Privacy Navigator Podcast Episodes

W04-2025: Privacy Navigator Podcast

W03-2025: Privacy News Podcast

W02-2025: Privacy News Podcast

Opinion 28/2024 on certain data protection aspects related to the processing of personal data in the context of AI models

AI

W50-2024: Privacy News Podcast

Major US Telecom Providers Targeted in Chinese Cyber-Attack

Data Breaches

Sensitive Medical Data Exposed: French Hospital Breach Affects Hundreds of Thousands

Data Breaches

New Australian Law will Mandate Age Checks, Data Deletion for Social Media Platforms

Children as data subjects

WhatsApp Data-Sharing Ban in India: Meta Faces $25.4M Fine

Data Sharing

Musk Adds Microsoft to OpenAI Lawsuit, Expanding Antitrust Allegations

AI

X’s Updated Terms Spark Privacy Concerns

Data Subjects Rights

New Data Broker Rules Approved by CPPA Board

Data Brokers

Meta’s New Ad Model in the EU: Consent or Contextual Ads?

Consent, Data Subjects Rights

UK to Regulate AI Frontier Models with New Legislation in 2025

AI

EDPB Releases First Report on EU-U.S. Data Privacy Framework

U.S. Court Revives Video Privacy Lawsuit Against NBA

Lawfulness of Processing

Data Broker Sells Voter Data on Support for QAnon and January 6

Data Sharing

LinkedIn Fined €310 Million by Irish Data Regulator for Targeted Ads Without Consent

Lawfulness of Processing

Perplexity AI Faces Lawsuit Over Alleged Copyright Violations by Dow Jones and NY Post

AI

noyb Files Complaint Against Pinterest for Unlawful Ad Tracking Practices

Lawfulness of Processing

UK’s New Data Use Bill: Easier Access and Enhanced Privacy for All

Local Laws

Age-Appropriate Design Toolkit Tracker

Children as data subjects

AI Toolkit Tracker

AI

Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Requests for Access Toolkit Tracker

Access Requests (DSAR)

Data Sharing Toolkit Tracker

Data Sharing

Training and Awareness Toolkit Tracker

Technical and Organisational Measures (TOMs)

Information & Cyber Security Checklist Tracker

Technical and Organisational Measures (TOMs)

Records Management Toolkit Tracker

Data Retention, Personal Data Collection, Records of processing Activities (ROPA)

Accountability Toolkit Tracker

Accountability

RTL Belgium Ordered to Add “Refuse All” Button to Cookie Banner by Belgian DPA

Consent

Major US Telecoms Hacked by Chinese Group, Federal Surveillance System Compromised

ICO Hits Northern Ireland Police with Fine Over Employee Data Breach

French News Agency AFP Hit by Cyber Attack, Real-Time News Feeds Affected

Study Finds ChatGPT Can Perform Biometric Tasks: A Closer Look at Privacy Risks

AI, Sensitive Data

Five New CJEU Rulings: A Turning Point for GDPR Compliance

FTC Targets Deceptive AI Claims with Operation AI Comply

AI, Lawfulness of Processing

OpenAI, Microsoft, and Amazon Join EU’s AI Pact to Shape Future Regulations

AI

Meta Fined $101 Million for Exposing Millions of Passwords in Plaintext

Lawfulness of Processing, Technical and Organisational Measures (TOMs)

California Governor Vetoes AI Safety Bill

AI

Tech Giants Sign Open Letter Urging “Regulatory Certainty on AI” in Europe

AI

Telegram’s New Policy: User Data to Be Shared with Authorities in Criminal Cases

Data Sharing, Data Subjects Rights

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

LinkedIn Used User Data for AI Training Before Updating Its Terms

AI, Data Sharing, Data Subjects Rights, Lawfulness of Processing

The IDTA, Addendum and TRA: practical guidance for cross-border transfers by the UK ICO

Access Requests (DSAR), Data Transfers

India Digital Personal Data Protection Act (2023)

Belgian DPA Enforces GDPR Compliance on Cookie Banners After noyb Complaints

EU Court Upholds €2.4 Billion Fine Against Google for Abusing Market Power

Swedish Bank Penalized €1.3 million for Transferring Customer Data to Meta

2025 Update: New SCCs Will Address Missing Rules for Cross-Border Data Transfers

Statement 2/2024 on the financial data access and payments package by EDPB

Finance and Fintech

Opinion 04/2024 on the notion of main establishment of a controller in the Union under Article 4(16)(a) GDPR |EPDB

