Privacy design strategies aim to translate vague legal norms in concrete design requirements. They provide talking points to explore the design of the system. They guide the initial design
sketches into a privacy-friendly direction, forcing one to make fundamental design choices early on.
This update covers developments only between the last date of coverage of the Commentary (1 August 2019) and 1 January 2021 (with a few exceptions when it has been possible to take later developments into account). It is limited to selected Articles of the GDPR.
This report aims to raise the awareness of the general audience and serve as a resource to policy shapers and practitioners in the public and private sectors to help frame the debate around data.
The aim of this case law digest is to clarify the structure of the analysis carried out by the CJEU in judgments concerning the transfer of personal data to third countries.
In this guide, we will go through the requirements for a controller’s RoPA or “Record of Processing Activities”.
The report from the Future of Privacy Forum (FPF) provides recommendations to address the privacy risks of augmented reality (AR) and virtual reality (VR) technologies.
The study finds that while the General Data Protection Regulation (GDPR) lays down horizontal directly applicable rules in all Member States, there remains variation in the range of national-level legislation linked to its implementation in the area of health.
This paper approaches data portability from a privacy and data protection perspective, noting there may be flow-on effects on competition and benefits for consumers resulting from a data portability implementation.
This paper outlines privacy and data protection concerns of this tracking, profiling and targeting ecosystem that can also be used beyond digital advertising to seek to manipulate the opinion forming process, and there are significant concerns about the consequences of this ecosystem for democracy.
The Court of Justice of the European Union (‘CJEU’) published its updated case-law fact sheet on data protection.
This project is a research and advocacy initiative launched by BEUC and aimed at addressing the issues that plague the digital consumers of today and undermine the digital society as a whole.
This EPRS in-depth analysis reviews and assesses trade dealings, adequacy challenges and transfer instruments under the EU’s General Data Protection Regulation (GDPR).