Europeiska dataskyddsstyrelsen

European Data Protection Board - 45th Plenary session

Wednesday, 3 February, 2021

EDPB adopts Recommendations on Art. 36 LED – Adequacy referential, Opinion on the H3C/PCAOB Administrative Arrangement, Statement on new draft provisions on a protocol to Cybercrime Convention, Response to EC questionnaire on processing personal data for scientific research & discussion on Whatsapp privacy polic.

During its 45th plenary session, the EDPB adopted a wide range of documents. In addition, the Board discussed Whatsapp’s updated privacy policy. 

The EDPB adopted Recommendations on the adequacy referential under the Law Enforcement Directive (LED). The EDPB ensures the consistent application of EU data protection law in the EU, including of the Law Enforcement Directive (LED), which deals with the processing of personal data for law enforcement purposes. The aim of the Recommendations is to provide a list of elements to be examined when assessing the adequacy of a third country under the LED. The document recalls the concept and procedural aspects of adequacy according to the LED and the case law of the CJEU, and lays down the EU standards for data protection for police and judicial cooperation in criminal matters.

The EDPB adopted an opinion on the draft Administrative Arrangement (AA) for transfers of personal data between the Haut Conseil du Commissariat aux Comptes (H3C) and the Public Company Accounting Oversight Board (PCAOB). This AA will be submitted to the French SA for authorisation at national level. The French SA will monitor the application of the AA in practice and, if necessary, suspend any transfer performed by the H3C, if the AA ceases to provide data subjects with an essentially equivalent level of protection.

The EDPB adopted a Statement on the draft provisions on a protocol to the Cybercrime Convention. This statement complements the EDPB contribution to the draft second additional protocol to the Council of Europe Convention on Cybercrime (Budapest Convention) and follows the publication of the new draft provisions. 
In this statement, the EDPB recalls that the provisions currently being discussed are likely to affect the conditions for access to personal data in the EU for law enforcement purposes and calls for a careful scrutiny of the ongoing negotiation by the relevant EU and national institutions. In addition, the EDPB stresses the need to guarantee full consistency with the EU acquis in the field of personal data protection. 

The EDPB adopted its response to the European Commission questionnaire on processing personal data for scientific research, focusing on health related research. The answers provided by the EDPB form a preliminary position on this topic and aim to provide clarity as to the application of the GDPR in the domain of scientific health research. The EDPB is currently developing guidelines on processing personal data for scientific research purposes that will elaborate on these issues. 

Finally, the Members of the Board had an exchange of views on WhatsApp's recent Privacy Policy update. The EDPB will continue to facilitate this exchange of information between authorities, in order to ensure a consistent application of data protection law across the EU in accordance with its mandate.

The agenda of the forty-fifth plenary is available here.

Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

EDPB_Press Release_2021_1