GDPR
Filter by...
-
Get your extra reading on “cookie consent” and AdTech done
On 22 February, the Belgian Data Protection Authority (DPA) made a decision regarding complaints about the Internet Advertising Bureau Europe (IAB Europe) "consent framework". This is a commonly used cookie pop-up asking for "consent" to be tracked.
Read more
-
“Privacy Shield 2.0”? – First Reaction by Max Schrems
On March 25 Commission President Ursula von der Leyen and President Biden have announced an "agreement in principle" on a new EU-US data sharing system.
Read more
-
Civil society call and recommendations for concrete solutions to GDPR enforcement shortcomings
EDRi members call on the European Data Protection Board (EDPB), the European Commission, and all national data protection authorities (DPAs) to urgently address the structural and procedural enforcement issues that prevent the GDPR from fully reaching its potential.
Read more
-
#PrivacyCamp22: Event Summary
The theme of the 10th-anniversary edition of Privacy Camp was "Digital at the centre, rights at the margins" and included thirteen sessions on a variety of topics. The event was attended by 300 people. If you missed the event or want a reminder of what happened in a session, find the session summaries and video recordings below.
Read more
-
Belgian authority finds IAB Europe’s consent pop-ups incompatible with the GDPR
Following a number of complaints filed in 2018 and 2019, including by EDRi-members Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.
Read more
-
Hide and Seek: Polish DPA agrees that people should be able to access their advertising profiles, but there’s no way to do so
Following EDRi member Panoptykon’s General Data Protection Regulation (GDPR) complaint against one of the biggest Polish news website, Interia.pl - the Polish Data Protection Authority has confirmed that online publishers should give users access to their advertising profiles generated for the purposes of delivering behavioural ads.
Read more
-
Austrian DSB: EU-US data transfers to Google Analytics illegal
In a groundbreaking decision, the Austrian Data Protection Authority ("Datenschutzbehörde" or "DSB") has decided on a model case by noyb that the continuous use of Google Analytics violates the GDPR.
Read more
-
Council and Parliament find provisional agreement on the Data Governance Act
On 30 November, the European Parliament and Council provisionally agreed on the final version of the Data Governance Act (DGA). The text, which will still require final approval by both institutions, is the first legislative element of the European data strategy to emerge in its final form. While the final text is yet to be published, here is an overview of the main elements of the Act.
Read more
-
Two steps forward, one step back: DMA must do more to free people from digital walled gardens
The European Parliament Committee on the Internal Market and Consumer Protection (IMCO) report on the Digital Markets Act (DMA) makes improvements to the DMA but also includes serious loopholes that need to be fixed in trilogue
Read more
-
Noyb files another complaint against Amazon Europe – black box algorithm discriminates customers
The e-commerce giant offers customers the possibility to pay for products later via "Monthly Invoicing". A customer was automatically rejected from using this payment method without Amazon giving any reasons why. When Amazon’s customer service could not provide any further information, the customer submitted an access request under Article 15 GDPR in order to find out why he was rejected – but the company still refused to provide any information.
Read more
-
The Data Governance Act – between undermining the GDPR and building a Data Commons
Compared to the DSA and the DMA, the DGA has received relatively little attention, both from the digital rights community and, seemingly, from industry stakeholders. So far, the discussion in the EP – where the Internal Market ( IMCO), legal affafirs (JURI) and civil liberties (LIBE) committees have issued opinions – has revealed relatively few clear faultlines.
Read more
-
GDPR: Three years in, and its future and success are still up in the air
The EU’s General Data Protection Regulation (GDPR) is not living up to the hype. When first implemented in 2018, the GDPR was presented as the new world standard for privacy and data protection. The law has increased data protection awareness and led to significant legal changes all over the world. Yet EDRi member Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation still has to go before its promises — and potential — are truly fulfilled.
Read more