EU: EDPB announces 42nd plenary session outcome, addresses SCCs, Schrems II recommendations, and the future of ePrivacy Regulation
The European Data Protection Board ('EDPB') announced, on 20 November 2020, the outcome of its 42nd plenary session. In particular, the EDPB recalled that the European Commission launched two public consultations on its draft Implementing Decision on Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ('the SCCs Draft Decision') and its draft Implementing Decision on Standard Contractual Clauses between Controllers and Processors for the matters referred to in Article 28(3) and (4) of Regulation (EU) 2016/679 and Article 29(7) of Regulation (EU) 2018/1725 ('the Article 28 SCCs Draft Decision'). In this regard, the EDPB recalled, in relation to the Article 28 SCCs Draft Decision, that they will have an EU-wide effect and aim to ensure full harmonisation and legal certainty across the EU when it comes to contracts between controllers and their processors, as well as that the Commission has requested a joint opinion from the EDPB and the European Data Protection Supervisor ('EDPS') on the implementing acts on both the SCCs Draft Decision and the Article 28 SCCs Draft Decision.
In addition, the EDPB noted that the consultation on its recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data has been extended from 30 November 2020 until 21 December 2020. Moreover, the EDPB highlighted that it had adopted a statement on the future Regulation Concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications) ('the ePrivacy Regulation'), expressing concerns on some new orientations of the discussions in the Council of the European Union in relation to the enforcement of the future ePrivacy Regulation, which could lead to fragmented supervision, procedural complexity, and a lack of consistency and legal certainty for individuals and companies. On the same, the EDPB called for the enforcement of those parts of the ePrivacy Regulation and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') which cover personal data protection to be entrusted to the same supervisory authority. Lastly, the EDPB stressed the need to adopt the new ePrivacy Regulation as soon as possible.
You can read the press release here.
UPDATE (24 November 2020)
EDPB publishes statement on the future of the ePrivacy Regulation
The EDPB announced on Twitter, on 24 November 2020, that it had published its Statement on the ePrivacy Regulation and the Future Role of Supervisory Authorities and the EDPB.