Article 67 GDPR: Difference between revisions
(merge category "GDPR" into "GDPR Articles") |
(style consistency) |
||
Line 185: | Line 185: | ||
== Legal Text == | == Legal Text == | ||
<br /><center>'''Article 67 - Exchange of information'''</center | <br /><center>'''Article 67 - Exchange of information'''</center> | ||
The Commission may adopt implementing acts of general scope in order to specify the arrangements for the exchange of information by electronic means between supervisory authorities, and between supervisory authorities and the Board, in particular the standardised format referred to in Article 64. | The Commission may adopt implementing acts of general scope in order to specify the arrangements for the exchange of information by electronic means between supervisory authorities, and between supervisory authorities and the Board, in particular the standardised format referred to in Article 64. |
Revision as of 10:24, 8 March 2022
Legal Text
The Commission may adopt implementing acts of general scope in order to specify the arrangements for the exchange of information by electronic means between supervisory authorities, and between supervisory authorities and the Board, in particular the standardised format referred to in Article 64.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2).
Relevant Recitals
Commentary
This provision grants the power to adopt an implementing act to the Commission for the exchange of information not only between the SAs, but also between the SAs and the EDPB.
The necessity of a reliable and efficient system to communicate, in particular under the cooperation procedure (between SAs) and the consistency mechanism (under the consistency procedure) is vital for the good functioning of the cooperation between the SAs and the EDPB, considering the strict deadlines and the need for enhanced cooperation.
IMI (the Internal Market Information System) was chosen as the IT platform to support cooperation and consistency procedures under the GDPR. IMI helps public authorities across the EU to cooperate and exchange information.
IMI has been developed by the European Commission’s DG GROW and was adapted to cater for the needs of the GDPR, in close cooperation with the Secretariat of the EDPB and the national supervisory authorities.[1]
The IMI system is therefore used to initiate various procedures under the GDPR, such as the identification of the LSA, mutual assistance procedures, or one-stop-shop procedures.[2]
The Commission also adopted an implementing decision on a pilot project to implement the administrative cooperation provisions of the GDPR.[3] This decision refers to the Administrative cooperation between supervisory authorities (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the administrative cooperation between supervisory authorities, the Board and the Commission (covering Articles 645 to 66 GDPR). For the purposes of the pilot project, the supervisory authorities referred to in Article 51 GDPR and the EDPB shall be considered as “competent authorities” under the IMI Regulation.[4]
The IMI Regulation (Regulation (EU) No 1024/2012) has also been modified to extend the list of IMI actors (besides the “competent authorities, IMI coordinators and the Commission”) to the “Union bodies, offices and agencies” and to add the GDPR to the Annex listing the provisions on administrative cooperation in union acts that are implemented by means of IMI.[5]
Article 17 of the EDPB Rules of Procedure (RoP) refers to the use of an “Internal information and communication system”, “in particular to support the electronic exchange of documents within the cooperation and the consistency mechanisms”. Article 10 11(1) of the EDPB RoP require the competent SA to send the relevant documents to the secretariat of the EDPB via the IMI IT system.
The use of the IMI system to communicate between SAs is therefore made mandatory. Ignoring this requirement can have consequences, since the EDPB already considered that the urgency could not be presumed under Article 61(8) GDPR if the request for mutual assistance was not made under the formal IMI procedure to send a request for mutual assistance to the Irish SA.[6]
Decisions
→ You can find all related decisions in Category:Article 67 GDPR
References
- ↑ See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here).
- ↑ See EDPB, 2019 Annual Report, Section 4.3.1 (available here).
- ↑ European Commission, 16 May 2018, Implementing Decision (EU) 2018/743 (available here).
- ↑ The EDPS is not a competent authority under the GDPR, which seems to exclude it from the pilot project.
- ↑ See Article 5(g) of Regulation (EU) No 1024/2012, as modified by Regulation (EU) 2018/1724.
- ↑ EDPB, 12 July 2021, Urgent Binding Decision 01/2021 on the request under Article 66(2) GDPR from the Hamburg (German) Supervisory Authority for ordering the adoption of final measures regarding Facebook Ireland Limited, p.42, s. 4.2.1(available here).