5 Years of GDPR
GDPR has transformed data privacy worldwide. Five years on, we commemorate its impact on transparency, trust, and user control.
5 years and 3 billion in fines later. A look at current state of law.
The past five years have seen a marked increase in public awareness regarding data privacy and how companies use individuals’ personal data.
According to GDPR Enforcement Tracker, EU regulators issued more than $3 billion in GDPR fines since 2018.
Source: https://www.enforcementtracker.com/?insights
In such an environment, it is not surprising to see businesses continue prioritizing data protection compliance. Therefore, it is timely to look at some trends that companies and their boards should prioritize during 2023.
Our series of conversations around GDPR, privacy compliance.
US State Privacy Laws & GDPR Compliance: Latest Developments
The State of AI Governance and other Developments
Navigating GDPR Compliance and Enforcement Over the Last Year and Next. Our outlook.
Crucial Cases Defining GDPR
01
Generative AI’s First GDPR Reckoning
AI companies must comply with the GDPR and find ways to let individuals exercise their rights. But it appears that large language models (LLMs) and EU data protection law might not be fundamentally incompatible.
02
EDPB Narrowly Interprets the GDPR’s ‘Contract’ Rules
The EU is considering amending the "one-stop-shop" process of the GDPR, which has hampered effective data protection enforcement. The proposed legislation would provide additional support and a new process for regulators engaged in cross-border GDPR investigations to make enforcement more effective and efficient. This could mean an increase in GDPR penalties and investigations.
03
CJEU Sets Down Strict Rules on GDPR ‘Special Category Data’
Regulators have indicated that they are dealing with complaints about AI technology, and the EDPB has announced an AI Task Force to help coordinate AI-related enforcement action. Companies using or developing AI should consider whether their products meet the EU's data protection and privacy requirements.
What Next
01
UK GDPR and ePrivacy Reforms
The UK may relax GDPR's record-keeping and risk-assessment rules, while increasing PECR's fines for cookies and marketing violations to match the GDPR's penalties.
02
GDPR Cross-Border Enforcement Amendment
The EU is considering amending the "one-stop-shop" process of the GDPR to address complaints of ineffective data protection enforcement. The proposed legislation aims to provide support for cross-border GDPR investigations and make enforcement more efficient.
03
DPAs' AI Crackdown
OpenAI may face regulatory action from France, and the EDPB has created an AI Task Force for enforcement coordination. Compliance with the GDPR and data protection requirements is crucial for companies using or developing AI.