Comitato europeo per la protezione dei dati

EDPB News

20 May 2020

Brussels, 20 May - During its 28th EDPB plenary session, the EDPB adopted an Art. 64 GDPR opinion on the draft Standard Contractual Clauses submitted by the Slovenian Supervisory Authority (SA) and decided on the publication of a register containing ‘one-stop-shop’ decisions.

The EDPB adopted its opinion on the draft Standard Contractual Clauses (SCCs) for controller-processor contracts submitted to the Board by the Slovenian Supervisory Authority. The opinion aims to ensure the consistent application of Article 28 GDPR, which imposes an obligation on controllers and processors to enter into a contract or other legal act stipulating the parties’ respective obligations. According to Article 28(6) GDPR, these contracts or other legal acts may be based, in whole or in part, on standard contractual clauses adopted by a Supervisory Authority. In the opinion, the Board makes several recommendations that need to be taken into account in order for these draft SCCs to be considered as Standard Contractual Clauses. If all recommendations are implemented, the Slovenian SA will be able to adopt this draft agreement as Standard Contractual Clauses pursuant to Article 28(8) GDPR.

The EDPB will publish a register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website.

Under the GDPR, Supervisory Authorities have a duty to cooperate on cases with a cross-border component to ensure a consistent application of the regulation - the so-called one-stop-shop (OSS) mechanism. Under the OSS, the Lead Supervisory Authority (LSA) is in charge of preparing the draft decisions and works together with the concerned SAs to reach consensus. Up to end of April 2020, LSAs have adopted 103 final OSS decisions. The EDPB intends to publish summaries in English prepared by the EDPB Secretariat. The information will be made public after the validation of the LSA in question and in accordance with the conditions provided by its national legislation.

The agenda of the 28th plenary is available here

Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

08 May 2020

During its 26th plenary session, the EDPB adopted a letter in response to requests from MEPs Metsola and Halicki regarding the Polish presidential elections taking place via postal vote. Additionally, an exchange of information took place on the recent Hungarian government decrees in relation to the coronavirus during the state of emergency
 
In its response to the MEPs Metsola and Halicki, the EDPB indicates that it is aware that data of Polish citizens was sent from the national PESEL (personal identification) database to the Polish Post by one of the Polish ministries and acknowledges that this issue requires special attention.

The Board underlines that, according to the GDPR, personal data, such as names and addresses, and national identification numbers (such as the Polish PESEL ID), must be processed lawfully, fairly and in a transparent manner, for specified purposes only. Public authorities may disclose information on individuals included in electoral lists, but only when this is specifically authorised by Member State law. The EDPB underlined that the disclosure of personal data – from one entity to another – always requires a legal basis in accordance with EU data protection laws. As previously indicated in the EDPB statement on the use of personal data in political campaigns (2/2019), political parties and candidates - but also public authorities, particularly those responsible for public registers - must stand ready to demonstrate how they have complied with data protection principles. The EDPB also underlined that, where elections are conducted by the collection of postal votes, it is the responsibility of the state to ensure that specific safeguards are in place to maintain the secrecy and integrity of the personal data concerning political opinions.

EDPB Chair, Andrea Jelinek, added: “Elections form the cornerstone of every democratic society. That is why the EDPB has always dedicated special attention to the processing of personal data for election purposes. We encourage data controllers, especially public authorities, to lead by example and process personal data in a manner which is transparent and leaves no doubt regarding the legal basis for the processing operations, including disclosure of data.”

However, the EDPB stresses that enforcement of the GDPR lies with the national supervisory authorities. The EDPB is not a data protection supervisory authority in its own right and, as such, does not have the same competences, tasks and powers as the national supervisory authorities. In the first instance, the assessment of alleged GDPR infringements falls within the competence of the responsible and independent national supervisory authority. Nevertheless, the EDPB will continue to pay special attention to the developments of personal data processing in connection to democratic elections and remains ready to support all members of the Board, including the Polish Supervisory Authority, in such matters.

During the plenary, the Hungarian Supervisory Authority provided the Board with information on the legislative measures the Hungarian government has adopted in relation to the coronavirus during the state of emergency. The Board considers that further explanation is necessary and has thus requested that the Hungarian Supervisory Authority provides further information on the scope and the duration, as well as the Hungarian Supervisory Authority’s opinion on the necessity and proportionality of these measures. The Board will discuss this further during its plenary session next Tuesday.

