fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " EDPB "

European Data Protection Board Issues Opinion on U.S. CLOUD Act

On July 10, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (CLOUD Act) on the legal framework for the protection of personal data in the EU.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”

Source: European Data Protection Board Issues Opinion on U.S. CLOUD Act

EDPB issues annual report

The European Data Protection Board released its 2018 annual report. The report covers the rules of procedure adopted in the first EDPB plenary session and the creation of the EDPB Secretariat. 

Focus of the report is cooperation among supervisory authorities and transparency. It also touches EDPB’s guidance on certification, territorial scope and accreditation, its opinions regarding ePrivacy regulation and European Commission’s adequacy decisions.

Read full report.

EDPB Publishes Opinion on the Competence of a Supervisory Authority Relating to the Main or Single Establishment

On July 9, 2019, the European Data Protection Board (EDPB) adopted Opinion 8/2019 on the Competence of a Supervisory Authority in Case of a Change in Circumstances Relating to the Main or Single Establishment at the request of the French and the Swedish data protection authorities.

A change of circumstances relating to the main or single establishment may occur when the single or main establishment is (i) relocated from an EEA country to another EEA country; (ii) moved from or ceases to exist in an EEA country; (iii) relocated from a non-EEA country to an EEA country or is set up in an EEA country.

Full article: EDPB Publishes Opinion on the Competence of a Supervisory Authority in Change in Circumstances Relating to the Main or Single Establishment

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

EDPB publishes overview on the implementation of the GDPR and national DPAs

European Data Protection Board has published an overview of the implementation and enforcement of the General Data Protection Regulation (GDPR) covering both the cooperation mechanism and the consistency findings.

EDPB thinks that the GDPR cooperation and consistency mechanism work quite well in practice. The experiences of the EDPB regarding consistency is – up to now – limited, as no dispute resolution through this new EU body was necessary during the reported period.

Read full report.

European Data Protection Board publishes 3 new guidelines

European Data Protection Board in its Eleventh Plenary session announced 3 new guidance documents:

  • Guidelines on Codes of Conduct – they intend to help clarify the procedures and the rules involved in the submission, approval and publication of codes of conduct at both the national and the European level;
  • annex to the Guidelines on Accreditation, – it provides guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities; and
  • annex to the Guidelines on Certification – it identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism.

Source: European Data Protection Board

GDPR: Europe Counts 65,000 Data Breach Notifications So Far

European privacy authorities have received nearly 65,000 data breach notifications since the EU’s General Data Protection Regulation went into full effect in May 2018.

In addition, regulators in 11 European countries have imposed almost €56 million in General Data Protection Regulation fines. Though biggest part of it comes from Google €50 million GDPR fine.

Source: GDPR: Europe Counts 65,000 Data Breach Notifications So Far

New Data Protection Guidelines to Impact Online Services?

The European Data Protection Board (EDPB) recently published draft guidelines which may impact online service providers’ ability to process personal data. The Guidelines are open for consultation until 24 May 2019.

The Guidelines are significant because the legal basis a service provider relies on determines, and impacts upon, the type and scope of its processing activities.

Full article: New Data Protection Guidelines to Impact Online Services? Mason Hayes Curran

EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

On April 12, 2019, the European Data Protection Board (EDPB) published draft guidelines 2/2019 on the processing of personal data in the context of the provision of online services to data subjects.

The Guidelines discuss how the “contract” legal basis applies in the context of online services or “information society services,” defined as “any service normally provided for remuneration, at a distance, by electronic means and at the individual request of a recipient of services.”

Source: EDPB Publishes Guidelines on the Contractual Legal Basis for Data Processing of Online Services

EDPB seeks comments on its Guidelines on the processing of personal data for online services 

The European Data Protection Board welcomes comments on the Guidelines 2/2019 on on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects. Such comments should be sent to EDPB by 24/05/2019 at the latest.

More infoemation: Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects | European Data Protection Board

1 2 3 5
>