EDPB Plenary 4/Minutes

From GDPRhub
Revision as of 19:46, 6 June 2020 by Wimh (talk | contribs) ({{EDPB-FOI}})

File:EDPB 4 Plenary.pdf

Adoption of the minutes and the agenda

Minutes of the 3rd EDPB meeting

The minutes were approved. The members of the EDPB requested more transparency on the changes made on the minutes before the plenary meeting and following requests by members. A finalised draft version should be made available at least 24h before the next plenary meeting and the requested changes need to be identified in track changes with a reference to the member that requested the change. Any request for change less than 24h before the meeting should be introduced in person at the meeting itself.

A member of the EDPB also asked to first submit the minutes to the coordinators of the subgroups before circulating them to the EDPB. The Chair agreed to this proposal as long as it is possible time wise.

Draft agenda of the 4th meeting

The draft agenda was approved. Items 2.1.1, 2.1.2, 2.2, 2.4, 2.5 and 2.11 of the agenda were declared confidential according to Art. 33 RoP.

FOR DISCUSSION AND/OR ADOPTION - Current Focus of the EDPB

Reorganisation of the EDPB Subgroups – discussion and adoption - [REDACTED]

Based on EDPB members’ contributions, the Chair team together with the EDPB Secretariat developed a compiled proposal paper, which was presented to the members of the EDPB. The members of the EDPB discussed a part of this document during the last plenary meeting. Discussions on the rest of the document took place.

Regarding the Cooperation subgroup, the EDPB decided to keep the name of this subgroup and to keep its mandate with the addition of the general focus on procedures, procedural questions of Chap VII section 1 and 2 GDPR and procedural questions in case where there is no establishment in the EU. The check of which documents need to be translated during the OSS procedure should also be attributed to the cooperation SG. The Cooperation subgroup will have back-to-back meetings with the Enforcement subgroup.

Regarding the Enforcement subgroup, the EDPB decided to keep the name of this subgroup and that this subgroup will also deal with exchange of information on concrete cases. The final indent description of the mandate in the table at the end of the paper should be adapted to read “develop and propose an EDPB enforcement strategy ”.

Regarding the Financial matter subgroup, the EDPB members decided to keep the name of this subgroup and to keep its mandate. It will be activated when necessary and will meet via teleconference where possible.

Regarding the Fining taskforce, the EDPB members decided to keep the name of this subgroup and [REDACTED]

Regarding the ITS subgroup, the EDPB members decided to keep the name of this subgroup and to keep its mandate. Close cooperation with BTLE SG on article 48 GDPR and with Cooperation SG on article 50 GDPR remains.

Regarding the IT User subgroup, no remark has been raised on the proposal to have such a SG and on the description of its mandate.

Regarding the Key provisions subgroups, the EDPB members decided to keep the name of this subgroup and to keep its mandate, as described in the paper.

Regarding the Social media subgroup, the EDPB members decided to keep the name of this subgroup and to keep its mandate, as described in the paper with one modification: the word “develop” needs to be changed into “provide” guidance.

Regarding the FOP subgroup, the EDPB members decided to change its name into “Strategic Advisory subgroup”. It will be kept as a subgroup and will be convened every 2-3 months. All SAs should take part in those meetings and the filtering effect of this subgroup regarding issues not solved in subgroups should be used. This decision will be reviewed at the end of 2019.

Regarding the group of Coordinators, The group of coordinators will be maintained and it will be used notably for ensuring harmonised working methods between subgroups.

Regarding the e-Government subgroup and the Technology subgroup, further discussions are still needed and a proposal will be presented at the December plenary.

Update on Brexit – state of play - [REDACTED]

COM briefed the EDPB members on the draft withdrawal agreement.

The COM informed the EDPB on the organisation of a sectorial seminar with EU 27 on Brexit and data protection law, scheduled for 27 November. COM will share soon the details to the members of the EDPB.

UK SA also presented its views on the negotiations on Brexit and the withdrawal agreement.

Consultation on COM’s draft question and answer document on interplay between Clinical Trial Regulation and GDPR: attribution of the topic to one or more SGs – discussion and request for mandate

The EDPB gave the requested mandate to the E-Government SG and the Key Provisions SG. [REDACTED] notified their wish to be co-rapporteur on this issue.

SEC will contact the COM to ask an extension of the deadline.

Opinion on the Commission’s Japan Adequacy Decision – state of play and discussion [REDACTED]

[REDACTED]

[REDACTED]

Information and exchange of different strategies of SAs – discussion

The EDPB agreed on the importance to share information on the development of operational management strategies, of tools and research materials, and on knowledge and questions experienced by the national SAs. The EDPB discussed the methodology to ensure such an information sharing approach. Some ideas came up like sharing electronically the information, sharing it orally during the FOP or plenary meeting or to use the network of communication officers for that.

[REDACTED] explained tht it is currently working on a collaborative tool.

EDPB members asked the SEC to elaborate a template for sharing information together with [REDACTED] and [REDACTED].

