GDPR News

April 2, 2025

France fines Apple €150M for tracking consent popups

The French Competition Authority has raised concerns about Apple’s App Tracking Transparency (ATT) framework, which requires users to consent to tracking across third-party apps and websites. The agency pointed out an imbalance in the consent process, where Apple’s own data collection can be approved with a single pop-up, while other companies need to obtain consent twice. This discrepancy is seen as particularly challenging for smaller publishers who lack alternative targeting methods, especially when they do not have enough proprietary data.

The authority emphasized that the current system favors larger corporations like Meta and Google, which can better navigate the privacy landscape. Smaller publishers, on the other hand, may struggle to sustain their advertising revenue due to the complexities introduced by the ATT framework. The French regulator indicated that the issue could be resolved with minor adjustments to the existing ATT system, which would provide a more equitable environment for all developers.

Despite the €150 million fine imposed on Apple, the financial impact on the company is expected to be minimal. However, Apple will need to implement changes to align with the French Competition Authority’s ruling. The head of the authority, Benoit Coeure, noted that while specific alterations to the ATT have not been mandated, it is Apple’s responsibility to ensure compliance. The process of making these changes may take some time, particularly as Apple awaits decisions from regulators in other European countries, including Germany, Italy, Poland, and Romania.

Apple has defended its ATT framework, stating that the prompt is uniform for all developers, including itself. The company has received considerable support for this feature from consumers, privacy advocates, and data protection authorities worldwide. Although Apple expressed disappointment with the decision from the French authority, it maintains that no specific modifications to the ATT have been required.

Concrete wall painted with the United Kingdom flag on the left and the European Union flag on the right. The flags meet at a jagged vertical line in the center, symbolizing division. The UK's red, white, and blue contrasts with the EU's blue and yellow stars.

April 1, 2025

EU Commission Extends UK Data Adequacy Decision to December 2025

The European Commission proposed extending the UK’s data adequacy decision until December 2025, pending assessment of new data protection legislation.

March 27, 2025

Amazon’s 746 Million Euro GDPR Fine Upheld by Luxembourg Court

Amazon lost its appeal against a 746 million euro fine for GDPR violations, as Luxembourg’s court upheld the decision by the CNPD.

Interior of an airport terminal with an arched ceiling and large windows allowing ample light. The hall is busy with people walking, and the check-in counters on the left. Overhead signs with gate numbers guide travelers, enhancing the modern and airy atmosphere.

March 25, 2025

EDPB Adopts Statement on PNR Directive Implementation

The EDPB adopted a statement on the PNR Directive, urging EU countries to implement changes in line with the CJEU’s judgment to enhance passenger data protection.

The image features the text "GDPR" in large, bold, gold letters centered on a dark blue background. Surrounding the text is a circle of twelve gold stars, resembling the flag of the European Union.

March 25, 2025

Voss and Schrems propose GDPR revision

Axel Voss and Max Schrems propose a three-layered revision of the GDPR to differentiate between large and small firms, despite concerns about potential risks and lobbying.

Close-up of a smartphone screen displaying a folder labeled "Messages" with five messaging app icons: WhatsApp, Telegram, WeChat, LINE, and Signal. The background shows a blurred view of more app icons. The phone edge is visible on a textured surface.

March 6, 2025

Signal to Leave Sweden if Data Retention Bill is Passed

Signal’s CEO warns of withdrawal from Sweden if a proposed bill requiring data retention and backdoors for law enforcement is enacted.

A close-up of a laptop keyboard with a unique blue key featuring the European Union flag, replacing the enter key. A finger is pressing this key. The keyboard includes black keys with white lettering and a silver casing, with part of the speaker grille visible on the right.

March 6, 2025

EDPB Launches 2025 Action on Right to Erasure

The EDPB has initiated its 2025 Coordinated Enforcement Framework focusing on the right to erasure, involving 32 European Data Protection Authorities.

March 6, 2025

Complaints Filed Against Meta for Targeted Advertising Violations

Activists filed complaints against Meta for not respecting users’ requests to opt out of targeted advertising in Europe, prompting investigations by data protection authorities.

A person stands in a dimly lit, futuristic data center, surrounded by rows of glowing server racks. Blue and white lights illuminate the scene, reflecting off glossy surfaces. The individual is facing away, looking at the servers, creating a high-tech atmosphere.

March 3, 2025

Europeans Raise Concerns Over US Cloud Use

European concerns grow over reliance on US cloud services amid geopolitical tensions, highlighting the need for data sovereignty and alternative tech solutions.

A close-up of a laptop keyboard with a unique blue key featuring the European Union flag, replacing the enter key. A finger is pressing this key. The keyboard includes black keys with white lettering and a silver casing, with part of the speaker grille visible on the right.

February 13, 2025

EDPB’s CSC Releases Biannual Activity Report

The CSC’s report highlights its role in supervising EU IT systems, issuing transparency recommendations, and preparing for future expansions to ensure data protection.

The image shows the flag of the European Union, featuring a circle of twelve yellow stars centered on a blue background. The flag appears to be waving, giving it a sense of movement and fluidity. The stars are evenly spaced and have five points each.

February 13, 2025

EU Struggles to Appoint Next European Data Protection Supervisor

EU lawmakers struggle to agree on the next European Data Protection Supervisor, with Parliament and member states backing different candidates, delaying a decision until March.

A close-up of a laptop on a desk, showing a partially visible screen displaying a grid of photos. The keyboard is prominent in the foreground, with a reflective touchpad. The background is slightly blurred, featuring another device or monitor.

February 13, 2025

EU Withdraws ePrivacy Proposal

The EU has withdrawn its ePrivacy Regulation proposal amid stalled negotiations, leaving current rules in place and highlighting the Digital Services Act’s role in privacy protection.