Content Assessment: The EDPB Annual Report 2020
Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 90%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the recent post highlighting the EDPB Annual Report for 2020.
Editor’s Note: The European Data Protection Board (EDPB) is an independent European body, established by the General Data Protection Regulation (GDPR), which aims to ensure the consistent application of data protection rules across the European Economic Area (EEA). It achieves this aim by promoting cooperation between national Supervisory Authorities (SAs) and issuing general, EEA-wide guidance regarding the interpretation and application of data protection rules.
The EDPB comprises the Heads of the EU SAs and the European Data Protection Supervisor (EDPS). The European Commission has the right to participate in the activities and meetings of the EDPB without voting rights. The SAs of the EEA countries (Iceland, Liechtenstein and Norway) are also members of the EDPB, although they do not hold the right to vote.
EDPB Annual Report 2020: Ensuring Data Protection Rights in a Changing World
Today [June 2, 2021], the European Data Protection Board (EDPB) presented its Annual Report 2020. The report provides a detailed overview of the work carried out by the EDPB in a year marked by the worldwide pandemic.
EDPB Chair, Andrea Jelinek said: “2020 and the COVID-19 pandemic significantly altered how we live and work. Given the increasing presence of data-driven technologies in addressing the pandemic, the awareness of data protection rights among individuals and organizations has never been more critical. It is important to note that the 2020 lockdowns in all our countries did not mean a slowdown of the EDPB’s activities. 2020 was marked by many major developments in the EU data protection legal sphere, requiring the EDPB’s expertise and guidance.”
During the COVID-19 pandemic, EEA Member States began taking measures to monitor, contain and mitigate the spread of the virus. The EDPB issued guidance on, amongst others, location and contact-tracing apps; processing health data for scientific research; restrictions on data subject rights in a state of emergency and data processing in the context of reopening borders.
The Court of Justice of the European Union’s ruling in Schrems II had significant implications for EEA-based entities that transfer data to the U.S. and other third countries. The EDPB issued an FAQ document, followed later by Recommendations for Supplementary Measures when using International transfer tools, to ensure compliance with the level of protection required under EU law, and Recommendations on European Essential Guarantees contributing to the assessment of surveillance measures allowing access to personal data by public authorities in third countries. The Recommendations for Supplementary Measures were subject to a public consultation. The EDPB received over 200 contributions from various stakeholders, which it is currently analyzing.
During 2020, the EDPB defined its Strategy for 2021-2023, which covers four main pillars with strategic objectives:
- Advancing harmonization and facilitating compliance;
- supporting effective enforcement and efficient cooperation between national supervisory authorities;
- a fundamental rights approach to new technologies and
- the global dimension. For each of the pillars, a set of key actions are defined to help achieve these objectives. In early 2021, the EDPB adopted its two-year work program for 2021-2022. The work program follows the priorities set out in the EDPB 2021-2023 Strategy and will put the EDPB’s strategic objectives into practice.
In 2020, the EDPB adopted 10 Guidelines on topics such as the concepts of controller and processor; and targeting of social media users, as well as three Guidelines in their final, post-consultation versions (on video devices, the right to be forgotten and data protection by design and default).
In addition to providing guidance, ensuring consistency in enforcement and cooperation between national authorities is a key task of the EDPB. In 2020, the EDPB issued 32 Opinions under Art. 64 GDPR. Most of these Opinions concern draft accreditation requirements for a code of conduct monitoring body or a certification body, as well as Controller Binding Corporate Rules for various companies.
On 9 November 2020, the EDPB adopted its first dispute resolution decision on the basis of Art. 65 GDPR. The binding decision addressed the dispute that arose after the Irish SA, acting as Lead SA, issued a draft decision regarding Twitter International Company and the subsequent relevant and reasoned objections expressed by a few Concerned SAs.
The GDPR requires the EEA SAs to cooperate closely to ensure the consistent application of the GDPR and protection of individual data protection rights across the EEA.
- Between 1 January and 31 December 2020, there were 628 cross-border cases out of which 461 originated from a complaint, while 167 had other origins, such as investigations, legal obligations and/or media reports.
- The One-Stop-Shop mechanism demands cooperation between the LSA and the CSAs. The LSA leads the investigation and plays a key role in the process of reaching consensus between the CSAs, in addition to working towards reaching a coordinated decision about the data controller or processor. Between 1 January 2020 and 31 December 2020, there were 203 draft decisions, of which 93 resulted in final decisions.
- The mutual assistance procedure allows SAs to ask for information from other SAs or to request other measures for effective cooperation, such as prior authorizations or investigations. Between 1 January 2020 and 31 December 2020, SAs initiated 246 formal mutual assistance procedures. They initiated 2,258 informal mutual assistance procedures. Mutual assistance is also used by the SAs requesting the competent SA to handle complaints they received which do not relate to cross-border processing as defined by the GDPR.
EDPB Annual Report 2020 – 27.05.21
- Considering Cyber Discovery? A Strategic Framework from HaystackID™
- An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview
Generative Artificial Intelligence and Large Language Model Use
ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).
ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.
ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.
For the latest in law, technology, and business, visit ComplexDiscovery.com.