""

 

Europe

Europe

Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.

The IAPP Resource Center includes additional European focused topic pages:

Subscribe to the Europe Data Protection Digest e-newsletter!
Keep up to date with the most important privacy and data protection news from the European region by subscribing to the Europe Data Protection Digest e-newsletter.

Featured Resources

EU Data Initiatives in Context

This infographic provides an update on the various European Union data initiatives and draft legislation. From the EU General Data Protection Regulation to the proposed Digital Services Act and Digital Markets Act, the infographic highlights important details of these initiatives and where the most recent proposals stand.
Read More

EU, US agree to data agreement

U.S. President Joe Biden and European Commission President Ursula von der Leyen announced Friday that the U.S. and EU have reached a new trans-Atlantic data flow agreement in principle. IAPP Editorial Director Jedidiah Bracy, CIPP, has the details.
Read More

GDPR Genius

This interactive tool provides IAPP members ready access to critical EU General Data Protection Regulation resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location. Users can click on any GDPR article to access the content relevant to that particular GDPR provision.
Read More


""

Latest News & Resources

European Data Protection Supervisor's Annual Report (2021)

The office of the European Data Protection Supervisor published its 2021 annual report. The report highlights work and actions the EDPS took toward helping EU institutions comply with EU privacy regulations. Additionally, the EDPS reported increased corrective actions and guidance from the office while also showing the ongoing commitment to collaboration and cooperation with the European Data Protection Board. Read More

Consent as legal basis for EU and UK employment

Consent is one of the EU General Data Protection Regulation legal bases that can be used to justify the collection, handling or storage of personal data. For consent to be valid, it must be clearly distinguishable from other matters, intelligible and in clear and plain language, freely given, as easy to withdraw as it was to provide, specific, informed and unambiguous (GDPR Article 6, 7 and Recitals 32, 33 and 43). In the employment context, consent is deemed to be problematic. An actual or per... Read More

CJEU ruling on GDPR litigation builds 'jurisprudence on data protection'

A ruling by the Court of Justice of the European Union confirming consumer groups have a right to file representative actions over alleged EU General Data Protection Regulation violations, when permitted under national law, unblocks dozens of cases and puts an end to a lingering enforcement question. The court’s April 28 judgment allows consumer protection organizations to autonomously bring forward lawsuits on behalf of consumers against an individual or entity claimed to be responsible for “a... Read More

