Article 76 GDPR

From GDPRhub
Revision as of 13:00, 6 August 2021 by SR (talk | contribs) (→‎Commentary)
Article 76 - Confidentiality
Gdpricon.png
Chapter 10: Delegated and implementing acts

Legal Text


Article 76 - Confidentiality


1. The discussions of the Board shall be confidential where the Board deems it necessary, as provided for in its rules of procedure.

2. Access to documents submitted to members of the Board, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 of the European Parliament and of the Council (21).

Relevant Recitals

You can help us fill this section!

Commentary

This article presents an interesting example of how the GDPR balances different interests at stake. On the one hand, European authorities must act transparently to ensure that their actions can be verified. On the other hand, a space of confidentiality must be preserved to allow them to act effectively. The result is Article 76 which, partly through its own provisions, partly through reference to other areas of legislation, including the EDPB's rules of procedure, seeks to regulate this issue.

(1) Confidentiality, when necessary

Under Article 76(1), “The discussions of the Board shall be confidential where the Board deems it necessary”. The rule, therefore, is that Board discussions are publicly accessible unless it is necessary to impose secrecy on them. In turn, the criteria for defining cases of secrecy are laid down in the EDPB's internal rules. (“as provided for in its rules of procedure”).

Confidentiality in the EDPB Rules of procedure.

Article 33(1) of the Rules of procedure (“RoP”) stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert subgroups shall be confidential when:

a. they concern a specific individual;

b. they concern the consistency mechanism;

c. the Board decides that the discussions on a specific topic shall remain confidential for instance when the discussions concern international relations and/or where the absence of confidentiality would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.

(2) Access to document

Article 76(2) GDPR provides that access to documents submitted to members of the Board, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 on public access to EU documentation.

Under Article 2(3) of that Regulation, all documents held by an institution, that is to say, “documents drawn up or received by it” are under the scope of the access. In this regard, Paragraph 2 of Article 76 GDPR significantly reduces the scope of the access only to “documents submitted to [and therefore, “received by”] members of the Board, experts and representatives of third parties”.

It follows that documents drawn up by the Board itself are not intended to be covered by the access right unless other more specific GDPR provisions apply. For instance, opinions and resolutions of the Board are published under Article 64(5)(b) and Article 65(5) and Article 70(3) and (4) GDPR.

Decisions

→ You can find all related decisions in Category:Article 76 GDPR

References