European Data Protection Board

EDPB News

Generic press release icon
05 December 2018

Brussels, 5 December - On December 4th and 5th, the European Data Protection Authorities, assembled in the European Data Protection Board, met for their fifth plenary session. During the plenary a wide range of topics were discussed.
 
EU-Japan draft adequacy decision
The Board Members adopted an opinion on the EU-Japan draft adequacy decision, which the Board received from the European Commission in September 2018. The EDPB made its assessment on the basis of the documentation made available by the European Commission. The EDPB’s key objective was to assess whether the Commission has ensured sufficient guarantees are in place for an adequate level of data protection for individuals in the Japanese framework. It is important to recognise that the EDPB does not expect the Japanese legal framework to replicate European data protection law. The EDPB welcomes the efforts made by the European Commission and the Japanese PPC to increase convergence between the Japanese legal framework and the European one. The improvements brought in by the Supplementary Rules to bridge some of the differences between the two frameworks are very important and well received. However, following a careful analysis of the Commission’s draft adequacy decision as well as of the Japanese data protection framework, the EDPB notices that a number of concerns remain, such as the protection of personal data, transferred from the EU to Japan, throughout their whole life cycle. The EDPB recommends the European Commission to also address the requests for clarification made by the EDPB, to provide further evidence and explanations regarding the issues raised and to closely monitor the effective application.

The EDPB considers that the EU-Japan adequacy decision is of paramount importance. As the first adequacy decision since the entering into application of the General Data Protection Regulation (GDPR), it will set a precedent.

DPIA lists
The EDPB adopted opinions on the Data Protection Impact Assessment (DPIA) lists, submitted to the Board by Denmark, Croatia, Luxembourg and Slovenia. These lists form an important tool for the consistent application of the GDPR across the EEA. DPIA is a process to help identify and mitigate data protection risks that could affect the rights and freedoms of individuals. While in general the data controller needs to assess if a DPIA is required before engaging in the processing activity, national supervisory authorities shall establish and make a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment. These four opinions follow the 22 opinions adopted during the September plenary, and will further contribute to establishing common criteria for DPIA lists across the EEA. The EDPB Chair, Andrea Jelinek said: “This process has been an excellent opportunity for the EDPB to test the possibilities and challenges of consistency in practice. The GDPR does not require full harmonisation or an 'EU list', but requires more consistency, which we have achieved in all of these opinions by agreeing on a common view.”

Guidelines on accreditation
The EDPB has adopted a revised version of the WP29 guidelines on accreditation, including a new annex. The draft guidelines were originally adopted by the WP29 and submitted for public consultation. The EDPB finalised the analysis and reached a conclusion on the final version. The aim of the guidelines is to provide guidance on how to interpret and implement the provisions of Article 43 of the GDPR. In particular, they aim to help Member States, supervisory authorities and national accreditation bodies establish a consistent and harmonised baseline for the accreditation of certification bodies that issue certification in accordance with the GDPR. The guidelines have now been completed by an annex providing guidance on the additional requirements for the accreditation of certification bodies to be established by the supervisory authorities. This annex will be subject to public consultation.

04 December 2018

On December 4 and 5, the European Data Protection Board's fifth plenary is taking place in Brussels. For further information, please consult the agenda.

Agenda of Fifth Plenary

Generic press release image
19 November 2018

Brussell, id-19 ta’ Novembru — Fis-16 ta’ Novembru, l-Awtoritajiet għall-Protezzjoni tad-Data, imlaqqgħin fil-kuntest tal-Bord Ewropew għall-Protezzjoni tad-Data, iltaqgħu għar-raba’ sessjoni plenarja tagħhom. Matul il-plenarja ġiet diskussa firxa wiesgħa ta’ suġġetti.
 
L-abbozz tad-deċiżjoni ta’ adegwatezza bejn l-UE u l-Ġappun  
Il-membri tal-bord iddiskutew fiex inhi l-ħidma tal-BEPD (EDPB) fuq l-abbozz tad-deċiżjoni ta’ adegwatezza bejn l-UE u l-Ġappun, li l-bord irċieva mingħand il-Kummissarju Věra Jourová f’Settembru 2018. Il bord tenna l-importanza li tiġi garantita l-kontinwità u l-livell għoli tal-protezzjoni għat-trasferiment ta’ data mill-UE.

ILl-BEPD se jagħti gwida dwar MuT dwar il-provi kliniċi, dwar l-interazzjoni bejn il-GDPR u r-Regolament dwar il-Provi Kliniċi
Wara konsultazzjoni mingħand il-Kummissjoni Ewropea, il-bord qabel dwar l-attribuzzjoni ta’ mandat għall-għoti ta’ gwida fuq MuT, żviluppata mill-Kummissjoni, dwar l-interazzjoni bejn il-GDPR u r Regolament dwar il-Provi Kliniċi.
 
