Five years has passed since the GDPR entered into force

The GDPR now has a firm footing in the EU and it has had an impact on many non-EU national laws. The EU legislator has since been on overdrive in terms of drafting and adopting legislation for its digital package. Much for EU-based DPOs to adapt to and learn. The new Chair of the European Data Protection Board, Anu Talus, Finland’s Data Protection Commissioner, stresses the importance of the Board for making GDPR interpretations in this field.

To mark the GDPR’s fifth birthday, Věra Jourová, EU Vice-President for Values and Transparency, and Didier Reynders, EU Commissioner for Justice, said: “Enforcing the GDPR is a task entrusted to the independent national data protection authorities, and its thorough application remains a top priority for us. This is why we will soon propose new legislation to harmonise certain procedures of cooperation between data protection authorities on cross-border cases — of which there have been more than two thousand since 2018. It is also crucial that Member States provide their national data protection authorities with adequate resources for their important work. Since the entry into application of the GDPR, over €2.5 billion in fines have been imposed by the national data protection authorities for breaches of the GDPR.”

We will hear more about Talus’ views on DPA cooperation at PL&B’s International Conference in Cambridge in July, as well as her novel ideas for using AI at her Finnish DPA office.

The EU DPAs have recently set up a Task Force to investigate the implications of ChatGPT for data protection rights, following Italy’s regulatory action, and similar action has been taken by Canada. Much is happening in this area. Greece now has a new law setting out requirements for various types of technologies including AI and Internet of Things, and France’s DPA has recently issued its AI action plan.

Laura Linkomies
Editor, Privacy Laws & Business

June 2023