Announcing the next section of our Privacy Activism resources!
We’re publishing one of @em’s final projects with us: The Data Protection Authority Directory is a new tool to help you find the main consumer privacy law in your region, and the authority mandated to enforce that law.
We sincerely hope our DPA Directory will be a useful tool for building your knowledge about what privacy protections you’re entitled to. Find your relevant country/state/region at the link below!
Paired with our resource on reporting privacy violations in our Privacy Activist Toolbox, you can take a stand against violations of your privacy rights, and make a significant impact benefiting both you and your community.
Uhm not sure how this was published with one approval. But there is an error in definitions here. The laws that are at national level in the EU is not the GDPR. The GDPR is an EU regulation and the laws implemented at national level are different and mostly have different names. It would make sense to link them instead.
The GDPR is a regulation and not a directive as you correctly pointed out, however regulations in the EU will be part of the national law.
A directive on the other hand would be later implemented as a national law from the different countries.
While it is true that most countries have national data protection laws alongside the GDPR, the GDPR counts for every country word for word.
Both approaches (yours and the one in the article) are not false.
Anyway I think for the countries the local laws should be linked or it should be left out. And definitely not link to a non official site. The word should be changed to regulation on EU level. And DPA probably should be renamed to supervisor for the EDPS as it is not a DPA I believe.
EU regulations are full fledged laws and do not require any implementation in national law. Some countries have national implementations of the GDPR with some minor changes, but many countries don’t.
It should be left out. I’m going to say I’d rather not trust semi-rotted information when I can visit the source of truth. PG already has too much to deal with let alone ensuring granular compliance information is correct.
Have to echo @ph00lt0’s concerns. While it’s a good idea, the legislation aspect is not currently publication worthy. As an example, in the United Kingdom, the UK GDPR is only one, out of many.
Privacy and Electronic Communications Regulations 2003, Digital Economy Act 2017, Data Protection Act 2018 and Data (Use and Access) Act 2025 are just a small sample of highly relevant legislation.
Upon checking it seems that you are right that not all countries have a implementation law indeed which is surprising as you should think it would need to be adjusted to cater for overwriting laws in a local context. But it seems that at least most countries do.
Also, it would be better to write what to report, how to report, and what to expect. For example, I reported Twitch several years ago to their own legal desk, Bayerisches Landesamt für Datenschutzaufsicht, European Data Protection Supervisor and Integritetsskyddsmyndigheten (IMY), because they refused to delete my personal data and account and refused my ID verification attempts to prove myself that requester is actually me. After several months of fighting, nothing happened.
Something that is also overlooked here i think is that Germany has an authority per sub state. If you want to complain you have to go there first I believe and not the one on federal level. Such as https://www.datenschutz-berlin.de/ for Berlin.