The agenda of the 26th plenary is available here

Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

24 April 2020

During its 24th plenary session, the EDPB adopted three letters, reinforcing several elements from its earlier guidance on data protection in the context of fighting the COVID-19 outbreak.

In reply to a letter from the United States Mission to the European Union, the EDPB looks into transfers of health data for research purposes, enabling international cooperation for the development of a vaccine. The US Mission enquired into the possibility of relying on a derogation of Art. 49 GDPR to enable international flows.

The EDPB tackled this topic in detail in its recently adopted guidelines (03/2020) on the processing of health data for scientific research. In its letter, the EDPB reiterates that the GDPR allows for collaboration between EEA and non-EEA scientists in the search for vaccines and treatments against COVID-19, while simultaneously protecting fundamental data protection rights in the EEA.

When data are transferred outside of the EEA, solutions that guarantee the continuous protection of data subjects’ fundamental rights, such as adequacy decisions or appropriate safeguards (included in Article 46 GDPR) should be favoured, according to the EDPB.  

However, the EDPB considers that the fight against COVID-19 has been recognised by the EU and Member States as an important public interest, as it has caused an exceptional sanitary crisis of an unprecedented nature and scale. This may require urgent action in the field of scientific research, necessitating transfers of personal data to third countries or international organisations.
 
In the absence of an adequacy decision or appropriate safeguards, public authorities and private entities may also rely upon derogations included in Article 49 GDPR

Andrea Jelinek, the Chair of the EDPB, said: “The global scientific community is racing against the clock to develop a COVID-19 vaccine or treatment. The EDPB confirms that the GDPR offers tools giving the best guarantees for international transfers of health data and is flexible enough to offer faster temporary solutions in the face of the urgent medical situation.”

The EDPB also adopted a response to a request from MEPs Lucia Ďuriš Nicholsonová and Eugen Jurzyca.

The EDPB replies that data protection laws already take into account data processing operations necessary to contribute to fighting an epidemic, therefore - according to the EDPB - there is no reason to lift GDPR provisions, but to observe them. In addition, the EDPB refers to the guidelines on the issues of geolocation and other tracing tools, as well as the processing of health data for research purposes in the context of the COVID-19 outbreak.

Andrea Jelinek, Chair of the EDPB, added: “The GDPR is designed to be flexible. As a result, it can enable an efficient response to support the fight against the pandemic, while at the same time protecting fundamental human rights and freedoms. When the processing of personal data is necessary in the context of COVID-19, data protection is indispensable to build trust, to create the conditions for social acceptability of any possible solution and, therefore, to guarantee the effectiveness of these measures”.

The EDPB received two letters from Sophie In 't Veld MEP, raising a series of questions regarding the latest technologies that are being developed in order to fight the spread of COVID-19.

In its reply, the EDPB refers to its recently adopted guidelines (04/2020) on the use of location data and contact tracing apps, which highlight – among other elements - that such schemes should have a voluntary nature, use the least amount of data possible, and should not trace individual movements, but rather use proximity information of users.

The agenda of the 23rd plenary is available here

Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

21 April 2020

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

The  guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.

The guidelines state that the GDPR contains several provisions for the processing of health data for the purpose of scientific research, which also apply in the context of the COVID-19 pandemic, in particular relating to consent and to the respective national legislations. The GDPR foresees the possibility to process certain special categories of personal data, such as health data, where it is necessary for scientific research purposes.

In addition, the guidelines address legal questions concerning international data transfers involving health data for research purposes related to the fight against COVID-19, in particular in the absence of an adequacy decision or other appropriate safeguards.  

Andrea Jelinek, Chair of the EDPB, said: “Currently, great research efforts are being made in the fight against COVID-19. Researchers hope to produce results as quickly as possible. The GDPR does not stand in the way of scientific research, but enables the lawful processing of health data to support the purpose of finding a vaccine or treatment for COVID-19”.

The guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak aim to clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes:
1.    using location data to support the response to the pandemic by modelling the spread of the virus in order to assess the overall effectiveness of confinement measures;
2.    using contact tracing, which aims to notify individuals who may have been in close proximity to someone who is eventually confirmed as a carrier of the virus, in order to break the contamination chains as early as possible.