Il-linji gwida dwar il-kamp ta’ applikazzjoni territorjali
Fil-plenarja ta’ Settembru, il-BEPD addotta abbozz ġdid ta’ linji gwida li se jikkontribwixxu biex tingħata interpretazzjoni komuni tal-kamp ta’ applikazzjoni territorjali tal-GDPR u se jiċċaraw aktar l-applikazzjoni tal-GDPR f’diversi sitwazzjonijiet, partikolarment fejn il-kontrollur jew il-proċessur tad-data jkun stabbilit barra mill-UE, inkluż dwar il-ħatra ta’ rappreżentant. Minħabba li l-verifiki legali finali ta’ qabel il-pubblikazzjoni wrew li xi elementi kienu jeħtieġu aktar diskussjoni, il-BEPD iddeċieda li jiddiskuti l-linji gwida għal darb’oħra fil-plenarja ta’ Novembru. Il-kwistjonijiet issa ġew indirizzati kollha u l-linji gwida dalwaqt se jiġu ppubblikati għall-konsultazzjoni pubblika.

16 November 2018

On November 16, the European Data Protection Board's fourth plenary is taking place in Brussels. For further information, please consult the agenda.

Agenda of fourth plenary

26 September 2018

Stqarrija għall-istampa

Il-Bord Ewropew għall-Protezzjoni tad-Data - It-Tielet Sessjoni Plenarja: l-abbozz ta’ deċiżjoni ta’ adegwatezza bejn l-UE u l-Ġappun, il-listi tal-VIPD, il-kamp ta' applikazzjoni territorjali u l-evidenza elettronika.
Brussell, is-26 ta’ Settembru - Fil-25 u s-26 ta’ Settembru, l-Awtoritajiet għall-Protezzjoni tad-Data, imlaqqgħa fil-Bord Ewropew għall-Protezzjoni tad-Data, iltaqgħu għat-tielet sessjoni plenarja tagħhom. Matul il-plenarja ġew diskussi firxa wiesgħa ta’ suġġetti.

Id-deċiżjoni ta’ adegwatezza bejn l-UE u l-Ġappun  
Il-Membri tal-Bord iddiskutew l-abbozz ta’ deċiżjoni ta’ adegwatezza bejn l-UE u l-Ġappun li rċevew mingħand il-Kummissarju Věra Jourová u li ntlabu jagħtu l-opinjoni tagħhom dwaru. Issa l-Bord se janalizza bir-reqqa dan l-abbozz ta’ deċiżjoni. Il-Bord huwa determinat li jikkunsidra l-impatt wiesa’ tal-abbozz ta’ deċiżjoni dwar l-adegwatezza, kif ukoll il-ħtieġa tal-protezzjoni tad-data personali fl-UE.  

Il-listi tal-DPIA
Il-BEPD laħaq ftehim dwar it-22 opinjoni li jistabbilixxu l-kriterji komuni għal-listi tal-Valutazzjoni tal-Impatt fuq il-Protezzjoni tad-Data (VIPD/DPIA), u adottahom. Dawn il-listi huma għodda importanti għall-applikazzjoni konsistenti tal-GDPR madwar l-UE. Il-VIPD huwa proċess li jgħin fl-identifikazzjoni u l-mitigazzjoni tar-riskji marbuta mal-protezzjoni ta' data li jistgħu jolqtu d-drittijiet u l-libertajiet tal-individwi. Sabiex it-tipi ta’ pproċessar li jista’ jkollhom bżonn ta’ VIPD jiġu ċċarati aktar, il-GDPR jappella lill-awtoritajiet superviżorji nazzjonali biex joħolqu u jippubblikaw il-listi tat-tipi kollha ta’ operazzjonijiet li x’aktarx jirriżultaw f’riskju għoli. Il-Bord irċieva 22 lista nazzjonali b’total ta’ 260 tip differenti ta’ pproċessar. Il-President tal-BEPD, Andrea Jelinek qal: “Il-membri tal-Bord u s-Segretarjat tal-EDPB kellhom biċċa xogħol enormi biex jeżaminaw dawn il-listi kollha u biex jistabbilixxu kriterji komuni dwar x’każi jirrekjedu DPIA u dawk fejn ma tkunx meħtieġa. Kienet opportunità mill-aħjar għall-EDPB biex tittestja l-possibbiltajiet u l-isfidi tal-konsistenza fil-prattika. Il-GDPR ma jirrekjedix armonizzazzjoni sħiħa jew “lista tal-UE”, iżda jirrekjedi aktar konsistenza, li rnexxielna niksbuha f’dawn it-22 opinjoni billi ftehimna fuq opinjoni komuni.”
It-22 opinjoni fuq il-listi tal-VIPD jirriżultaw mill-Artikoli 35.4 u 35.6 tal-GDPR u huma konformi mal-gwida li ngħatat preċedentement mill-Grupp ta' Ħidma tal-Artikolu 29.

