GDPR Fine Tracker

Official Guidelines

Decisions and Case Law

Templates

Privacy and AI News

Tools and Software

Laws and Regulations

AI Assistant

SEARCH EVERYWHERE

Filtered (152)
Filters
Type
Show (152)
Cancel
Advanced Search
EDPB Releases First Report on EU-U.S. Data Privacy Framework
U.S. Court Revives Video Privacy Lawsuit Against NBA

Lawfulness of Processing

Data Broker Sells Voter Data on Support for QAnon and January 6

Data Sharing

Data (Use and Access) Bill [HL] Draft
LinkedIn Fined €310 Million by Irish Data Regulator for Targeted Ads Without Consent

Lawfulness of Processing

Perplexity AI Faces Lawsuit Over Alleged Copyright Violations by Dow Jones and NY Post

AI

noyb Files Complaint Against Pinterest for Unlawful Ad Tracking Practices

Lawfulness of Processing

UK’s New Data Use Bill: Easier Access and Enhanced Privacy for All

Local Laws

Age-Appropriate Design Toolkit Tracker

Children as data subjects

AI Toolkit Tracker

AI

Personal Data Breach Management and Reporting Toolkit Tracker

Data Breaches

Requests for Access Toolkit Tracker

Access Requests (DSAR)

Data Sharing Toolkit Tracker

Data Sharing

Training and Awareness Toolkit Tracker

Technical and Organisational Measures (TOMs)

Information & Cyber Security Checklist Tracker

Technical and Organisational Measures (TOMs)

Records Management Toolkit Tracker

Data Retention, Personal Data Collection, Records of processing Activities (ROPA)

Accountability Toolkit Tracker

Accountability

RTL Belgium Ordered to Add “Refuse All” Button to Cookie Banner by Belgian DPA

Consent

EU Cyber Resilience Act (CRA)

Technical and Organisational Measures (TOMs)

Major US Telecoms Hacked by Chinese Group, Federal Surveillance System Compromised
ICO Hits Northern Ireland Police with Fine Over Employee Data Breach
French News Agency AFP Hit by Cyber Attack, Real-Time News Feeds Affected
Study Finds ChatGPT Can Perform Biometric Tasks: A Closer Look at Privacy Risks

AI, Sensitive Data

Five New CJEU Rulings: A Turning Point for GDPR Compliance
AIPact by the European Artificial Intelligence Office

AI, Data Subjects Rights, Specific processing situations

FTC Targets Deceptive AI Claims with Operation AI Comply

AI, Lawfulness of Processing

OpenAI, Microsoft, and Amazon Join EU’s AI Pact to Shape Future Regulations

AI

Meta Fined $101 Million for Exposing Millions of Passwords in Plaintext

Lawfulness of Processing, Technical and Organisational Measures (TOMs)

California Governor Vetoes AI Safety Bill

AI

Tech Giants Sign Open Letter Urging “Regulatory Certainty on AI” in Europe

AI

Telegram’s New Policy: User Data to Be Shared with Authorities in Criminal Cases

Data Sharing, Data Subjects Rights

Genetic Testing Company 23andMe Pays $30M for Data Breach

Data Breaches, Sensitive Data

LinkedIn Used User Data for AI Training Before Updating Its Terms

AI, Data Sharing, Data Subjects Rights, Lawfulness of Processing

The IDTA, Addendum and TRA: practical guidance for cross-border transfers by the UK ICO

Access Requests (DSAR), Data Transfers

Privacy Impact Assessment (PIA) Templates by CNIL

Data Protection Impact Assessment (DPIA)

India Digital Personal Data Protection Act (2023)
Belgian DPA Enforces GDPR Compliance on Cookie Banners After noyb Complaints
EU Court Upholds €2.4 Billion Fine Against Google for Abusing Market Power
Swedish Bank Penalized €1.3 million for Transferring Customer Data to Meta
2025 Update: New SCCs Will Address Missing Rules for Cross-Border Data Transfers
National Strategy to Advance Privacy-Preserving Data Sharing and Analytics by the EO by the US President

Anonymisation, Controllers and Processors, Technical and Organisational Measures (TOMs)