The guidelines emphasise that both the GDPR and the ePrivacy Directive contain specific provisions allowing for the use of anonymous or personal data to support public authorities and other actors at both national and EU level in their efforts to monitor and contain the spread of COVID-19. The general principles of effectiveness, necessity, and proportionality must guide any measures adopted by Member States or EU institutions that involve processing of personal data to fight COVID-19.

The EDPB stands by and underlines the position expressed in its letter to the European Commission (14 April) that the use of contact tracing apps should be voluntary and should not rely on tracing individual movements, but rather on proximity information regarding users.

Dr. Jelinek added: “Apps can never replace nurses and doctors. While data and technology can be important tools, we need to keep in mind that they have intrinsic limitations. Apps can only complement the effectiveness of public health measures and the dedication of healthcare workers that is necessary to fight COVID-19. At any rate, people should not have to choose between an efficient response to the crisis and the protection of fundamental rights.”

In addition, the EDPB adopted a guide for contact tracing apps as an annex to the guidelines. The purpose of this guide, which is non-exhaustive, is to provide general guidance to designers and implementers of contact tracing apps, underlining that any assessment must be carried out on a case-by-case basis.

Both sets of guidelines will exceptionally not be submitted for public consultation due to the urgency of the current situation and the necessity to have the guidelines readily available.

The agenda of the 23rd plenary is available here

Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.

17 April 2020

On April 17th, the EDPB held its 22nd Plenary Session. For further information, please consult the agenda:

Agenda of Twenty-second Plenary

14 April 2020

Following a request for consultation from the European Commission, the European Data Protection Board adopted a letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic. This Guidance on data protection and privacy implications complements the European Commission’s Recommendation on apps for contact tracing, published on 8 April and setting out the process towards a common EU toolbox for the use of technology and data to combat and exit from the COVID-19 crisis.
 
Andrea Jelinek, Chair of the EDPB, said: “The EDPB welcomes the Commission’s initiative to develop a pan-European and coordinated approach as this will help to ensure the same level of data protection for every European citizen, regardless of where he or she lives.”
 
In its letter, the EDPB specifically addresses the use of apps for the contact tracing and warning functionality, because this is where increased attention must be paid in order to minimise interferences with private life while still allowing data processing with the goal of preserving public health.
 
The EDPB considers that the development of the apps should be made in an accountable way, documenting with a data protection impact assessment all the implemented privacy by design and privacy by default mechanisms. In addition, the source code should be made publicly available for the widest possible scrutiny by the scientific community.
 
The EDPB strongly supports the Commission’s proposal for a voluntary adoption of such apps, a choice that should be made by individuals as a token of collective responsibility.
 
Finally, the EDPB underlined the need for the Board and its Members, in charge of advising and ensuring the correct application of the GDPR and the E-Privacy Directive, to be fully involved in the whole process of elaboration and implementation of these measures. The EDPB recalls that it intends to publish Guidelines in the upcoming days on geolocation and tracing tools in the context of the COVID-19 out-break.

The EDPB’s letter is available here: https://edpb.europa.eu/letters_en
 
The agenda of the 21th plenary session is available here: https://edpb.europa.eu/our-work-tools/agenda/2020_en#agenda_490

07 April 2020

During its 20th plenary session on April 7th, the European Data Protection Board assigned concrete mandates to its expert subgroups to develop guidance on several aspects of data processing in the fight against COVID-19. This follows the decision made on April 3rd during the EDPB's 19th plenary session.

1.    geolocation and other tracing tools in the context of the COVID-19 outbreak – a mandate was given to the technology expert subgroup for leading this work;
2.    processing of health data for research purposes in the context of the COVID-19 outbreak – a mandate was given to the compliance, e-government and health expert subgroup for leading this work.

Considering the high priority of these 2 topics, the EDPB decided to postpone the guidance work on teleworking tools and practices in the context of the COVID-19 outbreak, for the time being.

Andrea Jelinek, Chair of the EDPB, said: “The EDPB will move swiftly to issue guidance on these topics within the shortest possible notice to help make sure that technology is used in a responsible way to support and hopefully win the battle against the corona pandemic. I strongly believe data protection and public health go hand in hand."