Il-Linji gwida dwar il-kamp ta’ applikazzjoni territorjali
Il-BEPD adotta abbozz ġdid ta’ linji gwida li se jikkontribwixxu biex tingħata interpretazzjoni komuni tal-kamp ta’ applikazzjoni territorjali tal-GDPR u se jiċċaraw aktar l-applikazzjoni tal-GDPR f’diversi sitwazzjonijiet, partikolarment fejn il-kontrollur jew il-proċessur tad-data jkun stabbilit barra mill-UE, inkluż dwar il-ħatra ta’ rappreżentant. Dawn il-linji gwida se jinfetħu għal konsultazzjoni pubblika.

L-evidenza elettronika
Il-BEPD adotta opinjoni dwar ir-regolament il-ġdid dwar l-evidenza elettronika li kien ġie propost mill-Kummisjoni Ewropea f'April tal-2018. Il-Bord enfasizza l-ħtieġa li r-regoli l-ġodda li ġew proposti dwar il-ġbir tal-evidenza elettronika jissalvagwardjaw biżżejjed id-drittijiet tal-protezzjoni tad-data tal-individwi u jeħtieġ li jkunu aktar konsistenti mal-liġi dwar il-protezzjoni tad-data tal-UE.

Plenary generic picture
25 September 2018

On September 25 and 26, the European Data Protection Board's third plenary is taking place in Brussels. For further information, please consult the agenda.

Agenda of Third Plenary

23 August 2018

The General Data Protection Regulation five months on

Initiatives in the EU and international perspectives

25 October 2018

Rue de la Loi 170

2:30 pm

Side event by EDPS and EDPB

Registration closed

Welcome from Giovanni Buttarelli, European Data Protection Supervisor

Introduction by Andrea Jelinek, Chair European Data Protection Board

Part 1    Initiatives in the EU - a new quality of cooperation

  • Helen Dixon, Irish Data Protection Commissioner

  • Cristina Angela Gulisano, Director Danish Data Protection Agency

  • Isabelle Vereecken, Head of the EDPB Secretariat

  • Questions by moderator to 3 panelists

At 3:15 PM:

  • Keynote: Catherine De Bolle, Executive Director of Europol, The broader framework for EU data protection: a law enforcement perspective – TBC

  • Comments by the audience and questions to EDPB Members

    BREAK

    At 4:00 PM:

  • Keynote: Koen Lenaerts, President European Court of Justice - Accountability in a digitalized world: the Court’s role in enhancing data protection in the European Union

Part 2   International perspectives and cross-border cooperation

  • Bruno Gencarelli, Head of the International Data Flows and Protection Unit, European Commission

  • Professor Masao Horibe, Chairman Personal Information Protection Commission Japan 

  • Professor Danilo Doneda Instituto Brasiliense de Direito Público 

  • Felipe Harboe, Senator of the Republic of Chile

  • Ludmila Georgieva, Co-Chair HWP Cyber Issues, Co-Chair DAPIX (Data Protection), Perm Rep Austria

  • Joan Antokol, Managing partner, Park Legal LLC
  • Florence Raynal, Deputy Director, Head of the Department of European and International Affairs, CNIL
  • Questions by the moderator to the 5 panelists

  • Comments by the audience and questions to the panel

  • Wrap-up

     

Generic image
20 July 2018

Brussels, 19 July – An important innovation of the General Data Protection Regulation (GDPR) is the new way in which the supervisory authorities of the Member States closely cooperate to ensure a consistent application as well as a consistent protection of individuals throughout the EU.

During its second plenary meeting on 4 and 5 July the EDPB discussed the consistency and the cooperation systems, sharing first experiences on the functioning of the One-Stop Shop mechanism, the performance of the Internal Market Information System (IMI), the challenges the authorities are facing and the type of questions received since 25 May. Most data protection authorities reported a substantial increase in complaints received. The first cross-border cases were initiated in IMI on 25 May. Currently, around 100 cross-border cases in IMI are under investigation.