Definitions, Main Establishment

Opinion 36/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Booking.com Group |EPDB

Data Transfers

Opinion 31/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Thalès Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Processor Binding Corporate Rules of the Cerner Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 35/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Carlsberg Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 37/2023 on the draft decision of the competent supervisory authority of Luxemburg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Certification

Opinion 38/2023 on the draft decision of the competent supervisory authority of Slovenian regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR). |EPDB

Certification

Opinion 01/2024 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Booking.com Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 2/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the TELEFÓNICA Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 3/2024 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Accenture Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Sodexo Group |EPDB

Binding Corporate Rules, Data Transfers

Privacy Notice Template by the UK ICO

Data Subjects Rights

Information Commissioner’s Further Response to the Data Protection and Digital Information Bill (DPDI Bill)

Principles, Sensitive Data

Opinion on processing of CCTV data in regard to employee performance analytics by the Bulgarian DPA

CCTV, Employment, Specific processing situations

Opinion 44/2023 on the Proposal for Artificial Intelligence Act in the light of legislative developments

AI, Specific processing situations

Joint Opinion 01/2023 on the Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679

Meta CAN Use Brazilian User Data for AI Training with Restrictions

Irish Watchdog Ends Case Against X Following AI Data Restrictions

Council of Europe Unveils First Global AI Treaty

FBI Audit Reveals Major Data Handling Flaws

EU Parliament Faces noyb Complaints After Major Data Breach

California’s New AB 3048: Opt-Out Signals in Every Browser

Dutch DPA Fines Clearview €30.5M: Directors Could be Held Liable

OpenAI and Anthropic Partner with U.S. Government for AI Safety Research

Massive Data Breach: Exposed 31.5 Million Sensitive Records from ServiceBridge

Google’s Gemini AI on Android with Enhanced Privacy Features

NPD Confirms Major Breach: Sensitive Data of Millions Exposed

ICO Provisional £6 Million Penalty for Software Provider Following NHS Data Breach

X Closes Brazil Operations Citing “Censorship Orders” from Judge

UK ICO Privacy Policy Generator

Data Subjects Rights

Conformally Privacy Policy Generator

Data Subjects Rights

Meta Faces $1.4 Billion Penalty for Unauthorized Biometric Data Collection in Texas

Noyb Sues Hamburg DPA Over ‘Pay or OK’ Consent System

Google Officially Declared a Monopoly by U.S. Federal Judge

Noyb Files Nine Complaints Against Twitter/X for Unlawful AI Data Usage

Meta Challenges EDPB Opinion on “Consent or Pay” Model at EU Court

Lithuanian SA Fines Vinted UAB €2.38 Million for GDPR Violations

EU AI Act Now in Force: Prepare for Compliance

Meta and OpenAI Unveil New AI Models: Llama 3.1 and SearchGPT

CNIL open source PIA software – data protection impact assessment

Data Protection Impact Assessment (DPIA)

Statement 3/2024 on data protection authorities’ role in the Artificial Intelligence Act framework by EDPB

AI, Specific processing situations

Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR by EDPB

Facial Recognition, Specific processing situations

Controller – Processor Assessment Tool

Controllers and Processors

Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) |EDPB

Controllers and Processors, Data Transfers, Standard Contractual Clauses (SCC)

Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) |EDPB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group |EDPB

Binding Corporate Rules, Data Transfers

Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom |EPDB

Adequacy Decisions, Data Transfers

Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom |EDPB

Adequacy Decisions, Data Transfers

Opinion 19/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EDPB

Accreditation

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EDPB

Adequacy Decisions, Data Transfers

EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act)

AI, Specific processing situations

Opinion 20/2021 on Tobacco Traceability System |EDPB

Controllers and Processors, Data Sharing

Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms by EDPB

Consent, Lawfulness of Processing

Opinion 23/2021 on the draft decision of the competent supervisory authority of Czech Republic regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EDPB

Code of Conduct, Controllers and Processors

Opinion 24/2021 on the draft decision of the competent supervisory authority of Slovakia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EDPB

Code of Conduct, Controllers and Processors

Opinion 25/2021 on the draft decision of the competent supervisory authority of Lithuania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EDPB

Accreditation

Opinion 16/2021 on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe |EDPB

Code of Conduct, Controllers and Processors

Opinion 17/2021 on the draft decision of the French Supervisory Authority regarding the European code of conduct submitted by the Cloud Infrastructure Service Providers (CISPE) |EDPB

