This Report aims to explore how the data protection by design and by default obligation breaks down in practice and whether it is effective, informed by how Data Protection Authorities (DPAs) and Courts enforced Article 25 GDPR since it became applicable. For instance, we analyze whether DPAs and courts find breaches of Article 25 without links to other infringements of the regulation and what provisions enforcers tend to apply together with Article 25 the most, including the general data protection principles and requirements related to data security under Article 32. We are also looking at what controls and behavior of controllers are deemed to be sufficient to comply with Article 25 and, per a contrario, what is not sufficient.
MEPs want to enhance customers’ control over their financial data
MEPs propose new rules for access to financial data in the EU to enhance customer control and innovation in financial […]