GPDR – European Data Protection Board Publishes Guidelines on the Concepts of Controller and Processor, Brings New Light on the Notion of “Joint-Controllers”

September 29th, 2020 | Posted by Claude-Etienne Armingaud in Europe | Privacy - (0 Comments)

The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users (Guidelines 08/2020 – see our Alert here). The earlier aims to replace the previous opinion by EDPB’s predecessor, the WP29, on these concepts by clarifying the main concepts of “controller”, “joint-controllers” and “processor” and by specifying the consequences attached to these notions.

(more…)

, , , , , ,

EU Privacy Alert: European Data Protection Board Publishes Guidelines on Targeting of Social Media Users, Emphasizes Joint-Controllership Arrangements

September 29th, 2020 | Posted by Claude-Etienne Armingaud in Europe | Guidelines | Privacy | Social Networks - (0 Comments)

With close to one billion active users on social media, platforms and businesses are constantly rolling out new features, upgrading their ad tools and creating new ways to engage with users, moving away from traditional marketing strategies. Those emerging practices are also extensively relying on data analyses to gain insights and enhance more targeted opportunities, therefore shifting platforms and businesses’ focus on revenue.

The evolution towards increasingly personalized marketing practices occurs in parallel with end-users’ awareness of data protection frameworks, which may lead to a rift between transparency expectations towards complex advertising solutions based not only on personal data provided by the users themselves, but also in conjunction with other data collected by social media providers or third parties. Recent headlines about the roles played by social media targeting on democratic decision-making and electoral processes reinforce such perceptions.

(more…)

, , ,

Guidelines 08/2020 on the targeting of social media users

September 10th, 2020 | Posted by Claude-Etienne Armingaud in Europe | Guidelines | Privacy - (0 Comments)

Version 1.0 dated 02 September 2020 adopted for public consultation. Go to the finalized version.
Go to official PDF version.

The European Data Protection Board

Having regard to Article 70(1)(e) of Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

HAS ADOPTED THE FOLLOWING GUIDELINES

(more…)

, , , , , ,

Guidelines 07/2020 on the concepts of controller and processor in the GDPR v 1.0

September 10th, 2020 | Posted by Claude-Etienne Armingaud in Europe | Guidelines | Privacy - (0 Comments)

Version 1.0 dated 06 September 2020 adopted for public consultation. Go to the finalized version.
Go to official PDF version.

EXECUTIVE SUMMARY

The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The precise meaning of these concepts and the criteria for their correct interpretation must be sufficiently clear and consistent throughout the European Economic Area (EEA).

The concepts of controller, joint controller and processor are functional concepts in that they aim to allocate responsibilities according to the actual roles of the parties and autonomous concepts in the sense that they should be interpreted mainly according to EU data protection law.

(more…)

, , , ,

37th EDPB Meeting

September 2nd, 2020 | Posted by Claude-Etienne Armingaud in Privacy - (0 Comments)
  1. Adoption of the minutes and of the agenda, Information given by the Chair
    1. Minutes of the 36th EDPB meeting
    2. Draft agenda of the 37th EDPB meeting
    3. Appointment of Mr. Pasquale Stanzione, new president of the Italian DPA
    4. Exchange of views with the LIBE Committee on the recent CJEU Schrems II judgment
  2. Current Focus of the EDPB Members
    1. 101 lodged complaints in the context of the CJEU Schrems II judgement
    2. Schrems II: next steps and follow-up on guidance on supplementary measures
    3. e-Privacy Regulation and the role of the EDPB
    4. Update by the European Commission
  3. FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
    1. Key Provision ESG
      Guidelines on the concept of controller and processor in the GDPR
    2. Social Media ESG
      Guidelines on the targeting of social media users
    3. RoP Drafting Team
      Transparency of EDPB minutes
    4. Strategic Advisory ESG
      1. EDPB strategic plan: draft paper and possible seminar
    1. Secretariat
      1. Art. 65 procedure
      2. Legal studies
  4. Any other business