs (IAPP, August 2021)
	What can we learn from the Garante’s recent 2.5M euro fine? (IAPP, August 2021)
	EU warns UK could lose adequacy by drifting away from GDPR (IAPP, August 2021)
	EDPB outlines DPA resourcing, enforcement actions (IAPP, August 2021)
	European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D (IAPP, July 2021)
	Insights into the Future of Data Protection Enforcement: Regulatory Strategies of European Data Protection Authorities for 2021-2022 (The Future of Privacy Forum, July 2021)
	Commentary on Dutch DPA’s fine for not appointing an EU representative (IAPP, July 2021)
	The CJEU did not rescind the one-stop shop. Quite the opposite. (IAPP, July 2021)
	Web Conference: Talks for DPOs by Dutch DPOs (IAPP, June 2021)
	EDPB rapporteur details board’s supplementary measures (IAPP, June 2021)
	EU adequacy decision for South Korea (IAPP, June 2021)
	EDPB’s data transfer recommendations adopt a risk-based approach with teeth (IAPP, June 2021)
	Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers (IAPP, June 2021)
	EDPS Factsheet – Data protection audits explained (EDPS, June 2021)
	Digital wallet unveiled in EU (IAPP, June 2021)
	European Commission adopts UK adequacy decisions (IAPP, June 2021)
	EPDS Infographic — Personal Data Breaches in a Nutshell (EDPS, May 2021)
	CoE, Parliament reach provisional deal on COVID-19 certificates (IAPP, May 2021)
	What’s behind the EU’s new Cloud Code of Conduct? (IAPP, May 2021)
	New urgency about data localization with Portuguese decision (IAPP, April 2021)
	How to know you are a ‘data intermediary’ under the Data Governance Act (IAPP, April 2021)
	EU grappling with potential one-stop-shop reform (IAPP, April 2021)
	Why the EU’s AI regulation is a groundbreaking proposal (IAPP, April 2021)
	A look at what’s in the EU’s newly proposed regulation on AI (IAPP, April 2021)
	EDPB adopts data transfer statement, publishes GDPR guidance (IAPP, April 2021)
	Facebook breach draws EU ‘mass action’ lawsuit (IAPP, April 2021)
	EDPB publishes opinions on UK draft adequacy decision (IAPP, April 2021)
	Web Conference: Monitoring Employees’ Health & Activities Outside Work in Germany, Poland and UK (IAPP, February 2021)
	Why the EDPB should avoid torpedoing BCRs for processors (IAPP, April 2021)
	NIS representation in the EU and UK — Was the March 31 deadline a turning point? (IAPP, April 2021)
	Why this French court decision has far-reaching consequences for many businesses (IAPP, March 2021)
	Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold (IAPP, February 2021)
	GDPR representatives in EU and UK after Brexit (IAPP, February 2021)
	European Commission releases draft UK adequacy decisions (IAPP, February 2021)
	Data transfers: Questions and answers abound, yet solutions elude (IAPP, February 2021)
	Croatian DPA shutters website: Protection of personal data or violation of freedom of speech? (IAPP, February 2021)
	EU Council ambassadors agree to negotiating position on ePrivacy Regulation (IAPP, February 2021)
	Government leaders discuss state of play for UK adequacy, data transfers (IAPP, January 2021)
	Comparing EU regulatory norms with incident reporting obligations (IAPP, January 2021)
	How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs (IAPP, January 2021)
	Hard data localization may be coming to the EU — Here are 5 concerns (IAPP, January 2021)
	CJEU’s advocate general: One-stop shop means one-stop shop (IAPP, January 2021)
	CJEU opinion clarifies cross-border enforcement scenarios (IAPP, January 2021)
	UK, EU reach interim data flow agreement (IAPP, January 2021)
	Proposal for an EU Data Governance Act — a first analysis (IAPP, December 2020)
	How US, EU approach regulating ‘dark patterns’ (IAPP, December 2020)
	ENISA Report — Guidelines for securing the IoT (European Union Agency for Cybersecurity, November 2020)
	European Commission: Recommendations for a safe and ethical transition towards driverless mobility (European Commission, September 2020)
	Frequently Asked Questions & Resources on ‘Schrems II’ (IAPP, August 2020)
	DPA and government guidance on ‘Schrems II’ (IAPP, July 2020)
	White Paper – DPAs on the Ground (IAPP, May 2020)
	The GDPR at Two: Expert Perspectives (IAPP, May 2020)
	White Paper – GDPR at One Year: What We Heard from Leading European Regulators (IAPP, August 2019)

