Joelle Jouret, Legal Advisor at the European Data Protection Board
March 04, 2020
The ‘Regulator Spotlight’ interview series by OneTrust DataGuidance documents jurisdictional focuses, legal developments, and guidance direct from commissioners, regulators and supervisory boards and brings poignant commentary to the rapidly changing data privacy landscape. Over the past 12 months, OneTrust DataGuidance have sat down with leading figures from organisations including the European Data Protection Supervisor’s Office, the UK ICO, and the United Nations.
We spoke to Joelle Jouret, Legal Advisor at the European Data Protection Board. The European Data Protection Board is an independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation and to promote cooperation among the EU’s data protection authorities. On 25 May 2018, the EDPB replaced the Article 29 Working Party. Joelle discusses how the EDPB's role and activities have evolved since the transition from the Article 29 Working Party as well as the EDPB’s priorities for 2020.
How Does the EDPB Differ from the Article 29 Working Party?
One of the major differences between the European Data Protection Board and its predecessor, the Article 29 Working Party, is that the EDPB has as legal personality owing to the fact it is a new body of the European Union. As a result, this means that the EDPB can take binding decisions where the Article 29 Working Party could only issue soft laws or guidance.
“This influences the fact that, for taking decisions and adopting guidelines, we can continue to adopt them by consensus as was the case for the G29 Working Party but not for the EDPB. We do it still by consensus but most of the time we also vote on it and have a formal vote to adopt all of the documents which makes it a little bit more concrete.”
Along with the formal voting process, Joelle explains that meeting of the board is more frequent and as such allows them to adopt more documents in relation to the GDPR.
What are the EDPB’s Priorities for 2019-2020?
The EDPB issued a draft plan covering 2019 and 2020 and in line with this, Joelle explains there is still guidance that the board are working towards completing this year, for example the relationship and definition of processor and controller. Further to the guidance regarding the GDPR, the board are looking to issue further guidance this year on what is to be expected of them and will continue to deliver opinion.
“This is the consistency part of the EDPB, we have to issue opinions on some of the national initiatives. For example, the code of conduct certification scheme, but also for example on BCRs. And if necessary, it hasn’t been used yet but as I mentioned, the EDPB can issue binding decisions and if necessary, the board will issue a binding decision under article 65 of the GDPR.”
Joelle concludes that the opinion published by the board will also be used by the European Commission to assist in cases of adequacy decisions and other areas where it would be applicable.
Watch the full interview where Joelle talks further about the impact Brexit will have on European data protection, the challenges organisations face regarding GDPR compliance and the development of certification mechanisms and codes of conduct.