Article 71 GDPR: Difference between revisions
Line 196: | Line 196: | ||
===(1) Obligation to Prepare an Annual Report=== | ===(1) Obligation to Prepare an Annual Report=== | ||
The EDPB’s annual report can include all topics relevant to data protection law. It is simultaneously intended to make the actions of the EDPB transparent, whilst also increasing public awareness of the risks associated with the processing of personal data.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin | The EDPB’s annual report can include all topics relevant to data protection law. It is simultaneously intended to make the actions of the EDPB transparent, whilst also increasing public awareness of the risks associated with the processing of personal data.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin number 1 (Beck 2018, 2<sup>nd</sup> ed.) (accessed 1 June 2021).</ref> | ||
It is not primarily designed to be a summary of the EDPB’s activities, but rather a status report on data protection in the EU, as well as in third countries “where relevant.”<ref>''Körffer'' in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin | It is not primarily designed to be a summary of the EDPB’s activities, but rather a status report on data protection in the EU, as well as in third countries “where relevant.”<ref>''Körffer'' in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin number 2 (Beck 2021, 3<sup>rd</sup> ed.) (1 June 2021).</ref> The phrase “where relevant” is intended to make clear that third countries will only be referred to where the data of EU individuals are processed. Irrespective of this, the EDPB may also monitor international developments in non-EU data protection for other reasons.<ref>''Dix'' in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (accessed 1 June 2021).</ref> | ||
Although made public, the annual report is directly transmitted to the European Parliament, Council, and Commission, giving it a distinctive political orientation.<ref>''Körffer'' in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin numbers | Although made public, the annual report is directly transmitted to the European Parliament, Council, and Commission, giving it a distinctive political orientation.<ref>''Körffer'' in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin numbers 4 (Beck 2021, 3<sup>rd</sup> ed.) (accessed 1 June 2021).</ref> These bodies can use the report as an opportunity to take their own action; e.g., the Commission might initiate infringement proceedings against Member States that the EDPB confirms have violated the GDPR.<ref>''Dix'' in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (accessed 1 June 2021).</ref> | ||
Public bodies can be named in the annual report as they have no basic right to data protection. The extent to which private organisations should be named must be assessed on a case-by-case basis, and factors may include: whether the organisation is committing persistent violations of the GDPR; whether there is a legal dispute (the ECJ and ECHR always publish their judgments with the full names of parties to the proceedings); and the possible adverse effects on the company’s reputation.<ref>''Dix'' in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (1 June 2021).</ref> | Public bodies can be named in the annual report as they have no basic right to data protection. The extent to which private organisations should be named must be assessed on a case-by-case basis, and factors may include: whether the organisation is committing persistent violations of the GDPR; whether there is a legal dispute (the ECJ and ECHR always publish their judgments with the full names of parties to the proceedings); and the possible adverse effects on the company’s reputation.<ref>''Dix'' in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (1 June 2021).</ref> | ||
Line 208: | Line 208: | ||
Article 71(2) establishes a few specific requirements for the content of the annual report. | Article 71(2) establishes a few specific requirements for the content of the annual report. | ||
First, the report must include a review of the EDPB’s statements, guidelines, recommendations, and best practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures the public is provided with an overview of acts adopted during the relevant reporting period.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin number | First, the report must include a review of the EDPB’s statements, guidelines, recommendations, and best practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures the public is provided with an overview of acts adopted during the relevant reporting period.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin number 2 (Beck, 2018, 2<sup>nd</sup> ed.) (accessed 1 June 2021).</ref> | ||
Additionally, the report must include any binding decisions issued in dispute resolution procedures under Article 65(1). Article 65(5) also obliges the EDPB to publish such decisions on its website. | Additionally, the report must include any binding decisions issued in dispute resolution procedures under Article 65(1). Article 65(5) also obliges the EDPB to publish such decisions on its website. | ||
Beyond these specific requirements, the EDPB has a wide discretion as to which information is included in the annual report.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin | Beyond these specific requirements, the EDPB has a wide discretion as to which information is included in the annual report.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin number 3 (Beck, 2018, 2<sup>nd</sup> ed.) (accessed 1 June 2021).</ref> This has previously included a summary of its most important statements and resolutions, and statements on the activities of supervisory authorities.<ref>''Nguyen'' in Gola DS-GVO, Article 71 GDPR, margin number 3 (Beck, 2018, 2<sup>nd</sup> ed.) (accessed 1 June 2021).</ref> | ||
== Decisions == | == Decisions == | ||
→ You can find all related decisions in [[:Category:Article 71 GDPR]] | → You can find all related decisions in [[:Category:Article 71 GDPR]] |
Revision as of 12:08, 19 August 2021
Legal Text
1. The Board shall draw up an annual report regarding the protection of natural persons with regard to processing in the Union and, where relevant, in third countries and international organisations. The report shall be made public and be transmitted to the European Parliament, to the Council and to the Commission.
