General Data Protection Regulation
Filter by...
-
The EDPB’s Rorschach Test: What the data protection body’s Opinion on AI training Means for GDPR Enforcement
In December 2024, the European Data Protection Board (EDPB) released a much-awaited Opinion on AI model training. While the Opinion reaffirmed GDPR principles and underscored the need for robust safeguards, its ambiguities may leave room for regulatory evasion, reinforcing the ongoing struggle between data protection rules and commercial AI development wishes.
Read more
-
Council’s General Approach on GDPR Procedural
EDRi acknowledges the Council’s positive steps in their General Approach on the Proposal for additional procedural rules concerning the GDPR. Nevertheless, we emphasise the pressing need for enhanced legal certainty and the prevention of actions that could compromise the effectiveness of GDPR enforcement and erode trust, particularly concerning the protection of fundamental rights.
Read more
-
Position paper: GDPR enforcement done right
There is an urgent need to enhance legal certainty and prevent actions that undermine the effectiveness of and trust in GDPR enforcement. EDRi and Access Now have co-drafted a position paper on the EU Proposal for additional procedural rules concerning the General Data Protection Regulation (GDPR).
Read more
-
GDPR enforcement: European Parliament must guarantee procedural rights to ensure people’s data protection
While it is a step forward in better enforcing the General Data Protection Regulation (GDPR), the European Parliament’s current GDPR Procedural Harmonisation Regulation text is still not enough to safeguard the fundamental rights of people. Today, February 15, the text was approved in the Committee for Civil Liberties, Justice and Home Affairs (LIBE), laying out the blueprints for enhanced procedures for cross-border GDPR complaints and ex-officio investigations.
Read more
-
Meta pledges to ask EU users for consent before showing behavioural ads
In a surprise announcement last Tuesday, Meta made the long overdue promise to finally ask its users for their consent before showing them behavioral ads – at least if they live in the European Union, EEA or Switzerland.
Read more
-
Open letter: Improvements to the enforcement of the General Data Protection Regulation
EDRi has signed an open letter organised by consumer and civil society organisations to welcome the intention of the European Commission to improve the enforcement of the General Data Protection Regulation. We call on the Commission to ensure that the draft Regulation improves the efficiency of enforcement and ensures data subjects can exercise their rights in a fair, effective, and affordable manner.
Read more
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
The state of privacy at Dutch municipalities
EDRi member Bits of Freedom has done research on the General Data Protection Regulation (GDPR)-compliance within the ten largest municipalities of the Netherlands. Unfortunately, most municipalities scored a failing grade, despite the fact that the GDPR has celebrated its fourth anniversary.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
Belgian authority finds IAB Europe’s consent pop-ups incompatible with the GDPR
Following a number of complaints filed in 2018 and 2019, including by EDRi-members Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.
Read more
-
GDPR: Three years in, and its future and success are still up in the air
The EU’s General Data Protection Regulation (GDPR) is not living up to the hype. When first implemented in 2018, the GDPR was presented as the new world standard for privacy and data protection. The law has increased data protection awareness and led to significant legal changes all over the world. Yet EDRi member Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation still has to go before its promises — and potential — are truly fulfilled.
Read more
-
Stronger enforcement is key to the effectiveness of the GDPR
On the third anniversary of the entering into force of the General Data Protection Regulation (GDPR), EDRi sent a message to Members of the European Parliament calling for stronger enforcement of the GDPR, as well as the adoption of necessary additional legislation where appropriate.
Read more