PrivacySignal
GDPR / Intl

Digital Omnibus reality check: 83.5% of access requests not properly answered

noyb (None of Your Business) · · EU · GDPR & International

A new analysis by privacy advocacy group noyb found that over eight years of sending GDPR data access requests to companies, only 16.5% received a satisfactory response. More than half of replies were incomplete, and nearly 30% of companies did not respond at all.

Why this matters: The right to access your own data is not a bonus feature. It is the foundation. You cannot fix wrong information, challenge illegal processing, or understand what a company knows about you if they simply ignore the request. This data shows most companies do, in fact, ignore it. That is not a compliance gap. It is a deliberate pattern. And the timing matters: noyb published this as industry lobbying pushes Brussels to weaken these very rights. The people asking for less enforcement are the same ones failing to comply with the rules that already exist.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

GDPR / Intl
EDPB · · EU

EDPB and AMLA to develop Joint Guidelines on partnerships for information sharing

The European Data Protection Board and the newly established Anti-Money Laundering Authority have announced a joint effort to develop guidelines on how financial institutions can share customer information to fight money laundering and terrorist financing without violating data protection rules. The collaboration stems from an explicit provision in the EU's AML Regulation allowing such information exchanges.

Who should care: Lawyers · Privacy officers · AI governance · Compliance

#gdpr#regulation Read original →
GDPR / Intl
noyb (None of Your Business) · · EU

US Supreme Court just blew up EU-US Data Transfers

Data Transfers On Monday, the US Supreme Court decided in Trump v. Slaughter that the US Federal Trade Commission (“FTC”) may not be independent anymore. Since 2000, the EU has relied on the “independent” FTC as the enforcer of EU-US deals on personal data. According to EU treaty law, such oversight must be independent. In the current EU-US deal, the European Commission relies on the independent FTC 259 (!) times. Max Schrems: “Given that there are no independent authorities in the US anymore, we call on the European Commission to orderly withdraw the adequacy decision on the US.” Commission…

Who should care: Lawyers · Privacy officers · AI governance

GDPR / Intl
M Maryland Association of Counties · · International

Attorney General Releases Guidance on Community Trust and Data Privacy Acts

A state Attorney General has released formal guidance on laws governing community trust and data privacy, providing direction to counties on how to interpret and apply both statutes. The guidance appears aimed at helping local governments align their practices with the requirements of the acts.

Who should care: Lawyers · Privacy officers · Compliance

#state-privacy#regulation Read original →
GDPR / Intl
CNIL · · EU / France

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Data protection authorities from G7 nations have jointly adopted a set of principles addressing how emerging technologies should handle children's data and safeguard minors online. The agreement signals coordinated regulatory intent across major democracies to hold technology developers to higher standards when children are involved.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →
GDPR / Intl
DataBreaches.net · · International

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner's Office has published a report summarizing findings from its audits of educational technology providers, outlining how those companies handle personal data and where improvements were identified or made.

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

#gdpr#privacy Read original →