View More Resources

Regional Resources

Click below to navigate to resources by region.

Albania, Austria, Belarus, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Ukraine, United Kingdom, Vatican City

Albania

Dispatch from Albania: ICDPPC calls for increased global cooperation
(IAPP, October 2019)

Austria

Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’
(IAPP, January 2022)
Austrian court sides with Facebook in explicit consent case
(IAPP, January 2021)
German, Austrian telecoms disclose location data for COVID-19 tracking
(IAPP, March 2020)
Austrian DPA issues 18M euro fine for alleged GDPR violations
(IAPP, October 2019)

Belarus

Belarus implements cross-border transfer rules
(IAPP, January 2023)
Exploring Belarus’ data protection law
(IAPP, May 2021)
Belarus adopts draft personal data protection law
(IAPP, April 2021)
Report focuses on Belarus violating human rights via surveillance
(IAPP, October 2018)
In these three countries, employee consent may be the only way to transfer their data
(IAPP, April 2018)

When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine
(IAPP, April 2018)

View More Resources

Belgium

Belgian DPA Annual Report
(June 2021)
Belgian DPA fines IAB Europe 250K euros over consent framework GDPR violations
(IAPP, February 2022)
European Commission to take legal action against Belgium over DPA independence
(IAPP, June 2021)
Belgian DPA unveils new data protection toolkit
(IAPP, March 2021)
Nonprofit group approved for new collective action ability in Belgium
(IAPP, October 2020)
Meet the chairman of Belgium’s first official DPA
(IAPP, April 2019)

Belgium finalizes GDPR implementation: A practitioner’s view
(IAPP, September 2018)

View More Resources

Bulgaria

Court deems article within Bulgaria’s Personal Data Protection Act unconstitutional
(IAPP, November 2019)
Millions affected by Bulgaria’s largest data breach ever
(IAPP, July 2019)

Croatia

Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?
(IAPP, February 2021)
2 years, 2 fines, 2 banks: Croatia DPA advocating for right of access to credit documentation
(IAPP, September 2020)
Critics on Croatia’s ePrivacy proposal: Legitimate interest provisions not legitimate
(IAPP, February 2020)
Croatian Presidency tempers expectations on ePrivacy progress
(IAPP, January 2020)
Croatian GDPR implementation law — main features and unanswered questions
(IAPP, May 2018)

Cyprus

Cyprus DPA emphasizes children’s privacy
(IAPP, March 2020)

Czech Republic

A view from Brussels: EU Council’s Czech presidency eyes ambitious fall lineup
(IAPP, August 2022)
Czech Republic’s data protection authority formalized as country’s cyber regulator
(IAPP, August 2022)
Czech Republic DPA publishes cookie review
(IAPP, July 2022)
A view from Brussels — Reflections on the incoming Czech Republic presidency
(IAPP, June 2022)
Czech DPA extends employer COVID-19 testing obligations
(IAPP, April 2021)

Czech Parliament approves bills implementing GDPR
(IAPP, April 2019)

View More Resources

Denmark

Danish DPA Annual Reports (Datatilsynet)
(Datatilsynet)
Denmark’s Datatilsynet outlines 2023 priorities
(IAPP, February 2023)
Danish DPA renders decision against Google Analytics transfers
(IAPP, September 2022)
Danish DPA offers guidance on supervising data processors
(IAPP, November 2021)
Denmark to launch COVID-19 passports
(IAPP, February 2021)

