The European Data Protection Board (EDPB) released its 2024 Annual Report, showcasing a year of significant growth, new regulatory responsibilities, and efforts to strengthen data protection across Europe amid rapid technological change.
In her foreword, EDPB Chair Anu Talus emphasized the Board’s commitment to upholding privacy rights and adapting to new challenges. She highlighted the adoption of the EDPB’s 2024-2027 Strategy, which focuses on advancing harmonization, reinforcing enforcement cooperation, addressing technological challenges, and enhancing the EDPB’s global role.
A notable development in 2024 was the sharp rise in requests for consistency opinions under Article 64(2) of the GDPR. These opinions help ensure uniform interpretation of data protection laws, particularly in emerging areas like AI model training, the use of facial recognition at airports, and the controversial “Consent or Pay” models by large online platforms. The EDPB ruled that platforms offering users a stark choice between consenting to behavioral advertising or paying a fee often fail to meet GDPR standards for freely given consent.
The Board also tackled AI governance by issuing Opinion 28/2024, providing critical guidance on the use of personal data for training AI models. The opinion outlined conditions under which legitimate interest could be a lawful basis for model training and emphasized the necessity of safeguarding individuals’ rights.
Enforcement cooperation remained central. Although the EDPB did not issue any binding decisions under Article 65 for the first time since 2020, it expanded its cross-border oversight activities and coordinated supervision of large-scale IT systems like the Schengen Information System and Europol.
Additionally, the EDPB launched stakeholder events focused on AI and data consent practices, and expanded public outreach by publishing simplified guides and multilingual resources tailored for small businesses and non-expert audiences.
The report also highlights the EDPB’s growing interaction with other regulatory frameworks, including collaboration with bodies established under the Digital Markets Act, Digital Services Act, and the AI Act. The Board stressed the need for seamless cooperation across regulatory domains to address complex issues like AI, data sharing, and online platform governance.
On the global stage, the EDPB continued to promote high standards for data protection and called for more cooperation between EU and non-EU regulators. It also emphasized the importance of transparency, noting the handling of 38 access to document requests without any complaints to the European Ombudsman.
Looking ahead, the EDPB underlined the need for increased resources to match its expanding responsibilities and reaffirmed its mission to defend the fundamental rights of individuals across Europe.
“The digital transformation presents profound challenges, but with cooperation, innovation, and commitment to rights, we can build a safer digital future,” Talus wrote.
Need Help?
If you’re concerned or have questions about how to navigate Ireland’s, or any country’s, AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight and ensure you’re informed and compliant.
