# EDPB Work Programme 2023-2024

- Type: Guidance
- Source: EDPB
- Identifier: edpb-work-programme-2023-2024-en
- Date: 2023-02-22
- Original: https://www.edpb.europa.eu/documents/reports-statements-and-letters/edpb-work-programme-2023-2024_en
- Canonical: https://overview.legal/posts/125868
- Topics: Public Authority, Public Sector, Social Media, Law Enforcement, Mutual Assistance Between Member States for AI Oversight, Artificial Intelligence, AI Enforcement Actions, DPIA, Right of Access Procedures, Cookies

## Summary

EDPB Work Programme 2023/2024 Adopted on 14 February 2023 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR). The EDPB has the following main tasks: To issue opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR and the Law Enforcement Directive (LED); To advise the European Commission on any issue related to the protection of…

## Full text

EDPB Work Programme 2023/2024 Adopted on 14 February 2023 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR). The EDPB has the following main tasks: To issue opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR and the Law Enforcement Directive (LED); To advise the European Commission on any issue related to the protection of personal data in the Union; To contribute to the consistent application of the GDPR, in particular in cross-border data protection cases; and To promote cooperation and the effective exchange of information and best practices between national supervisory authorities. In line with the Article 29 of the EDPB Rules of procedure, the EDPB has developed its two-year work programme for 2023 and 2024, based on the EDPB Strategy and the needs identified by the members as priority for stakeholders. As mentioned in the EDPB Strategy, in addition to providing practical and accessible guidance, the EDPB will develop and promote tools that help to implement data protection in practice, taking into account practical ex - periences of different stakeholders on the ground. Efforts will also go to make proactive use of the consistency mechanism, as well as of other tools in order to address potential divergences in the application of the GDPR. 9 Guidelines on data subject rights - right of access* 1 9 Targeted update of the Guidelines on identifying a controller or processor’s lead supervisory authority* 9 Targeted update on the Guidelines on Data Breach Notification* 9 Guidelines on the use of Technologies for Detecting and Reporting Online Child Sexual Abuse 9 Guidelines on legitimate interest 9 Guidelines on children’s data 9 Guidelines on processing of data for medical and scientific research purposes 9 Guidelines on the use of social media by public bodies Pillar I - Advancing harmonisation and facilitating compliance • Further guidance on key notions of EU data protection law , developed also taking into account practical experience of stakeholders, gathered through stakeholder events and consultation • Consistency activities: The EDPB will continue to take actions directly addressed to national supervisory authorities and which aim to ensure consistency of their decisions in a number of areas (e.g. evaluation of codes of conduct, certification schemes and criteria, binding corporate rules, creation of standard contractual clauses, lists of risky processing activities to be subject to a data protection impact assessment,...) in accordance with Article 64(1) and (2) GDPR . In addition, the EDPB will continue to act as a dispute resolution body in case of dispute between EEA supervisory authorities (Article 65 GDPR binding decisions; decisions/opinions in the context of an urgency procedure under Article 66 GDPR) • Development and implementation of compliance mechanisms for controllers and processors (e.g. Guidelines on assessment of certification criteria *) • Advising the EU legislator on any important issue related to the protection of personal data in the Union and intensifying engagement and cooperation with other regulators and policymakers (Digital euro, monitoring the legal developments relating to the digital package 2 , etc.) • Development of awareness-raising common tools on the GDPR for a wider audience (dedicated information for SMEs) 1 The items accompanied by an asterisk (*) have already been adopted in their first version, but are to be finalised after public consultation. 2 Digital Governance Act (Regulation 2022/868) https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R0868 ; Draft AI Act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0206 ; Draft Data Act: https://eur-lex.europa.eu/legal-content/EN/ TXT/?uri=COM%3A2022%3A68%3AFIN ; Digital Services Act (Regulation (EU) 2022/2065) https://eur-lex.europa.eu/legal-content/en/TX - T/?uri=COM%3A2020%3A825%3AFIN ; Digital Markets Act (Regulation (EU) 2022/1925) https://eur-lex.europa.eu/legal-content/EN/TXT/?toc=O - J%3AL%3A2022%3A265%3ATOC&uri=uriserv%3AOJ.L_.2022.265.01.0001.01.ENG . The EDPB will facilitate a more efficient functioning of the cooperation and consistency mechanism linking all national supervisory authorities, which work together to enforce European data protection law, by streamlining internal processes, combining expertise and promoting enhanced coordination. The EDPB will also strive to develop a genuine EU-wide enforcement culture among supervisory authorities. Therefore, it will actively endeavour to fulfil its role as a forum for the regular exchange of information on ongoing cases. 