EDPB Plenary 5/Minutes

From GDPRhub
Revision as of 21:28, 9 June 2020 by ManTechnologist (talk | contribs) (+pdf)

File:EDPB 5 Plenary.pdf

Adoption of the minutes and the agenda

Minutes of the 4rd EDPB meeting

The minutes were adopted with a change made in the section on observers. The words referring to the ePrivacy Directive for the EFTA EEA countries have been kept in the minutes.

Draft agenda of the 5th meeting

The draft agenda was adopted. Items 2.1, 2.2, 2.3, 2.6, 3.5.1, 3.5.2 of the agenda were declared confidential according to Art. 33 RoP.

The Chair of the Board informed the members about the intervention of Ms. Jourová around 3 o’clock.

Observers were present during the plenary meeting except for points 2.1, 2.2 and 2.6 of the agenda.

FOR DISCUSSION AND/OR ADOPTION - Current Focus of the EDPB

Opinion on the Commission’s Japan Adequacy Decision – discussion and adoption [REDACTED]

[REDACTED] - subgroups presented the EDPB draft opinion on the COM’s draft decision on the EU – Japan adequacy. After discussions among the members, the EDPB adopted its opinion with 23 votes. One EEA EFTA SA was also in favour of the adoption of the opinion.

Art. 64 GDPR Opinions on DPIA lists: [REDACTED] – discussion and adoption - [REDACTED]

The lead rapporteur explained that the assessment of the 4 new list followed the same methodology that was used for the previous 22 lists that had been submitted to the EDPB for an opinion in accordance with Art. 64 GDPR.

[REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

The four opinions were adopted unanimously by the members of the Board.

The Technology subgroup will work on the replies received regarding the other 22 DPIA opinions.

Reorganisation of the subgroups - discussion and adoption - [REDACTED]

Based on EDPB members’ contributions, the Chair team together with the EDPB Secretariat developed a compiled proposal paper, which was presented to the members of the EDPB. The members of the EDPB discussed this document during the last plenary meeting. The only remaining question concerned the respective mandate of the e-Government subgroup and the Technology subgroup.

A new name for the e-Government subgroup was adopted by the members of the Board: the Compliance, e-Government and Health subgroup.

After discussions, the members of the Board agreed that the mandate of the Compliance, e- Government and Health subgroup will cover the work on Code of Conducts, accreditation and certification, e-Government and health issues.

The Technology subgroup will work on technology, innovation, information security, confidentiality of communications in general, ePrivacy, encryption, DPIA and data breach notifications, emerging technologies, innovation and related challenges to privacy: reflecting on data protection risks of future technological developments. The Technology subgroup will also provide input on technology matters to other SGs.

The Chair of the Board reminded all members that there is a general obligation for all subgroups to cooperate.

The EDPB members agreed that the “subgroups” should rather be called “expert subgroups” as provided by the RoP.

NEW: Intervention of Ms JOUROVA- [REDACTED]

Ms Jourová [REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

Guidelines on accreditation – discussion and adoption

The Article 29 Working Party adopted the Draft Guidelines on the accreditation of certification bodies under Regulation (EU) 2016/679 on 6 February 2018 (WP 261). The adopted draft guidelines on the accreditation of certification bodies were published for public consultation in February 2018. All comments and proposals received have been discussed. Some of the recommendations have been included in the revised draft of the guidelines.

These draft guidelines are complemented by a draft annex, providing guidelines on the “additional” accreditation requirements. This draft annex is a new document which has not been subject yet to public consultation.

[REDACTED]

[REDACTED]

The majority of the members of the Board (15) decided to launch a public consultation of the draft annex. One EEA EFTA SA was also in favour of this public consultation.

Guidelines on code of conduct – state of play and discussion

The Coordinator of the Compliance, e-Government and Health subgroup explained the current state of play of the guidelines. It is expected to have the guidelinesready for adoption in January or February 2019. The Board took note of the discussions and confirmed that the subgroup can continue its work on the basis of the agreed approaches.

Request for an Art. 64 GDPR Opinion on the interplay between GDPR and ePrivacy Directive – discussion and request for mandate for the [REDACTED] - [REDACTED]

There are processing activities which may be tied to the material scope of the GDPR and the ePrivacy Directive respectively. While the interaction between the ePrivacy Directive and Directive 95/46 has already been addressed in previous WP29 guidance, questions have emerged regarding the competence of supervisory authorities to exercise their powers under the GDPR in cases where both the GDPR and national implementations of the ePrivacy Directive are applicable.

One member of the EDPB has requested an EDPB opinion on these questions concerning the interplay between the GDPR and the ePrivacy Directive as it considers that this concerns a matter “of general application or producing effects in more than one Member State” (Art. 64.2).

