On 19 June 2024, the European Data Protection Board (EDPB) released the finalized version of Guidelines 01/2023, which addresses Article 37 of the Law Enforcement Directive (LED). These guidelines are designed to assist EU Member States in establishing appropriate safeguards for personal data transfers by competent authorities to third countries or international organizations, ensuring that such transfers maintain a high level of data protection.
Legal Mechanisms and Safeguards
The guidelines detail the requirements for choosing legal mechanisms, emphasizing the importance of legally binding instruments. These instruments should ensure an essentially equivalent level of data protection, offering more legal certainty and transparency compared to self-assessment methods.
Assessment of Transfer Circumstances
Authorities are advised to assess the risks involved in data transfers, considering the impact on the fundamental rights of data subjects. This involves evaluating specific transfer circumstances and ensuring that appropriate safeguards are in place.
Accountability and Compliance
Competent authorities must maintain detailed records of processing activities, regularly review and update their assessments of data transfers, and cooperate with supervisory authorities. The guidelines also stress the need for Member States to align international agreements with LED standards to avoid undermining data protection when transferring personal data outside the EU.
👉 Read more here.
♻️ Share this if you found it useful.
💥 Follow me on Linkedin for updates and discussions on privacy education.
📍 Subscribe to my newsletter for weekly updates and insights – subscribers get an integrated view of the week and more information than on the blog.