The EDPB Chair Andrea Jelinek said: “Despite the sharp increase in the number of cases in the last month, the Members of the EDPB report that the workload is manageable for the moment, in large part thanks to a thorough preparation in the past two years by the Article 29 Data Protection Working Party. However, we should only expect the first results of the new procedures to deal with cross-border cases in a few months from now. To handle complaints lead supervisory authorities will have to carry out investigations, observe procedural rules, and coordinate and share information with other supervisory authorities. The GDPR sets specific deadlines for each phase of the procedure. All of this takes time. During this time, complainants are entitled to be kept informed on the state of play of a case. The GDPR does not offer a quick fix in case of a complaint but we are confident the procedures detailing the way in which the authorities work together are robust and efficient.”

Generic press release pictures
05 July 2018

Brussell, il-5 ta’ Lulju 2018 - L-Awtoritajiet Ewropej għall-protezzjoni tad-data, iltaqgħu fil-Bord Ewropew għall-Protezzjoni tad-Data (BEPD), fl-4 u fil-5 ta’ Lulju għat-tieni laqgħa plenarja tal-BEPD. Matul din il-laqgħa, l-Awtoritajiet Ewropej għall-Protezzjoni tad-Data indirizzaw firxa wiesgħa ta’ suġġetti.
 
Kooperazzjoni u proċeduri ta’ konsistenza - is-sitwazzjoni attwali
Il-BEPD iddiskuta l-mekkaniżmi ta’ konsistenza u kooperazzjoni, il-kondiviżjoni ta’ esperjenzi dwar il-funzjonament tal-mekkaniżmu tal-punt uniku ta’ kuntatt, il-prestazzjoni tas-Sistema ta’ Informazzjoni tas-Suq Intern (IMI), li sservi bħala pjattaforma tal-IT għal skambji dwar kwistjonijiet transfruntiera, l-isfidi li qed jiffaċċjaw l-awtoritajiet u t-tip ta’ mistoqsijiet li waslu mill-25 ta’ Mejju. Il-biċċa l-kbira tal-awtoritajiet tal-protezzjoni tad-data rrappurtaw żieda sostanzjali fl-ilmenti li waslulhom. L-ewwel każijiet bdew fl-IMI fil-25 ta’ Mejju. Attwalment, madwar 30 ilment transfruntier fl-IMI qed ikunu investigati. Il-President tal-BEPD Andrea Jelinek qal: “Minkejja ż-żieda f’daqqa fl-għadd ta’ każijiet fl-aħħar xahar, il-Membri tal-EDPB irrapportaw li l-ammont ta’ xogħol huwa maniġġabbli bħalissa, fil-parti l-kbira bis-saħħa ta’ tħejjija bir-reqqa tad-WP29 f’dawn l-aħħar sentejn. Il-GDPR ma joffrix soluzzjoni ta’ malajr f’każ ta’ lment iżda ninsabu fiduċjużi li l-proċeduri li jiddeskrivu fid-dettall il-mod li bih l-awtoritajiet jaħdmu flimkien taħt il-mekkaniżmu ta’ konsistenza huma robusti u effiċjenti.”
 
ICANN
Il-BEPD adotta ittra f’isem il-president tal-BEPD indirizzata lill-Korporazzjoni tal-Internet dwar l-Ismijiet u n-Numri Assenjati (ICANN - Internet Corporation for Assigned Names and Numbers), li tipprovdi gwida biex tippermetti lill-ICANN biex tiżviluppa mudell konformi mal-GDPR għal aċċess għal data personali pproċessata fil-kuntest tal-WHOIS.
L-ittra tindirizza l-kwistjonijiet ta’ l-ispeċifikazzjoni tal-għan, il-ġbir ta’ “data WHOIS sħiħa”, ir-reġistrazzjoni ta’ persuni ġuridiċi, l-illoggjar ta’ aċċess tad-data WHOIS mhux pubblika, iż-żamma tad-data u kodiċi ta’ kondotta u akkreditazzjoni.
Il-predeċessur tal-BEPD, il- Grupp ta’ Ħidma tal-Artikolu 29 -(WP29), ilu joffri gwida lill-ICANN dwar kif iġġib il-WHOIS f’konformità mal-liġi Ewropea dwar il-protezzjoni tad-data sa mill-2003.
Il-BEPD jistenna li l-ICANN tiżviluppa u timplimenta mudell WHOIS li jippermetti użu leġittimi minn partijiet ikkonċernati rilevanti, bħall-eżekuzzjoni tal-liġi, tad-data personali dwar reġistranti f’konformità mal-GDPR, mingħajr ma twassal għal pubblikazzjoni illimitata ta’ dik id-data.
 