After discussions, the mandate was attributed to the as rapporteur with the discussions hosted within the Technology subgroup. Due to the complexity of the matter, it was also agreed that, in accordance with Art. 64.3, the period within which the opinion shall be adopted will be extended by a further six weeks, which would allow for timely adoption at the March 2019 Plenary.

FOR DISCUSSION AND/OR ADOPTION – Subgroups and Secretariat

Cooperation SG: International cooperation for the protection of personal data - Article 50 GDPR – state of play and discussion

The rapporteur explained the work done in relation with the application of Art. 50 GDPR. [REDACTED]

The Cooperation subgroup is in contact with the Commission to determine the respective role of the EDPB and the Commission in this regard.

The EDPB was informed that current rapporteur cannot continue to work on this matter in the future and the coordinator of the subgroup called for a new rapporteur.

[REDACTED]

BTLE SG: 5th Annual Review TFTP – COM letter – discussion

The Commission has invited the EDPB to participate at the next joint review of the TFTP agreement with the U.S. It will take place on 31 January and 1 February 2019 in Washington. The invitation is for two EDPB representatives, one of which has to be from Belgium, as foreseen in the TFTP agreement (SWIFT has its European headquarters in Belgium.)

The Board agreed on the two EDPB representatives: one from the [REDACTED] and one from [REDACTED].

Financial Matters SG: PSD2 – discussion and request for mandate

A mandate has been granted to the Financial Matters subgroup to draft an opinion on the interplay between the data protection aspects of PSD2 and the GDPR. In addition, a mandate to organize a workshop with relevant stakeholders has been given to the Financial Matters subgroup.

[REDACTED] expressed their willingness to act as rapporteurs.

Key Provisions SG: Update / Recast of WP29’s Opinion on the concepts of controller and processor – discussion and request for mandate

A mandate has been granted to the Key Provisionssubgroup to review and update the WP29’s Opinion 1/2010 on the concepts of "controller" and "processor" in light of the GDPR.

[REDACTED] expressed its willingness to act as co-rapporteur on this item but the designation of a lead rapporteur and possibly other co-rapporteurs is still necessary.

The EDPB Secretariat will organise - in close cooperation with the coordinator and the rapporteurs – in 2019 an event with stakeholders on this matter.

Secretariat

3.5.1 Data protection and Freedom of expression

3.5.1.1 Draft answer to In't Veld – discussion and adoption

Discussions took place on this point but further discussions will take place during the next plenary meeting (22-23 January 2019).

Draft answer to civil society privacy organisations – discussion and adoption

Discussions took place on this point but further discussions will take place during the next plenary meeting (22-23 January 2019).

Draft mandate for guidance on the balance between data protection and freedom of expression – discussion and request for mandate (Rapporteur: RO SA)

Discussions took place on this point but further discussions will take place during the next plenary meeting (22-23 January 2019).

Access request –pending requests -state of play and way forward - [REDACTED]

No discussions took place on this point. This item will be discussed during the next plenary meeting (22-23 January 2019).

==== Procedure for informal consultation – discussion and adoption Discussions took place on this point but only on the part of the publication of the letter sent by the EDPB to the Commission. The EDPB members decided that the letter sent on the Draft Commission Delegated Regulation with regard to the provision of EU-wide Cooperative Intelligent Transport Systems will not be published on the EDPB website.

Miscellaneous

  • A member of the EDPB shared an update on Brexit. The Commission reminded the members of the EDPB about the seminar on Brexit for the 27 members on 5 December 2018, afternoon.
  • A member of the EDPB informed the Board that its national law has been adopted on 5 December 2018.
  • A member of the EDPB shared the state of play on the new 45/2001 regulation (now referred to as Regulation 2018/1725).
  • The Commission reminded the members of the EDPB about the next meetings of the election networks involving SAs (21 January 2019 and 4 April 2019).

Attendance list

SAs of: AT, BE, BG, CY, CZ, DE, DK, EDPS, EE, EL, ES, FI, FR, HR, HU, IE, IT, IS, LI, LT, LU, LV, MT, NL, NO, PL, RO, SE, SI, SK, UK

Further attendees:

  • European Commission
  • EDPB Secretariat

Observers: AL, MD, MK

License

European Data Protection Board

© European Data Protection Board, 2018-2024.
This item was provided by the European Data Protection Board
via a request pursuant to Article 15(3) TFEU and Regulation (EC) No 1049/2001.

You may re-use it free of charge for non-commercial and commercial purposes provided that the source is acknowledged and that you do not distort the original meaning or message of the document. The EDPB, nor its Secretariat assume liability stemming from the re-use.

Flag of the European Union