The EDPB aims to ensure the consistent application of the General Data Protection Regulation and of the Law Enforcement Directive in the European Economic Area (EEA). The EDPB also looks into the application of certain aspects of the ePrivacy Directive.
Our main tasks and duties are:
providing general guidance (including guidelines, recommendations and best practices) to clarify the law and to promote a common understanding of EU data protection laws;
adopting opinions addressed to the European Commission or to the national Data Protection Authorities (DPAs):
to advise the European Commission on any issue related to the protection of personal data and newly proposed legislation in the European Union (Art. 70 GDPR). In some instances, we issue Joint Opinions together with the EDPS (Art.42 of Regulation 2018/1725);
to ensure consistency of the activities of national data protection authorities (DPAs) on cross-border matters (Art. 64 GDPR). If authorities fail to respect an opinion issued by the EDPB, we may adopt a binding decision;
adopting binding decisions addressed to the national DPAs and aiming to settle disputes between them when they cooperate in cross-border cases, with the purpose of ensuring the correct and consistent application of the GDPR in individual cases;
promoting and supporting the cooperation among national DPAs.
What happens after a public consultation is closed?
Once a public consultation is closed, all contributions to the public consultation are reviewed and, where necessary, the guidelines may be adapted. Once this process has been completed, the guidelines will be up for final adoption at a subsequent EDPB plenary.
What is the dispute resolution mechanism of Art. 65 GDPR?
When a Lead Supervisory Authority (LSA) issues a draft decision, it consults the Concerned Supervisory Authorities (CSAs), which can express their disagreement with the draft decision by submitting relevant and reasoned objections (RRO) within a period of four weeks (Art. 60.4 GDPR). When none of the CSAs objects, the LSA may proceed to adopt the decision.
In case at least one of the CSAs has expressed an RRO, and if the LSA intends to follow the objection, it shall submit a revised draft decision to all the CSAs. The CSAs then have a period of two weeks (Art. 60.5 GDPR) to express their RROs to the revised draft decision.
However, if the LSA does not intend to follow the objection(s), since no consensus can be reached, the consistency mechanism is triggered. This means that the LSA is obliged to refer the case to the European Data Protection Board (EDPB) and the dispute resolution role of the EDPB is activated (Art. 65.1(a) GDPR).
The dispute resolution mechanism can be triggered in two further cases:
there is a disagreement as to which authority is the LSA (Art. 65.1(b) GDPR);
an SA does not seek the opinion of the EDPB as obliged under Art. 64.1 GDPR or does not follow such an opinion (Art. 64.1 - 2 GDPR) (Art. 65.1(c) GDPR).
The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU’s data protection authorities (DPAs), as well as the DPAs of Iceland, Liechtenstein and Norway (the European Economic Area or EEA).
What is the EDPS?
The European Data Protection Supervisor (EDPS) is the European Union’s (EU) independent data protection authority.
The EDPS is responsible for monitoring the processing of personal data by the EU institutions, bodies, offices and agencies (EUIs) as well as providing advice on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
The GDPR or General Data Protection Regulation creates a harmonised set of rules applicable to all personal data processing by organisations (public or private, regardless of their size) established in the European Economic Area (EEA) or targeting individuals in the EU. The primary objective of GDPR is to ensure that personal data enjoys the same high standard of protection everywhere in the EEA, increasing legal certainty for both individuals and organisations processing data, and offering a high degree of protection for individuals.
The regulation entered into force on 24 May 2016 and applies since 25 May 2018.
What is the purpose of the dispute resolution mechanism of Art. 65.1 (a) and (b) GDPR?
The dispute resolution mechanism triggered under Art.65.1 (a) and (b) GDPR contributes to the good functioning of the cooperation mechanism by addressing any disagreements Concerned Supervisory Authorities (CSAs) may have in a given case or if there are conflicting views as to which authority is the Lead Supervisory Authority (LSA). The EDPB will act as a dispute resolution body. It must adopt a decision to address the conflict between the involved Data Protection Authorities (DPAs), which is binding on them (Art. 65 GDPR). The decision is adopted by a two-thirds majority of the members of the Board, and in case a decision cannot be adopted within 2 months, the decision is adopted within the next 2 weeks by a simple majority.
When will the EDPB’s decision be published in those cases where it settles conflicting views on a draft decision or where it decides on the Lead Supervisory Authority (LSA)?
Once the Lead Supervisory Authority (LSA) or, in some cases the Concerned Supervisory Authority (CSA), with which the complaint was lodged has notified the EDPB of the date its final decision was communicated to the controller or processor and, where relevant, to the complainant, the EDPB will publish its own decision on its website.
Where can I find documents adopted by the Article 29 Working Party?
The archived documents adopted by the Article 29 Working Party (1997-2016) are available on the website of the European Commission here: WP29 archive.
Should you experience any difficulty accessing WP29 documents, we recommend contacting the European Commission's DG Justice. The European Commission provided the Secretariat for the Article 29 Working Party and was responsible for all its publications.
You can contact them by filling out the following form