Id-Direttiva PSD2
Il-BEPD adotta ittra f’isem il-President tal-BEPD indirizzata lil Sophie in’t Veld MEP rigward id-Direttiva dwar is-Servizzi ta’ Ħlas riveduta (id-Direttiva PSD2). Fit-tweġiba tiegħu lil Sophie in’t Veld, il--BEPD jixħet aktar dawl fuq “id-data tal-parti siekta” minn Fornituri Terzi, il-proċeduri rigward l-għoti u l-irtirar ta’ kunsens, l-Istandards Tekniċi Regolatorji, il-kooperazzjoni bejn il-banek u l-Kummissjoni Ewropea, il-KEPD u d-WP29 u dak li għad irid isir biex  tingħalaq kwalunkwe lakuna li għad fadal għall-protezzjoni tad-data.
 
Tarka tal-Privatezza
L-Ombudsperson tal-Istati Uniti responsabbli li jindirizza l-ilmenti ta’ sigurtà nazzjonali skont it-Tarka tal-Privatezza, l-Ambaxxatur Judith Garber, kienet mistiedna għal-laqgħa plenarja tal-EDPB għal skambju mal-Membri tal-Bord. Il-BEPD kien partikolarment interessat fit-tħassib indirizzat lejn l-Istati Uniti mill-predeċessur tal-BEPD, il-WP29, speċjalment il-ħatra ta’ Ombudsperson permanenti, ħatriet formali fuq il-Bord ta' Sorveljanza tal-Privatezza u l-Libertajiet Ċivili (PCLOB - Privacy and Civil Liberties Oversight Board), u n-nuqqas ta’ informazzjoni addizzjonali dwar il-mekkaniżmu tal-Ombudsperson u d-deklassifikazzjoni ulterjuri tar-regoli proċedurali, b’mod partikolari dwar kif l-Ombudsman jinteraġixxi mas-servizzi ta’ intelligenza.
 
Il-BEPD irrimarka li l-laqgħa mal-Ombudsperson kienet interessanti u kolleġġjali iżda ma pprovdietx tweġiba konklużiva għal dan it-tħassib u li dawn il-kwistjonijiet se jibqgħu fuq nett tal-aġenda matul it-Tieni Rieżami Annwali (skedat għal Ottubru 2018). Barra minn hekk, huwa jappella għal provi supplimentari li għandhom jingħataw mill-awtoritajiet tal-Istati Uniti sabiex jiġi indirizzat dan it-tħassib. Fl-aħħar nett, il-BEPD jinnota li l-istess tħassib se jkunu indirizzat mill-Qorti Ewropea tal-Ġustizzja f’kawżi li huma diġà pendenti, u li għalihom il-BEPD joffri li jikkontribwixxi l-fehma tiegħu, jekk ikun mistieden mill-Qorti tal-Ġustizzja tal- Unjoni Ewropea li jagħmel dan.

Generic image for fintech
05 July 2018

The EDPB adopted a letter on behalf of the EDPB Chair addressed to Sophie in’t Veld MEP regarding the revised Payments Services Directive (PSD2 Directive). In its reply to Sophie in’t Veld the EDPB sheds further light on ‘silent party data’ by Third Party Providers, the procedures with regard to giving and withdrawing consent, the Regulatory Technical Standards, the cooperation between banks and the European Commission, EDPS and WP29 and what remains to be done to close any remaining data protection gaps.

ICANN generic letter image
05 July 2018

The EDPB adopted a letter on behalf of the EDPB Chair addressed to the Internet Corporation for Assigned Names and Numbers (ICANN), providing guidance to enable ICANN to develop a GDPR-compliant model for access to personal data processed in the context of WHOIS.

The letter addresses the issues of purpose specification, collection of “full WHOIS data”, registration of legal persons, logging of access to non-public WHOIS data, data retention and codes of conduct and accreditation.

The EDPB’s predecessor, WP29, has been offering guidance to ICANN on how to bring WHOIS in compliance with European data protection law since 2003.

The EDPB expects ICANN to develop and implement a WHOIS model which will enable legitimate uses by relevant stakeholders, such as law enforcement, of personal data concerning registrants in compliance with the GDPR, without leading to an unlimited publication of those data.

Generic image of plenary
04 July 2018

On 4 and 5 July the second plenary of the European Data Protection Board is taking place in Brussels. Please consult the agenda for more information.

