GDPR

Why data portability option matters to users

In December 2019, India kick-started a novel experiment in redefining the ownership of personal data. The Personal Data Protection (PDP) Bill, 2019, was one of the world’s first legislations to define the rights individuals have over their personal data, and the responsibilities of entities accessing user data.While regulations such as the General Data Protection Regulation…

Published 5 years ago in
Why data portability option matters to users

In December 2019, India kick-started a novel experiment in redefining the ownership of personal data. The Personal Data Protection (PDP) Bill, 2019, was one of the world’s first legislations to define the rights individuals have over their personal data, and the responsibilities of entities accessing user data.While regulations such as the General Data Protection Regulation (GDPR) in Europe have emphasised protecting personal data, India has pressed forward further to unlock the value inherent in personal data. Data portability is a key aspect of the PDP Bill. The account aggregator (AA) framework operationalises data-sharing and portability through unlocking value from personal data. It creates a well-defined and secure mode for users to share their personal financial data with other eligible entities. At its heart lies a robust consent system that allows users to pick and choose the type of data they share, and the entities who can access this data.Under a consent-based system of data sharing, the user trust will literally make or break the AA framework. And users are more likely to trust when they understand what is being asked of them, and why. Honouring the spirit of personal data protection requires that user-facing applications actively help users understand the implications of their actions — a tough challenge in a country where over a quarter of adults have not even heard of insurance.Facebook’s and D91 Labs’ ‘Future of Data Sharing’ initiative delves deeper into understanding goals, motivations and challenges in sharing personal data with financial institutions. The insights derived from the research were poised as challenges to the fintech community in the form of an online design jam where teams developed solutions around solving data-sharing using the AA framework. The artefacts from the design jam were later tested with target users to understand the acceptability of the solutions.The results have been dissimilated into seven design principles for anyone developing data-sharing workflows using AAs. These design principles cover the seven critical areas of trust, choice architecture, nudges, data control, customer redressal, feedback and data testing. The design principles created from the research are addressed to the product, business and design teams at fintech startups, to help build trustworthy financial products for emergent users backed up by field research.Kumar is co-founder-chief evangelist, Setu, and Ba leads research and strategy, D91 Labs.
Read More

Be the first to write a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

GDPR

Fospha as TikTok’s New Measurement Partner

Understanding media performance in digital marketing is like navigating a maze that constantly changes. The emergence of platforms like TikTok has revolutionized how brands connect with their audience, adding layers of complexity and opportunity. However, with regulatory changes such as GDPR and iOS 14.5 updates, eCommerce brands are now facing a growing challenge: gaining clear

Published 7 days ago in

Understanding media performance in digital marketing is like navigating a maze that constantly changes. The emergence of platforms like TikTok has revolutionized how brands connect with their audience, adding layers of complexity and opportunity. However, with regulatory changes such as GDPR and iOS 14.5 updates, eCommerce brands are now facing a growing challenge: gaining clear [……
Read More

Continue Reading
GDPR

EU issued over €1.2bn in GDPR fines in 2025 as multiple data breaches bite

Share Share by: Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Personal data breach reports rose 22% year-over-year in 2025 Ireland has issued some of the GDPR’s biggest fines, including 2025’s biggest Geopolitical tensions, new tech

Published 7 days ago in
EU issued over €1.2bn in GDPR fines in 2025 as multiple data breaches bite

  • Personal data breach reports rose 22% year-over-year in 2025
  • Ireland has issued some of the GDPR’s biggest fines, including 2025’s biggest
  • Geopolitical tensions, new tech and new laws are all to blame

European regulators handed out over €1.2 billion ($1.4 billion) in GDPR-related fines throughout 2025, marking only a small increase compared with the year before despite a sharp rise in data breach notifications.

Data from DLA Piper found regulators handled an average of 443 personal data breach reports every single day from January 28, 2025 onwards, marking a considerable 22% rise compared with 2024. This was also the first year that breach notifications exceeded the 400 mark since GDPR came into force.

But instead of blaming the increase on one single cause, DLA Piper suggests a combination of multiple factors was responsible for the breaches.

You may like

  • US President Donald Trump on the left, EU flag on a binary code on the right EU gears up for even more tough tech enforcement in 2026 as Trump warns of retaliation
  • Europe Meta promises to reduce data sharing for EU users by 2026 to avoid EU GDPR fines
  • Europe Major privacy laws – including GDPR – could be downgraded to try and boost AI growth and cut red tape

Data breach notifications were up last year in the EU

“It seems likely that geopolitical tensions, the abundance of new technologies available to threat actors to launch cyber-attacks, and the raft of new laws including incident notification requirements are all contributing factors,” the report concluded.

However, enforcement remained pretty concentrated with Ireland issuing the most GDPR fines. Ireland was responsible for issuing the highest fine in 2025, hitting TikTok with a €530 million fine. The country also holds the record for the highest-ever GDPR fine – a 2023 €1.2 billion fine against Meta. In total, Ireland has accounting for €4.04 billion in GDPR fines since the act was introduced.

Besides being hit with some of the biggest fines, Big Tech is also a key target in penalties with tech giants accounting for nine of the 10 biggest GDPR fines ever issued.

“The fact that combined GDPR fines held steady at EUR 1.2 billion shows regulators remain highly active, particularly in areas such as information security, international data transfers, transparency and the complex interplay between AI innovation and data protection laws,” DLA Piper UK Data, Privacy and Cybersecurity practice Chair Ross McKean wrote.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Read More

Continue Reading
GDPR

Europe’s GDPR cops dished out €1.2B in fines last year as data breaches piled up

Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement

Published 7 days ago in
Europe’s GDPR cops dished out €1.2B in fines last year as data breaches piled up

Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe’s regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived.……
Read More

Continue Reading
GDPR

ZeroThreat.ai Unveils New Compliance Automation Engine Delivering 10× Faster Audit Readiness

ZeroThreat.ai, a leader in automated penetration testing and security intelligence, introduced the Audit-Ready Compliance Engine—a first-of-its-kind solution designed to help organizations achieve and maintain continuous compliance across major regulatory frameworks, including PCI DSS, HIPAA, and GDPR. This marks a major milestone for ZeroThreat.ai as the platform expands beyond AI-powered pentesting into a unified [PR.com…

Published 4 weeks ago in
ZeroThreat.ai Unveils New Compliance Automation Engine Delivering 10× Faster Audit Readiness

ZeroThreat.ai, a leader in automated penetration testing and security intelligence, introduced the Audit-Ready Compliance Engine—a first-of-its-kind solution designed to help organizations achieve and maintain continuous compliance across major regulatory frameworks, including PCI DSS, HIPAA, and GDPR. This marks a major milestone for ZeroThreat.ai as the platform expands beyond AI-powered pentesting into a unified [PR.com…
Read More

Continue Reading