General Data Protection Regulation
Filter by...
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
The state of privacy at Dutch municipalities
EDRi member Bits of Freedom has done research on the General Data Protection Regulation (GDPR)-compliance within the ten largest municipalities of the Netherlands. Unfortunately, most municipalities scored a failing grade, despite the fact that the GDPR has celebrated its fourth anniversary.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
Belgian authority finds IAB Europe’s consent pop-ups incompatible with the GDPR
Following a number of complaints filed in 2018 and 2019, including by EDRi-members Panoptykon and Bits of Freedom, and coordinated by the Irish Council for Civil Liberties, the Belgian Data Protection Authority has found that the consent system developed and managed by the adtech industry body IAB Europe, and used by many websites in the EU, is illegal under the GDPR.
Read more
-
GDPR: Three years in, and its future and success are still up in the air
The EU’s General Data Protection Regulation (GDPR) is not living up to the hype. When first implemented in 2018, the GDPR was presented as the new world standard for privacy and data protection. The law has increased data protection awareness and led to significant legal changes all over the world. Yet EDRi member Access Now’s new report, Three years under the GDPR: An implementation progress report, explores just how far this legislation still has to go before its promises — and potential — are truly fulfilled.
Read more
-
Stronger enforcement is key to the effectiveness of the GDPR
On the third anniversary of the entering into force of the General Data Protection Regulation (GDPR), EDRi sent a message to Members of the European Parliament calling for stronger enforcement of the GDPR, as well as the adoption of necessary additional legislation where appropriate.
Read more
-
3rd Anniversary of the GDPR
Europe can pride itself to have passed the most progressive privacy legislation in the world, but small errors in the law and the lack of enforcement lead to legitimate frustration of users and small business. EDRi's member noyb reflects on the nature and impact of the GDPR.
Read more
-
EU must let its crown jewel shine: GDPR needs progress
On 24 June, the European Commission published the Communication reviewing of the two years of application of the General Data Protection Regulation (GDPR) The Communication received input from the multistakeholder expert group on the application of the GDPR, of which EDRi members Access Now and Privacy International belong to.
Read more
-
Say “no” to cookies – yet see your privacy crumble?
Cookie banners of large French websites turn a clear “no” into “fake consent”. EDRi member noyb has filed three General Data Protection Regulation (GDPR) complaints with the French Data Protection Regulator (CNIL).
Read more
-
ePrivacy hangs in the balance, but it’s not over yet…
Unless you have been living under a rock (read: outside the “Brussels bubble”) you will likely be aware of the long and winding road on which the proposed ePrivacy Regulation has been for the last three years. This is not unusual for a piece of European Union (EU) legislation – the 2018 General Data Protection […]
Read more
-
Microsoft Office 365 banned from German schools over privacy concerns
In a bombshell decision, the Data Protection Authority (DPA) of the German Land of Hesse has ruled that schools are banned from using Microsoft’s cloud office product “Office 365”. According to the decision, the platform’s standard settings expose personal information about school pupils and teachers “to possible access by US officials” and are thus incompatible […]
Read more
-
The first GDPR fines in Romania
The Romanian Data Protection Authority (DPA) has recently announced the first three fines applied in Romania as a result of the enforcement of the EU General Data Protection Regulation (GDPR).
Read more