Generic IMI Picture
27 June 2018

It has been just a month ago that the General Data Protection Regulation (GDPR) entered into application, the long awaited revamp of the EU’s data protection rules. Under the GDPR, the supervisory authorities of the Member States closely cooperate to ensure a consistent application of the GDPR throughout the European Union, as well as consistent protection of individuals. They assist each other and coordinate decision-making in these cross-border data protection cases. Via the so-called consistency mechanism the European Data Protection Board issues opinions and takes binding decisions to arbitrate different positions on cross border cases between national data protection authorities.

IMI (Internal Market Information System) was chosen as the IT platform to support cooperation and consistency procedures under the GDPR. IMI helps public authorities across the EU to cooperate and exchange information. The GDPR is the 13th legal area supported by the system.

IMI has been developed by the European Commission’s DG GROW and was adapted to cater for the needs of the GDPR, in close cooperation with the Secretariat of the European Data Protection Board and the national supervisory authorities.

On 25 May, the first case was initiated in IMI, and shortly afterwards the supervisory authorities started to cooperate via the system. Currently, more than 30 cross-border cases are under investigation.

14 IMI modules, 19 forms and more than 10.000 data fields were put in place to address the needs of data protection authorities and the GDPR procedures. 

Generic picture derogation guidelines
30 May 2018

During its first plenary meeting, the EDPB adopted the final version of the Guidelines on derogations applicable to international transfers (art 49). The Article 29 Working Party conducted a public consultation on a draft of these guidelines. The EDPB took into consideration the replies received and integrated the appropriate changes into the adopted version. 

Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679

Generic picture certification guidelines
30 May 2018

During its first plenary meeting, the EDPB adopted a draft version of the Guidelines on certification. A public consultation is available for 6 weeks. If you are interested to contribute, please go to the “Public Consultations” section of our website or click the link bellow:

Public consultation: Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

Generic picture
28 May 2018

Waqt l-ewwel laqgħa plenarja tiegħu fil-25 ta’ Mejju, il-BEPD adotta dikjarazzjoni dwar ir-reviżjoni tal-Regolament dwar il-Privatezza Elettronika u l-impatt tiegħu fuq il-protezzjoni tal-indivdwi fir-rigward tal-privatezza u l-kunfidenzjalità tal-komunikazzjonijiet tagħhom.

Din id-dikjarazzjoni tinkludi talba għall-adozzjoni rapida tar-Regolament il-ġdid dwar il-Privatezza elettronika u xi suġġerimenti dwar xi kwistjonijiet speċifiċi relatati ma’ emendi proposti mill-koleġiżlaturi.

Dikjarazzjoni dwar il-privatezza online

Generic picture Icann
27 May 2018

Il-Bord Ewropew għall-Protezzjoni tad-Data appoġġa d-dikjarazzjoni tal-WP29 dwar l-ICANN/WHOIS waqt l-ewwel laqgħa plenarja tiegħu fil-25 ta’ Mejju.

Id-dikjarazzjoni tal-WP29 rigward WHOIS

“Il-WP29 jirrikonoxxi l-funzjonijiet importanti mwettqa mis-servizz WHOIS. 
 
WP29 ilu joffri gwida lill-ICANN dwar kif iġġib lil WHOIS konformi mal-liġi dwar il-protezzjoni tad-data mill-2003 (ara l-opinjoni tad-WP29 tal-2003 disponibbli hawn). Il-konformità tal-ICANN mal-GDPR tidher li nbdiet formalment matul l-2017, li jista’ jkun parti mir-raġuni għaliex il-partijiet ikkonċernati huma mħassba dwar id-dħul fis-seħħ tal-GDPR fil-25 ta’ Mejju 2018.
 
Il-GDPR ma jippermetti la lill-awtoritajiet superviżorji nazzjonali u lanqas lill-Bord Ewropew għall-Protezzjoni tad-Data (id-WP29 se jsir il-BEPD fil-25 ta’ Mejju 2018) li joħloq “moratorju tal-infurzar” għal kontrolluri individwali tad-data. Il-protezzjoni tad-data hija dritt fundamentali tal-individwi, li jistgħu jippreżentaw ilmenti lill-awtorità nazzjonali tal-protezzjoni tad-data kull meta jikkunsidraw li d-drittijiet tagħhom taħt il-GDPR ġew miksura. 
 
L-awtoritajiet tal-protezzjoni tad-data jistgħu, madankollu, iqisu l-miżuri li diġà ttieħdu jew li għadhom għaddejjin, meta jiddeterminaw ir-rispons regolatorju xieraq meta jirċievu tali ilmenti.