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Controllers and Processors, Technical and Organisational Measures (TOMs)

DRAFT RISK ASSESSMENT REGULATIONS FOR CALIFORNIA PRIVACY PROTECTION AGENCY

Risk Management

International Data Transfer Agreements – Transitional Provisions

Data Transfers

Transfer Risk Assessment Tool by the UK ICO

Data Transfers

Transfer Impact Assessment (TIA) Template by HSE

Data Transfers

[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018

Data Transfers

EU DATA ACT
[PROPOSAL 2024] EU AI ACT

AI, Specific processing situations

[Draft] Transfer Impact Assessment by the CNIL

Data Transfers

Privacy Notice Template by the UK ICO

Data Subjects Rights

[DRAFT] FRAMEWORK CONVENTION ON ARTIFICIAL INTELLIGENCE, HUMAN RIGHTS, DEMOCRACY AND THE RULE OF LAW

AI, Specific processing situations

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT)

AI, Specific processing situations

Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (PROPOSED MEMORANDUM )

AI, Specific processing situations

DPIA for AI template

Controllers and Processors, Data Protection Impact Assessment (DPIA)

AI Privacy Policy template

AI, Specific processing situations

Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence by the US President

AI, Specific processing situations

Online Safety Bill | UK
AI and Data Protection Risk Toolkit by UK ICO

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Description of the dataset template by CNIL

AI, Specific processing situations

Data Breach Process Guidance by HSE

Controllers and Processors, Data Breaches

Meta CAN Use Brazilian User Data for AI Training with Restrictions
Irish Watchdog Ends Case Against X Following AI Data Restrictions
Council of Europe Unveils First Global AI Treaty
FBI Audit Reveals Major Data Handling Flaws
EU Parliament Faces noyb Complaints After Major Data Breach
California’s New AB 3048: Opt-Out Signals in Every Browser
Dutch DPA Fines Clearview €30.5M: Directors Could be Held Liable
OpenAI and Anthropic Partner with U.S. Government for AI Safety Research
Massive Data Breach: Exposed 31.5 Million Sensitive Records from ServiceBridge
Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive)

AI, Liability and Remedies, Specific processing situations, Supervisory Authorities

Google’s Gemini AI on Android with Enhanced Privacy Features
NPD Confirms Major Breach: Sensitive Data of Millions Exposed
ICO Provisional £6 Million Penalty for Software Provider Following NHS Data Breach
X Closes Brazil Operations Citing “Censorship Orders” from Judge
UK ICO Privacy Policy Generator

Data Subjects Rights

Conformally Privacy Policy Generator

Data Subjects Rights

KOSPA Passed by Senate: Strengthening Online Protections for Children and Teens
Meta Faces $1.4 Billion Penalty for Unauthorized Biometric Data Collection in Texas
Noyb Sues Hamburg DPA Over ‘Pay or OK’ Consent System
Google Officially Declared a Monopoly by U.S. Federal Judge
Noyb Files Nine Complaints Against Twitter/X for Unlawful AI Data Usage
Meta Challenges EDPB Opinion on “Consent or Pay” Model at EU Court
Lithuanian SA Fines Vinted UAB €2.38 Million for GDPR Violations
EU AI Act Now in Force: Prepare for Compliance
Meta and OpenAI Unveil New AI Models: Llama 3.1 and SearchGPT
CNIL open source PIA software – data protection impact assessment

Data Protection Impact Assessment (DPIA)

Data protection impact assessment for AI Solutions by Danish DPA

AI, Controllers and Processors, Data Protection Impact Assessment (DPIA), Specific processing situations

Convention on AI, Human Rights, Democracy and the Rule of Law – by the Council of Europe (draft)

AI, Specific processing situations

Controller – Processor Assessment Tool

Controllers and Processors

EU-US Data Privacy Framework Template Complaint Form for Submitting Commercial Related Complaints to EU DPAs by EDPB

Adequacy Decisions, Data Transfers

REGULATION (EU) 2024/900 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 March 2024 on the transparency and targeting of political advertising

Marketing and Advertising, Specific processing situations

Personal data breach report form

Controllers and Processors, Data Breaches

ЕО Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Technical and Organisational Measures (TOMs)

