Growing enforcement and the AI explosion are driving steady growth in the global privacy compliance market, said IDC analyst Ryan O’Leary in an interview this week with Privacy Daily. IDC’s 2025 MarketScape report on worldwide data privacy compliance vendors found that the market grew 18% year over year, hitting $1.5 billion in revenue in 2025.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
A service for making AI-generated apps said it’s embracing privacy by design by integrating an AI-powered code scanner.
BRUSSELS -- It has taken time for DPAs to get up to speed on what the GDPR means in practice and how to carry out fast, objectively fair enforcement actions, Irish Data Protection Commissioner Dale Sunderland said Wednesday at the IAPP Data Protection Europe Congress.
BRUSSELS -- The European Commission's digital omnibus, published Wednesday, tweaks the GDPR without affecting its core as it tries to bring the regulation more in line with current practices, Hogan Lovells privacy attorney Eduardo Ustaran said at the IAPP Data Protection Europe Congress. The tech sector called for broader change, while digital rights and consumer groups accused the EC of harming individuals.
The EU Council approved rules to facilitate handling GDPR cross-border data protection complaints, it announced Monday.
Croatia's DPA slapped an unnamed telecom operator with a 4.5 million euro ($5.2 million) fine for GDPR violations, it announced Nov. 14.
Expect vibrant, passionate debate among stakeholders over the European Commission's digital simplification package, similar to what transpired during development of the GDPR, IAPP officials said at a briefing Thursday, which was prompted by an apparently leaked draft (see Ref:2511100006]).
The U.S. Fair Credit Reporting Act (FCRA) takes an EU-like approach to data scraping and could serve as a precedent for new laws that allow scraping in certain situations while banning it in others, said law professors Daniel Solove of George Washington University and Woodrow Hartzog of Boston University during a webinar Tuesday where they discussed their paper on the clash between scraping and privacy (see 2510160018).
The leaking of several documents Friday that apparently are a draft of the European Commission's digital simplification package, including GDPR reform, prompted mixed reactions from privacy professionals and advocates.
The Irish Data Protection Commission (DPC) won't take further regulatory action for the moment against LinkedIn for using personal data to train its generative AI model. That's because the platform has sufficiently addressed its concerns, the watchdog announced Friday. The DPC stressed, however, that it hasn't approved the use and will continue monitoring LinkedIn's GDPR compliance.