News

Virtual Voice Assistants (VVA) are services integrated today in most digital devices such as smartphones, tablets and connected speakers. Such voice assistants make it possible to understand voice commands to execute them or to interact with other digital systems. Their...

After considering the comments received during a public consultation, the EDPB adopted a final version of the guidelines on the concepts of controller and processor. The main objective is to clarify · the definitions of the functional and autonomous concepts of...

On 28 June 2021, the European Commission adopted two adequacy decisions and found that the United Kingdom ensures an adequate level of protection for transfers of personal data, in accordance with the General Data Protection Regulation and the Law Enforcement...

On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive respectively. Such a decision means that the personal data...

On 4 June 2021, the European Commission published two new sets of standard contractual clauses (SCCs). The first set is intended to regulate the transfer of data from controllers or processors of the EU/EEA (subject to the GDPR) to...

The EDPB adopted a final version of the Recommendations on supplementary measures following public consultation. After the CJEU Schrems II ruling, they aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate...

The CNPD has made public 18 decisions concerning investigations on the outcome of investigations. In accordance with Article 41 of the Law of 1 August 2018 on the organisation of the CNPD and the General Data Protection Regime, decisions on the outcome of investigations are taken by the restricted panel of the CNPD. The decisions are in principle published anonymously on its website,

The GPA Reference Panel welcomes applications until 19 February 2021. What is the Global Privacy Assembly? Established in 1979, the GPA is the international forum of data protection and privacy authorities which provides leadership at the international level by connecting...

Actuellement, l’UE connaît une crise sanitaire exceptionnelle liée au coronavirus. Dans ce contexte, la CNPD donne des recommandations en matière de collecte de données aux acteurs privés et publics qui sont confrontés à des défis de plus en plus complexes dans leur fonctionnement quotidien.

EDPB adopts Guidelines on examples regarding data breach notification The EDPB adopted guidelines on examples regarding data breach notification. These guidelines complement the WP 29 guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim...

Merry Christmas and a Happy New Year 2021

The EDPB adopted its Strategy 2021-2023 On December 15th, the EDPB met for its 43rd plenary session. During the plenary, a wide range of topics was

Publication of the annual report 2019 2019 was the first full year that the CNPD worked under the General Data Protection Regulation[1] (GDPR) and the

Over the last weeks the CNPD together with the data protection authorities of the EU member states have elaborated within the European Data Protection Board (EDPB) recommendations on measures that supplement transfer tools to ensure compliance with GDPR.

39th Plenary Session of the EDPB

The Board adopted Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users.

38th Plenary Session of the EDPB

The Luxembourg Data Protection Authority (CNPD) welcomes the judgement from the Court of Justice of the European Union (CJEU) in the case Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II), rendered on July 16, 2020.

The EDPB has published a new register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website.

Today, just over two years after its entry into application, the European Commission published an evaluation report on the General Data Protection Regulation (GDPR).