FPF Charts DPAs’ Priorities and Focus Areas for the Next Decade


The Future of Privacy Forum (FPF) today released a white paper, New Decade, New Priorities: A summary of twelve European Data Protection Authorities’ strategic and operational plans for 2020 and beyond, that provides guidance on the priorities and focus areas that are considered top concerns amongst European Data Protection Authorities (DPAs) for the 2020s and beyond. 

DPAs across the European Union (EU) are in a unique position to shape the future of digital services and how they impact individuals and societies both through their outstanding enforcement powers and through their policymaking. To address the complexities of digital services and individual rights in the new decade and beyond, several DPAs have published strategic and operational plans, and have set new data protection policy goals to meet these challenges head-on. 

Co-authors Charlotte Kress, Rob van Eijk, and Gabriela Zanfir-Fortuna of FPF reviewed twelve publicly available strategic plans, roadmaps, and outlines to identify the top priorities and focus areas of DPAs during the coming decade and beyond. The authors also reviewed recently-released DPA guidance regarding COVID-19.

Their findings indicate that both the local DPAs and the EDPB are concentrating on guidelines for the consistent application of the GDPR, which aligns with ongoing harmonization efforts across the EU and the European Economic Area (EEA), aiming to:

  1. clarify how (relatively) recent technologies and business practices should operate under the GDPR;
  2. prepare for the implications and proliferation of newer technologies, such as artificial intelligence and automated decision-making; and
  3. protect those most vulnerable to the risks of data use practices such as data profiling.

National DPAs identified key topic areas as focus points for enforcement actions arising from DPAs’ “own motion,” such as advertising & marketing, health, and banking & finance. In addition, DPAs’ strategies most commonly enumerated policy-related topics such as artificial intelligence and children & youth privacy.

The summary of findings is a vital resource for understanding how European data protection and privacy law, enforcement, and policy will take shape in the years to come. The inclusion of COVID-related strategies and priorities provides a holistic view of what has become the new, unexpected focus area of DPAs across the continent.   

Read the Full Report Here