Zapier’s Transfer Impact Assessment

Data Transfers

Transfer Impact Assessment (TIA)

Data Transfers

Personal data breaches in the health sector: how to avoid them (and how to deal with them when they happen) by the UK ICO

Data Breaches, Health Data

Cybersecurity panel session: SME Focus by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: Supply chain attacks by the UK ICO

Technical and Organisational Measures (TOMs)

Cybersecurity panel session: An introduction to incident response, common cyber threats and ways to mitigate risk by the UK ICO

Technical and Organisational Measures (TOMs)

Federal Data Protection Act (Germany)
Insight into audit and assurance by the UK ICO
Lifecycle of a complaint by the UK ICO

Data Subjects Rights

Good FOI practice – a panel discussion by the UK ICO

Freedom of expression and information

DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (Law Enforcement Directive)
REGULATION (EU) 2022/868 (Data Governance Act)
REGULATION (EU) 2022/1925 (Digital Markets Act)
DIRECTIVE (EU) 2019/1937 on the protection of persons who report breaches of Union law (Whistleblower Directive)

Whistleblowing

Directive 2002/58/EC on privacy and electronic communications
REGULATION (EU) 2018/1725 “GDPR for EU Institutions”
Directive (EU) 2016/1148 “NIS2 Directive”
UK Data Protection Act 2018
European Convention on Human Rights
Federal Act on Data Protection (Switzerland)
EU AI Act
Personal Information Protection and Electronic Documents Act (PIPEDA, CANADA)
Personal data protection law (Saudi Arabia)
Connecticut Data Privacy Act
Utah Consumer Privacy Act
Joint Guide to ASEAN MCC and EU SCC

Data Transfers, Standard Contractual Clauses (SCC)

Data Protection Impact Assessments (DPIA) Template by UK ICO

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIAs) by APDCAT

Data Protection Impact Assessment (DPIA)

GDPR Risk Assessment by the AEPD

Data Protection Impact Assessment (DPIA)

CALIFORNIA CONSUMER PRIVACY ACT REGULATIONS
Records of processing activities template by the CNIL

Records of processing Activities (ROPA)

CCPA Full Text
How Google Uses Information on websites [link]
Telegram CEO’s Arrest Sparks Debate on Privacy vs. Regulation

Personal Data Collection, Technical and Organisational Measures (TOMs)

AI Meets Media: OpenAI Secures Another Multi-Year Deal with Media Giant

AI

AT&T Privacy Notice

Data Subjects Rights

The Colorado AI Act “Senate Bill SB24-205”

AI, Specific processing situations

Template Complaint Form to the U.S. Office of the Director of National Intelligence’s Civil Liberties Protection Officer (CLPO) by EDPB

Adequacy Decisions, Data Transfers

American Privacy Rights Act Discussion Draft
The American Privacy Rights Act (APRA) section-by-section draft
Technical and organisational measures signed by Superhosting.bg

Controllers and Processors, Technical and Organisational Measures (TOMs)

Technical and Organizational Measures by Adobe Cloud Services

Controllers and Processors, Technical and Organisational Measures (TOMs)

Privacy Program 247.ai
(NEW JERSEY) ACT concerning [commercial Internet websites] online, services, consumers, and [personally identifiable information] personal data and supplementing Title 56 of the Revised Statutes
[UK] International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Data Transfers

[UK] International Data Transfer Agreements – Transitional Provisions

Data Transfers

American Data Privacy And Protection Act (DRAFT)
Balancing transparency and empathy in request and complaint handling by the UK ICO

Access Requests (DSAR)

Section 40(2) FOIA – the personal data exemption – a practical approach by the UK ICO

Access Requests (DSAR), Data Subjects Rights

A 10-step guide to sharing information to safeguard children by the UK ICO

Children as data subjects

Privacy, seriously by the UK ICO

AI, Privacy by Design, Product Privacy Design

AI and Data Protection risk toolkit by the UK ICO

AI, Data Protection Impact Assessment (DPIA)

Senate Bill 262 (Delete Act)
THE DIGITAL PERSONAL DATA PROTECTION ACT (INDIA)
Consumer Data Protection Act (Virginia CDPA)
Colorado Privacy Act