The agenda of the 20th plenary session is available here

03 April 2020

The European Data Protection Board is speeding up its guidance work in response to the COVID-19 crisis. Its monthly plenary meetings are being replaced by weekly remote meetings with the Members of the Board.
 
Andrea Jelinek, Chair of the EDPB, said: "The Board will prioritise providing guidance on the following issues: use of location data and anonymisation of data; processing of health data for scientific and research purposes and the processing of data by technologies used to enable remote working. The EDPB will adopt a horizontal approach and plans to issue general guidance with regard to the appropriate legal bases and applicable legal principles."

The agenda of today's remote meeting is available here

23 March 2020

Following a decision by the EDPB Chair, the EDPB April Plenary Session has been cancelled due to safety concerns surrounding the outbreak of the Coronavirus (COVID-19). The EDPB hereby follows the example of other EU institutions, such as the European Parliament, which have restricted the number of large-scale meetings.

The April Plenary Session was scheduled to take place on 20 and 21 April. Earlier, the EDPB March Plenary was also cancelled for the same reasons. You can find an overview of upcoming EDPB Plenary Meetings here

20 March 2020

On March 19th, the European Data Protection Board adopted a formal statement on the processing of personal data in the context of the COVID-19 outbreak via written procedure. The full statement is available here

16 March 2020

Governments, public and private organisations throughout Europe are taking measures to contain and mitigate COVID-19. This can involve the processing of different types of personal data.  

Andrea Jelinek, Chair of the European Data Protection Board (EDPB), said: “Data protection rules (such as GDPR) do not hinder measures taken in the fight against the coronavirus pandemic. However, I would like to underline that, even in these exceptional times, the data controller must ensure the protection of the personal data of the data subjects. Therefore, a number of considerations should be taken into account to guarantee the lawful processing of personal data.”

The GDPR is a broad legislation and also provides for the rules to apply to the processing of personal data in a context such as the one relating to COVID-19. Indeed, the GDPR provides for the legal grounds to enable the employers and the competent public health authorities to process personal data in the context of epidemics, without the need to obtain the consent of the data subject. This applies for instance when the processing of personal data is necessary for the employers for reasons of public interest in the area of public health or to protect vital interests (Art. 6 and 9 of the GDPR) or to comply with another legal obligation.

For the processing of electronic communication data, such as mobile location data, additional rules apply. The national laws implementing the ePrivacy Directive provide for the principle that the location data can only be used by the operator when they are made anonymous, or with the consent of the individuals. The public authorities should first aim for the processing of location data in an anonymous way (i.e. processing data aggregated in a way that it cannot be reversed to personal data). This could enable to generate reports on the concentration of mobile devices at a certain location (“cartography”).  

When it is not possible to only process anonymous data, Art. 15 of the ePrivacy Directive enables the member states to introduce legislative measures pursuing national security and public security *. This emergency legislation is possible under the condition that it constitutes a necessary, appropriate and proportionate measure within a democratic society. If such measures are introduced, a Member State is obliged to put in place adequate safeguards, such as granting individuals the right to judicial remedy.

Update:

On March 19th, the European Data Protection Board adopted a formal statement on the processing of personal data in the context of the COVID-19 outbreak. The full statement is available below.

* In this context, it shall be noted that safeguarding public health may fall under the national and/or public security exception.

10 March 2020

Following a decision by the EDPB Chair, the EDPB March Plenary Session has been cancelled due to safety concerns surrounding the outbreak of the Coronavirus (COVID-19). The EDPB hereby follows the example of other EU institutions, such as the European Parliament, which have restricted the number of large-scale meetings.

The March Plenary Session was scheduled to take place on 19 and 20 March. You can find an overview of upcoming EDPB Plenary Meetings here

20 February 2020

Bruxelles, 20 febbraio — Il 18 il 19 febbraio, le autorità di vigilanza del SEE e il Garante europeo della protezione dei dati, riuniti nel comitato europeo per la protezione dei dati, hanno tenuto la diciottesima sessione plenaria. Durante la plenaria è stata discussa un'ampia gamma di argomenti.

