GDPR
Filter by...
-
Sex, religion and race are advertising taboos, except for power-hungry politicians
As the GDPR turns five, certain EU lawmakers want to rip out some of its protections, so they can use our deeply personal information to tailor political ads and tip political elections and campaigns in their favour.
Read more
-
€1.2 billion GDPR fine for Meta over US mass surveillance
Today, a decade-long (2013 - 2023) case on Meta's involvement in US mass surveillance has led to a first direct decision. Meta must stop any further transfers of European personal data to the United States, given that Meta is subject to US surveillance laws (like FISA 702). The European Data Protection Board (EDPB) had largely overturned the Irish Data Protection Commission's (DPC) decision, insisting on a record fine and that previously transferred data must be brought back to the EU.
Read more
-
5 years of the GDPR: National authorities let down European legislator
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, promising to be the strongest set of data protection rules to enhance our privacy. While the contents of EU data protection rules stayed largely the same, the alleged big change was the GDPR's strict enforcement. 5 years later, national authorities and courts largely leave the European legislator in the lurch – despite a budget of more than €330 million in 2022.
Read more
-
EU’s proposed health data regulation ignores patients’ privacy rights
EDRi’s new position paper outlines how the European Commission’s proposal for a European Health Data Space, in an attempt to make use of people’s health data, would sabotage the rights of patients to make decisions about their private medical information.
Read more
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
Gmail creates “Spam Emails”, despite CJEU judgment
On 24 August, EDRi member noyb.eu filed a complaint against Google with the French Data Protection Authority (CNIL). The tech giant has repeatedly ignored the European Court of Justice (CJEU) ruling on direct marketing emails and used its email platform Gmail to send unsolicited advertising emails without valid consent of the users.
Read more
-
The state of privacy at Dutch municipalities
EDRi member Bits of Freedom has done research on the General Data Protection Regulation (GDPR)-compliance within the ten largest municipalities of the Netherlands. Unfortunately, most municipalities scored a failing grade, despite the fact that the GDPR has celebrated its fourth anniversary.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
Post-Brexit data protection laws are coming, and we should all be concerned about it
The UK Government are expected to reveal their Post-Brexit data protection bill on 10 May. They are proposing a framework that frames personal data in terms of economic assets and aims to "cut red tape" to promote their commercial use. These ideas draw considerable support among corporate lobbyists and large technology companies, which would no doubt leverage the "UK example" to advocate for weaker data protection standards in Europe. In turn, understanding and opposing these changes should not be seen as a domestic issue, but as a major threat for digital rights advocates across the globe.
Read more
-
Threat to the protection of personal data in Belgium: European civil society is concerned
EDRi, alongisde multiple civil society organisations, is the signatory of an open letter addressed to the Belgian Parliament, demanding better enforcement of the European data protection rules and guarantees of political independence of the Belgian Data Protection Authority.
Read more
-
Irish DPC burns taxpayer money over delay cases
Irish DPC to pay tens of thousands in legal costs over 47 months delay in cases against WhatsApp and Instagram
Read more
-
Putting the brakes on Big Tech’s uncontrolled power
Will 2022 go down as the year the EU tamed Big Tech? In the very early morning hours of Saturday, 23 April, after 16 hours of final negotiations, EU lawmakers reached an agreement on the Digital Services Act (DSA), which is certainly a watershed moment for our digital future. As the deal reached is a top-level political agreement, the final text of the law is yet to be released.
Read more