fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " EDPS "

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

European Data Protection Board Issues Opinion on U.S. CLOUD Act

On July 10, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (CLOUD Act) on the legal framework for the protection of personal data in the EU.

The institutions note that the extraterritorial effect of the CLOUD Act could result in service providers being “susceptible to facing a conflict of laws between US law and the GDPR and other applicable EU or national law of the Member States.”

Source: European Data Protection Board Issues Opinion on U.S. CLOUD Act

EDPB and the EDPS consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

On July 12, 2019, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion on the processing of patient data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI).

The eHDSI system was established in the context of the eHealth Network and allows for the exchange of electronic health data of patients between Member States. Opinion confirms that Member States act as “joint controllers” and the European Commission acts as a processor in processing of patient data within the eHDSI .

Full article: The European Data Protection Board and the European Data Protection Supervisor consider the European Commission to be a processor of patient data in the eHealth Digital Service Infrastructure

EDPS flags data protection issues on EU institutions’ websites

An inspection carried out by the European Data Protection Supervisor (EDPS) on the websites of major EU institutions and bodies revealed data protection and data security issues in seven out of the ten websites inspected.

The inspection revealed that several of the websites were not compliant with the Regulation or with the ePrivacy Directive and did not follow the EDPS Guidelines on web services. One of the issues encountered was third-party tracking without prior consent. This is especially problematic in cases where the third-party concerned operates under a business model based on the profiling and subsequent behavioural targeting of website visitors. Other issues encountered included the use of trackers for web analytics without visitors’ prior consent and the submission of personal data collected through web forms using non-encrypted connections.

Each of the institutions concerned has received recommendations from the EDPS on how to ensure their websites are fully compliant with data protection rules and the relevant institutions have reacted swiftly to start rectifying the problems identified.

Source: EDPS press release

EDPS: We need to talk about terms and conditions

Terms of service are generally designed to safeguard a service provider against legal challenges.

These terms are not like a memorandum of understanding, trade agreement or a contract established jointly by two more or less equal parties. Rather, they are laid down by the service provider and not open to negotiation. In the EU there are rules protecting the consumer against unfair terms.

Full article: We need to talk about terms and conditions | European Data Protection Supervisor

Even ticking a box does not necessarily mean consent is freely given

Digiday spoke to Giovanni Buttarelli, European data protection supervisor, to hear whether media and advertising businesses have done enough to comply. He believes Google and Facebook must work harder to achieve compliance.

Full article: Giovanni Buttarelli on state of GDPR adoption: ‘Even ticking a box does not necessarily mean consent is freely given’ – Digiday

EU to check for GDPR violations in Microsoft’s contracts with EU institutions

The European Data Protection Supervisor (EDPS), the European Union’s data protection watchdog, has started an investigation into Microsoft’s contracts with EU institutions.

The investigation will focus on the contracts EU institutions have signed with Microsoft and if clauses in these contracts comply with the EU’s new data protection regulation -also known as the General Data Protection Rules (GDPR).

Source: EU to check for GDPR violations in Microsoft’s contracts with EU institutions | ZDNet

EDPS publishes 2018 Annual Report 

The 2018 Annual Report provides an insight into all European Data Protection Supervisor (EDPS) activities in 2018. Chief among these were our efforts to prepare for the new legislation. The General Data Protection Regulation (GDPR) became fully applicable across the EU on 25 May 2018 and new data protection rules for the EU institutions are also now in place. Working with the new European Data Protection Board (EDPB), the EDPS aims to ensure consistent protection of individuals’ rights, wherever they live in the EU.

Access report: 2018 Annual Report – a new era in data protection | European Data Protection Supervisor

EDPS: Alternative business models are needed

Submitting his 2018 Annual Report to the European Parliament LIBE Hearing today, the European Data Protection Supervisor, Giovanni Buttarelli, said that the European Data Protection Board (EDPB), has had ‘excellent deliberations’ and will meet twice as often as in 2018 when it held five plenaries.

The EDPS is a full member of the EDPB, but also provides its secretariat. Buttarelli said that they have been careful to maintain the operational independence of the EDPB secretariat.

Source: EDPS: Alternative business models are needed – Privacy Laws & Business

EDPS Guidelines on assessing the proportionality of measures that limit privacy

The European Data Protection Supervisor (EDPS) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data.

EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.

Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines. The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu

Access draft guidelines

>