Guidelines on Data Protection by Design & Default

22 ottobre 2020

On October, 21, 20202, the EDPB adopted a final version of the Guidelines on Data Protection by Design & Default. The guidelines focus on the obligation of Data Protection by Design and by Default (DPbDD) as set forth in Art. 25 GDPR. The core obligation enshrined in Art.25 is the effective implementation of the data protection principles and data subjects’ rights and freedoms by design and by default. This means that controllers have to implement appropriate technical and organisational measures and the necessary safeguards, designed to ascertain data protection principles in practice and to protect the rights and freedoms of data subjects. In addition, controllers should be able to demonstrate that the implemented measures are effective. 

The Guidelines also contain guidance on how to effectively implement the data protection principles in Article 5 GDR, listing key design and default elements, as well as practical cases for illustration. They further provide recommendations on how controllers, processors and producers can cooperate to achieve DPbDD.

Archivio news

 

News dello studio

lug13

13/07/2026

The Italian Competition Authority (AGCM) launched an investigation into the price increase for the “Microsoft 365” subscription service

According to Agcm, Microsoft allegedly failed to adequately highlight that the subscription service had been enhanced with the “Copilot” and “Designer” artificial intelligence

lug13

13/07/2026

Annual activity report of Autorità per le Garanzie nelle Comunicazioni pursuant to art. 55 of the DSA

AGCOM- Autorità per le Garanzie nelle Comunicazioni – the Italian Communications Authority has been formally designated as the Digital Services Coordinator for Italy by the Legislative Decree

lug13

13/07/2026

Artificial intelligence: The Italian Data Protection Authority imposes a fine on Character.AI

The Italian Data Protection Authority has imposed a fine of 158,000 euros on Character Technologies Inc., a US company that operates Character.AI, a generative artificial intelligence service that