Article 67 GDPR: Difference between revisions
No edit summary |
|||
Line 197: | Line 197: | ||
== Commentary == | == Commentary == | ||
Article 67 GDP provision grants the power to adopt an implementing act to the Commission for the exchange of information not only between the supervisory authorities (“''SA''”), but also between the SAs and the EDPB. | Article 67 GDP provision grants the power to adopt an implementing act to the Commission for the exchange of information not only between the supervisory authorities (“''SA''”), but also between the SAs and the European Data Protection Board (“''EDPB''”). | ||
The necessity of a reliable and efficient system to communicate, in particular under the cooperation procedure (between SAs) and the consistency mechanism (under the consistency procedure) is vital for the good functioning of the cooperation between the SAs and the EDPB, considering the strict deadlines and the need for enhanced cooperation. The Internal Market Information System (IMI) was chosen as the IT platform to support cooperation and consistency procedures under the GDPR. IMI helps public authorities across the EU to cooperate and exchange information. IMI has been developed by the European Commission’s DG GROW and was adapted to cater for the needs of the GDPR, in close cooperation with the Secretariat of the EDPB and the national SAs.<ref>See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available [https://edpb.europa.eu/news/news/2018/state-play-imi-gdpr-purposes_en here]).</ref> The IMI system is therefore used to initiate various procedures under the GDPR, such as the identification of the LSA, mutual assistance procedures, or one-stop-shop procedures.<ref>See EDPB, 2019 Annual Report, Section 4.3.1 (available [https://edpb.europa.eu/sites/default/files/files/file1/edpb_annual_report_2019_en.pdf here]).</ref> | The necessity of a reliable and efficient system to communicate, in particular under the cooperation procedure (between SAs) and the consistency mechanism (under the consistency procedure) is vital for the good functioning of the cooperation between the SAs and the EDPB, considering the strict deadlines and the need for enhanced cooperation. The Internal Market Information System (IMI) was chosen as the IT platform to support cooperation and consistency procedures under the GDPR. IMI helps public authorities across the EU to cooperate and exchange information. IMI has been developed by the European Commission’s DG GROW and was adapted to cater for the needs of the GDPR, in close cooperation with the Secretariat of the EDPB and the national SAs.<ref>See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available [https://edpb.europa.eu/news/news/2018/state-play-imi-gdpr-purposes_en here]).</ref> The IMI system is therefore used to initiate various procedures under the GDPR, such as the identification of the LSA, mutual assistance procedures, or one-stop-shop procedures.<ref>See EDPB, 2019 Annual Report, Section 4.3.1 (available [https://edpb.europa.eu/sites/default/files/files/file1/edpb_annual_report_2019_en.pdf here]).</ref> |
Latest revision as of 16:13, 2 November 2023
Legal Text
The Commission may adopt implementing acts of general scope in order to specify the arrangements for the exchange of information by electronic means between supervisory authorities, and between supervisory authorities and the Board, in particular the standardised format referred to in Article 64.
Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 93(2).
Relevant Recitals
Commentary
Article 67 GDP provision grants the power to adopt an implementing act to the Commission for the exchange of information not only between the supervisory authorities (“SA”), but also between the SAs and the European Data Protection Board (“EDPB”).
The necessity of a reliable and efficient system to communicate, in particular under the cooperation procedure (between SAs) and the consistency mechanism (under the consistency procedure) is vital for the good functioning of the cooperation between the SAs and the EDPB, considering the strict deadlines and the need for enhanced cooperation. The Internal Market Information System (IMI) was chosen as the IT platform to support cooperation and consistency procedures under the GDPR. IMI helps public authorities across the EU to cooperate and exchange information. IMI has been developed by the European Commission’s DG GROW and was adapted to cater for the needs of the GDPR, in close cooperation with the Secretariat of the EDPB and the national SAs.[1] The IMI system is therefore used to initiate various procedures under the GDPR, such as the identification of the LSA, mutual assistance procedures, or one-stop-shop procedures.[2]
The Commission also adopted an implementing decision on a pilot project to implement the administrative cooperation provisions of the GDPR.[3] This decision refers to the Administrative cooperation between SAs (covering cooperation under Articles 56, 60, 61 and 62 GDPR) and the administrative cooperation between SAs, the EDPB and the Commission (covering Articles 64 to 66 GDPR). For the purposes of the pilot project, the SAs referred to in Article 51 GDPR and the EDPB shall be considered as “competent authorities” under the IMI Regulation.[4] The IMI Regulation (Regulation (EU) No 1024/2012) has also been modified to extend the list of IMI actors (besides the “competent authorities, IMI coordinators and the Commission”) to the “Union bodies, offices and agencies” and to add the GDPR to the Annex listing the provisions on administrative cooperation in union acts that are implemented by means of IMI.[5]
Article 17 of the EDPB Rules of Procedure (RoP) refers to the use of an “Internal information and communication system”, “in particular to support the electronic exchange of documents within the cooperation and the consistency mechanisms”. Article 10 11(1) of the EDPB RoP require the competent SA to send the relevant documents to the secretariat of the EDPB via the IMI IT system. The use of the IMI system to communicate between SAs is therefore made mandatory. Ignoring this requirement can have consequences, since the EDPB already considered that the urgency could not be presumed under Article 61(8) GDPR if the request for mutual assistance was not made under the formal IMI procedure to send a request for mutual assistance to the Irish SA.[6]
Decisions
→ You can find all related decisions in Category:Article 67 GDPR
References
- ↑ See EDPB, State of Play - IMI for GDPR purposes, 27 June 2018 (available here).
- ↑ See EDPB, 2019 Annual Report, Section 4.3.1 (available here).
- ↑ European Commission, 16 May 2018, Implementing Decision (EU) 2018/743 (available here).
- ↑ The EDPS is not a competent authority under the GDPR, which seems to exclude it from the pilot project.
- ↑ See Article 5(g) of Regulation (EU) No 1024/2012, as modified by Regulation (EU) 2018/1724.
- ↑ EDPB, 12 July 2021, Urgent Binding Decision 01/2021 on the request under Article 66(2) GDPR from the Hamburg (German) Supervisory Authority for ordering the adoption of final measures regarding Facebook Ireland Limited, p.42, s. 4.2.1(available here).