Article 76 GDPR
Legal Text
1. The discussions of the Board shall be confidential where the Board deems it necessary, as provided for in its rules of procedure.
2. Access to documents submitted to members of the Board, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 of the European Parliament and of the Council (21).
Relevant Recitals
Commentary
Article 76 GDPR presents an interesting example of how the GDPR balances different interests at stake. On the one hand, European authorities must act transparently to ensure that their actions can be verified. On the other hand, a space of confidentiality must be preserved to allow them to act effectively. The result is Article 76 GDPR which seeks to regulate this issue, partly through its own provisions, partly through reference to other areas of legislation, including the EDPB's rules of procedure.
(1) Confidentiality, Where Necessary
Under Article 76(1) GDPR, “[t]he discussions of the Board shall be confidential where the Board deems it necessary”. Therefore, the rule is that EDPB discussions are publicly accessible unless it is necessary to impose secrecy on them. In turn, the criteria for defining cases of secrecy are laid down in the EDPB's internal rules (“as provided for in its rules of procedure”).
Confidentiality in the EDPB Rules of Procedure.
Article 33(1) of the Rules of procedure (“RoP”) stipulates that in “accordance with Art 76 (1) GDPR”, discussions of the Board and of expert subgroups shall be confidential when: “a. they concern a specific individual; b. they concern the consistency mechanism; c. the Board decides that the discussions on a specific topic shall remain confidential for instance when the discussions concern international relations and/or where the absence of confidentiality would seriously undermine the institution's decision-making process, unless there is an overriding public interest in disclosure.”
(2) Access to Documents
Article 76(2) GDPR provides that access to documents submitted to members of the EDPB, experts and representatives of third parties shall be governed by Regulation (EC) No 1049/2001 on public access to EU documentation. Under Article 2(3) of that Regulation, all documents held by an institution, that is to say, “documents drawn up or received by it” are under the scope of the access. In this regard, Article 76(2) GDPR significantly reduces the scope of the access only to “documents submitted to [and therefore, ‘received by’] members of the Board, experts and representatives of third parties”. It follows that documents drawn up by the EDPB itself are not intended to be covered by the access right unless other more specific GDPR provisions apply. For instance, opinions and resolutions of the Board are published under Article 64(5)(b) and Article 65(5) and Article 70(3) and (4) GDPR.
Decisions
→ You can find all related decisions in Category:Article 76 GDPR