fbpx

Download free GDPR compliance checklist!

Tag Archives for " EDPB "

EU data protection authorities adopt joint opinion  on the Digital Green Certificate Proposals

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.

With this Joint Opinion, the EDPB and the EDPS invite the co-legislators to ensure that the Digital Green Certificate is fully in line with EU personal data protection legislation.

The Joint Opinion includes specific recommendations for further clarifications on the categories of data concerned by the Proposal, data storage, transparency obligations and identification of controllers and processors for the processing of personal data.

Source: EU data protection authorities adopt joint opinion  on the Digital Green Certificate Proposals | European Data Protection Board

EDPB Releases Guidelines on Virtual Voice Assistants

On March 12, 2021, the European Data Protection Board (EDPB) published its Guidelines 01/2021 on Virtual Voice Assistants (VVA) for consultation.

The Guidelines provide those offering VVA services with recommendations on how to navigate the key compliance challenges, such as by providing voice-based interfaces for providing notice of data processing to users during installation.

Service providers also should avoid bundling their VVA service with other services, such as email or video streaming, so as not to infringe the GDPR’s transparency principle with complex and lengthy privacy policies.

Source: EDPB Releases Guidelines on Virtual Voice Assistants

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

EDPB & EDPS adopt joint opinions on new sets of SCCs

The EDPB and EDPS have adopted joint opinions on two sets of contractual clauses (SCCs). One opinion on the SCCs for contracts between controllers and processors and one on the SCCs for the transfer of personal data to third countries.

Several amendments were requested in order to bring more clarity to the text and to ensure its practical usefulness in day-to-day operations of the controllers and processors. These include the interplay between the two documents, the so-called “docking clause” which allows additional entities to accede to the SCCs, and other aspects relating to obligations for processors. Additionally, the EDPB and EDPS suggest that the Annexes to the SCCs clarify as much as possible the roles and responsibilities of each of the parties with regard to each processing activity – any ambiguity would make it more difficult for controllers or processors to fulfil their obligations under the accountability principle.

Source: EDPB & EDPS adopt joint opinions on new sets of SCCs

Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy

Confusion over an update to Facebook-owned chat platform WhatsApp’s terms and conditions has triggered an intervention by Italy’s data protection agency.

The Italian DPA said today it has contacted the European Data Protection Board (EDPB) to raise concerns about a lack of clear information over what’s changing under the incoming T&Cs.

In recent weeks WhatsApp has been alerting users they must accept new T&Cs in order to keep using the service after February 8.

Source: Confusion over WhatsApp’s new T&Cs triggers privacy warning from Italy | TechCrunch

EDPB Publishes Its 2021-2023 Strategy

On December 21, 2020, the European Data Protection Board released its 2021-2023 Strategy.

The Strategy aims at setting out the four main pillars of the EDPB strategic objectives through 2023 and key actions to help achieve those objectives:

  1. Advancing Harmonization and Facilitating Compliance.
  2. Supporting Effective Enforcement and Efficient Cooperation Between National Supervisory Authorities.
  3. A Fundamental Rights Approach to New Technologies.
  4. The Global Dimension.

Full article: EDPB Publishes Its 2021-2023 Strategy | Privacy & Information Security Law Blog

EDPB Issues Guidance on Its Coordinated Enforcement Framework 

The European Data Protection Board has issued guidance on its Coordinated Enforcement Framework (CEF).

The CEF provides a structure for coordinating recurring annual activities by EDPB Supervisory Authorities. The annual coordinated action focuses on a pre-defined topic which participating SAs may pursue using a pre-defined methodology.

Full article: EDPB Issues Guidance on Its Coordinated Enforcement Framework | Privacy Compliance & Data Security

European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices

The European Data Protection Board (EDPB) has issued guidance that calls into question recommendations to cloud services providers in responding to the Schrems II ruling, which struck down the Privacy Shield arrangement for moving data from the EU to the US.

The EDPB, which is responsible for European data protection law, said encryption could safeguard against contravening the ruling, but only when keys remain within the EU or trusted third countries.

Full article: European recommendations following Schrems II Privacy Shield ruling cast doubt on cloud encryption practices • The Register

European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses

In addition to issuing new (draft) standard contractual clauses for transferring personal data outside of the EEA, on November 12, the European Commission published a draft decision on standard contractual clauses between controllers and processors for the matters referred to in Article 28 of GDPR.

Use of the Clauses is not compulsory, and controllers and processors may still choose to negotiate individual contracts to satisfy the requirements of Article 28 GDPR and allow a certain degree of flexibility.

The Clauses are currently open for public consultation until 10 December 2020.

Source: European Commission Publishes Draft ‘Article 28’ Standard Contractual Clauses | Alston & Bird Privacy Blog

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

1 2 3 7
>