Kif espress ukoll f’korrispondenza iktar kmieni mal-ICANN (inkluża din l-ittra ta’ Diċembru 2017 u din l-ittra ta’ April 2018),  WP29 jistenna li l-ICANN tiżviluppa u timplimenta mudell WHOIS li se jippermetti użi leġittimi mill-partijiet ikkonċernati rilevanti, bħall-infurzar tal-liġi, tad-data personali li tikkonċerna reġistranti f’konformità mal-GDPR, mingħajr ma jwassal għal pubblikazzjoni bla limitu ta’ dik id-data.

Il-WP29 jirrikonoxxi l-isforzi riċenti meħuda mill-ICANN biex tiżgura l-konformità mas-sistema WHOIS. Il-WP29 se jkompli jimmonitorja mill-qrib il-progress tal-ICANN u l-membri tiegħu jistgħu jkomplu jimpenjaw ruħhom mal-ICANN biex jiżguraw li r-rekwiżiti legali skont il-liġi dwar il-protezzjoni tad-data tal-UE jiġu indirizzati b’mod xieraq.

generic picture guidelines
25 May 2018

During its first plenary meeting the European Data Protection Board endorsed the GDPR related WP29 Guidelines(Corrigendum: In document nr 8 reference to the WP 259 has been replaced by the correct WP 244).

Generic picture Plenary
25 May 2018

On 25 May 2018, the greatly anticipated General Data Protection Regulation (GDPR) entered into application and its pre-decessor Directive 95/46/EC was repealed. On that date, the Article 29 Working Party, the body bringing together the independent data protection authorities, ceased to exist and was replaced by a new body: the European Data Protection Board or EDPB.

The Board is composed of the heads of national supervisory authorities and the European Data Protection Supervisor (EDPS). The Board also includes a representative of the European Commission who, however, does not have a right to vote.

The Board’s primary role is to safeguard the consistent application of the GDPR, but it has additional competences. It advises the European Commission on, for example, the level of data protection offered by third countries. In addition, the Board promotes cooperation between the national supervisory authorities and plays a role in conciliation procedures for disputes between national supervisory authorities. In exercising its powers, the Board issues guidelines, recommendations and statements of best practice on myriad topics.

During its first plenary meeting on 25 May the Board elected its Chair and two Vice-Chairs. The EDPB Chair will lead the Board for the coming five years and will exert an important influence on data protection in Europe and beyond. The Chair’s role will be crucial for the success and effectiveness of the GDPR.

Generic picture Press release
25 May 2018

Transparency and awareness are two core principles of the Board. Therefore, following the first plenary meeting of the Board, the newly elected EDPB Chair will hold a press conference on 25 May at 12.30 in the Brussels Press Club (Rue Froissart 95, Brussels). The press conference will be broadcast in EbS: http://ec.europa.eu/avservices/ebs/live.cfm?page=2 

Generic picture Secretariat
25 May 2018

The European Data Protection Board needs to rely on an effective Secretariat to be able to effectively accomplish all the tasks it is required to carry out under the GDPR. The EDPB Secretariat is composed of legal experts, communication and IT officers and administrative staff.

This brand-new team has worked hard to make the launch of the EDPB possible.  They will, without a doubt, have busy months ahead to organise the meetings of the Board and answer questions on the Board’s tasks and responsibilities.   

 

Generic picture Press release
25 May 2018

Brussell, il-25 ta’ Mejju - Illum, il-Bord Ewropew għall-Protezzjoni tad-Data (BEPD) kellu l-ewwel laqgħa plenarja tiegħu. Dan il-korp tat-teħid ta’ deċiżjonijiet ġdid tal-Unjoni Ewropea (UE), li hu indipendenti u b’personalità ġuridika, ġie maħluq mir-Regolament Ġenerali dwar il-Protezzjoni tad-Data (GDPR), li jidħol fis-seħħ illum. Il-BEPD, li huwa s-suċċessur tal-Grupp ta’ Ħidma tal-Artikolu 29 (WP29), jiġbor flimkien il-KEPD (Kontrollur Ewropew għall-Protezzjoni tad-Data) u l-awtoritajiet superviżorji tal-Istati Membri biex jiżgura applikazzjoni konsistenti tal-GDPR fl-UE kollha, kif ukoll protezzjoni konsistenti tal-individwi.  Barra minn hekk, il-BEPD jissorvelja l-implimentazzjoni tad-Direttiva dwar l-Infurzar tal-Liġi tal-Protezzjoni tad-Data.