9 Guidelines on administrative fines * 9 Guidelines on Article 61 GDPR - Mutual assistance 9 Guidelines on Article 66 GDPR 9 Template for data subjects complaints 9 Right to be heard and right of access to the file concerning cooperation procedures according to Article 60 GDPR Pillar II - Supporting effective enforcement and efficient cooperation between national supervisory authorities • Encouraging and facilitating the use of the full range of cooperation tools enshrined in Chapter VII of the GDPR and Chapter VII of the LED and continuously evaluating and improving the efficiency and effectiveness of these tools, as well as further promoting a common application of key concepts in the cooperation procedure • Implementation of the Coordinated Enforcement Framework (CEF) to carry out annual coordinated actions on pre-defined topics to allow SAs to pursue joint actions in a flexible but coordinated manner: 2023 CEF on the designation and position of the data protection officer • Support of the work on the cases of strategic importance • Creation of Task forces when needed to provide an operational platform for cases requiring cooperation on enforcement matters • Possible Opinion on EC draft legislation aiming to harmonise administrative laws of the GDPR enforcement • Implementation of the Support Pool of Experts (SPE) to provide material support to EDPB Members in the form of expertise that is useful for investigations and enforcement activities, as a continuation of the pilot phase • Approval procedures that require a cooperation phase among SAs, followed by an EDPB consistency action (Procedure for the approval of certification criteria, procedure for the approval of Ad-hoc Contractual Clauses (Article 46(3)(a) GDPR) and Standard Data Protection Clauses (Article 46(2)(d) GDPR), Procedure for the adoption of BCR) • Deployment of the EDPB secondment program (staff exchanges), as a continuation of the pilot phase As mentioned in the EDPB Strategy, the EDPB will monitor new and emerging technologies and their potential impact on the fundamental rights and daily lives of individuals, and will help to shape Europe’s digital future in line with our common values and rules, while continuing to work with other regulators and policymakers to promote regulatory coherence and enhanced protection for individuals. 9 Guidelines on use of facial recognition by law enforcement authorities* 9 Guidelines on Anonymisation 9 Guidelines on Pseudonymisation 9 Guidelines on Blockchain 9 Guidelines on telemetry and diagnostic data 9 Guidelines on the interplay between the AI Act and the GDPR Pillar III - A fundamental rights approach to new technologies • Reinforcing the application of fundamental data protection principles and individual rights and establishing common positions and guidance , especially in the context of new technologies • Strengthening cooperation with external stakeholders As mentioned in the EDPB Strategy, the EDPB is determined to set and promote high EU and global standards for international data transfers to third countries and will reinforce its engagement with the international community to promote EU data protection as a global model and to ensure effective protection of personal data beyond the EU borders. 9 Opinions on and review of adequacy decisions (US, Japan etc.) 9 Referential for the approval of BCR Controller * 9 Referential for the approval of BCR Processor 9 Guidance on Article 48 GDPR 9 Guidelines on Article 37 LED Pillar IV - The global dimension • Providing guidance on the use of transfer tools ensuring an essentially equivalent level of protection and increasing awareness on their practical implementation and issues relating to government access to personal data • Engaging with the international community to promote EU data protection as a global model and to ensure effective protection of personal data beyond EU borders • Facilitating the engagement between EDPB members and the supervisory authorities of third countries with a focus on cooperation in enforcement cases involving controllers/ processors located outside the EEA Annex - Documents already adopted in early 2023 9 Report of the work undertaken by the Cookie Banner Taskforce (adopted on 17 January 2023) 9 2022 Coordinated Enforcement Action: Use of cloud-based services by the public sector (adopted on 17 January 2023) 9 Guidelines on deceptive design patterns in social media platform interfaces: How to recognise and avoid them (finalised after public consultation on 14 February 2023) 9 Guidelines on the interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR (finalised after public consultation on 14 February 2023) 9 Guidelines on certification as a tool for transfers (finalised after public consultation on 14 February 2023) 9 Procedure for the adoption of the EDPB Opinions regarding national criteria for certification and European Data Protection Seals (adopted on 14 February 2023)

---
Generated by overview.legal · https://overview.legal/posts/125868 · 2026-07-17
