Nyhetssamlare

EDPB adopts letters to UN & ENISA

European Data Protection Board
2 år 5 månader ago

During its November plenary, the EDPB adopted a letter in reply to the UN concerning transfers to international organisations. In the letter, the EDPB welcomes the UN’s continuous participation in the Task Force on transfers to international organisations established by the European Data Protection Supervisor. The EDPB also renews its commitment to engage further with the UN on the shared mission of protecting human rights, including the right to privacy.

The EDPB also adopted a letter to ENISA concerning the European Cybersecurity Certification Scheme for Cloud Services’ (EUCS) compatibility with Schrems II. In the letter, the EDPB reiterates its stance from its May 19 letter to ENISA that the final certification scheme should be consistent with the obligations laid down in the GDPR and should facilitate the compliance of cloud service providers and their clients with the GDPR, also considering the Schrems II ruling.   

EDPB

Call for proposals for action grants to support transnational e-Justice projects

Europeiska kommissionen - Skydd av personuppgifter
2 år 5 månader ago
Are you looking for EU funding for projects to become part of the European e-justice area? Under the JUSTICE programme 2.8 million EUR are available for national and cross-border projects to facilitate effective and non-discriminatory access to justice for all, including by electronic means (e-Justice), by promoting efficient civil and criminal procedures.
Oliver Deane

EDPB adopts Guidelines on the interplay between Art. 3 and Chapter V GDPR, Statement on Digital and Data Strategy & appointment of EDPB representatives to TFTP Joint Review

European Data Protection Board
2 år 5 månader ago

Brussels, 19 November - During its plenary session, the EDPB adopted Guidelines on the interplay between Art. 3 and Chapter V GDPR. By clarifying the interplay between the territorial scope of the GDPR (Art. 3) and the provisions on international transfers in Chapter V, the Guidelines aim to assist controllers and processors in the EU in identifying whether a processing operation constitutes an international transfer, and to provide a common understanding of the concept of international transfers. 

The Guidelines specify three cumulative criteria that qualify a processing as a transfer: (1) the data exporter (a controller or processor) is subject to the GDPR for the given processing; (2) the data exporter transmits or makes available the personal data to the data importer (another controller, joint controller or processor); (3) the data importer is in a third country or is an international organisation.

The processing will be considered a transfer, regardless of whether the importer established in a third country is already subject to the GDPR under Art. 3 GDPR. However, the EDPB considers that collection of data directly from data subjects in the EU at their own initiative does not constitute a transfer.

EDPB Chair Andrea Jelinek added: “These Guidelines provide a consistent interpretation of the concept of “international transfers” and clarify that, when a data importer is subject to the GDPR, the obligations under Chapter V GDPR apply both to the transfer from the EU to the importer and to any further transfer that the importer undertakes”.

The Guidelines will be subject to public consultation until the end of January.

The EDPB adopted a Statement on the European Commission’s Digital Services Package and Data Strategy. In the statement, the EDPB highlights three types of overarching concerns regarding the Commission proposals that have been presented so far (the Data Governance Act (DGA), Digital Services Act (DSA) and Digital Markets Act (DMA) and the AI Regulation (AIR)):

1) Lack of protection of individuals’ fundamental rights and freedoms;

2) Fragmented supervision;

3) Risks of inconsistencies.

The EDPB and EDPS have already issued joint opinions on the DGA and the AIR and the EDPS has issued opinions on the European Strategy for Data, the DMA and the DSA. In its statement, the EDPB reiterates its call for a ban on any use of AI for an automated recognition of human features in publicly accessible spaces and urges the co-legislator to consider a phase-out leading to a prohibition of targeted advertising on the basis of pervasive tracking while the profiling of children should overall be prohibited.

The EDPB further highlights the risks of parallel supervision structures and strongly recommends each proposal to provide for an explicit legal basis for the effective cooperation and exchange of information between the competent supervisory authorities under each proposal and the data protection authorities.

In addition, the EDPB calls upon the Commission and the co-legislator to ensure that the proposals clearly state that they shall not affect or undermine the application of existing data protection rules and to ensure that these rules shall prevail whenever personal data are being processed, also in the context of the forthcoming proposal for a Data Act.

Finally, the EDPB nominated two representatives from the Belgian and Hessen (DE) SA to take part in the 6th Joint Review of the EU-US Terrorist Finance Tracking Program (TFTP) Agreement.

EDPB

IMY varnar Migrationsverket

IMY: Nyheter
2 år 5 månader ago
Efter att ha granskat hur Migrationsverket använder det EU-omspännande it-systemet VIS för utbyte av uppgifter om visum mellan EU:s medlemsländer så utfärdar IMY två varningar för att det finns risk att bestämmelserna i GDPR kan brytas.