ctipilot.ch

EDPB Coordinated Enforcement Framework 2026

campaign · campaign:edpb-cef-2026-transparency single-source

EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR Articles 12-14 transparency obligations

Coverage timeline
2
first 2026-05-04 → last 2026-05-11
Entries
2
2 distinct days
Sources cited
2
2 hosts
Sections touched
1
weekly-policy
Co-occurring entities
0
no co-occurrence
2026-05-042 appearances2026-05-11

Story timeline

  1. 2026-05-11EDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency
    weekly-policyEDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency
  2. 2026-05-04EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14)
    weekly-policyEDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14)

Where this entity is cited

  • weekly-policy2

Source distribution

  • compliancehub.wiki1 (50%)
  • edpb.europa.eu1 (50%)

Entries about EDPB Coordinated Enforcement Framework 2026 (2)

2026-05-11 · view entry permalink →

EDPB Coordinated Enforcement Framework 2026 — 25 DPAs investigating GDPR Articles 12–14 transparency

notable policy discovered 2026-05-11 05:00 UTC

Twenty-five data-protection authorities across the EEA simultaneously launched investigations examining compliance with GDPR Articles 12–14 (transparency and information obligations) as CEF 2026. Investigations focus on how organisations communicate data-collection, use, and sharing practices to data subjects — including the specificity required on third-country transfers, retention periods, and automated decision-making. Swiss public-sector entities operating under the revised Data Protection Act (revDSG, in force September 2023) face parallel expectations since Swiss DPA enforcement also focuses on transparency obligations. Enforcement decisions from CEF 2026 are expected in the second half of 2026 and could establish EU-wide precedent on the required granularity of privacy notices — particularly regarding identification of individual third countries for data transfers and naming of each algorithmic profiling system where Article 13(2)(f) automated-decision disclosure applies (EDPB news; ComplianceHub.Wiki analysis).

W19 status-update: the CEF 2026 launch was previewed in the W19 weekly; this W20 update reflects the operational live-investigation status across the 25 DPAs and adds the H2-2026 decision-timeline expectation.

data-breach eu-nexus europe

2026-05-04 · view entry permalink →

EDPB Coordinated Enforcement Framework 2026 — 25 DPAs target GDPR transparency obligations (Articles 12–14)

notable policy discovered 2026-05-04 05:00 UTC single-source

On 19 March 2026 the European Data Protection Board launched its annual Coordinated Enforcement Framework (CEF) action, with 25 participating DPAs across Europe examining compliance with GDPR Articles 12, 13, and 14 — the transparency and information obligations requiring controllers to clearly disclose what data is processed, on what legal basis, and for what purposes. Unlike prior CEF years (right of access 2024, right to erasure 2025), transparency obligations are broadly applicable to every data-processing controller in every sector, making this year's sweep unusually wide (EDPB, 2026-03-19). Participating DPAs include Austria, Denmark, Germany (Brandenburg, Niedersachsen), Finland, France, Greece, Spain, Italy, Malta, Slovenia, Slovakia. Each DPA may conduct either formal enforcement actions or lighter-touch fact-finding exercises; findings consolidated into an aggregated EDPB report in H2 2026. What defenders need to do differently: audit privacy notices — website cookie banners, HR processing notices, CCTV notices, AI-generated data notices — against the Articles 12–14 checklist; given the EU's 2026 AI Act obligations also arriving in August, transparency failures in AI-generated personal-data processing are likely to attract enforcement attention. CEF findings frequently trigger follow-on national investigations at DPAs that identify outliers. Single-source national-CERT carve-out applies (EDPB is the primary disclosing authority for its own programme).

law-enforcement eu-nexus identity europe