AstraIA Gear

Ad Astra Per Aspera 

EDPB Annual Report 2022

Trang Anh

EDPB Annual report

On Monday 17 April, the European Data Protection Board released its Annual Report of 2022 (“Report”). It provides the highlights of the EDPB in 2022 in addition to its internal operations, activities, as well as the coordination of the Member States’ national supervisory authority and other EU agencies. 

Image by David Mark from Pixabay 

2022 highlights in the Report

The EDPB’s work on enforcement cooperation shifted into a higher gear, through the numerous initiatives taken to streamline enforcement cooperation amongst the Supervisory Authorities (SAs), such as:

  • Many task forces have worked on significant subjects on a cross-border scale. It resulted in a consistent approach by the SAs on certain topics, like Google Analytics, cookies banners. 
  • Following the establishment of the Coordinated Enforcement Framework in 2021 for simultaneous and coordinated enforcement actions by the SAs, last year, 22 SAs undertook coordinated investigations into over 90 cloud services used in the public sector within the EEA. 
  • The EDPB introduced a Support Pool of Experts with specialists in various areas, including IT auditing, security and data science to support and increase SAs’ capacity to supervise, investigate and enforce. 

Some examples

Last year, the EDPB Members met in Vienna and reiterated their commitment by adopting the Vienna Statement on enforcement cooperation on 28 April 2022. To broaden narrative to support effective enforcement and efficient cooperation between national SAs, the EDPB adopted Guidelines 02/2022 on the application of Art. 60 GDPR focusing on the interactions of the SAs with each other. It also issued Guideline 04/2022 on the Calculation of Administrative Fines under the GDPR to harmonise the approach used by the SAs in this matter. In 2022, the EDPB produced 5 binding decisions under Art. 65 GDPR addressing a range of issues from right to access, right to object direct marketing, protection of children’s use of social media to legal basis for processing personal data regarding the following companies – Accor, Meta (Instagram, Facebook, WhatsApp). 

In addition to 4 binding decisions, the EDPB also provided 4 opinions on draft decisions in connection to Binding Corporate Rules, Requirements for Accreditation of a Certification Body, Certification Criteria, SA’s approval of accreditation requirement for code of conduct monitoring body. Finally, it is noteworthy that they issued 10 very valuable general guidelines about various subjects.  

Source: https://edpb.europa.eu/system/files/2023-04/edpb_annual_report_2022_en.pdf

For more updates from the EDPB on AstraIA Gear: https://www.astraiagear.com/2023/04/04/update-from-the-eu-data-protection-board/

Some words from me

I am not sure if anyone read my articles except my dear friend. For anyone reading my articles, I would like to express my gratefulness, great appreciation for your time passing by. Like many content writers worried by the growth of LLMs – Large Language Models, I am no exception. As non-native English and French speaker, you may notice this fact easily. I experienced the crisis about the quality of my article and the security reinforcement for the site. What I am trying to do here is provide comprehensive summaries of research, or legal updates. Further, for the AG project, I wish to provide the open-access instruction for IT audit from the legal and ethical perspectives which I still struggle over finding a user-friendly format.

For more short news, connect with us on LinkedIn

LinkedIn Page

To have further discussion with me

Follow me on LinkedIn

Posted

in

,

by

Trang Anh

Tags:

, , , ,