Nyhetssamlare
Informationssäkerhet vs it-säkerhet – vad är vad?
December Plenary - adopted documents
During its December plenary, the EDPB adopted the following documents:
- EDPB contribution to the evaluation of the Law Enforcement Directive
- EDPB response to MEP István Ujhelyi on the alleged use of the Pegasus spyware
- Guidelines on examples regarding data breach notifications (following public consultation)
- Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject
Varning för oväder i fjällen
Viktigt meddelande till allmänheten i Malmö kommun, Skåne län
Flera nya åtgärder mot covid-19 införs 12 januari
Regeringen öppnar för vaccinationsbevis på serveringsställen och andra platser
Nya åtgärder för minskad spridning av covid-19
Barn inom särskilda grupper 5-11 år rekommenderas vaccin mot covid-19
UC AB
Opening of the call for proposals to promote and protect Union values
Katharina von Schnurbein presents the EU Antisemitism Strategy at various events
General Affairs Council addresses antisemitism
The Commission proposes to extend the list of ‘EU crimes' to hate speech and hate crime
Human rights and democracy: EU launches a €1.5 billion plan to promote universal values
From adoption to implementation of the EU Strategy on combating antisemitism and fostering Jewish life
Ny IT-sårbarhet berör många
EDPB Statement : EDPB cooperation on the elaboration of guidelines
The European Data Protection Board has adopted the following statement:
The deliberations of the EDPB often involve complex issues of principle and law. In seeking to ensure the consistent application of the GDPR, the process leading to consensus or majority positions on matters before the EDPB involves accounting for sometimes divergent views and analysis, as well as national case law and procedures. Within the framework provided by the GDPR, the Members of the Board work together in a respectful manner to reconcile and reach common meaningful decisions. That the starting point is not a unified view is not a failure of data protection authorities or a lack of integrity on the part of any of the authorities that hold one position or another – it is simply the GDPR working as intended. In this regard, although not binding in themselves, Guidelines and Recommendations of the EDPB reflect the common position and understanding which the authorities agree to apply in a consistent way. The EDPB Members, in their contributions to the work of the EDPB, act in compliance with the duty of sincere cooperation in the interest of the effective functioning of the EDPB.
Covidbevis vid inresa även från nordiska länder
EDPB adopts Contribution to evaluation of Law Enforcement Directive, SPE project plan, response to MEP Ujhelyi on Pegasus, final version of Guidelines on examples regarding data breach notifications
The EDPB and the individual Supervisory Authorities (SAs) contributed to the evaluation and review of the Data Protection Law Enforcement Directive (LED), carried out by the European Commission in accordance with Art. 62 LED. The LED aims to provide a harmonised level of data protection for individuals in the area of law enforcement across the EU.
The past four years have been characterised primarily by the national processes to transpose the Directive. Because of its recent implementation, there is limited experience and empirical data on some parts of the LED. Therefore, the EDPB is of the opinion that it is too early to draw conclusions on the effectiveness of the LED or to consider its revision.
The EDPB strongly urges those Member States still in the phase of the implementation to invest all means possible to ensure that the transposition is fully compliant with the LED without any further delays.
In its contribution, the EDPB reaffirms its commitment to continue providing guidance on the interpretation of the LED. In addition, the EDPB remains committed to providing independent assessments of future draft adequacy decisions, elaborated by the European Commission, with regard to the requirements of LED, especially enforceable rights, effective redress and safeguards concerning onward transfers.
The EDPB stresses that the effective implementation of the tasks under the LED requires the availability of the necessary resources, both human and technical, and calls on the Member States to ensure that the resources of SAs increase in proportion to their workload.
As part of the implementation of the EDPB 2021-2023 strategy and following the establishment of a Support Pool of Experts (SPE), the EDPB has now agreed on the SPE’s project plan. The SPE aims to provide material support to EDPB Members in the form of expertise that is useful for investigations and enforcement activities and to enhance cooperation and solidarity between EDPB Members by sharing, reinforcing and complementing strengths, and addressing operational needs.
The EDPB adopted a reply to MEP Ujhelyi on hacking spyware Pegasus. In its reply, the EDPB highlights that the Board and its Members pay, and will continue to pay, particular attention to the current developments related to the interferences with the fundamental rights to privacy and data protection through surveillance measures. The EDPB adds that protection of journalists and their sources is a cornerstone of the freedom of the press. The EDPB is competent in the matter of the alleged use of the Pegasus software mainly if and as far as it is deployed for purposes under the GDPR and the LED. The EDPB, however, notes that according to the applicable Union law, it does not have the same competences, tasks and powers as national SAs, and that concerning the particular case at stake, the Hungarian National Authority for Data Protection and Freedom of Information has competency to carry out the investigation procedure regarding the alleged use of spyware by Hungarian authorities. The EDPB remains ready to support all members of the EDPB in such matters.
Following public consultation, the EDPB adopted a final version of the Guidelines on examples regarding data breach notifications. These guidelines complement the Article 29 Working Party guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment. Following public consultation, the Guidelines were updated to reflect comments received.
Note to editors:
All documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.