Blog Post

Vijftiende plenaire vergadering EDPB

  • door Maurits & Hömann
  • 17 dec, 2019

Op 12 en 13 november 2019 zijn de Europese privacy toezichthouders weer bijeen om een aantal belangrijke privacy vraagstukken te bespreken

Vijftiende vergadering EDPB | Maurits & Hömann
Agenda
15th EDPB meeting

 12 November 2019

1. Adoption of the minutes and the agenda, Information given by the Chair
1.1 Minutes of the 14th EDPB meeting
1.2 Draft agenda of the 15th EDPB meeting
1.3 ICDPPC conference

2. Consistency mechanism, Guidelines and EDPB RoP
2.1 Privacy Shield: Report on the 3rd Annual Review
2.2 Art. 64 GDPR Opinion on Exxon Mobil BCRs
2.4 EDPB RoP
2.4.1 Future of Supervision: Establishing the Coordinated Supervision Committee
2.4.2 Rules of voting (Art. 22 RoP)
2.5 Guidelines: Data protection by design & by default
2.6 Guidelines 3/2018 on the territorial scope of the GDPR

3. Current Focus of the EDPB Members
3.1 Update by SA

 13 November 2019

Possible discussion points still open from day 1
3. Current  Focus of the EDPB Members
3.2 Update by SA

4. Expert Subgroups and Secretariat
4.3 Financial Matters ESG Guidelines on the interplay of the Second Payment Service Directive (PSD2) and the GDPR
4.4 BTLE ESG
4.4.1 Response letter: LIBE request for EDPB contribution on Regulation establishing the conditions for accessing the EU information systems 4.4.2 Additional Protocol to the Budapest Convention on Cybercrime
 4.6 Secretariat Communications: Wikipedia page

5. Miscellaneous

https://edpb.europa.eu/sites/edpb/files/files/file1/20191112plenagenda_publicversion_en.pdf

Fifteenth Plenary session: Privacy Shield Review, Guidelines on Territorial Scope, Guidelines on Data Protection by Design & Default, Art. 64 Opinion on Exxon Mobil BCRs, Response letter to LIBE, Additional Protocol Budapest Convention

Brussels, 14 November - On November 12th and 13th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their fifteenth plenary session. During the plenary a wide range of topics was discussed.
 
Third Annual Privacy Shield Review
The EDPB adopted its report on the third Annual Joint Review of the EU-US Privacy Shield. In the report, the EDPB welcomes the efforts made by the U.S. authorities to implement the Privacy Shield, especially regarding ex officio oversight and enforcement actions on the commercial aspects, as well as the appointments of the last missing members of the Privacy and Civil Liberties Oversight Board (PCLOB) and of a permanent Ombudsperson.

However, a number of concerns still need to be addressed. The Board points out that substantial compliance checks with the substance of the Privacy Shield’s principles remain concerning. Other areas that require further attention are the application of the Privacy Shield requirements regarding onward transfers, HR data and processors, as well as the recertification process. More generally, the members of the Review Team would benefit from broader access to non-public information, concerning commercial aspects and ongoing investigations.

As regards the collection of data by public authorities, the EDPB encourages the PCLOB to issue and publish further reports, among others to provide an independent assessment of surveillance programmes conducted outside the US territory, while data are undergoing transfer from the EU to the US. The Board reiterates that its security-cleared experts remain ready to review further documents and discuss additional classified elements.

While the EDPB welcomes the new elements provided during this year’s review, the EDPB still cannot conclude that the Ombudsperson is vested with sufficient powers to access information and remedy non-compliance.

Guidelines on Territorial Scope
The EDPB adopted a final version of the Guidelines on Territorial Scope following public consultation. The guidelines aim to provide a common interpretation of the GDPR for EEA Data Protection Authorities when assessing whether a particular processing by a controller or a processor falls within the territorial scope of the legal framework, as per Art. 3 GDPR. The Guidelines provide further clarification on the application of the GDPR in various situations, for example, where the data controller or processor is established outside the EEA, including on the designation and role of a representative under Art. 27 GDPR.

The final guidelines integrate updated wording and further legal reasoning in order to address comments and feedback received during the public consultation, while maintaining the overall interpretation and methodology presented in the first version of the guidelines.