2. The annual report shall include a review of the practical application of the guidelines, recommendations and best practices referred to in point (l) of Article 70(1) as well as of the binding decisions referred to in Article 65.
Relevant Recitals
Commentary
(1) Obligation to Prepare an Annual Report
The EDPB’s annual report can include all topics relevant to data protection law. It is simultaneously intended to make the actions of the EDPB transparent, whilst also increasing public awareness of the risks associated with the processing of personal data.[1]
It is not primarily designed to be a summary of the EDPB’s activities, but rather a status report on data protection in the EU, as well as in third countries “where relevant.”[2] The phrase “where relevant” is intended to make clear that third countries will only be referred to where the data of EU individuals are processed. Irrespective of this, the EDPB may also monitor international developments in non-EU data protection for other reasons.[3]
Although made public, the annual report is directly transmitted to the European Parliament, Council, and Commission, giving it a distinctive political orientation.[4] These bodies can use the report as an opportunity to take their own action; e.g., the Commission might initiate infringement proceedings against Member States that the EDPB confirms have violated the GDPR.[5]
Public bodies can be named in the annual report as they have no basic right to data protection. The extent to which private organisations should be named must be assessed on a case-by-case basis, and factors may include: whether the organisation is committing persistent violations of the GDPR; whether there is a legal dispute (the ECJ and ECHR always publish their judgments with the full names of parties to the proceedings); and the possible adverse effects on the company’s reputation.[6]
(1) Content of the Annual Report
Article 71(2) establishes a few specific requirements for the content of the annual report.
First, the report must include a review of the EDPB’s statements, guidelines, recommendations, and best practices published under Article 70(3) GDPR. Though Article 70(3) GDPR already obliges the EDPB to make these public, Article 71(2) GDPR ensures the public is provided with an overview of acts adopted during the relevant reporting period.[7]
Additionally, the report must include any binding decisions issued in dispute resolution procedures under Article 65(1). Article 65(5) also obliges the EDPB to publish such decisions on its website.
Beyond these specific requirements, the EDPB has a wide discretion as to which information is included in the annual report.[8] This has previously included a summary of its most important statements and resolutions, and statements on the activities of supervisory authorities.[9]
Decisions
→ You can find all related decisions in Category:Article 71 GDPR
References
- ↑ Nguyen in Gola DS-GVO, Article 71 GDPR, margin number 1 (Beck 2018, 2nd ed.) (accessed 1 June 2021).
- ↑ Körffer in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin number 2 (Beck 2021, 3rd ed.) (1 June 2021).
- ↑ Dix in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (accessed 1 June 2021).
- ↑ Körffer in Paal, Pauly, DS-GVO BDSG, Article 71 GDPR, margin numbers 4 (Beck 2021, 3rd ed.) (accessed 1 June 2021).
- ↑ Dix in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (accessed 1 June 2021).
- ↑ Dix in Kühling, Buchner, GDPR BDSG, Article 71 GDPR, margin number 6 (Beck 2020, 3rd ed.) (1 June 2021).
- ↑ Nguyen in Gola DS-GVO, Article 71 GDPR, margin number 2 (Beck, 2018, 2nd ed.) (accessed 1 June 2021).
- ↑ Nguyen in Gola DS-GVO, Article 71 GDPR, margin number 3 (Beck, 2018, 2nd ed.) (accessed 1 June 2021).
- ↑ Nguyen in Gola DS-GVO, Article 71 GDPR, margin number 3 (Beck, 2018, 2nd ed.) (accessed 1 June 2021).