The Board is not only issuing guidelines on the interpretation of core concepts of the GDPR but it is also called to rule by binding decisions on disputes regarding cross-border processing activities, ensuring therefore a uniform application of EU rules to avoid the same case potentially being dealt with differently across various jurisdictions.
The key means the Board has to fulfil its role are:
When performing its tasks and powers, the Board acts independently and neither seeks nor takes instructions from anybody.
The Board can also examine - on its own initiative or on the request of one of its members or the European Commission - any question covering the application of the GDPR.
The EDPB has to advise the European Commission on any issue related to data protection in the EU, including on any proposed amendment of the GDPR and any EU legislative proposal. It also has to advise the European Commission on the format and procedures for the exchange of information in the framework of the Binding corporate rules.
In addition, the EDPB has to provide the European Commission with an opinion on the assessment of the adequacy of the level of protection in a third country; with an opinion on the icons and with an opinion on the certification requirements.
The EDPB has a role to play in providing opinions on draft decisions of the supervisory authorities.
In addition to that, the EDPB has to issue binding decisions in three cases. These cases are mostly about dispute resolution among supervisory authorities:
- when a supervisory authority concerned has raised an objection to the draft decision of the lead supervisory authority or when the lead supervisory authority has rejected the objection (one stop shop mechanism);
- when there are conflicting views on which supervisory authority is the lead supervisory authority;
- when a supervisory authority does not request the opinion of the Board (opinion required under the consistency mechanism) or does not follow the opinion of the Board.