| Borders, Travel & Law Enforcement Expert subgroup (BTLE) |
- Law Enforcement Directive
- Cross-border requests for e-evidence
- Adequacy decisions under the Law Enforcement Directive, access to transferred data by law enforcement and national intelligence authorities in third countries
- Passenger Name Records (PNR)
- Border controls
|
| Compliance, e-Government and Health Expert subgroup (CEH) |
- Codes of conduct, certification and accreditation
- Compliance with public law and eGovernment
- Processing of personal data concerning health
- Processing of personal data for scientific research purposes
- Consultation on several legislative proposals by the European Commission within the Digital Strategy
- Close cooperation on DPIA with the Technology Expert subgroup (TECH) focusing on the perspective of their mandates
- Close cooperation on privacy by design and by default with the Technology Expert subgroup (TECH) focusing on the perspective of their mandates
|
| Cooperation Expert subgroup (COOP) |
- General focus on procedures of established by the GDPR for the purposes of the cooperation mechanism
- Guidance on procedural questions linked to the cooperation mechanism
- International mutual assistance and other cooperation tools to enforce the legislation for the protection of personal data outside the EU (Art. 50 GDPR)
|
| Coordinators Expert subgroup (COORD) |
- General coordination between the expert subgroup coordinators
- Coordination on the annual expert subgroup working plan
|
| Enforcement Expert subgroup (ENF) |
- Mapping/analysing the need for additional clarifications or guidance, based on practical experiences with the application of Chapters VI, VII and VIII GDPR
- Mapping/analysing possible updates of existing cooperation subgroup tools
- Monitoring of investigation activities
- Practical questions on investigations
- Guidance on the practical application of Chapter VII GDPR including exchanges on concrete cases
- Guidance on the application of Chapter VIII GDPR together with the taskforce on Administrative Fines (Fining-TF)
- Art. 65 and Art. 66 procedures
|
| Financial Matters Expert subgroup (FMESG) |
- Application of data protection principles in the financial sector (e.g. automatic exchange of personal data for tax purposes
- Impact of FATCA on the protection of personal data; interplay between Second Payment
Services Directive and the GDPR)
|
| International Transfers Expert subgroup (ITS) |
Guidance on Chapter V (International transfer tools and policy issues), more specifically:
- Review European Commission Adequacy decisions
- Guidelines on Art. 46 GDPR and review of administrative
arrangements between public authorities and bodies
- Codes of conduct and certification as transfer tools
- Art. 48 GDPR together with Borders, Travel & Law Enforcement Expert subgroup (BTLE)
- Art. 50 GDPR together with Cooperation Expert subgroup (COOP)
- Guidelines on territorial scope and the interplay with Chapter V of the GDPR – interaction with Key Provisions Expert subgroup (KEYP)
- Exchange of information on review of Binding Corporate Rules and ad hoc contractual clauses according to Art. 64 GDPR
|
| IT Users Expert subgroup (ITUsers) |
Developing and testing IT tools used by the EDPB with a practical focus:
- Collecting feedback on the IT system from users
- Adapting the systems and manuals
- Discussing other business needs including tele- and videoconference systems
|
| Key Provisions Expert subgroup (KEYP) |
Guidance on core concepts and principles of the GDPR, including Chapters I (e.g. scope, definitions like Lead Supervisory Authority (LSA) and large-scale processing) and II (main principles); Chapters III (e.g. rights of individuals, transparency), IV (e.g. Data Protection Officer – shared competences with Compliance, e-Government and Health Expert subgroup (CEH), Enforcement Expert subgroup (ENF)) and IX |
| Social Media Expert subgroup (SOCM) |
- Analysing social media services, conceived as online platforms that focus on enabling the development of networks and communities of users, among which information and content is shared and whereby additional functions provided by social media services include targeting, personalisation, application integration, social plug-ins, user authentication, analytics and publishing
- Analysing established and emerging functions offered by social media, including the underlying processing activities and corresponding risks for the rights and freedoms of individuals
- Developing guidance, recommendations and best practices in relation to both the offer and use of social media functions, in particular for economic or political reasons
- Providing assistance to other subgroups, in particular by proposing strategic priorities in terms of (a) supervision and (b) the development of new EDPB guidance or updating of existing Article 29 Working Party guidance
|
| Strategic Advisory Expert subgroup (SAESG) |
- Guidance on strategic questions affecting the whole EDPB (including
the discussion on the strategy and on the work plans of the subgroups)
- Clarification of questions that could not be resolved in the subgroup
|
| Taskforce on Administrative Fines (Fining-TF) |
Development of Guidelines on the harmonisation of the calculation of fines |
| Taskforce on ChatGPT |
Foster cooperation and exchange information on possible enforcement actions conducted by data protection authorities on ChatGPT |
| Taskforce on International Engagement |
Strengthen exchanges between EDPB members as regards the participation in multilateral fora in the field of data protection and privacy (for instance, Council of Europe, Global Privacy Assembly, G7 Data Protection Authorities Roundtable, OECD, Spring Conference). |
| Taskforce on the Interplay between Data Protection, Competition and Consumer Protection Law (C&C taskforce) |
Clarifying the links and building on synergies between the regulatory frameworks of data protection, competition and consumer protection law, including also the Digital Markets Act, in order to provide expertise and resources to support dialogue between Data Protection Authorities (DPAs) and other regulatory bodies and prepare common positions. |
| Technology Expert subgroup (TECH) |
- Technology, innovation, information security, confidentiality of communication in general
- ePrivacy, encryption
- Data Protection Impact Assessment (DPIA) and data breach notifications
- Emerging technologies, innovation and other challenges related to privacy: reflecting on data protection risks of future technological developments
- Providing input on technology matters relevant to other subgroup
|