EDPB - Binding Decision 1/2020 - 'Twitter'
| - 1/2021 | |
|---|---|
 | |
| Authority: | EDPB |
| Jurisdiction: | European Union |
| Relevant Law: | Article 4(24) GDPR Article 5(1)(f) GDPR Article 28 GDPR Article 33(1) GDPR Article 33(5) GDPR Article 60(4) GDPR Article 65(1)(a) GDPR |
| Type: | Other |
| Outcome: | n/a |
| Started: | |
| Decided: | 09.11.2020 |
| Published: | |
| Fine: | None |
| Parties: | n/a |
| National Case Number/Name: | 1/2021 |
| European Case Law Identifier: | n/a |
| Appeal: | Not appealed |
| Original Language(s): | English |
| Original Source: | EDPB website' (in EN) |
| Initial Contributor: | n/a |
dddd
English Summary
Facts
After a data breach that occurred with Twitter, the IE SA (DPC) issued a draft decision to the other SAs. They sustained their relevant and reasoned objections under Article 60 GDPR (FR, DE, DK, IT, NL, ES, HU). Therefore, the EDPB issued its first decision under Article 65(1)(a) GDPR and answers to all the objections of the SAs.
Dispute
- Are Twitter Inc and TIC (Twitter Ireland) controller, processor, or joint controllers ? - Where is the main establishment of Twitter, and therefore does the DPC have jurisdiction ? - When is a relevant and reasoned objection admissible under Article 4(24) GDPR ? - Is there any other violation of the GDPR than Article 33(1) and (5) ?
Holding
1. On the admissibility of an objection, the jurisdiction of the DPC, the controller-processor relationship
The EDPB considers that an objection concerning the role, or designation, of the parties can fall within the meaning of the definition of ‘relevant and reasoned’ objection under Article 4(24) GDPR, as this can affect the determination as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation. However, the EDPB considers that an objection on the competence of the supervisory authority acting as LSA should not be raised through an objection pursuant to Article 60(4) GDPR and falls outside of the scope of Article 4(24) GDPR46
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the English original. Please refer to the English original for more details.
en
Bulgarian (bg)
Czech (cs)
Danish (da)
German (de)
Estonian (et)
Greek (el)
Spanish (es)
French (fr)
Irish (ga)
Croatian (hr)
Italian (it)
Latvian (lv)
Lithuanian (lt)
Hungarian (hu)
Maltese (mt)
Dutch (nl)
Polish (pl)
Portuguese (pt-pt)
Romanian (ro)
Slovak (sk)
Slovenian (sl)
Finnish (fi)
Swedish (sv)
EDPB adopted documents - 48th plenary
22 April 2021
EDPB
EDPB adopted documents - 48th plenary
22 April 2021
EDPB
Italian DPA: Major Critical Issues for Vaccination Pass
4 May 2021
Italy
Dutch DPA fines municipality for Wi-Fi tracking
29 April 2021
Netherlands
Census 2021: Portuguese DPA (CNPD) suspended data flows to the USA
28 April 2021
Portugal
Italian DPA: Major Critical Issues for Vaccination Pass
4 May 2021
Italy
Dutch DPA fines municipality for Wi-Fi tracking
29 April 2021
Netherlands
Census 2021: Portuguese DPA (CNPD) suspended data flows to the USA
28 April 2021
Portugal