Il Comitato europeo per la protezione dei dati e le autorità di controllo del SEE hanno contribuito alla valutazione e al riesame del regolamento generale sulla protezione dei dati, come previsto dall'articolo 97 del regolamento. Il Comitato ritiene che il bilancio dell'applicazione del regolamento generale sulla protezione dei dati nei primi 20 mesi sia positivo. Sebbene la necessità di risorse sufficienti per tutte le autorità di controllo sia ancora fonte di preoccupazione e permangano alcune sfide derivanti, ad esempio, dal mosaico di procedure nazionali, il Comitato è convinto che la cooperazione tra autorità si tradurrà in una cultura comune della protezione dei dati e in una prassi coerente. Il Comitato sta esaminando le possibili soluzioni per superare queste sfide e migliorare le procedure di cooperazione esistenti. Invita inoltre la Commissione a verificare se le procedure nazionali incidano sull'efficacia delle procedure di cooperazione e ritiene che, in ultima analisi, anche i legislatori possano contribuire a garantire un'ulteriore armonizzazione. Nella sua valutazione, il Comitato affronta anche questioni quali gli strumenti per i trasferimenti internazionali di dati, l'impatto sulle PMI, le risorse delle autorità di controllo e lo sviluppo di nuove tecnologie. Il Comitato giunge alla conclusione che sia prematuro  rivedere il regolamento  in questa fase storica.

Il Comitato ha adottato linee-guida per fornire ulteriori chiarimenti in merito all'applicazione dell'articolo 46.2, lettera a), e dell'articolo 46.3, lettera b), del regolamento generale sulla protezione dei dati. Questi articoli riguardano i trasferimenti di dati personali da autorità o organismi pubblici del SEE verso organismi pubblici di paesi terzi od organizzazioni internazionali, qualora tali trasferimenti non siano coperti da una decisione di adeguatezza. Le linee-guida raccomandano quali misure di salvaguardia attuare in strumenti giuridicamente vincolanti (articolo 46.2, lettera a)) o in accordi amministrativi (articolo 46.3, lettera b)) al fine di garantire che sia rispettato e non inficiato il livello di protezione delle persone fisiche ai sensi del regolamento generale sulla protezione dei dati. Le linee-guida saranno sottoposte a consultazione pubblica.

Dichiarazione sulle implicazioni delle fusioni societarie per la tutela della vita privata
In seguito all'annuncio dell'intenzione di Google LLC di acquistare Fitbit, il Comitato europeo per la protezione dei dati ha adottato una dichiarazione in cui sottolinea che l'eventuale ulteriore combinazione e accumulo di dati personali sensibili riguardanti le persone in Europa da parte di una grande impresa tecnologica potrebbe comportare un elevato livello di rischio per i diritti fondamentali alla vita privata e alla protezione dei dati. Il Comitato ricorda alle parti della proposta di fusione, in conformità del principio di responsabilizzazione, gli obblighi che loro incombono ai sensi del regolamento generale sulla protezione dei dati e rammenta loro di effettuare una valutazione completa e pienamente trasparente dei requisiti in materia di protezione dei dati e delle implicazioni della fusione in materia di tutela della vita privata. Il Comitato esorta le parti ad attenuare i rischi che la fusione può comportare per il diritto alla tutela della vita privata e alla protezione dei dati prima di notificare la concentrazione alla Commissione europea. Il Comitato esaminerà le implicazioni che tale fusione potrebbe avere per la protezione dei dati personali nello Spazio economico europeo ed è pronto a fornire alla Commissione, su richiesta, il suo parere sulla proposta di fusione.

Nota per la stampa:
Si prega di notare che tutti i documenti adottati durante la plenaria del Comitato europeo per la protezione dei dati sono soggetti ai necessari controlli giuridici, linguistici e di formattazione e saranno resi disponibili sul sito web del Comitato una volta che tali controlli saranno stati completati.

18 February 2020

On February 18th and 19th, the eighteenth plenary session of the European Data Protection Board is taking place in Brussels. For further information, please consult the agenda.

Agenda of Eighteenth Plenary

30 January 2020

Bruxelles, 30 gennaio — Il 28 e il 29 gennaio, le autorità garanti della protezione dei dati del SEE e il Garante europeo della protezione dei dati, riuniti nel Comitato europeo per la protezione dei dati, hanno tenuto la diciassettesima sessione plenaria. Durante la sessione plenaria sono stati discussi molti argomenti.

