Civile.it
Civile.it
The Board adopted Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users. In addition, the EDPB created a taskforce on complaints following the CJEU Schrems II judgement and a taskforce devoted to the supplementary measures that data exporters and importers can be required to take to ensure adequate protection when transferring data in light of the CJEU Schrems II judgement.
The Board adopted Guidelines on the concepts of controller and processor in the GDPR. Since the entry into application of the GDPR, questions have been raised as to what extent the GDPR brought changes to these concepts, particularly regarding the concept of joint controllership (as laid down in Article 26 GDPR and following several CJEU rulings), as well as the obligations for processors (in particular Article 28 GDPR) laid down in Chapter IV of the GDPR.
In March 2019, the EDPB together with its Secretariat organised a stakeholder event, which made clear that there was a need for more practical guidance and allowed the Board to better understand the needs and concerns in the field. The new Guidelines consist of two main parts: one explaining the different concepts; the other including detailed guidance on the main consequences of these concepts for controllers, processors and joint controllers. The Guidelines include a flow chart to provide further practical guidance. The Guidelines will be subject to public consultation.
The EDPB adopted Guidelines on the targeting of social media users. The Guidelines aim to provide practical guidance to stakeholders and contain various examples of different situations so that stakeholders can quickly identify the ‘scenario’ that is closest to the targeting practice they intend to deploy. The main aim of the Guidelines is to clarify the roles and responsibilities of the social media provider and the targeted individual. To this purpose, the Guidelines, among others, identify the potential risks for the freedoms of individual, the main actors and their roles, the application of key data protection requirements, such as lawfulness and transparency and DPIA, as well as key elements of arrangements between social media providers and the targeted individuals. In addition, the Guidelines focus on the different targeting mechanisms, the processing of special categories of data and the obligation for joint controllers to put in place an appropriate arrangement pursuant to Article 26 GDPR. The Plenary will submit the Guidelines for public consultation.
The Board has created a taskforce to look into complaints filed in the aftermath of the CJEU Schrems II judgement. A total of 101 identical complaints have been lodged with EEA Data Protection Authorities against several controllers in the EEA member states regarding their use of Google / Facebook services which involve the transfer of personal data. Specifically the complainants, represented by the NGO NOYB, claim that Google/Facebook transfer personal data to the U.S. relying on the EU-U.S. Privacy Shield or Standard Contractual Clauses and that according to the recent CJEU judgment in case C-311/18 the controller is unable to ensure an adequate protection of the complainants' personal data. The taskforce will analyse the matter and ensure a close cooperation among the members of the Board.
As a follow-up to the CJEU’s Schrems II ruling and in addition to the FAQ adopted on 23 July, the Board has created a taskforce. This taskforce will prepare recommendations to assist controllers and processors with their duty to identify and implement appropriate supplementary measures to ensure adequate protection when transferring data to third countries.
Andrea Jelinek, Chair of the EDPB: “The EDPB is well aware that the Schrems II ruling gives controllers an important responsibility. In addition to the statement and the FAQ we put out shortly following the judgment, we will prepare recommendations to support controllers and processors regarding their duty in identifying and implementing appropriate supplementary measures of a legal, technical and organizational nature to meet the essential equivalence standard when transferring personal data to third countries. However, the implications of the judgment are wide-ranging, and the contexts of data transfers to third countries very diverse. Therefore, there cannot be a one-size-fits-all, quick fix solution. Each organisation will need to evaluate its own data processing operations and transfers and take appropriate measures.”
The agenda to the thirthy-seventh plenary is available here.
Note to editors:
Please note that all documents adopted during the EDPB Plenary are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once these have been completed.
EDPB_Press Release_2020_14
WPkit.it: privacy, formulari, check up per WordPress
Temi attuali:
Algoritmi ChatGPT Intelligenza artificiale Privacy WordPress
T
CRA - la mappa dei rischi di sicurezza informatica - Enisa ECHR Factsheet febbraio 2024: i nuovi principi affermati dalla Corte Europea dei Diritti Umani Simulazioni in azienda - privacy, presenze e dati biometrici Provvedimenti degli enti pubblici, sentenze e generalità degli interessati Osservatorio privacy - come trattare i dati di un dipendente infedele… Caso Unicredit - alcune riflessioni Banche - sanzione per misure organizzative e tecniche per accesso a dati comuni non finanziari - doc 9991020 Battesimo e privacy Privacy in Svizzera: prevale il segreto bancario sull'interesse a conoscere Garante provvedimento per cartelle inviate a pazienti sbagliati e integrazione software - n. 9988652
|
dallo store:
visita lo store
Affiliazioni
Agcm
Agcom
Banche dati
Bitcoin
Blockchain
Chatbot
ChatGPT
Clausole
Cloud
Contratti
Cookie
Copyright
Crittografia
Dark Patterns
Democrazia
Disclaimer
Distribuzione
Domini
Ecommerce
Editoria
Email
Email aziendale
Esercitazioni
Fare impresa
Fattura
GDPR
Hardware
Immagini
Intelligenza A.
Iot
Legal Design
Marchi
Marketing
Mobile
Modelli
Open data
Open Source
Penale
Policy
Primi passi
Privacy
Pubblicita'
Riservate
Sentenze
Sicurezza
Software
Sorveglianza
Startup
Tributario
Turismo
Ugc
Video
Voicebot