EDPB Archives

The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.

EDPB Finalizes Guidelines on Law Enforcement Data Transfers

EDPB, Guideline | July 1, 2024

The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.

EDPB Finalizes Guidelines on Law Enforcement Data Transfers Read More »

EDPB Statement on Financial Data Access and Payments Package

EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) adopted Statement 2/2024, addressing the European Commission’s proposals for Financial Data Access (FIDA), Payment Service Regulation (PSR), and Payment Service Directive (PSD3). The EDPB highlights the need for clear rules on recording and disclosing personal data, defines obligations for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs), and emphasizes data protection, transparency, and minimization. Key recommendations include robust safeguards in transaction monitoring, defining ‘permission’ distinct from GDPR consent, and enhancing cooperation among supervisory authorities.

EDPB Statement on Financial Data Access and Payments Package Read More »

EDPB Issues Opinion on Facial Recognition at Airports

AFR, AI, EDPB, EU law | June 8, 2024

The European Data Protection Board (EDPB) issued an Opinion regarding the use of facial recognition technologies by airport operators and airlines to streamline passenger flow. The Opinion, prompted by a request from the French Data Protection Authority, emphasizes the need for maximum control by individuals over their biometric data due to significant privacy risks. It finds that only storage solutions where biometric data is kept by individuals or encrypted centrally with keys in individuals’ hands are compliant with GDPR principles of data protection by design and security. Less intrusive alternatives should be sought to avoid excessive data processing.

EDPB Issues Opinion on Facial Recognition at Airports Read More »

German Court Decision Contrasts with EDPB Stance: Regensburg Court Validates Meta’s “Consent or Pay”

Consent, Consent or Pay, EDPB, EU law, GDPR | June 7, 2024

Remember the EDPB draft opinion on Meta’s “consent or pay”? If not, read here my summary. Well that one was published on 17 April, but I came across a court decision from 15 April, in Germany, also on “consent or pay”. Spoiler alert: the arguments don’t totally match, and the conclusion is entirely different! Here’s

German Court Decision Contrasts with EDPB Stance: Regensburg Court Validates Meta’s “Consent or Pay” Read More »

Key takeaways from EDPB’s Taskforce Report on ChatGPT

EDPB, OpenAI | May 31, 2024

Discover the EDPB Taskforce’s insights on ChatGPT’s GDPR compliance, covering key principles like lawfulness, fairness, transparency, accuracy, and data subject rights. Read the full report to understand the implications for OpenAI and data privacy.

Key takeaways from EDPB’s Taskforce Report on ChatGPT Read More »