Denmark issues guide on data breach fine scheme
(IAPP, February 2021)
Datatilsynet publishes guide on sharing personal information with police
(IAPP, January 2021)
Danish DPA, Irish DPC highlight areas of focus for 2021
(IAPP, January 2021)
Danish DPA revises employment data protection guidelines
(IAPP, December 2020)

View More Resources

Estonia

Estonia approves bill enabling creation of biometric ID system
(IAPP, April 2021)
Deepfake tech a cybersecurity threat, Estonian Foreign Intelligence Service says
(IAPP, February 2021)
Estonia pushes AI in government services
(IAPP, March 2019)
Blockchain: Practical use cases for the privacy pro — Learning from Estonia
(IAPP, April 2018)

Finland

Finnish ministry’s working group publishes report on data protection policy proposals
(IAPP, February 2021)
Finland therapy center ordered to notify clients of data breach
(IAPP, October 2020)
Talus appointed as Finland’s new data protection commissioner
(IAPP, August 2020)
Finland eyes ePrivacy agreement before year’s end
(IAPP, October 2019)
Finland’s revamped Data Protection Act now in effect
(IAPP, January 2019)

France

ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence
(IAPP)
CNIL’s Secretary General rolls out plans for 2023 at DPI France
(IAPP, March 2023)
CNIL releases report on sanctions, corrective measures
(IAPP, February 2023)
CNIL publishes cookie wall evaluation scheme
(IAPP, May 2022)
CNIL Activity Report (2021)
(IAPP, May 2022)

CNIL’s Guide on Data Protection Officers
(IAPP, March 2022)
Key takeaways from CNIL’s draft recommendation on smart cameras
(IAPP, March 2022)
CNIL publishes its 2022 to 2024 strategic plan
(IAPP, February 2022)
CNIL is latest authority to rule Google Analytics violates GDPR
(IAPP, February 2022)
CNIL sets parameters for processors’ reuse of data for product improvement
(IAPP, January 2022)
CNIL’s ePrivacy fines reveal potential enforcement trend
(IAPP, January 2022)
CNIL releases its own privacy maturity self-assessment model
(IAPP, November 2021)
CNIL publishes DPO guidance
(IAPP, November 2021)
CNIL publishes guide to support organizations in GDPR compliance
(IAPP, September 2021)
CNIL publishes ‘data protection management maturity model’
(IAPP, September 2021)
CNIL publishes guidance on email attacks
(IAPP, August 2021)
Why this French court decision has far-reaching consequences for many businesses
(IAPP, March 2021)
Council of State rules on data retention for national security threats
(IAPP, April 2021)
CNIL publishes ad tracker guidelines
(IAPP, April 2021)
Authorities release educational kit for digital citizens
(IAPP, January 2021)
Facial Recognition: For a debate living up to the challenges
(CNIL, February 2020)
France’s Council of State calls on CNIL to assist with Health Data Hub
(IAPP, October 2020)

View More Resources

Georgia

Country of Georgia’s voting records published online
(IAPP, March 2020)

Germany

German state DPA releases processor code of conduct
(IAPP, November 2022)
Berlin DPA offers cross-border data transfer guidance
(IAPP, May 2022)
UK, German DPAs talk regulatory priorities, privacy complexities
(IAPP, April 2022)
German state DPA publishes updated cookie guide
(IAPP, March 2022)
New EU data blockage as German court would ban many cookie management providers
(IAPP, December 2021)

