News

The European Data Protection Board (EDPB) shared some statistics on resources made available by Member States to the supervisory authorities (SA) from the European Economic Area (EEA) and on enforcement actions by the SAs. This report was made after receiving...

Apple is conducting ground surveys with vehicles in Luxembourg to collect data for its Apple Maps service. The recordings will be made by Apple vehicles from August 16 to September 10, 2021. Apple will censor faces and license plates on...

Given the fact that on July 29, 2021 Amazon published its quarterly results and publicly disclosed that the company was imposed a fine from the Luxembourg regulator on data protection because of infringements with the General Data Protection Regulation (GDPR...

Virtual Voice Assistants (VVA) are services integrated today in most digital devices such as smartphones, tablets and connected speakers. Such voice assistants make it possible to understand voice commands to execute them or to interact with other digital systems. Their...

After considering the comments received during a public consultation, the EDPB adopted a final version of the guidelines on the concepts of controller and processor. The main objective is to clarify · the definitions of the functional and autonomous concepts of...

On 28 June 2021, the European Commission adopted two adequacy decisions and found that the United Kingdom ensures an adequate level of protection for transfers of personal data, in accordance with the General Data Protection Regulation and the Law Enforcement...

On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive respectively. Such a decision means that the personal data...

On 4 June 2021, the European Commission published two new sets of standard contractual clauses (SCCs). The first set is intended to regulate the transfer of data from controllers or processors of the EU/EEA (subject to the GDPR) to...

The EDPB adopted a final version of the Recommendations on supplementary measures following public consultation. After the CJEU Schrems II ruling, they aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate...

The CNPD has made public 18 decisions concerning investigations on the outcome of investigations. In accordance with Article 41 of the Law of 1 August 2018 on the organisation of the CNPD and the General Data Protection Regime, decisions on the outcome of investigations are taken by the restricted panel of the CNPD. The decisions are in principle published anonymously on its website,

The GPA Reference Panel welcomes applications until 19 February 2021. What is the Global Privacy Assembly? Established in 1979, the GPA is the international forum of data protection and privacy authorities which provides leadership at the international level by connecting...

EDPB adopts Guidelines on examples regarding data breach notification The EDPB adopted guidelines on examples regarding data breach notification. These guidelines complement the WP 29 guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim...

Merry Christmas and a Happy New Year 2021

The EDPB adopted its Strategy 2021-2023 On December 15th, the EDPB met for its 43rd plenary session. During the plenary, a wide range of topics was

Publication of the annual report 2019 2019 was the first full year that the CNPD worked under the General Data Protection Regulation[1] (GDPR) and the

Over the last weeks the CNPD together with the data protection authorities of the EU member states have elaborated within the European Data Protection Board (EDPB) recommendations on measures that supplement transfer tools to ensure compliance with GDPR.

39th Plenary Session of the EDPB

The Board adopted Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users.

38th Plenary Session of the EDPB

The Luxembourg Data Protection Authority (CNPD) welcomes the judgement from the Court of Justice of the European Union (CJEU) in the case Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II), rendered on July 16, 2020.