Code of Conduct, Controllers and Processors

Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier |EPDB

Binding Corporate Rules, Data Transfers

Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis |EPDB

Binding Corporate Rules, Data Transfers

Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject |EPDB

Data Controller, Data Subjects Rights, Definitions

Opinion 35/2021 on the draft decision of the competent supervisory authority of Belgium regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 36/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 37/2021 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Accreditation

Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited |EPDB

Binding Corporate Rules, Data Transfers

Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea |EPDB

Adequacy Decisions, Data Transfers

EDPB-EDPS Joint Opinion 1/2022 on the Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2021/953 on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic |EPDB

Health Data, Principles, Sensitive Data

EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act)

Data Transfers

Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria |EPDB

Certification

Opinion 12/2022 on the draft decision of the competent supervisory authority of France regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 13/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 14/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 15/2022 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 16/2022 on the draft decision of the competent supervisory authority of Slovenia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group |EPDB

Binding Corporate Rules, Data Transfers

EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space

Health Data, Principles, Sensitive Data

EDPB-EDPS Joint Opinion 04/2022 on the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse

Children as data subjects, Data Subjects Rights

Opinion 25/2022 regarding the European Privacy Seal (EuroPriSe ) certification criteria for the certification of processing operations by processors |EPDB

Certification

Opinion 18/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2022 on the draft decision of the Baden-Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the MercedesBenz Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2022 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of Fresenius Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 11/2023 on the draft decision of the competent supervisory authority of Sweden regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Accreditation

Opinion 12/2023 on the draft decision of the competent supervisory authority of Cyprus regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 13/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 14/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Vestas Wind Systems Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 15/2023 on the draft decision of the Dutch Supervisory Authority regarding the Brand Compliance certification criteria |EPDB

Certification

Opinion 18/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the Collibra Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 19/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the American Express Global Business Travel Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 20/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Comcast Corporation Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 21/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 22/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for employee data of the UPS Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 7/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 8/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Autodesk Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework |EPDB

Adequacy Decisions, Data Transfers

Opinion 9/2023 on the draft decision of the Italian Supervisory Authority regarding the Controller Binding Corporate Rules of Vertiv |EPDB

Binding Corporate Rules, Data Transfers

Opinion 10/2023 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the PROSEGUR Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 16/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 17/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Informatica Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 11/2022 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

Opinion 1/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 02/2023 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 03/2023 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR |EPDB

Code of Conduct, Controllers and Processors

Opinion 4/2023 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) |EPDB

Accreditation

EDPB-EDPS Joint Opinion 02/2023 on the Proposal for a Regulation of the European Parliament and of the Council on the establishment of the digital euro

Accreditation

EDPB-EDPS Joint Opinion 01/2023 on the Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679

Accreditation

Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) |EPDB

Certification

Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group |EPDB

Binding Corporate Rules, Data Transfers

Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group |EPDB

Binding Corporate Rules, Data Transfers

Transfer Impact Assessment (TIA)

Data Transfers

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Cybersecurity panel session: SME Focus by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: Supply chain attacks by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: An introduction to incident response, common cyber threats and ways to mitigate risk by the UK ICO

Technical and Organisational Measures (TOMs)

Insight into audit and assurance by the UK ICO

Lifecycle of a complaint by the UK ICO

Data Subjects Rights

Good FOI practice – a panel discussion by the UK ICO

Freedom of expression and information

Opinion on legitimate interests of the data controller (Opinion 06/2014)

Legitimate Interest

Opinion 05/2014 on Anonymisation Techniques | WP216

Anonymisation

GDPR Risk Assessment by the AEPD

Data Protection Impact Assessment (DPIA)

Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

AI Meets Media: OpenAI Secures Another Multi-Year Deal with Media Giant

AI

Statement 2/2024 on the financial data access and payments package bg EDPB

Finance and Fintech

Balancing transparency and empathy in request and complaint handling by the UK ICO

Access Requests (DSAR)

Section 40(2) FOIA – the personal data exemption – a practical approach by the UK ICO

Access Requests (DSAR), Data Subjects Rights

A 10-step guide to sharing information to safeguard children by the UK ICO

Children as data subjects

Privacy, seriously by the UK ICO

AI, Privacy by Design, Product Privacy Design

AI and Data Protection risk toolkit by the UK ICO

AI, Data Protection Impact Assessment (DPIA)