fbpx

Download free GDPR compliance checklist!

Tag Archives for " EDPB "

Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy

Confusion over an update to Facebook-owned chat platform WhatsApp’s terms and conditions has triggered an intervention by Italy’s data protection agency.

The Italian DPA said today it has contacted the European Data Protection Board (EDPB) to raise concerns about a lack of clear information over what’s changing under the incoming T&Cs.

In recent weeks WhatsApp has been alerting users they must accept new T&Cs in order to keep using the service after February 8.

Source: Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy | TechCrunch

EDPB Publishes Its 2021-2023 Strategy

On December 21, 2020, the European Data Protection Board released its 2021-2023 Strategy.

The Strategy aims at setting out the four main pillars of the EDPB strategic objectives through 2023 and key actions to help achieve those objectives:

  1. Advancing Harmonization and Facilitating Compliance.
  2. Supporting Effective Enforcement and Efficient Cooperation Between National Supervisory Authorities.
  3. A Fundamental Rights Approach to New Technologies.
  4. The Global Dimension.

Full article: EDPB Publishes Its 2021-2023 Strategy | Privacy & Information Security Law Blog

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (EDPB) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (GDPR).

The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority has a duty to cooperate with other concerned supervisory authorities in order to reach a consensus.

Source: EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

On September 4, 2020, the European Data Protection Board (EDPB) announced that it established two taskforces following the judgment of the Court of Justice of the European Union (CJEU) in the Schrems II case.

The first taskforce will process and uniformly respond to complaints received by data protection authorities following the Schrems II judgment. The second taskforce will prepare recommendations to assist data controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure the adequate protection of EU personal data when transferring data to third countries.

Source: EDPB Creates Taskforces on Complaints and Supplementary Measures for Data Transfers Following Schrems II Decision

No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs

European data watchdogs have issued updated guidance in the wake of last week’s landmark ruling striking down a flagship transatlantic data transfer mechanism called Privacy Shield.

In an FAQ on the Schrems II judgement, the European Data Protection Board (EDPB) warns there will be no regulatory grace period.

Source: No grace period after Schrems II Privacy Shield ruling, warn EU data watchdogs | TechCrunch

EDPB Adopts Information Note on BCRs in Preparation for Brexit

On July 22, 2020, the European Data Protection Board (the “EDPB”) adopted an information note (the “Note”) to assist organizations relying on Binding Corporate Rules (“BCRs”) for international personal data transfers, as well as supervisory authorities, in preparing for the end of the Brexit implementation period on December 31, 2020.

The Note is provided specifically for those groups of undertakings and enterprises that have the UK Information Commissioner’s Office (“ICO”) as the competent supervisory authority for their BCRs.

Source: EDPB Adopts Information Note on BCRs in Preparation for Brexit

1 2 3 6
>