Agenda
11th EDPB meeting
4 June 2019
1. Adoption of the minutes and the agenda
1.1 Minutes of the 10th EDPB meeting
1.2 Draft agenda of the 11th EDPB meeting
2. Current Focus of the EDPB
2.1 Reply to LIBE request on the implications of the CLOUD Act
2.2 Annex to the Guidelines on Accreditation
2.3 Annex to the Guidelines on Certification
2.4 C-ITS response letter to Commission
2.5 Opinion on CY Art 35.4 DPIA list
2.6 Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679
2.7 Proposals for Common Strategic Priorities for Supervision and Guidance
2.8 Update from national SA
2.9 Governance of social media platforms
2.10 LIBE Request on Regulation establishing the conditions for accessing the EU information
3. Miscellaneous
https://edpb.europa.eu/sites/edpb/files/files/file1/20190604_agenda_publicversion_en.pdf
Brussels, 5 June - On June 4th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their eleventh plenary session. During the plenary a wide range of topics were discussed.
Guidelines on Codes of Conduct
The EDPB adopted a final version of the Guidelines on Codes of Conduct. Following public consultation, points of clarification were included in the text. The aim of these guidelines is to provide practical guidance and interpretative assistance in relation to the application of Articles 40 and 41 GDPR. The guidelines intend to help clarify the procedures and the rules involved in the submission, approval and publication of codes of conduct at both the national and the European level. These guidelines should further act as a clear framework for all competent supervisory authorities, the Board and the Commission to evaluate codes of conduct in a consistent manner and to streamline the procedures involved in the assessment process.
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_201901_v2.0_codesofconduct_en.pdf
Annex to the Guidelines on Accreditation
The EDPB adopted a final version of the annex to the Guidelines on Accreditation, following public consultation. The text has been reviewed to enhance clarity. The aim of the guidelines is to provide guidance on how to interpret and implement the provisions of Article 43 GDPR. In particular, they aim to help Member States, supervisory authorities and national accreditation bodies establish a consistent and harmonised baseline for the accreditation of certification bodies that issue certification in accordance with the GDPR. The annex provides guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities. These additional requirements, before being adopted by supervisory authorities, are to be submitted to the European Data Protection Board for approval pursuant to Article 64(1)(c).
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_201804_v3.0_accreditationcertificationbodies_annex1_en.pdf
Annex to the Guidelines on Certification
The EDPB adopted a final version of annex 2 to the Guidelines on Certification. Following public consultation, some aspects were added to certain sections, for example, whether the criteria address the obligation of the controller/processor to appoint a DPO and the obligation to keep records of the processing activities. The primary aim of these guidelines is to identify overarching criteria which may be relevant to all types of certification mechanisms issued in accordance with art. 42 and art. 43 GDPR. The annex identifies topics that data protection supervisory authorities and the EDPB will consider and apply for the approval of certification criteria for a certification mechanism. The list is not exhaustive, but presents the minimum topics to be considered.
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_201801_v3.0_certificationcriteria_annex2_en.pdf
https://edpb.europa.eu/news/news/2019/european-data-protection-board-eleventh-plenary-session-guidelines-codes-conduct_nl