ICO, CNIL, German and Spanish DPA Revised Cookies Guidelines: Convergence and Divergence
(IAPP)
Germany’s telecom privacy law takes effect
(IAPP, December 2021)
German DPA tells government organizations to shut down Facebook pages
(IAPP, June 2021)
Germany passes data protection, privacy law for telecommunications
(IAPP, May 2021)
Hamburg commissioner opens proceedings against Facebook; court reduces GDPR fine against hospital
(IAPP, April 2021)
Political and legal framework of German DPAs: The question of centralization
(IAPP, October 2020)
German state DPA guidance on protected usable data post-‘Schrems II’
(IAPP, September 2020)
German DPA releases 2020 activity report
(IAPP, February 2021)
German data strategy addresses aligning DPAs
(IAPP, January 2021)
Draft law adapts Germany’s IT laws to digitalization
(IAPP, January 2021)
German Presidency: ‘Further work is needed’ on ePrivacy
(IAPP, November 2020)
GDPR Fine Calculator (Fining Schedule of German DPAs)
(Christopher Schmidt)

View More Resources

Greece

Cookie Guidance from Greece
(IAPP, March 2020)
Greek DPA imposes 20M euro fine on Clearview AI for unlawful processing of personal data
(IAPP, October 2022)
HDPA releases guidelines on website-tracking compliance
(IAPP, May 2022)
GDPR incorporated into Greek law
(IAPP, October 2019)

Hungary

EDPB concerned over Hungary’s GDPR ban
(IAPP, May 2020)
Hungary halts some GDPR rights amid COVID-19
(IAPP, May 2020)
Privacy’s role in the Article 7 proceedings against Hungary
(IAPP, September 2018)

Iceland

Icelandic DPA comments on bank’s DPO appointment
(IAPP, February 2021)
Icelandic DPA rules against telecom in DSARs case
(IAPP, January 2020)
Icelandic DPA offers children’s privacy ruling
(IAPP, November 2019)

Ireland

Irish DPC Annual Report 2022
(March 2023)
10 takeaways from the Irish DPC decisions on Meta
(January 2023)
Irish DPC, EDPB Meta decisions raise complex, fundamental questions
(January 2023)
Irish DPC fines Meta 390M euros over legal basis for personalized ads
(January 2023)
Meta faces large fine from DPC over children’s privacy violations on Instagram
(May 2022)

Irish DPC fines Meta 17M euros over 2018 data breaches
(March 2022)
Ireland publishes National Digital Strategy
(February 2022)
Irish DPC releases 2022-2027 regulatory strategy
(IAPP, December 2021)
Irish DPC finalizes children’s privacy guidelines
(IAPP, December 2021)
DPC publishes vaccine certification check guidance
(IAPP, November 2021)
Irish DPC proposes 36M euro GDPR fine against Facebook
(IAPP, October 2021)
Irish DPC WhatsApp decision: What do you need to know?
(IAPP, September 2021)
Irish DPC offers DPO qualifications recommendations
(IAPP, September 2021)
The Irish High Court judgment on EU-US data flows
(IAPP, May 2021)
Irish DPC opens investigation into Facebook data leak
(IAPP, April 2021)
Ireland’s DPC releases guidance on domestic CCTV use
(IAPP, January 2021)
Irish DPC finalizes 450K euro GDPR fine against Twitter
(IAPP, December 2020)
Irish DPC: Return-to-work guidance
(Irish DPC, June 2020)
DPC Ireland 2018-2020 Regulatory Activity Under GDPR
(Irish DPC, June 2020)

View More Resources

Italy

Garante Annual Reports
(Italian DPA)
Italy enforces vaccine passport mandate for all workers
(IAPP, October 2021)
Venice uses cellphone data, surveillance cameras to track tourists
(IAPP, October 2021)
Garante issues DPO guidance
(IAPP, May 2021)
Italian DPA opens proceedings on TikTok’s children’s privacy practices
(IAPP, December 2020)

Complaint filed over names of Italian women found in cemetery
(IAPP, October 2020)
Italian DPA issues 140K euros worth of GDPR fines
(IAPP, October 2020)

