Article 76 GDPR: Difference between revisions
mNo edit summary |
|||
(One intermediate revision by one other user not shown) | |||
Line 196: | Line 196: | ||
== Commentary == | == Commentary == | ||
Article 76 GDPR presents an | Article 76 GDPR subjects the Board's discussions to confidentiality, only in circumstances where the Board deems it necessary.<ref>''Dix'', in Kühling, Buchner, DS-GVO BDSG, Article 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition).</ref> The deliberations of the Board's predecessor, the Article 29 Working Party (“''WP29''”), were wholly privileged. Under Article 11(1) of WP29's Rules of Procedure, any minutes and draft documents were confidential, except in circumstances where the WP29 decided to make any such information public.<ref>''Docksey'', in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020).</ref> | ||
European legislators thought it necessary to provide for a more transparent approach in regards to the EDPB. Article 42 of the Charter of Fundamental Rights of the European Union ("''CFR''") and Article 15(3) Treaty on the Functioning of the European Union ("''TFEU''") establish a right of transparency, ensuring the public accessibility of documents. In respect of these provisions, Article 76 GDPR reverses the confidentiality rules applicable to the WP29. The Regulation establishes that for the EDPB, transparency regarding deliberations is to be the norm, except in instances where confidentiality is warranted.<ref>''Docksey'', in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1112 (Oxford University Press 2020).</ref> | |||
The provision presents an insight into how the Regulation attempts to balance different interests at stake. On the one hand, European authorities must act transparently to ensure accountability is maintained - and to ensure compliance with the wider institutional legal framework. While on the other hand, a space of confidentiality must be preserved to allow them to act effectively. | |||
=== (1) Confidentiality, Where Necessary === | === (1) Confidentiality, Where Necessary === | ||
The wording of Article 76(1) GDPR makes it clear that the Board's deliberations are only to be confidential in exceptional circumstances, where the Board considers that confidentiality is specifically required. Consequently, the general norm is that the Board's discussions are to be publicly accessible unless it is necessary to impose secrecy on them. In turn, the criteria for defining cases of secrecy are laid down in the EDPB's Rules of Procedure (“''RoP''”). | |||
==== Confidentiality in the EDPB Rules of Procedure. ==== | ==== Confidentiality in the EDPB Rules of Procedure. ==== | ||
Article 33(1) | Article 33(1) RoP stipulates that in “''accordance with Art 76 (1) GDPR''”, discussions of the Board and of expert subgroups shall be confidential when: “''a. they concern a specific individual; b. they concern the consistency mechanism; c. the Board decides that the discussions on a specific topic shall remain confidential for instance when the discussions concern international relations and/or where the absence of confidentiality would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.''” | ||
=== (2) Access to Documents === | === (2) Access to Documents === | ||
Article 76(2) GDPR provides that access to documents submitted to members of the EDPB, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 | Article 76(2) GDPR provides that access to documents submitted to members of the EDPB, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 which lays down the general principles and limits to public access of Union documents. The scope of what falls under Regulation (EC) No 1049/2001 is fairly broad. Article 2(3) of Regulation (EC) No 1049/2001 provides that documents which fall under its scope are any “''documents drawn up or received by it'' [Union bodies]''.''” | ||
In this regard, Article 76(2) GDPR significantly reduces the scope of the access only to “''documents submitted to'' ''members of the Board, experts and representatives of third parties''”. It follows that documents drawn up by the EDPB itself are not included in the right of access unless other more specific provisions of the GDPR apply, only documents received by the Board fall under the governance of Regulation (EC) No 1049/2001. More specific provisions include Articles 64(5)(b), 65(5), 70(3) and 70(4) GDPR, which regulate the publication of opinions and resolutions of the Board. | |||
== Decisions == | == Decisions == |
Latest revision as of 08:17, 19 October 2023
Legal Text
1. The discussions of the Board shall be confidential where the Board deems it necessary, as provided for in its rules of procedure.
2. Access to documents submitted to members of the Board, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 of the European Parliament and of the Council (21).
Relevant Recitals
Commentary
Article 76 GDPR subjects the Board's discussions to confidentiality, only in circumstances where the Board deems it necessary.[1] The deliberations of the Board's predecessor, the Article 29 Working Party (“WP29”), were wholly privileged. Under Article 11(1) of WP29's Rules of Procedure, any minutes and draft documents were confidential, except in circumstances where the WP29 decided to make any such information public.[2]
European legislators thought it necessary to provide for a more transparent approach in regards to the EDPB. Article 42 of the Charter of Fundamental Rights of the European Union ("CFR") and Article 15(3) Treaty on the Functioning of the European Union ("TFEU") establish a right of transparency, ensuring the public accessibility of documents. In respect of these provisions, Article 76 GDPR reverses the confidentiality rules applicable to the WP29. The Regulation establishes that for the EDPB, transparency regarding deliberations is to be the norm, except in instances where confidentiality is warranted.[3]
The provision presents an insight into how the Regulation attempts to balance different interests at stake. On the one hand, European authorities must act transparently to ensure accountability is maintained - and to ensure compliance with the wider institutional legal framework. While on the other hand, a space of confidentiality must be preserved to allow them to act effectively.
(1) Confidentiality, Where Necessary
The wording of Article 76(1) GDPR makes it clear that the Board's deliberations are only to be confidential in exceptional circumstances, where the Board considers that confidentiality is specifically required. Consequently, the general norm is that the Board's discussions are to be publicly accessible unless it is necessary to impose secrecy on them. In turn, the criteria for defining cases of secrecy are laid down in the EDPB's Rules of Procedure (“RoP”).
Confidentiality in the EDPB Rules of Procedure.
Article 33(1) RoP stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert subgroups shall be confidential when: “a. they concern a specific individual; b. they concern the consistency mechanism; c. the Board decides that the discussions on a specific topic shall remain confidential for instance when the discussions concern international relations and/or where the absence of confidentiality would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.”
(2) Access to Documents
Article 76(2) GDPR provides that access to documents submitted to members of the EDPB, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 which lays down the general principles and limits to public access of Union documents. The scope of what falls under Regulation (EC) No 1049/2001 is fairly broad. Article 2(3) of Regulation (EC) No 1049/2001 provides that documents which fall under its scope are any “documents drawn up or received by it [Union bodies].”
In this regard, Article 76(2) GDPR significantly reduces the scope of the access only to “documents submitted to members of the Board, experts and representatives of third parties”. It follows that documents drawn up by the EDPB itself are not included in the right of access unless other more specific provisions of the GDPR apply, only documents received by the Board fall under the governance of Regulation (EC) No 1049/2001. More specific provisions include Articles 64(5)(b), 65(5), 70(3) and 70(4) GDPR, which regulate the publication of opinions and resolutions of the Board.
Decisions
→ You can find all related decisions in Category:Article 76 GDPR
References
- ↑ Dix, in Kühling, Buchner, DS-GVO BDSG, Article 76 GDPR, margin number 1 (C.H. Beck 2020, 3rd edition).
- ↑ Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1111-1112 (Oxford University Press 2020).
- ↑ Docksey, in Kuner et al., The EU General Data Protection Regulation (GDPR), Article 76 GDPR, p. 1112 (Oxford University Press 2020).