Guidelines on Data Protection by Design & Default
The EDPB adopted Guidelines on Data Protection by Design & Default. The guidelines focus on the obligation of Data Protection by Design and by Default (DPbDD) as set forth in Art. 25 GDPR. The core obligation here is the effective implementation of the data protection principles and data subjects’ rights and freedoms by design and by default. This requires that controllers implement appropriate technical and organisational measures and the necessary safeguards, designed to ascertain data protection principles in an effective manner and to protect the rights and freedoms of data subjects. In addition, controllers must be able to demonstrate that the implemented measures are effective. The guidelines will be submitted for public consultation.

Article 64 Opinion on ExxonMobil BCRs
The EDPB adopted its opinion on the draft decision regarding ExxonMobil’s Binding Corporate Rules (BCRs), submitted to the Board by the Belgian Supervisory Authority. The EDPB is of the opinion that the draft controller BCRs provide sufficient safeguards in the meaning of Art. 46(2)(b) and comply with Art. 47 GDPR.

Response letter to LIBE on EU Information Systems
The EDPB adopted its response to the European Parliament’s committee for Civil Liberties’ request for a legal assessment on the European Commission’s proposals for the Regulation establishing the conditions for accessing the other EU information systems and the Regulation establishing the conditions for accessing other EU information systems for ETIAS purposes. In the letter, the EDPB argues that the proposals should be seen as part of a bigger picture, i.e. as implementing parts of the Interoperability Framework and recalls the concerns previously expressed by the Article 29 Working Party. Additionally, the letter points out there are concerns regarding fundamental data protection principles, such as transparency, data protection by design and by default, and purpose limitation.

Additional protocol to the Budapest Convention on Cybercrime
The EDPB has adopted a contribution to the draft second additional protocol to the Council of Europe Convention on Cybercrime (Budapest Convention), to be considered within the framework of consultations held by the Council of Europe Cybercrime Convention Committee (T-CY). The EDPB recalls that the protection of personal data and legal certainty must be guaranteed, thus contributing to the objective of establishing sustainable arrangements for the sharing of personal data with third countries for law enforcement purposes, which are fully compatible with the EU Treaties and the Charter of Fundamental Rights.

https://edpb.europa.eu/news/news/2019/fifteenth-plenary-session-privacy-shield-review-guidelines-territorial-scope_en

door Maurits & Hömann 17 december 2019
Agenda en notulen van de zestiende vergadering EDPB
door Maurits & Hömann 17 december 2019
De agenda en notulen van de veertiende vergadering
door Maurits & Hömann 10 juli 2019
Op 9 en 10 juli 2019 zijn de Europese privacy toezichthouders weer bijeen om een aantal belangrijke privacy vraagstukken te bespreken
door Maurits & Hömann 3 juli 2019
Banken teruggefloten door Autoriteit Persoonsgegevens met betrekking tot gebruik betaalgegevens voor direct-marketing aanbiedingen.
door Maurits & Hömann 17 juni 2019
Wet arbeidsmarkt in balans (WAB) in aantocht
door 81934671b872bb5f26d278f492cab802591830ed 4 juni 2019
4 juni 2019 komen de Europese Privacy waakhonden weer bijeen om een aantal belangrijke privacy vraagstukken te bespreken
door Maurits & Hömann 3 juni 2019
Hoewel de boete bescheiden is, is de boodschap dat niet: de bescherming van gegevens is een zaak van ons allen maar de verwerkingsverantwoordelijken moeten hun verantwoordelijkheid nemen, vooral als zij een overheidsmandaat hebben.
door mr. S. Hömann 23 mei 2019
In dit artikel wordt de mogelijkheid besproken om schadevergoeding te vorderen bij de burgerlijke rechter.
door mr. S. Hömann 21 mei 2019
Doorgifte van persoonsgegevens buiten de Europese Unie mogelijk door gebruikmaking van modelcontracten/
door Maurits & Hömann 15 mei 2019
14 en 15 mei komen de Europese Privacy waakhonden weer bijeen om een aantal belangrijke privacy vraagstukken te bespreken
Meer posts
Share by: