Resources

Privacy Navigator Podcast Episodes

W04-2025: Privacy Navigator Podcast

W03-2025: Privacy News Podcast

UK ICO Controller ROPA Template

Records of processing Activities (ROPA)

W02-2025: Privacy News Podcast

W50-2024: Privacy News Podcast

Adoption of AI, Blockchain and other emerging technologies within the European public sector A Public Sector Tech Watch report by EU Commission

AI, Public Interests

Major US Telecom Providers Targeted in Chinese Cyber-Attack

Data Breaches

Sensitive Medical Data Exposed: French Hospital Breach Affects Hundreds of Thousands

Data Breaches

Standard contractual clauses for EU-EEA by EU

Standard Contractual Clauses (SCC)

Standard contractual clauses for international transfers by EU

Data Transfers, Standard Contractual Clauses (SCC)

Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra

Adequacy Decisions

Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina

Adequacy Decisions

Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act

Adequacy Decisions

Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data

Adequacy Decisions

Decision of 21 November 2003 on the adequate protection of personal data in Guernsey

Adequacy Decisions

Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data

Adequacy Decisions

Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man

Adequacy Decisions

Decision (EU) 2019/419 of 23 January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information

Adequacy Decisions

Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey

Adequacy Decisions

Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand

Adequacy Decisions

Decision (EU) 2022/254 of 17 December 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act

Adequacy Decisions

Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland

Adequacy Decisions

Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom (notified under document C(2021)4800)

Adequacy Decisions

Decision (EU) 2021/1773 of 28 June 2021 pursuant to Directive (EU) 2016/680 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom

Adequacy Decisions

Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Assessing Potential Future AI Risks, Benefits, and Policy Imperatives OECD

AI, Risk Management, Technical and Organisational Measures (TOMs)

Reducing Risks Posed by Synthetic Content by NIST

AI, Risk Management, Technical and Organisational Measures (TOMs)

New Australian Law will Mandate Age Checks, Data Deletion for Social Media Platforms

Children as data subjects

WhatsApp Data-Sharing Ban in India: Meta Faces $25.4M Fine

Data Sharing

The Consumer Financial Protection Bureau (CFPB) by Consumer Financial Protection Bureau WASHINGTON, D.C

Finance and Fintech

Musk Adds Microsoft to OpenAI Lawsuit, Expanding Antitrust Allegations

X’s Updated Terms Spark Privacy Concerns

Data Subjects Rights

New Data Broker Rules Approved by CPPA Board

Data Brokers

Meta’s New Ad Model in the EU: Consent or Contextual Ads?

Consent, Data Subjects Rights

UK to Regulate AI Frontier Models with New Legislation in 2025

EDPB Releases First Report on EU-U.S. Data Privacy Framework

U.S. Court Revives Video Privacy Lawsuit Against NBA

Lawfulness of Processing

Data Broker Sells Voter Data on Support for QAnon and January 6

Data Sharing

EDPB Report on the first review of the European Commission Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework

GDPR in Practice – Experience of Data Protection Authorities by FRA

Supervisory Authorities

LinkedIn Fined €310 Million by Irish Data Regulator for Targeted Ads Without Consent

Lawfulness of Processing

Perplexity AI Faces Lawsuit Over Alleged Copyright Violations by Dow Jones and NY Post

noyb Files Complaint Against Pinterest for Unlawful Ad Tracking Practices

Lawfulness of Processing

UK’s New Data Use Bill: Easier Access and Enhanced Privacy for All

Local Laws

RTL Belgium Ordered to Add “Refuse All” Button to Cookie Banner by Belgian DPA

Consent

Major US Telecoms Hacked by Chinese Group, Federal Surveillance System Compromised

ICO Hits Northern Ireland Police with Fine Over Employee Data Breach

French News Agency AFP Hit by Cyber Attack, Real-Time News Feeds Affected

Study Finds ChatGPT Can Perform Biometric Tasks: A Closer Look at Privacy Risks

AI, Sensitive Data

Five New CJEU Rulings: A Turning Point for GDPR Compliance

Manipulative, Deceptive, and Exploitative AI Systems report by the Dutch DPA

AI, Lawfulness of Processing, Specific processing situations

Secure Future Initiative Report by Microsoft

Technical and Organisational Measures (TOMs)

FTC Targets Deceptive AI Claims with Operation AI Comply

AI, Lawfulness of Processing

OpenAI, Microsoft, and Amazon Join EU’s AI Pact to Shape Future Regulations

Meta Fined $101 Million for Exposing Millions of Passwords in Plaintext

Lawfulness of Processing, Technical and Organisational Measures (TOMs)

California Governor Vetoes AI Safety Bill

“AI & Algorithmic Risks Report” by Dutch Data Protection Authority

AI, Risk Management, Specific processing situations

MITIGATING SECURITY & PRIVACY RISKS by Data Security Council of India

Technical and Organisational Measures (TOMs)

Tech Giants Sign Open Letter Urging “Regulatory Certainty on AI” in Europe

Telegram’s New Policy: User Data to Be Shared with Authorities in Criminal Cases

Data Sharing, Data Subjects Rights

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

LinkedIn Used User Data for AI Training Before Updating Its Terms

AI, Data Sharing, Data Subjects Rights, Lawfulness of Processing

Privacy Impact Assessment (PIA) Templates by CNIL

Data Protection Impact Assessment (DPIA)

India Digital Personal Data Protection Act (2023)

Belgian DPA Enforces GDPR Compliance on Cookie Banners After noyb Complaints

EU Court Upholds €2.4 Billion Fine Against Google for Abusing Market Power

Swedish Bank Penalized €1.3 million for Transferring Customer Data to Meta

2025 Update: New SCCs Will Address Missing Rules for Cross-Border Data Transfers

Report of the work undertaken by the ChatGPT Taskforce by EDPB

AI, Specific processing situations

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

2023 Coordinated Enforcement Action Designation and Position of Data Protection Officers by EDPB

Controllers and Processors, Data Protection Officer (DPO)

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

DPIA for AI template

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI Privacy Policy template

AI, Specific processing situations

AI and Data Protection Risk Toolkit by UK ICO

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Description of the dataset template by CNIL

AI, Specific processing situations

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Meta CAN Use Brazilian User Data for AI Training with Restrictions

Irish Watchdog Ends Case Against X Following AI Data Restrictions

Council of Europe Unveils First Global AI Treaty

FBI Audit Reveals Major Data Handling Flaws

Global Approaches to Auditing Artificial Intelligence by IPIE

AI, Specific processing situations

EU Parliament Faces noyb Complaints After Major Data Breach

California’s New AB 3048: Opt-Out Signals in Every Browser

Dutch DPA Fines Clearview €30.5M: Directors Could be Held Liable

OpenAI and Anthropic Partner with U.S. Government for AI Safety Research

Massive Data Breach: Exposed 31.5 Million Sensitive Records from ServiceBridge

NSW report: Artificial intelligence in New South Wales

AI, Specific processing situations

Google’s Gemini AI on Android with Enhanced Privacy Features

NPD Confirms Major Breach: Sensitive Data of Millions Exposed

ICO Provisional £6 Million Penalty for Software Provider Following NHS Data Breach

X Closes Brazil Operations Citing “Censorship Orders” from Judge

Emerging digital technologies in the public sector report by EU Commission

New technology

Meta Faces $1.4 Billion Penalty for Unauthorized Biometric Data Collection in Texas

Noyb Sues Hamburg DPA Over ‘Pay or OK’ Consent System

Google Officially Declared a Monopoly by U.S. Federal Judge

Noyb Files Nine Complaints Against Twitter/X for Unlawful AI Data Usage

Meta Challenges EDPB Opinion on “Consent or Pay” Model at EU Court

Lithuanian SA Fines Vinted UAB €2.38 Million for GDPR Violations

EU AI Act Now in Force: Prepare for Compliance

Meta and OpenAI Unveil New AI Models: Llama 3.1 and SearchGPT

Securing Artificial Intelligence: Mitigation Strategy Report by ETSI

AI, Specific processing situations

Responsible AI Governance in Africa: Prospects for Outcomes Based Regulation by African Observatory on Responsible AI

AI, Specific processing situations

Office of the Privacy Commissioner of Canada Sweep Report 2024

Consent, Cookies, Lawfulness of Processing

Data protection impact assessment for AI Solutions by Danish DPA

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Relying on the legal basis of legitimate interest to develop an AI system by CNIL

AI, Specific processing situations

Patent Landscape Report on Generative AI by WIPO

AI, Specific processing situations

Consent Banner Report Overview of EU and national guidelines on dark patterns by NOYB

Consent, Lawfulness of Processing

Mobilizing the legal basis of legitimateinterest to develop an AI system by CNIL

AI, Specific processing situations

Report from Multistakeholder Expert group on GDPR application

Data Subjects Rights

Risk and control for artificial intelligence and machine learning systems by Cybernetica

AI, Specific processing situations

Governance of artificial intelligence (AI) by House of Commons UK

AI, Specific processing situations

Neurodata risks report by EDPS and Spanish DPA

AI, Specific processing situations

Report of the work undertaken by the ChatGPT Taskforce bg EDPB

EU-US Data Privacy Framework Template Complaint Form for Submitting Commercial Related Complaints to EU DPAs by EDPB

Adequacy Decisions, Data Transfers

Personal data breach report form

Controllers and Processors, Data Breaches

Zapier’s Transfer Impact Assessment

Data Transfers

Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Data Protection Impact Assessments (DPIA) Template by UK ICO

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIAs) by APDCAT

Data Protection Impact Assessment (DPIA)

COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions, Data Transfers

Records of processing activities template by the CNIL

Records of processing Activities (ROPA)

How Google Uses Information on websites [link]

Report of the work undertaken by the Cookie Banner Taskforce [Official EDPB Guidelines] [pdf]

Consent, Cookies

Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

AI Meets Media: OpenAI Secures Another Multi-Year Deal with Media Giant

AT&T Privacy Notice

Data Subjects Rights

Annual Report 2023 NOYB

Data Subjects Rights

Second Report on the application of the General Data Protection Regulation by EU Commission

Data Subjects Rights, Data Transfers

Annual Report 2023 by Irish DPA

Data Subjects Rights

AI system development: CNIL’srecommendations to comply with the GDPR

AI, Specific processing situations

Addictive patterns in the processing of personal data Implications for data protection by AEPD

Definitions, Processing of personal data

AI Auditing Checklist for AI Auditing by EDPB

AI, Specific processing situations

AI, DATA GOVERNANCE AND PRIVACY SYNERGIES AND AREAS OF INTERNATIONAL CO-OPERATION BY OECD

AI, Specific processing situations

Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer (CLPO) by EDPB

Adequacy Decisions, Data Transfers

Technical and organisational measures signed by Superhosting.bg

Controllers and Processors, Technical and Organisational Measures (TOMs)

Technical and Organizational Measures by Adobe Cloud Services

Controllers and Processors, Technical and Organisational Measures (TOMs)

Privacy Program 247.ai

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] International Data Transfer Agreements – Transitional Provisions

Data Transfers