Il Comitato europeo per la protezione dei dati ha adottato i pareri sui requisiti di accreditamento degli organismi di monitoraggio dei codici di condotta presentati dalle autorità di controllo belga, spagnola e francese. Tali pareri mirano a garantire la coerenza e la corretta applicazione dei requisiti tra le autorità di controllo del SEE.

Il Comitato ha adottato il progetto di linee guida sui veicoli connessi. Man mano che i veicoli sono sempre più connessi, crescono rapidamente i dati relativi ai loro conducenti e ai passeggeri. Le linee-guida del Comitato si concentrano sul trattamento dei dati personali in relazione all'uso dei veicoli connessi da parte degli interessati in contesti diversi dall’attività professionale. Più precisamente, le linee-guida riguardano i dati personali trattati dal veicolo e quelli comunicati dal veicolo in quanto dispositivo connesso. Le linee-guida saranno sottoposte a consultazione pubblica.

Il Comitato ha adottato la versione definitiva delle Linee-guida sul trattamento di dati personali attraverso dispositivi video, successivamente alla consultazione pubblica. Le linee guida mirano a chiarire l’applicazione del RGPD al trattamento di dati personali quando si utilizzano dispositivi video, e a garantire un approccio coerente a tale riguardo. Le linee guida prendono in esame sia i dispositivi video tradizionali che i dispositivi video intelligenti. Fra i temi affrontati sono da segnalare, in particolare, le condizioni di liceità del trattamento, compreso il trattamento di categorie speciali di dati, i casi in cui il trattamento è svolto solo per finalità personali o familiari, e la divulgazione di filmati a terzi.  A seguito della consultazione pubblica sono state apportate varie modifiche.

Il Comitato ha adottato i pareri sui progetti di requisiti di accreditamento per gli organismi di certificazione presentati dalle autorità di controllo del Regno Unito e del Lussemburgo. Si tratta dei primi pareri sui requisiti di accreditamento per gli organismi di certificazione adottati dal Comitato. Essi mirano a stabilire un approccio coerente e armonizzato per quanto riguarda i requisiti che saranno applicati dalle autorità di controllo e dagli organismi nazionali di accreditamento al momento dell'accreditamento degli organismi di certificazione.

Il Comitato ha adottato il parere sul progetto di decisione relativo alle norme vincolanti d'impresa per titolari (BCR) del gruppo Fujikura Automotive Europe Group, presentato al Comitato dall'Autorità di controllo spagnola.

Lettera su trattamenti algoritmici non corretti
Il Comitato ha adottato una lettera in risposta alla richiesta dell'on. Sophie in't Veld relativa all'uso di algoritmi operanti in modo non corretto. La lettera contiene un'analisi delle sfide poste dall'utilizzo di algoritmi, una panoramica delle pertinenti disposizioni del regolamento generale sulla protezione dei dati e degli orientamenti esistenti in materia, e descrive il lavoro già intrapreso dalle Autorità di controllo.

Lettera al Consiglio d'Europa sulla convenzione sulla criminalità informatica
A seguito del contributo fornito dal Comitato alla consultazione sulla negoziazione di un secondo protocollo addizionale alla convenzione del Consiglio d'Europa sulla criminalità informatica (convenzione di Budapest), numerosi membri del Comitato hanno partecipato attivamente alla conferenza Octopus organizzata dal Cybercrime Committee del Consiglio d’Europa. Il Comitato ha adottato una lettera di follow-up alla conferenza, sottolineando la necessità di integrare solide garanzie in materia di protezione dei dati nel futuro protocollo addizionale alla convenzione e di garantirne la coerenza con la convenzione 108, nonché con i trattati dell'UE e la Carta dei diritti fondamentali.

Nota per la stampa:
Si prega di notare che tutti i documenti adottati durante la plenaria del comitato europeo per la protezione dei dati sono soggetti ai necessari controlli giuridici, linguistici e di formattazione e saranno resi disponibili sul sito web del Comitato europeo per la protezione dei dati una volta che saranno stati completati.

28 January 2020

On January 28th and 29th, the seventeenth plenary session of the European Data Protection Board is taking place in Brussels. For further information, please consult the agenda.

Agenda of Seventeenth Plenary