fbpx

Download free GDPR compliance checklist!

Tag Archives for " EDPB "

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs

European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer mechanism called Privacy Shield.

In an FAQ on the Schrems II judgement, the European Data Protection Board (EDPB) warns there will be no regulatory grace period.

Source: No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs | TechCrunch

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

On July 22, 2020, the European Data Protection Board (EDPB) released an information note on Binding Corporate Rules (BCRs), which provides guidance for groups of undertakings/enterprises which have the UK Information Commissioner’s Office (ICO) as their competent supervisory authority.

As a consequence of Brexit, BCR holders having the ICO as their BCR Lead Supervisory Authority (SA) need to identify a new BCR Lead SA in the EEA  and must amend their BCRs before the end of the Brexit transition period.

Source: EDPB clarifies Brexit obligations for holders of Binding Corporate Rules which have the UK ICO as their lead authority

EU fires warning shot to UK over post-Brexit US data-sharing

Safeguards outlined in a preliminary data-sharing agreement struck between the UK and US last year may not be sufficient, the EU’s data protection watchdog has declared.

The UK entered into an agreement with the US in October 2019 to reduce the barriers to data-sharing to better equip law enforcement agencies to fight crime. However, terms of this agreement may undermine the UK’s hopes of achieving a data adequacy decision with the EU once the Brexit transition period ends on 31 December.

The European Data Protection Board (EDPB), which oversees the application of GDPR consistently across EU member states, has cast doubt over whether safeguards outlined in the agreement are compatible with existing data protection laws.  Without an adequacy decision, free data flows between the EU and the UK would be disrupted, with data unable to flow from European countries to the UK.

Source: EU fires warning shot to UK over post-Brexit US data-sharing | IT PRO

EU watchdog sets up TikTok task force, warns on Clearview AI software

Chinese video app TikTok’s practices are to be examined by an EU task force, the bloc’s privacy watchdog said on Wednesday, which also warned EU police forces against using facial recognition software from U.S. company Clearview AI.

The European Data Protection Board (EDPB) said it would set up a task force to assess TikTok’s activities across the bloc after a request from an EU lawmaker concerned about its data collection methods and security and privacy risks. The task force will coordinate potential actions and seek an overview of TikTok’s processing and practices across the EU, the EDPB said in a statement.

Source: EU watchdog sets up TikTok task force, warns on Clearview AI software – Reuters

Hungarian Government Suspends GDPR Data Subjects Rights

On May 4, 2020, the Hungarian Government issued a Decree that suspends, during the COVID-19 created state of emergency, the one-month deadline that controllers have under the GDPR to reply to data subject rights requests.

According to the Decree, the normal one-month deadline to reply to data subject rights requests will start running once the state of emergency ends, for which there is no fixed date yet.

The Decree also allows public entities to refuse or suspend freedom of information (“FOIA”) requests in certain situations. The Decree has been heavily criticized by civil society groups and prompted the scrutiny by the European Data Protection Board (“EDPB”).

Source: Hungarian Government Suspends GDPR Data Subjects Rights

No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body

On 4 May, the European Data Protection Board (“EDPB”) adopted an updated version of its guidelines on consent.

EDPB stated that you can’t make access to your website’s content dependent on a visitor agreeing that you can process their data — aka a ‘consent cookie wall’. EDPB also stated that scrolling on a website or digital service can not — in any way — be interpreted as consent.

Source: No cookie consent walls — and no, scrolling isn’t consent, says EU data protection body | TechCrunch

EDPB adopts further COVID-19 guidance

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data Protection Board

1 2 3 6
>