JOIC releases 2021 data breach report
(IAPP, May 2022)
EU institutions publish final text for Digital Markets Act
(IAPP, May 2022)
EU plans to improve health data access
(IAPP, May 2022)
The UK data policy and possible divergences with the European Union
(IAPP, April 2022)
European Parliament issues report on AI Act
(IAPP, April 2022)
EDPS, EDPB chair talk privacy policy in the EU, beyond
(IAPP, April 2022)
EU Parliament, Council reach deal on Digital Markets Act
(IAPP, March 2022)
The data provisions in the EU’s upcoming Big Tech law
(IAPP, March 2022)
Data portability in the EU: An obscure data subject right
(IAPP, March 2022)
Commission proposal for a regulation on the European health data space
(IAPP, March 2022)
A conversation with Ukrainian Dmytro Korchynskyi
(IAPP, March 2022)
Key takeaways from CNIL’s draft recommendation on smart cameras
(IAPP, March 2022)
EDPS report: EU Institutions’ resilience to COVID-19
(EDPS, March 2022)
The EU’s anti-money laundering regulation and data protection: Part II
(IAPP, February 2022)
EU Data Governance Act: What privacy professionals need to know
(IAPP, February 2022)
CNIL is latest authority to rule Google Analytics violates GDPR
(IAPP, February 2022)
Inside the EU’s rocky path to regulate artificial intelligence
(IAPP, February 2022)
The 2022 lookout for EU policy: what you need to know
(IAPP, January 2022)
Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’
(IAPP, January 2022)
EU Standard Contractual Clauses (Word documents)
(IAPP)
CNIL sets parameters for processors’ reuse of data for product improvement
(IAPP, January 2022)
CNIL’s ePrivacy fines reveal potential enforcement trend
(IAPP, January 2022)
The EU’s digital strategy and what it means for privacy
(IAPP, December 2021)
European Commission Report: A European strategy for data
(European Commission, December 2021)
From the AI Act to the DSA: Catching up on the EU’s digital agenda
(IAPP, December 2021)
New EU data blockage as German court would ban many cookie management providers
(IAPP, December 2021)
LinkedIn Live: ‘The EU’s Strategy for Data: What the DSA, DMA, DGA mean for privacy’
(IAPP, December 2021)
The way the third-party cookie crumbles: Part 1 – EU and UK developments
(IAPP, December 2021)
The EU’s DMA and DSA: Why this should be of interest to privacy pros
(IAPP, December 2021)
Germany’s telecom privacy law takes effect
(IAPP, December 2021)
EDPB discusses data transfer guidance considerations, key points
(IAPP, November 2021)
LinkedIn Live: ‘New EDPB Guidelines: What is a data transfer under the GDPR?’
(IAPP, November 2021)
New EDPB guidelines define international transfers: Dancing in place
(IAPP, November 2021)
CNIL releases its own privacy maturity self-assessment model
(IAPP, November 2021)
The future of data protection in the EU’s digital market strategy
(IAPP, November 2021)
Dispatch from Brussels: Some clarification for EU data transfers on the horizon
(IAPP, November 2021)
Guide to EU Cookie Laws
(Privacy Policies, November 2021)
ENISA Threat Landscape Report 2021
(European Union Agency for Cybersecurity, October 2021)
Facebook to hire 10K EU workers over next 5 years
(IAPP, October 2021)
Irish DPC proposes 36M euro GDPR fine against Facebook
(IAPP, October 2021)
CNIL Interactive Map – Data protection around the world
(CNIL, September 2021)
Irish DPC WhatsApp decision: What do you need to know?
(IAPP, September 2021)
The Brussels lowdown: Data policy this fall
(IAPP, September 2021)
UK launches wide-ranging data reform initiative
(IAPP, September 2021)
Facebook updates cookie controls in Europe
(IAPP, September 2021)
The state of Serbia’s Personal Data Protection Law after two years
(IAPP, August 2021)
FAQs for UK ICO’s data transfer consultation – including approach to EU SCCs
(IAPP, August 2021)
What can we learn from the Garante’s recent 2.5M euro fine?
(IAPP, August 2021)
EU warns UK could lose adequacy by drifting away from GDPR
(IAPP, August 2021)
Dentons: Europe Cookie Law Comparison tool
(Dentons)
EDPB outlines DPA resourcing, enforcement actions
(IAPP, August 2021)
European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D
(IAPP, July 2021)
FPF: Regulatory Strategies of European Data Protection Authorities for 2021-2022
(Future of Privacy Forum, July 2021)
Insights into the Future of Data Protection Enforcement: Regulatory Strategies of European Data Protection Authorities for 2021-2022
(The Future of Privacy Forum, July 2021)
Commentary on Dutch DPA’s fine for not appointing an EU representative
(IAPP, July 2021)
The CJEU did not rescind the one-stop shop. Quite the opposite.
(IAPP, July 2021)
EDPB one-stop shop leaflet
(EDPB, June 2021)
Web Conference: Talks for DPOs by Dutch DPOs
(IAPP, June 2021)
LinkedIn Live: ‘EDPB’s New Recommendations for Post-‘Schrems II’ Data Transfers’
(IAPP, June 2021)
