EDPB Coordinated Enforcement Framework 2026 Transparency Action
Summary
The European Data Protection Board (EDPB) launched its 2026 Coordinated Enforcement Framework (CEF) action, focusing on compliance with GDPR transparency and information obligations under Articles 12, 13, and 14. Twenty-five Data Protection Authorities (DPAs) across Europe will conduct enforcement actions and fact-finding exercises targeting data controllers from various sectors throughout 2026, with findings to be consolidated in an EDPB report and followed by targeted enforcement at national and EU levels.
What changed
The EDPB has selected transparency and information obligations under GDPR Articles 12, 13, and 14 as the focus of its 2026 Coordinated Enforcement Framework (CEF) action. This represents the fourth coordinated enforcement action under the EDPB's 2024-2027 Strategy, following previous actions on cloud services (2023), DPO designation (2024), right of access (2025), and right to erasure (2026). Twenty-five European DPAs will conduct enforcement actions or fact-finding exercises targeting controllers across multiple sectors, with results shared and aggregated in the second half of 2026 before a consolidated EDPB report is adopted.
Controllers across Europe should prepare for potential DPA contact during 2026 and should proactively audit their transparency practices, including privacy notices, consent mechanisms, and information disclosures to ensure compliance with Articles 12-14. Any identified deficiencies may result in follow-up enforcement actions at national level or coordinated measures at EU level. Companies should review their data processing documentation, consent records, and individual rights response procedures before DPA inquiries commence.
What to do next
- Review privacy notices and data processing information disclosures for compliance with GDPR Articles 12-14
- Audit internal processes for responding to data subject requests to ensure transparency obligations are met
- Document current transparency practices to prepare for potential DPA fact-finding exercises or enforcement actions
Source document (simplified)
Brussels, 19 March - The EDPB has launched its Coordinated Enforcement Framework (CEF) action for 2026. Following a year-long coordinated action on the right to erasure in 2025, the CEF's focus this year will shift to *compliance with the obligations of transparency and information under the GDPR**.
The GDPR ensures that individuals are informed when their data is being processed (under Art. 12, 13 and 14). This right to be informed is a core element of transparency and ensures that individuals have more control over their data.
Next steps
During 2026, 25 Data Protection Authorities (DPAs) across Europe will take part in this initiative. They will look closely to assess the compliance of controllers with their transparency obligations under the GDPR.
Participating DPAs will soon contact controllers from different sectors across Europe, either through enforcement actions or fact-finding exercises. In the latter case, they might also decide to undertake additional follow-up actions if needed.
During the second half of the year, participating DPAs will share and discuss their findings together, with a view to aggregate the results of their national actions and generate deeper insight into the topic. A consolidated report will then be drafted and submitted for adoption by the EDPB, allowing for targeted follow-ups on both national and EU levels.
Background
The CEF is a key action of the EDPB under its 2024-2027 Strategy, aimed at streamlining enforcement and cooperation among DPAs.
In 2023, the EDPB published the report on its first coordinated action on the use of cloud-based services by the public sector.
In 2024, the EDPB also published the report on the outcome of the second coordinated action on the designation and position of Data Protection Officers.
In 2025, the EDPB issued the report on its third coordination action on the implementation of the right of access.
In 2026, the EDPB has adopted a report on its Coordinated Enforcement Framework (CEF) action on the right to be forgotten (Art.17 GDPR).
Note to editors:
*The Board selected this topic during its October 2025 plenary.
For further information:
- AT DPA: Europäischer Datenschutzausschuss kündigt CEF-Maßnahme für 2026 an
- DA DPA: EDPB iværksætter koordineret indsats om oplysningspligten
- DE DPA (Brandenburg): Brandenburgische Datenschutzaufsicht beteiligt sich an europaweiter Prüfung zu Transparenzpflichten mit Schwerpunkt Personalvermittlungen
- DE DPA (Niedersachsen): Niedersachsen beteiligt sich an europaweiter Datenschutzprüfung zu Transparenz- und Informationspflichten
- FR DPA: Le CEPD lance une action coordonnée concernant les obligations de transparence et d'information
- EL DPA: Έναρξη συντονισμένης δράσης του ΕΣΠΔ 2026 σχετικά με τη διαφάνεια και την υποχρέωση ενημέρωσης των υποκειμένων
- ES DPA: La AEPD participa en una acción europea para analizar el cumplimiento de las obligaciones de transparencia e información por parte de las organizaciones
- IT DPA: Garanti europei, focus sugli obblighi di informazione e trasparenza
- MT DPA: Launch of Coordinated Enforcement Framework 2026 – IDPC
- SL DPA: Ali obdelujete osebne podatke transparentno? Usklajena akcija EDPB v letu 2026
- SK DPA: CEF 2026: Spoločná dozorová akcia EDPB zameraná na transparentnosť informovania do ktorej sa Úrad na ochranu osobných údajov Slovenskej republiky zapojí v priebehu roka 2026
- PT DPA: CNPD participa na ação de supervisão coordenada europeia sobre as obrigações de transparência e informação Topics:
- Cooperation between authorities
- GDPR enforcement
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CNIL News (France DPA) publishes new changes.