COM informed the members that there will be a kick off meeting on the 3rd of December on the awareness actions undertaken by the SAs that are co-financed by the COM though grants. All SAs who are beneficiaries have to attend; the other SAs are also invited in order to promote consistency between the various national actions. COM also informed that a new call for proposals restricted to SAs will be issued in 2019.

Guidelines on the application of the territorial scope of the GDPR – discussion - [REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

[REDACTED]

Obersers - discussion and decision on the status [REDACTED]

COM explained the rules governing observer status under EU law with reference to the note it circulated in view of the Plenary. It stressed the exceptional nature of such a status and the very strict conditions that the EDPB has to apply in considering whether to admit observers, considering its new nature as an EU body with decision-making power.

The EDPB agreed to welcome Albania, FYROM, Montenegro, Serbia and Moldova SAs as observers of the EDPB.

Norway, Liechtenstein and Iceland, with regard to GDPR related matters, received already from the entry into force of the amendment to the EEA agreement on 20th July 2018 a right to participate as members to the EDPB activities, without voting rights and without the right to be elected as chair and vice-chair. However, their positions shall be recorded separately. They are also observers by virtue of international agreements with regard to the ePrivacy Directive and the Schengen acquis, including Directive 2016/680.

Switzerland has an observer status by virtue of the Schengen agreement with regard to issues relating exclusively to the Schengen acquis, including Directive 2016/680. It is required to appoint one representative.

The EDPB agreed to work on article 8 of the ROP to ensure clarity, including on the question of which agenda items (of both subgroup and plenary meetings) may be atte A working group will be created to that end with representatives of [REDACTED]

Update of the EDPB Rules of Procedure after the EEA agreement – adoption

SEC explained the three changes suggested in the ROP:

  • one on the EFTA-EEA countries;
  • one on the calculation of the deadlines; and
  • one on the procedure on public access to document.

In addition to those 3 changes, SEC explained that two mandates are requested: one on the article 64 procedure and one on the written procedure.

14 SAs agreed to those requests and changes but the 2/3 majority could not be met as the remaining members of the EDPB present to the meeting was not sufficient. A written procedure will be launched.

The same working group as for the modification of article 8 of the ROP will work on the respective mandates, should they be adopted following the written procedure.

International cooperation for the protection of personal data - Article 50 GDPR – state of play and discussion

This agenda point was discussed later in the meeting. Discussions took place on this point but no decision could be taken as the quorum was not met anymore.

Letter of response to Consumers International, Privacy International, and Norwegian Consumer Council regarding the Deceived By Design report – adoption

The rapporteur informed the EDPB members that the draft letter is withdrawn.

Informal consultation on the Draft Commission Delegated Regulation with regard to the provision of EU-wide Cooperative Intelligent Transport Systems – discussion and adoption

[REDACTED] resented its draft answer. The EDPB adopted the draft answer.

Video-conferencing system – discussion and adoption

[REDACTED] presented its info note and the possible options. The EDPB decided to follow the recommendation of the IT users subgroup and to choose option 3 as a long-term solution, while as a short-term use option 1.

Privacy Shield – Second Annual Review – oral state of play - [REDACTED]

One member of the EDPB, who participated in the second annual review, made a detailed oral state of play. A fact-finding document has been shared with the members of the EDPB.

5th Annual Review TFTP – COM letter – Discussion

Discussions took place on this point but no decision could be taken as the quorum was not met anymore.

Miscellaneous

  • A member of the EDPB shared its intention to initiate a 64.2 procedure
  • A member of the EDPB asked to have a template for preparing the annual report
  • A member of the EDPB shared the state of play of an investigation regarding the RICE project. SEC informed the members that it has received a letter from an MEP regarding this investigation and that an answer needs to be drafted. The member of the EDPB requested the attribution of a mandate for a guideline on article 85 GDPR.
  • Following the discussion on the electoral package presented by Commissioner Jourová at the last Plenary, COM informed the members of the EDPB about the next meetings of the election networks involving SAs (21.01 and 04.04). It also informed the members on the future consultation of the EDPB by the COM (DG CNECT) on guidance to be issued under the Regulation on the free flow of non-personal data in the EU. Finally, COM informed the members of the EDPB that it has received questions and complaints about the fact that some national guidelines are not in line with the EDPB guidelines. COM invited the members of the EDPB to check their national guidance to ensure that they are in line with the EDPB guidelines.

Attendance list

SAs of:

AT, BE, BG, CY, CZ, DE, DK, EDPS, EE, EL, ES, FI, FR, HR, HU, IE, IT, IS, LI, LT, LU, LV, MT, NL, PT, RO, SE, SI, SK, UK

Further attendees:

  • European Commission
  • EDPB Secretariat

License

European Data Protection Board

© European Data Protection Board, 2018-2024.
This item was provided by the European Data Protection Board
via a request pursuant to Article 15(3) TFEU and Regulation (EC) No 1049/2001.

You may re-use it free of charge for non-commercial and commercial purposes provided that the source is acknowledged and that you do not distort the original meaning or message of the document. The EDPB, nor its Secretariat assume liability stemming from the re-use.

Flag of the European Union