Search
Cross-border protection of vulnerable adults
The IA supports the above proposals with a qualitative assessment of legal, social and economic impacts, complemented by quantified estimates of costs and savings of procedural and administrative costs. Impacts on fundamental rights and digitalisation are also assessed, including concerns raised by stakeholders with respect to data protection. The IA follows a clear intervention logic and is based on solid internal and external sources and various stakeholder consultations. It clearly makes an effort ...
Navigating challenges to UK data adequacy
The United Kingdom (UK) adequacy decisions are set to expire on 27 June 2025, unless the European Commission reaffirms that the UK continues to ensure an 'essentially equivalent' level of data protection to the EU's. Critics raised concerns that recent and ongoing UK reforms could jeopardise the renewal of these decisions.
Algorithmic discrimination under the AI Act and the GDPR
After the entry into force of the Artificial Intelligence (AI) Act in August 2024, an open question is its interplay with the General Data Protection Regulation (GDPR). The AI Act aims to promote human-centric, trustworthy and sustainable AI, while respecting individuals' fundamental rights and freedoms, including their right to the protection of personal data. One of the AI Act's main objectives is to mitigate discrimination and bias in the development, deployment and use of 'high-risk AI systems ...
Understanding EU data protection policy
The 'datafication' of everyday life and data scandals have made the protection of personal information an increasingly important social, legal and political matter for the EU. In recent years, awareness of data rights has grown considerably. The right to privacy and the right to protection of personal data are both enshrined in the Charter of Fundamental Rights of the EU and in the EU Treaties. The entry into force of the Lisbon Treaty in 2009 gave the Charter the same legal value as the Treaties ...
Newly proposed GDPR procedural rules: Improving efficiency and consistency
Ever since the General Data Protection Regulation (GDPR) became applicable in May 2018, the European Parliament and civil society organisations have been flagging up deficits in its enforcement, and pushing for better implementation. To address the situation, in July 2023 the European Commission tabled a proposal aimed at improving GDPR enforcement. The proposal seeks to support the smooth functioning and timely completion of enforcement procedures in cross-border cases. To this end, the Commission ...
Second report on the application of the GDPR
Since the General Data Protection Regulation (GDPR) entered into force in 2018, the European Commission has published two reports on its application. The second report stresses the need for consistent interpretation and enforcement of the GDPR, highlighting ongoing challenges such as divergent national interpretations, difficulties in cooperation among regulatory bodies, and obstacles faced by organisations in achieving compliance.
Towards new rules on transparency and targeting of political advertising
Political advertising is central to informing and influencing how people vote, and may affect citizens' perceptions of the legitimacy of their political system, mainly when published in the run-up to elections. Therefore, rules governing political advertising are vital to guaranteeing citizens' fundamental rights and the integrity of democratic processes. However, traditional campaigning regulations can be ineffective or difficult to enforce online, where new techniques are utilised to target potential ...
European health data space
The COVID-19 pandemic shone a light on the growing importance of digital health technologies, both to enable remote medical care and to facilitate the health response from international, national and local authorities. The European Commission's May 2022 proposal for a regulation on a European health data space aims to improve individuals' access to and control over their electronic personal data (primary use), while facilitating data re-use for the good of society across the EU (secondary use). The ...
Revised rules on advance passenger information
In December 2021, the European Commission proposed to revise the EU legal framework on the collection and transfer of advance passenger information (API). The current API Directive will be replaced by two regulations: one on the collection and transfer of API for border management purposes, and another on the collection and transfer of API for law enforcement purposes. Following the co-legislators reaching of provisional agreements in March 2024, the Parliament is due to vote on the proposals during ...
Advance passenger information (API) to tackle terrorism and serious crime
In December 2022, the European Commission presented two proposals to revise the rules on the collection and transfer of advance passenger information (API) data – data collected by air carriers at check-in and sent to competent authorities in the country of destination prior to take-off. One of the proposals is for a new regulation on the collection and transfer of API data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime. The proposal seeks to ...