View More Resources

Latvia

Latvia’s DSI publishes explanation of DPO role
(IAPP, December 2020)
Gibraltar, Latvia discuss post-Brexit data transfers
(IAPP, December 2020)

Lithuania

Lithuanian DPA fines municipality for GDPR violation
(IAPP, October 2020)
Lithuanian DPA releases opinion on BCRs
(IAPP, September 2020)
GDPR implementation in Lithuania: Almost a year in review
(IAPP, April 2019)
Lithuania adopts new Law on Legal Protection of Personal Data
(IAPP, July 2018)

Luxembourg

CNPD releases 2020 Activity Report
(IAPP, October 2021)
CNPD appoints new commissioner
(IAPP, September 2021)
What the Luxembourg DPA’s big GDPR fine could do for its reputation
(IAPP, August 2021)
Luxembourg DPA publishes Brexit data transfer guidance
(IAPP, July 2021)
Luxembourg introduces law to regulate government data access
(IAPP, November 2020)

Malta

Malta DPA publishes cookie consent guidance
(IAPP, August 2021)

Netherlands

Dutch ministry issues report on EU GDPR implementation
(IAPP, May 2022)
Dutch DPA reports near double data breach increase
(IAPP, May 2022)
Digital welfare fraud detection and the Dutch SyRI judgment
(IAPP, September 2021)
Commentary on Dutch DPA’s fine for not appointing an EU representative
(IAPP, July 2021)
Web Conference: Talks for DPOs by Dutch DPOs
(IAPP, June 2021)

Dutch DPA publishes DPO guidance
(IAPP, June 2021)
Dutch DPA says its growth will aid country’s digitization
(IAPP, May 2021)
Dutch DPA releases employee privacy handbook
(IAPP, April 2021)
Dutch NCTV allegedly used fake accounts for online surveillance
(IAPP, April 2021)
Dutch government publishes position on Digital Services Act, Digital Markets Act
(IAPP, February 2021)
Dutch data scandal highlights structural problems around privacy compliance
(IAPP, February 2021)
Proposal would make medical data available online in the Netherlands
(IAPP, February 2020)

View More Resources

North Macedonia

North Macedonia adopts data protection law
(IAPP, February 2020)

Norway

Datatilsynet (Norway) – Data Protection Officer Survey 2020/21
(Datatilsynet, May 2022)
Norwegian DPA issues guidance on minors’ consent
(IAPP, April 2022)
Norwegian DPA issues employee monitoring guidance
(IAPP, March 2022)
Why US-based companies should care about the Norway DPA’s interpretation of GDPR consent
(IAPP, February 2022)
Datatilsynet (Norway) – Annual Privacy Survey
(Datatilsynet, August 2020)
Norwegian DPA updates data transfer guidance
(IAPP, September 2021)

Datatilsynet releases 2020 annual report
(IAPP, April 2021)
Norway’s DPA finds Danish data-processing agreement can be used in country
(IAPP, January 2020)

View More Resources

Poland

Disclosing information on behavioral profiles: the Polish cookie case
(IAPP, March 2022)
Microsoft partners with Poland on $1B cloud project
(IAPP, May 2020)
No shortage of GDPR enforcement in Poland
(IAPP, November 2019)
A look at Poland’s conflicting guidance for job applicant data
(IAPP, April 2019)

Portugal

New urgency about data localization with Portuguese decision
(IAPP, April 2021)
Portuguese presidency unveils latest ePrivacy draft
(IAPP, February 2021)
Portugal’s data protection law went into effect
(IAPP, August 2019)
First GDPR fine in Portugal issued against hospital for three violations
(IAPP, January 2019)

Romania

Romanian DPA issues fines for GDPR violations
(IAPP, October 2020)
CJEU advocate general issues opinion on Romanian consent case
(IAPP, March 2020)
Romanian DPA issues fine for sending email messages without consent
(IAPP, November 2019)
Assessing how GDPR has impacted Romania thus far
(IAPP, August 2019)

