The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) announced their joint opinions on the draft standard contractual clauses (SCCs) previously published by the European Commission in November 2020. The opinions cover the SCCs between controllers and processors and the SCCs for the transfer of personal data to third countries.  We have previously commented on both sets of drafts here and here.

Controller to processor SCCs

In their joint opinion, both the EDPB and the EDPS, welcomed the controller to processor SCCs as a single, strong, and EU-wide accountability tool, which will facilitate compliance with the General Data Protection Regulation (GDPR) and provide much needed legal certainty to controllers and processors. However, the EDPB and EDPS noted that more clarity should be provided as to when the controller to processor SCCs can be relied upon. Further amendments were also noted as needed, for example the docking clause, which allows additional entities to accede to the controller to processor SCCs. It was also noted that the SCCs Annexes should be amended to clarify the roles and responsibilities of each of the parties as much as possible with regard to each processing activity. The EDPB and EDPS consider these additional amendments as necessary to ensure harmonisation and legal certainty across the EU when it comes to contracts between controllers and their processors.
Continue Reading The EDPB and EDPS adopt joint opinions on the new draft SCCs

On 19 February 2020, the European Commission published details of its data strategy (here), the aim of which is to “create a single European data space – a genuine single market for data, open to data from across the world – where personal as well as non-personal data, including sensitive business data, are secure and businesses also have easy access to an almost infinite amount of high-quality industrial data, boosting growth and creating value, while minimising the human carbon and environmental footprint.”

The European Data Protection Supervisor (EDPS) published its opinion on the data strategy on 16 June 2020 (here). In essence, the EDPS supports the Commission’s commitment to develop the strategy in full compliance with the General Data Protection Regulation (GDPR) and European fundamental rights and values, including the right to the protection of personal data provided under Article 8 of the Charter of Fundamental Rights of the EU. However, the EDPS took the opportunity in its opinion to remind the Commission of a few specific areas of EU data protection law which it will need to consider in relation to some of the proposals set out in the strategy.Continue Reading EDPS opines on the Commission’s data strategy

This week the EU’s independent data protection authority (DPA), the European Data Protection Supervisor (EDPS), published a preliminary opinion on data protection and scientific research subject to the General Data Protection Regulation 679/2016 (GDPR) and Regulation 1725/2018 governing data protection in EU institutions (Preliminary Opinion). Regulation 1725/2018 is very similar to the GDPR’s provisions in this area, and the EDPS states that the Preliminary Opinion may be regarded as relevant to data processing under both regulations.

The Preliminary Opinion builds on the work of the European Data Protection Board (EDPB) in promoting a dialogue between DPAs, ethical review boards and organisations conducting scientific research. Continue Reading EDPS, data protection and scientific research

In an Opinion and press release issued 15 December 2015, the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, urged caution over the trade and use of covert monitoring technologies. The Opinion focussed on those surveillance tools which are designed, marketed and sold for mass surveillance, intrusion and exfiltration. It warned that more needs to be done to address how the market for surveillance technologies is monitored and the safeguards in place; otherwise the Digital Single Market will not be able to succeed.
Continue Reading Intrusive Surveillance Technologies next on the agenda for the EDPS

Giovanni Buttarelli, the European Data Protection Supervisor (“EDPS”), has announced plans to set up a new European Ethics Advisory Board to address the technological challenges of the 21st century in a world where there are now more connected devices on the planet than people. He stated, “in today’s digital environment, adherence to the law is not enough; we have to consider the ethical dimension of data processing”.

The Opinion paper, published by the EDPS 11 September 2015, highlights the difficulties in protecting the dignity of the human person, including the rights to privacy and protection of personal data, against a digital landscape in which there are now more connected devices on the planet than people. He has called for a broader discussion on how to “ensure the integrity of [European] values while embracing the benefits of new technologies”. While the EDPS considers that data protection principles have proved capable of safeguarding individuals and their privacy from the risks of irresponsible data processing, he believes that today’s trends “may require a completely fresh approach”, and has urged those responsible internationally to promote an “ethical dimension in future technologies”.
Continue Reading EU Data Protection Ethics Advisory Board to be Established because “adherence to the law is not enough”, says EDPS

The European Data Protection Supervisor published ‘Guidelines on data protection in EU financial services regulation’ (Guidelines) to be used as a “practical toolkit for ensuring that EU data protection rules are integrated when developing EU financial policies and rules.”

The Guidelines address the processing of personal information involved in supervising financial markets, particularly through the