EDPB rapporteur details board’s supplementary measures
(IAPP, June 2021)
EU adequacy decision for South Korea
(IAPP, June 2021)
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
(IAPP, June 2021)
Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers
(IAPP, June 2021)
LinkedIn Live: ‘EU Digital Strategy: A holistic vision for a digital Europe?’
(IAPP, June 2021)
EDPS Factsheet – Data protection audits explained
(EDPS, June 2021)
Digital wallet unveiled in EU
(IAPP, June 2021)
European Commission adopts UK adequacy decisions
(IAPP, June 2021)
EPDS Infographic — Personal Data Breaches in a Nutshell
(EDPS, May 2021)
CoE, Parliament reach provisional deal on COVID-19 certificates
(IAPP, May 2021)
What’s behind the EU’s new Cloud Code of Conduct?
(IAPP, May 2021)
EPRS: EU-UK private-sector data flows after Brexit
(EPRS, April 2021)
New urgency about data localization with Portuguese decision
(IAPP, April 2021)
How to know you are a ‘data intermediary’ under the Data Governance Act
(IAPP, April 2021)
EU grappling with potential one-stop-shop reform
(IAPP, April 2021)
Why the EU’s AI regulation is a groundbreaking proposal
(IAPP, April 2021)
A look at what’s in the EU’s newly proposed regulation on AI
(IAPP, April 2021)
EDPB adopts data transfer statement, publishes GDPR guidance
(IAPP, April 2021)
Facebook breach draws EU ‘mass action’ lawsuit
(IAPP, April 2021)
EDPB publishes opinions on UK draft adequacy decision
(IAPP, April 2021)
Web Conference: Monitoring Employees’ Health & Activities Outside Work in Germany, Poland and UK
(IAPP, February 2021)
Why the EDPB should avoid torpedoing BCRs for processors
(IAPP, April 2021)
NIS representation in the EU and UK — Was the March 31 deadline a turning point?
(IAPP, April 2021)
LinkedIn Live: ‘Data Transfers from the EU: Will derogations save the day?’
(IAPP, March 2021)
Why this French court decision has far-reaching consequences for many businesses
(IAPP, March 2021)
Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold
(IAPP, February 2021)
GDPR representatives in EU and UK after Brexit
(IAPP, February 2021)
European Commission releases draft UK adequacy decisions
(IAPP, February 2021)
Data transfers: Questions and answers abound, yet solutions elude
(IAPP, February 2021)
Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?
(IAPP, February 2021)
EU Council ambassadors agree to negotiating position on ePrivacy Regulation
(IAPP, February 2021)
EDPS Infographic — EDPS Enforcement Powers
(EDPS, January 2021)
Government leaders discuss state of play for UK adequacy, data transfers
(IAPP, January 2021)
Comparing EU regulatory norms with incident reporting obligations
(IAPP, January 2021)
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
(IAPP, January 2021)
Hard data localization may be coming to the EU — Here are 5 concerns
(IAPP, January 2021)
CJEU’s advocate general: One-stop shop means one-stop shop
(IAPP, January 2021)
CJEU opinion clarifies cross-border enforcement scenarios
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
LinkedIn Live: ‘Ask the Expert: How to Run a Global Privacy Program out of the EU’
(IAPP, December 2020)
Proposal for an EU Data Governance Act — a first analysis
(IAPP, December 2020)
How US, EU approach regulating ‘dark patterns’
(IAPP, December 2020)
New Economic Foundation — The Cost of Data Inadequacy: The Economic Impacts of the UK Failing to Secure an EU Data Adequacy Decision
(New Economics Foundation, November 2020)
ENISA Report — Guidelines for securing the IoT
(European Union Agency for Cybersecurity, November 2020)
European Commission: Recommendations for a safe and ethical transition towards driverless mobility
(European Commission, September 2020)
Frequently Asked Questions & Resources on ‘Schrems II’
(IAPP, August 2020)
DPA and government guidance on ‘Schrems II’
(IAPP, July 2020)
ENISA strategy: A trusted and cyber-secure Europe
(European Union Agency for Cybersecurity, July 2020)
White Paper – DPAs on the Ground
(IAPP, May 2020)
The GDPR at Two: Expert Perspectives
(IAPP, May 2020)
White Paper – GDPR at One Year: What We Heard from Leading European Regulators
(IAPP, August 2019)
View More Resources

Regional Resources

Click below to navigate to resources by region.

Albania, AustriaBelarus, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, MaltaNetherlands, North Macedonia, Norway, Poland, Portugal, RomaniaSerbia, SlovakiaSpain, Sweden, SwitzerlandUkraine, United Kingdom, Vatican City





View More Resources





View More Resources



View More Resources


View More Resources




View More Resources

View More Resources





View More Resources


View More Resources






View More Resources



View More Resources

United Kingdom Topic Page in IAPP Resource Center
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom.
Click To View