EDPB 2024 Annual Report Highlights Efforts in Strengthening Data Protection Across Europe

Key Takeaways

• New EDPB Strategy: The EDPB adopted its 2024-2027 strategy, focusing on strengthening enforcement, promoting GDPR compliance, and addressing emerging digital challenges like AI and cross-regulatory cooperation.
• Increased Consistency Opinions: The EDPB issued eight Art. 64(2) consistency opinions in 2024, covering critical topics such as facial recognition, AI model data use, and ‘Consent or Pay’ models for online platforms.
• Enhanced Stakeholder Engagement: The Board expanded its outreach efforts, providing resources such as the Data Protection Guide for Small Business in 18 languages and developing new guideline summaries for non-expert audiences.
• Cross-Regulatory Cooperation: The EDPB contributed to the alignment of GDPR with new digital regulations, including the Digital Markets Act (DMA) and AI Act, by engaging with European and international partners.
• GDPR Enforcement: DPAs imposed over €1.2 billion in fines in 2024, highlighting the ongoing commitment to upholding data protection rights and consistent enforcement of GDPR across Europe.

Deep Dive

The European Data Protection Board (EDPB) has released its 2024 Annual Report, showcasing the organization’s significant contributions to safeguarding personal data in an evolving digital landscape. The report highlights key milestones, including the adoption of a new strategy, an increase in consistency opinions under the General Data Protection Regulation (GDPR), and continued guidance on emerging issues like AI, facial recognition, and cross-border data transfers.

EDPB Chair Anu Talus commented, “In 2024, we reaffirmed our commitment to protecting individuals' rights to privacy and data protection amidst a fast-evolving digital landscape. Our new strategy sets the course for strengthening enforcement, promoting compliance, and tackling the emerging challenges posed by new digital regulations.”

The 2024-2027 EDPB strategy focuses on reinforcing GDPR enforcement and improving data protection across Europe. This strategic plan aims to address new challenges, including cross-regulatory cooperation with emerging digital legislation such as the Digital Markets Act (DMA) and the AI Act.

An important development was the substantial increase in Art. 64(2) consistency opinions, with eight opinions issued in 2024. These opinions, including those on ‘Consent or Pay’ models used by online platforms and the use of facial recognition in airports, aim to guide the consistent application of the GDPR.

Advancing Stakeholder Engagement and Outreach

In 2024, the EDPB continued its efforts to make data protection more accessible, launching the Data Protection Guide for Small Business in 18 languages. Additionally, new guidelines and summaries were developed to assist non-expert individuals and organizations in navigating key GDPR provisions.

The Board also engaged with a wide range of stakeholders, including industry representatives, civil society, and academia, to foster a clearer understanding of data protection rights and duties. Public consultations and stakeholder events were organized to gather insights and ensure that the guidance remains practical and effective.

The EDPB’s engagement extended beyond GDPR, as it actively contributed to the application of new digital laws. By collaborating with European partners like the EU AI Office and the High-Level Group on the DMA, the Board helped ensure that data protection considerations were integrated into these regulatory frameworks.

This cross-regulatory cooperation was crucial in addressing issues at the intersection of data privacy and emerging technologies, such as AI and the growing reliance on data for business processes.

Enforcement and Cooperation with National Authorities

National Data Protection Authorities (DPAs) played a pivotal role in enforcing the GDPR across Europe in 2024. The EDPB supported DPAs in their efforts, facilitating 982 procedures related to the one-stop-shop mechanism and ensuring that cross-border cases were handled efficiently. Notably, DPAs collectively issued over €1.2 billion in fines throughout the year for significant GDPR violations.

The EDPB also continued to promote consistency in the application of the GDPR by coordinating enforcement actions, including the third coordinated action on the right of access.

The EDPB’s strategy for the next few years will focus on promoting stronger enforcement of data protection laws, expanding cross-regulatory cooperation, and enhancing transparency in the application of the GDPR. The Board's ongoing efforts to safeguard privacy and data protection rights will remain central in the face of technological advancements and regulatory challenges across Europe.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.