The Data Protection and Privacy Hub™

EDPB annual report 2024: protecting personal data in a changing landscape: Brussels, 23 April - The European Data Protection Board (EDPB) has published its 2024 Annual Report. The report provides an overview of the EDPB work carried out in 2024 and reflects on important milestones, such as the adoption of the 2024-2027 strategy, the increase in Art. 64(2) consistency opinions and the continued efforts to provide guidance and legal advice. EDPB Chair Anu Talus said: “As I look back on the work carried out over the past year, I am proud to present our achievements. In 2024, we reaffirmed our commitment to safeguarding individuals’ fundamental rights to privacy and data protection in a fast-changing digital landscape. We adopted a new strategy and continued to play a central role in providing guidance and ensuring a consistent application of the General Data Protection Regulation (GDPR) across Europe. To support understanding and implementation of data protection rights and duties, we expanded our outreach activities by devoting special attention to businesses and non-expert individuals. In addition, we acquired new roles in the framework of the new digital legislations.” A new EDPB strategy The EDPB strategy 2024-2027 outlines key priorities and actions to strengthen and modernise data protection across Europe, ensure consistent enforcement of the GDPR, and address emerging challenges, including cross-regulatory cooperation. The strategy also helps strengthen the EDPB’s global presence by engaging with global partners and representing the EU data protection model in key international fora.   EDPB’s central role in providing guidance and legal advice The number of consistency opinions adopted under Art. 64(2) GDPR significantly increased. In 2024, the Board adopted eight Art. 64 (2) GDPR opinions, including on ‘Consent or Pay’ models used by large online platforms, the use of facial recognition at airports, and the use of personal data to train AI models. These opinions address a matter of general application and ensure consistency prior to enforcement. The EDPB actively participated in legislative discussions by issuing statements highlighting data protection considerations and impacts. For example, the Board adopted statements on the draft procedural regulation for GDPR enforcement, and on the DPAs role in the AI Act framework. The EDPB has also expanded its general guidance to help organisations achieve and maintain GDPR compliance. To this end, the Board adopted four new guidelines in 2024, such as the guidelines on legitimate interest and on data transfers to third country authorities.   Proactive engagement with stakeholders In 2024, the EDPB continued to engage with stakeholders to foster open dialogue and mutual understanding between regulators, industry representatives, civil society organisations, and academic… #dataprotection #dataprivacy #privacy

DPC inquiry serves reminder of artificial intelligence GDPR obligations: An Irish Data Protection Commission (DPC) inquiry serves as a crucial reminder for companies deploying artificial intelligence (AI) tools to remain vigilant about their obligations under the General Data Protection Regulations (GDPR), an expert has said. #dataprotection #dataprivacy #privacy

Did Toyota, Progressive Spy on Drivers? New Privacy Lawsuit Claims They Did: Toyota, Progressive and Connected Analytic Services were hit with a class action lawsuit alleging the companies collected drivers' data without their knowledge or consent. The lawsuit is seeking $5 million in damages. #privacy #dataprotection #dataprivacy

[Event] Healthcare Privacy Compliance Academy - June 9th - 12th, Pittsburgh, PA: HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our faculty of experienced practitioners provides guidance and insights on a variety of subjects, including ongoing challenges, new developments, policy changes, and regulatory updates.... By: Health Care Compliance Association (HCCA) #dataprotection #dataprivacy #privacy

Seventh, Ninth Court Rulings Tighten Reach of Federal Video Privacy Protection Act: The VPPA may be nearly four-decades old and video-rental stores largely a thing of the past, but the rise of online content, streaming services and ancillary activities has brought with it frequent litigation based on the VPPA. The key challenge in these litigations is how to interpret the VPPA’s 1980s terms in light of today’s digital advances. #privacy #dataprotection #dataprivacy

South Korea's PIPC releases revised PI processing policy guidance: South Korea's Personal Information Protection Commission released revised guidelines for drafting personal information processing policies. The guidelines were prepared to support processors ahead of the 2025 processing policy evaluation. They specify personal information processing that does and does not require consent, provide guidance on procedures for exercising data subjects' rights and clarify guidance on the collection, use, provision and refusal of behavior information. Full story #dataprotection #dataprivacy #privacy

BigID unveils AI Privacy Risk Posture Management: BigID launched AI Privacy Risk Posture Management to help organizations manage data privacy risks across the AI lifecycle. With automated assessments and actionable privacy controls, BigID empowers enterprises to govern AI responsibly while staying ahead of fast-evolving regulations. As AI adoption accelerates, so do the risks. New frameworks like the EU AI Act, NIST AI RMF, and U.S. state-level laws are reshaping expectations around transparency, accountability, and privacy protections in AI systems. Organizations must now … More → The post BigID unveils AI Privacy Risk Posture Management appeared first on Help Net Security. #dataprotection #dataprivacy #privacy

Massachusetts to Consider Adopting a Comprehensive State Consumer Privacy Law (Again): After years of proposed state privacy legislation, Massachusetts lawmakers are poised to once again consider enacting a comprehensive state consumer privacy law in the Commonwealth this legislative session. At a hearing of the Joint Committee on Advanced Information Technology, Internet and Cybersecurity on April 9, 2025, Massachusetts lawmakers heard from different stakeholders on several introduced bills, including comprehensive consumer data privacy legislation...... By: Foley Hoag LLP - Security, Privacy and the #dataprotection #dataprivacy #privacy

IAPP Governance Survey now open: The fields of privacy, AI governance, cybersecurity law and digital responsibility are intersecting more than ever before. To help the understand and serve these colliding disciplines, the IAPP is calling for participation in its annual Governance Survey. This iteration of the survey will broadly explore governance operations, staffing and resourcing across geographies and sectors. Full story #dataprotection #dataprivacy #privacy

Germany's government concerned over possible US withdrawal from EU-US DPF: Germany's Federal Ministry of the Interior is calling on the U.S. government to uphold its commitments under the EU-U.S. Data Privacy Framework as concerns over a potential U.S. withdrawal persist, Handelsblatt reports. A ministry spokesperson said there is a "strong interest" in maintaining "legally secure" EU-U.S. data flows, which they deemed "of great importance for the German economy." Editor's note: Baker McKenzie Partners Brian Hengesbaugh and Lukas Feiler, CIPP/E, analyzed how the Trump administration may approach the EU-U.S. DPF. Full story #dataprotection #dataprivacy #privacy