The European Data Protection Board (EDPB) and Wojciech Wiewiórowski, the European Data Protection Supervisor (EDPS), have published their annual reports for 2024. They reaffirmed their commitment to safeguarding individuals’ fundamental rights to privacy and data protection in a fast-changing digital landscape.
Brussels, 23 April 2025
The European Data Protection Board (EDPB) has published its 2024 Annual Report. The report provides an overview of the EDPB work carried out in 2024 and reflects on important milestones, such as the adoption of the 2024-2027 strategy, the increase in Art. 64(2) consistency opinions and the continued efforts to provide guidance and legal advice.
EDPB Chair Anu Talus said:
As I look back on the work carried out over the past year, I am proud to present our achievements. In 2024, we reaffirmed our commitment to safeguarding individuals’ fundamental rights to privacy and data protection in a fast-changing digital landscape. We adopted a new strategy and continued to play a central role in providing guidance and ensuring a consistent application of the General Data Protection Regulation (GDPR) across Europe. To support understanding and implementation of data protection rights and duties, we expanded our outreach activities by devoting special attention to businesses and non-expert individuals. In addition, we acquired new roles in the framework of the new digital legislations.”
A new EDPB strategy
The EDPB strategy 2024-2027 outlines key priorities and actions to strengthen and modernise data protection across Europe, ensure consistent enforcement of the GDPR, and address emerging challenges, including cross-regulatory cooperation. The strategy also helps strengthen the EDPB’s global presence by engaging with global partners and representing the EU data protection model in key international fora.
EDPB’s central role in providing guidance and legal advice
The number of consistency opinions adopted under Art. 64(2) GDPR significantly increased. In 2024, the Board adopted eight Art. 64 (2) GDPR opinions, including on ‘Consent or Pay’ models used by large online platforms, the use of facial recognition at airports, and the use of personal data to train AI models. These opinions address a matter of general application and ensure consistency prior to enforcement.
The EDPB actively participated in legislative discussions by issuing statements highlighting data protection considerations and impacts. For example, the Board adopted statements on the draft procedural regulation for GDPR enforcement, and on the DPAs role in the AI Act framework.
The EDPB has also expanded its general guidance to help organisations achieve and maintain GDPR compliance. To this end, the Board adopted four new guidelines in 2024, such as the guidelines on legitimate interest and on data transfers to third country authorities.
Proactive engagement with stakeholders
In 2024, the EDPB continued to engage with stakeholders to foster open dialogue and mutual understanding between regulators, industry representatives, civil society organisations, and academic institutions. To collect relevant insights from organisations that have expertise on data protection-related topics, the Board launched public consultations on its adopted guidelines and organised two stakeholder events, related to the upcoming guidelines on “Consent or Pay” models and to the preparation of the Opinion on AI models.
Contributing to cross-regulatory cooperation
New digital legislations, including the Digital Markets Act (DMA), the Digital Services Act (DSA), the AI Act, the Data Governance Act (DGA) and the Data Act, build on GDPR. To ensure consistency of application between the GDPR and these acts, the EDPB actively contributed to cross-regulatory cooperation by engaging with European and international partners, including the EU AI Office and the high-level group on the DMA.
Making the GDPR understandable and practical for all
Finally, the EDPB continued its efforts to provide information on the GDPR to a broader and non-expert audience by presenting it in a clear and non-technical language. To this end, the EDPB made the Data Protection Guide for Small Business available in 18 languages. In addition, the Board has launched a series of summaries of EDPB guidelines to help non-expert individuals and organisations identify in an easier way the most important points to consider.
Read the Executive Summary
Read the Annual Report
Further information
- EDPB Annual Report 2024 (Download PDF)
- Executive summary (Download PDF)
Source – EDPB
EDPS Annual Report 2024: Acting for the future of data protection
Brussels, 23 April 2025
The EDPS presented its Annual Report 2024 today, concluding its 2020 – 2024 Mandate focusing on shaping a safer digital future, and marking the institution’s two-decades of protecting people’s privacy and personal data.
Wojciech Wiewiórowski, EDPS, said:
The digital landscape is in constant movement – that is a fact that the EDPS has worked with over the last 20 years. We can’t predict the future with exactitude, but what we can do is use our resources, human intelligence and diverse expertise in technology and privacy to prepare for the diverse possibilities and risks that the digital landscape presents.
This is precisely what the EDPS has been doing in 2024. Preparing for the digital and data protection future, with tangible and concrete actions.
This year saw the creation of the Artificial Intelligence Unit, and the unveiling of an AI Strategy based on Governance, Risk Management and Supervision, as the EDPS takes on its new dual role as competent market surveillance authority for the supervision of AI systems, and notified body for assessing the conformity of certain high-risk AI systems. The EDPS takes on this mission to ensure that EU institutions, bodies, offices and agencies (EUIs)’s development and use of AI tools uphold the highest EU data protection standards.
Anticipating the continuous digital grind is also deployed at the EDPS with our Foresight projects including the monitoring of technologies. This year, the EDPS’ efforts in this area concentrated on exploring, understanding and explaining the benefits and limits on data protection of AI-led technologies.
From a Policy and Consultation perspective, we issued 97 legislative consultations – a record number, advising the EU-co legislator on the data protection aspects of upcoming EU Regulations permeating to the Digital Rulebook, Health, Justice and Home Affairs, Digital Wallets, proving the direct impact on EU citizens and their fundamental rights to privacy.
As the past year has demonstrated, being forward-looking is essential, but also, building a safer digital future starts today. In this sense, we doubled-down on our supervision and enforcement actions, by providing the necessary tools to EUIs, either in the form of Supervisory Opinions, verifying and authorising international transfers, training sessions, data protection officers’ networking fora, to ensure compliance with EU data protection laws now, and in the future.
Constructing a sustainable future for data protection can only be achieved with robust foundations, says Supervisor Wojciech Wiewiórowski. Part of these foundations is collaboration to ensure consistent application of EU data protection rules elevating these to global standards, he writes in his Annual Report 2024. “With this in mind, we steadily worked with the European Data Protection Board, of which we are a member and provider of its Secretariat, to deal with EU-wide data protection preoccupations together. We also use our influence internationally, through our participation and leadership at the G7 of data protection and privacy authorities, international organisations’ workshop and other international platforms for cooperation.”
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS
The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.
Read the EDPS Executive Summary
Read the EDPS Annual Report
Further information
- Full text of Annual Report (Download PDF)
- Executive Summary (Downlaod PDF)