惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
A Quick Overview of European Privacy Laws | iubenda
Alice Perseval · 2023-02-15 · via Compliance Solutions for Websites, Apps and Organizations | iubenda

Do you need to get a better grasp of European privacy laws? Are you looking for specific information for your compliance? Our European Privacy Laws Overview is what you need!

👀 In this guide, we give basic information regarding major EU laws such as the GDPR or the ePrivacy, and provide many further resources for you to dive deeper into your topics of interest.

The current privacy landscape in Europe

A need for better data protection: the importance of European privacy laws

A strong framework for data protection was necessary when companies started to heavily collect, use and store personal data of individuals in order to get relevant insights on customers, provide them with personalized experiences or ads, and more.

Privacy laws have been crucial for protecting individuals’ personal data and ensuring it is not being abused by organizations. They helped to:

  • give power back to individuals over their data, granting them critical rights;
  • regulate usage, processing and storage (with special measures for high-risk data);
  • implement sanctions and reduce data breaches;
  • impose rules for organizations to set up internally (organizational and technical measures) and externally (user-focused, i.e.disclosures, collecting consent, etc.)

European privacy laws overview – the most relevant laws

🇪🇺 The General Data Protection Regulation (GDPR)

🗓️ When? The GDPR is a European regulation that became fully enforceable on May 25th, 2018. It is the most robust and strictest privacy law to date.

💬 What? At its most basic, the GDPR specifies how personal data should be lawfully processed, collected, shared, used, protected or interacted with in general.

📍 Where? The GDPR can apply to you whether your organization is based in the EU or not.

Who does the GDPR apply to?

The GDPR applies to:

  • an entity’s base of operations is in the EU (this applies whether the processing takes place in the EU or not);
  • an entity not established in the EU offers goods or services to people in the EU; or where
  • an entity is not established in the EU, but it monitors the behavior of people who are in the EU, provided that such behavior takes place in the EU.

🔍 Check out our dedicated section below for useful resources on the GDPR.

🇬🇧 UK Privacy Laws

The UK privacy landscape has been undergoing some changes after Brexit, but the GDPR still applies (until a new bill is passed) and is now referred to as the UK GDPR and enforced by the UK DPA, called ICO.

The Privacy and Electronic Communications Regulations (PECR) is a British law that gives people specific privacy rights in relation to electronic communications. It sits alongside the UK GDPR.

🇪🇺 The ePrivacy Directive (or Cookie Law)

🗓️ When? 2022, ePrivacy Directive 2002/58/EC (or Cookie Law).

💬 What? It establishes guidelines for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today. It works hand in hand with the GDPR.

📍 Where? The ePrivacy is an EU law. It applies if you do business in the EU (regardless of whether you are based in the EU or not), and more practically, if your website can be visited by European users and it uses cookies.

🔍 Check out our dedicated section below for useful resources on the Cookie Law.

Enforcement by European Data Protection Authorities

While the GDPR and the ePrivacy are on an EU-level, some independent public authorities called DPAs (Data Protection Authorities) oversee the enforcement of data protection laws on a country-level. They also conduct investigations, issue fines and sanctions, and provide guidance on best practices, i.e. on cookie usage.

The most active DPAs include:

  • 🇫🇷 The “CNIL” in France, and its law “La loi Informatique et Libertés” – see here for their guidance on cookies;
  • 🇮🇹 The “Garante” in Italy – see here for their guidance on cookies;
  • 🇪🇸 The “AEPD” in Spain – see here for more information on the DPA (in Spanish) and their guidance on cookies here;

and many more such as the Irish, Belgian, Danish, Austrian, German DPAs…

european privacy laws overview

Note: the information outlined below is simplified information, and as a business, you should discuss your specific situation with legal professionals. In the meantime, keep reading! Our resources can give you a head start with your compliance.

As part of our European privacy laws overview, here’s a collection of resources on everything you should know about GDPR compliance.

European Privacy Laws: GDPR’s main provisions

If you process personal data, the GDPR requires you to have a valid legal basis for doing so. If consent is your legal basis, before collecting any personal data, you will have to obtain explicit user consent and keep records of this consent.

You must also honor user rights and requests, as well as implement organizational measures (assessments, appointing a person responsible for privacy) and keep the data safe when stored.

🔍 Check out these resources for further detail on GDPR standards:

Must-read guides for your GDPR compliance

These guides will give you practical tips and tools for simplifying your website/app’s compliance:

Focus on: the ePrivacy directive (Cookie Law)

As part of our European privacy laws overview, here’s a collection of resources on everything you should know about ePrivacy and cookie compliance.

European Privacy Laws: Cookie Law’s main provisions

The ePrivacy directive applies to any type of trackers that store or access information on a user’s device, including cookies.
Here again, working along the GDPR, the Cookie Law requires you to inform users and obtain their consent before using such technologies. Common practice is to use a cookie banner.

The vast majority of EU countries’ DPAs (mentioned before) have established cookie rules following the ePrivacy, adding the need for keeping records of cookie consent (to align with the GDPR).

Before sending direct marketing communications in electronic form (emails, newsletters, etc.), user consent is required as well. As always, users must also be given the right to withdraw (opt-out, or unsubscribe in the case of emails) at any time.

🔍 Check out these resources for further detail on the ePrivacy directive:

Must-read guides for your ePrivacy compliance

These guides will give you practical tips and tools for simplifying your website/app’s compliance:

Not sure what privacy laws actually apply to you?

Do this free 1-min quiz to find out

About us

iubenda

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com