Making technology user (and data protection) friendly

04 october 2019

New technologies are often a source of wonder, but they can also be a source of concern. There are many reasons for this, one being the lack of transparency in certain modern processing operations, which could provoke confusion, and even suspicion, among data protection and cybersecurity experts and non-experts alike.

It is for this reason that it is so important to clarify from the very start of a new technology’s lifecycle the terms and conditions of any data processing, especially those that involve innovative technologies that many people might not be familiar with or easily understand. It is up to the controller - those who are responsible for determining how the data is processed and for what purpose - to determine that the proposed data processing operations are fair and transparent and to clearly explain them to users.  

Not only do controllers have a legal obligation under both the General Data Protection Regulation (GDPR) and the equivalent rules for the EU institutions, to provide this information, but it is in their interest to do so, in order to maintain and build consumer trust. If controllers do not explain how technologies work, as well as their personal data processing operations, they may lose this trust. The information that controllers are legally obliged to provide includes the name of the controller in the data processing, for which purposes data is processed, to whom personal data may be transmitted and for how long data will be stored. Individuals must also be informed about their rights in relation to the data processed.

All of this information needs to be communicated in a concise, transparent, intelligible and easily accessible form, using clear and plain language. This becomes even more important when communicating with minors. The information should be provided in writing, usually in the form of a data protection notice, available either online or on paper. If requested by an individual, it can also be provided orally.

 

Retrieved from https://edps.europa.eu

News archive

 

Firm news

lug13

13/07/2026

Google Android: the Court of Justice upholds Google’s fine of around €4.1 billion

Judgment of the Court of Justice of the EU in Case C-738/22 P | Google and Alphabet v Commission   The appeal brought by Google and its parent company Alphabet against the judgment of the General

lug13

13/07/2026

Judgment of the General Court in Joined Cases T-1079/23, T-1080/23 | Apple v Commission and T-214/24 Apple and Apple Distribution International v Commission

Digital services: the General Court of the EU dismisses Apple’s actions regarding its designation as a gatekeeper in relation to the App Store and iOS The General Court also rules that

lug13

13/07/2026

Opinion of the Advocate General in Cases C-535/25 | Amazon Italia Logistica, C-536/25 | Amazon Italia Services and C-537/25 | Amazon Italia Transport

According to Advocate General Campos Sánchez-Bordona of the Court of Justice of the European Union, companies in the Amazon group provide postal services in Italy Consequently, the requirement