Report finds DPAs inconsistently apply GDPR data protection by design obligations

The Future of Privacy Forum released a report on the efficacy of Article 25 of the EU General Data Protection Regulation's data protection by design and by default obligations. The report draws on more than 92 data protection authority cases, court rulings and guidance issued by 16 European Economic Area states. The report details how "European DPAs diverge in how they interpret the preventive nature of Article 25," and "some are reluctant to find violations in cases of isolated incidents or where Article 5 GDPR principles are not violated, while others apply Article 25 preventively before further GDPR breaches or … data processing."

https://iapp.org/news/a/report-finds-dpas-inconsistently-apply-gdpr-dpbdbd-obligations