Serbia

The state of Serbia’s Personal Data Protection Law after two years
(IAPP, August 2021)
Serbian government’s facial recognition rollout draws privacy backlash
(IAPP, August 2020)
Serbian commissioner issues country’s SCCs
(IAPP, January 2020)
Serbia enacts new data protection law
(IAPP, November 2018)

Slovakia

EDPB releases opinion on Slovakian DPA’s draft list for DPIAs
(IAPP, October 2019)

Slovenia

Slovenia DPA creates guide for conducting data impact assessments
(IAPP, August 2022)

Spain

AEPD Annual Reports
(AEPD)
AEPD – Innovation and Technology Resources
(AEPD)
AEPD publishes guidance on public-sector legislation DPIAs
(IAPP, April 2023)
AEPD publishes guidance to help public administrations manage data risks
(IAPP, March 2023)
AEPD launches health data guidance hub
(IAPP, May 2022)

What can we learn from the Garante’s recent 2.5M euro fine?
(IAPP, August 2021)
Spanish DPA publishes guide on data protection, labor relations
(IAPP, May 2021)
AEPD launches data protection commitment initiative
(IAPP, February 2021)
NGO files ePrivacy Directive complaints in Spain, Berlin
(IAPP, November 2020)
Observatory in Spain processing data to manage COVID-19
(IAPP, August 2020)
Spain’s DPA releases guidance on data processing for wellness, education apps
(IAPP, September 2019)
EU Commission refers Greece and Spain to CJEU for failing to transpose EU law
(IAPP, July 2019)
Spain’s constitutional right to data protection and application of the GDPR
(IAPP, March 2019)
Here’s what it takes to be a certified DPO in Spain
(IAPP, October 2017)

View More Resources

Sweden

Sweden’s DPA publishes DPO survey
(IAPP, January 2023)
How to interpret Sweden’s first GDPR fine on facial recognition in school
(IAPP, August 2019)
Sweden’s open society is clashing with EU privacy law, and regulators are frustrated
(IAPP, May 2018)

Switzerland

Switzerland launches contact-tracing app
(IAPP, June 2020)
Switzerland joins EU’s ‘Convention 223’ treaty
(IAPP, December 2019)

Ukraine

NGO seeks more Ukrainian privacy awareness amid Russian invasion
(IAPP, March 2023)
Ukraine’s human rights commissioner releases martial law data protection guidance
(IAPP, May 2022)
A conversation with Ukrainian Dmytro Korchynskyi
(IAPP, March 2022)
Ukraine uses Clearview AI to identify Russian soldiers killed in invasion
(IAPP, March 2022)
Ukraine submits draft law to create data protection commission
(IAPP, October 2021)

Privacy self-assessment toolkit for SMEs in Ukraine
(IAPP, April 2021)
Ukraine human rights commissioner unveils recommendations for access to information
(IAPP, February 2021)
Ukrainian GDPR: The reality and future of privacy legislation in Ukraine
(IAPP, September 2020)
When the GDPR is not quite enough: Employee privacy considerations in Russia, Belarus, and Ukraine
(IAPP, March 2018)

View More Resources

United Kingdom

United Kingdom Topic Page in IAPP Resource Center
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom.
Click To View

Vatican City

Pope, tech companies call for ‘ethical’ regulation on facial recognition
(IAPP, February 2020)

ResourceCenter

All the privacy tools and information you need in one easy-to-find place

Europe

Featured Resources

European Institutions Privacy Stakeholder Map

How do EU laws get approved?

European Strategy for Data

Latest News & Resources

EU-US Data Privacy Framework – Guidance and Resources

Infographic: EU Data Initiatives in Context

Practical considerations from EU enforcement: Legal bases and transparency

Practical considerations from EU enforcement: One-stop shop

GDPR Genius

Regional Resources