Andrea Jelinek, President tal-BEPD: “Din il-leġiżlazzjoni ferm mistennija tagħti lill-individwi kontroll akbar fuq id-data personali tagħhom u tipprovdi sett ta’ regoli applikabbli għal kull min jipproċessa d-data personali ta’ individwi fl-UE. F’dinja fejn id-data tiġi trattata bħala munita, id-drittijiet tal-individwi spiss ġew injorati jew saħansitra miksura. Ma rridux ninsew il-fatt li d-data personali hija inerenti għall-bniedem. Jiena konvinta li l-GDPR jagħti lill-individwi u lill-awtoritajiet superviżorji l-mezzi biex jipproteġu u jinfurzaw effettivament dan id-dritt fundamentali.

“Ir-rekwiżiti ġodda tal-protezzjoni tad-data spiss ġew limitati biex jiffokaw fuq ir-riskju li wieħed jeħel multi għoljin, iżda l-GDPR huwa ħafna aktar minn hekk. Huwa jittratta dwar li nqiegħdu d-drittijiet tal-individwi l-ewwel u naġġornaw ir-regoli tal-protezzjoni tad-data tal-UE sabiex ikunu effiċjenti u lesti għall-futur. Fl-istess ħin, il-kumpaniji li jinnegozjaw fl-Ewropa se jibbenefikaw mill-GDPR peress li huwa jipprovdi ċertezza tad-dritt u jagħmilha aktar faċli li wieħed jopera fis-suq intern. Barra minn hekk, il-konformità mal-GDPR se tikkontribwixxi għal reputazzjoni tajba tal-kumpaniji. Fl-ekonomija tagħna xprunata mid-data, reputazzjoni tista’ tinqered fi żmien tlett ijiem jekk in-nies jitilfu l-fiduċja dwar jekk kumpanija tiġġestix id-data tagħhom b’attenzjoni.”

Andrea Jelinek ikkonkludiet billi enfasizzat l-importanza tal-kooperazzjoni għas-suċċess tal-GDPR: “Huwa kruċjali li bħall-BEPD, aħna ngħaqqdu l-forzi tagħna biex niżguraw livell għoli u konsistenti ta’ protezzjoni tad-data għall-individwi, kull fejn huma bbażati fl-Unjoni. Aħna se nippromwovu wkoll l-għarfien tad-drittijiet tal-protezzjoni tad-data tal-pubbliku. Il-BEPD huwa korp maħluq ġdid tal-UE li huwa mgħammar b’mudell ta’ governanza u koordinazzjoni ġdid u bis-setgħa li jadotta deċiżjonijiet vinkolanti. Dan se jippermettilna naqdu r-rwol tagħna b’mod effiċjenti li nagħtu gwida dwar kunċetti ewlenin tal-GDPR.”

Il-GDPR hija liġi Ewropea ġdida li żżid il-kontroll fuq kif in-nies u l-organizzazzjonijiet jużaw u jikkondividu d-data personali tal-individwi. Japplika wkoll għall- organizzazzjonijiet barra mill-Ewropa mmirati lejn individwi tal-UE jew il-monitoraġġ tal-imġiba tagħhom. Il-GDPR jissostitwixxi d-Direttiva dwar il-Protezzjoni tad-Data tal-UE li tmur lura għall-1995, meta l-internet kien għadu fl-istadji bikrin tiegħu. Huwa jissostitwixxi taħlita ta’ liġijiet nazzjonali b’Regolament tal-UE wieħed imfassal biex jagħmel l-organizzazzjonijiet aktar responsabbli, jagħti lill-individwi aktar kontroll fuq id-data tagħhom u jimmira li jtejjeb iċ-ċertezza tad-dritt għan-negozji, sabiex isaħħaħ l-innovazzjoni u l-iżvilupp futur tas-suq uniku diġitali.  

Generic picture MoU
25 May 2018

Ġie ffirmat Memorandum ta’ Qbil bejn il-Bord Ewropew għall-Protezzjoni tad-Data (EDPB) u l-Kontrollur Ewropew għall-Protezzjoni tad-Data (KEPD) matul l-ewwel laqgħa plenarja tal-EDPB. Dan il-MtQ jiddeskrivi l-mod li bih l-EDPB u l-KEPD ser jikkooperaw.

Memorandum ta’ Qbil

Generic picture Cocktail
24 May 2018

A new regulation and a new EU Body need to be celebrated! To do so, a cocktail reception took place on the 24th of May. Within the beautiful venue of the Bibliotheque Solvay in Brussels, Commissioner Vera Jourova, Jan Philipp Albrecht MEP, European Data Protection Supervisor Giovanni Buttarelli and WP29 Chair Andrea Jelinek held speeches looking back at the coming into application of the GDPR and the challenges ahead. Many of those who played an active role in the negotiations of the GDPR were present and proud to see the achievement of such a long process.