The European Data Protection Board (EDPB) published two sets of new guidelines on 2 September 2020, on the concepts of controller and processor (Guidelines 07/2020, the Guidelines) and on the targeting of social media users (Guidelines 08/2020 – see our Alert here). The earlier aims to replace the previous opinion by EDPB’s predecessor, the WP29, on these concepts by clarifying the main concepts of “controller”, “joint-controllers” and “processor” and by specifying the consequences attached to these notions.
(more…)GPDR – European Data Protection Board Publishes Guidelines on the Concepts of Controller and Processor, Brings New Light on the Notion of “Joint-Controllers”
September 29th, 2020 | Posted by in Europe | Privacy - (0 Comments)Guidelines 07/2020 on the concepts of controller and processor in the GDPR v 1.0
September 10th, 2020 | Posted by in Europe | Guidelines | Privacy - (0 Comments)Version 1.0 dated 06 September 2020 adopted for public consultation. Go to the finalized version.
Go to official PDF version.
EXECUTIVE SUMMARY
The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The precise meaning of these concepts and the criteria for their correct interpretation must be sufficiently clear and consistent throughout the European Economic Area (EEA).
The concepts of controller, joint controller and processor are functional concepts in that they aim to allocate responsibilities according to the actual roles of the parties and autonomous concepts in the sense that they should be interpreted mainly according to EU data protection law.
(more…)- Adoption of the minutes and of the agenda, Information given by the Chair
- Minutes of the 36th EDPB meeting
- Draft agenda of the 37th EDPB meeting
- Appointment of Mr. Pasquale Stanzione, new president of the Italian DPA
- Exchange of views with the LIBE Committee on the recent CJEU Schrems II judgment
- Current Focus of the EDPB Members
- 101 lodged complaints in the context of the CJEU Schrems II judgement
- Schrems II: next steps and follow-up on guidance on supplementary measures
- e-Privacy Regulation and the role of the EDPB
- Update by the European Commission
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- Key Provision ESG
Guidelines on the concept of controller and processor in the GDPR - Social Media ESG
Guidelines on the targeting of social media users - RoP Drafting Team
Transparency of EDPB minutes - Strategic Advisory ESG
- EDPB strategic plan: draft paper and possible seminar
- Secretariat
- Art. 65 procedure
- Legal studies
- Key Provision ESG
- Any other business
Frequently Asked Questions on the CJEU judgment “Schrems II” – C-311/18
July 28th, 2020 | Posted by in Data Transfer | Privacy - (0 Comments)This document aims at presenting answers to some frequently asked questions received by supervisory authorities (“SAs”) and will be developed and complemented along with further analysis, as the EDPB continues to examine and assess the judgment of the Court of Justice of the European Union (the “Court”).
The judgment C-311/18 can be found here, and the press release of the Court may be found here.
(more…)- Adoption of the minutes and of the agenda
- Minutes of the 35th EDPB meeting
- Draft agenda of the 36th EDPB meeting
- Current Focus of the EDPB Members
- FAQ regarding clarifications of the consequences of the Schrems II judgement
- Decision making under art. 65 – Role of the Secretariat 2.3. Update by SA
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- Secretariat
- September plenary meeting
- Legal studies
- Coordinators ESG
- Focus of the ESG until spring 2021
- Secretariat
- Any other business
- Adoption of the minutes and of the agenda
- Minutes of the 34th EDPB meeting
- Draft agenda of the 35th EDPB meeting
- Current Focus of the EDPB Members
- Decision-making under Art. 65 GDPR
- FOR DISCUSSION AND/OR ADOPTION – Expert Subgroups and Secretariat
- International Transfers ESG
- Impact of Brexit on BCRs and management of ICO-led BCRs
- RoP drafting team
- Transparency of EDPB minutes
- Secretariat
- Legal studies
- International Transfers ESG
- Any other business
EU Data Protection: Standard Contractual Clauses May have Been Confirmed by the CJEU, But At What Price?
July 16th, 2020 | Posted by in Data Transfer | Europe | Privacy - (0 Comments)The long awaited Schrems II decision was published by the Court of Justice of the European Union (CJEU) on 16 July 2020 (Court of Justice of the European Union – Grand Chamber – 16 July 2020 – C-311/18 – Schrems II) and while it has already been summarized as the death blow to the Privacy Shield framework and the confirmation of the validity of the Standard Contractual Clauses (SCCs) by many, it may only be a Pyrrhic victory for the latter, as far as transfers to the US are concerned.
(more…)