An easy way of publishing your relevant EU press releases.

Two-Year GDPR Review: the EBU calls for more consistent interpretation and effective enforcement of the rules


17 Jun 2020



Individuals’ privacy and data protection have never been taken more seriously in Europe and beyond its borders since the entry into force of GDPR in May 2018. The GDPR has made personal privacy a widely-recognized issue that is becoming even more important with the development of AI and other profiling technologies.

As part of their public service remit and specific relationship with their audiences, Public Service Broadcasters have a particular duty to ensure that personal data is processed in a responsible way and in compliance with the GDPR and other applicable data protection laws.

However, in general there are still some important challenges ahead for GDPR. The EBU Data Protection Officers group, representing DPOs from EBU’s membership, calls for increased action so that stakeholders truly benefit from a level playing field when complying with GDPR. 

“We’ve spent the past two years investing significant resources to ensure that our organizations are compliant with GDPR. What’s become clear is that the interpretation and the enforcement of GDPR needs to be both more consistent and more effective across the EU. This is crucial to maintain our audiences’ trust in the digital world” says Joost Negenman, EBU DPO group chairman and NPO’s Privacy Officer.

This is particularly relevant when negotiating controller-processor agreements with global third parties, such as big players in the IT sector and major online platforms, who can dictate their terms to customers. In practice, business customers are confronted with a "take it or leave it choice" due to the significant imbalance in bargaining power in data-driven markets. 

This imbalance can be solved by having strong EDPB guidelines and recommendations on the notions of “processor”, on the processor- controller relationship, on "joint-controllers" and more generally on how to determine the status of a service provider. Also most useful would be the adoption of EU model contracts that enable organizations to jointly push back against terms they deem unfair.

There are several other crucial areas where divergent views and approaches from supervisory authorities could have important consequences not only for individuals’ rights, but also for businesses’ activities. These include: cookies’ consent management; the interplay between GDPR and ePrivacy rules; DPIA and high-risk processing activities; and the scope of individuals’ rights and profiling. Unless GDPR enforcement rapidly becomes more consistent and more effective, data processes cannot be implemented uniformly across Europe.


EPF for Sexual and Reproductive Rights
Communications Assistant
Euroheat & Power
Communication Assistant
Eurima (European Insulation Manufacturers Association)
Regulatory Affairs Intern
Third Generation Environmentalism (E3G)
Researcher, Place Based Transitions
Peace Brigades International
Senior Development Manager PBI
European Waste Management Association (FEAD)
Junior Communications Officer
European Cyclists Federation
EuroVelo Intern
International Organisation of Migration - Brussels
Regional Programme and Policy Assistant