# EDPB Work Programme 2021-2022

- Type: Guidance
- Source: EDPB
- Identifier: edpb-work-programme-2021-2022-en
- Date: 2021-03-16
- Original: https://www.edpb.europa.eu/documents/reports-statements-and-letters/edpb-work-programme-2021-2022_en
- Canonical: https://overview.legal/posts/126048
- Topics: Telecommunications, Social Media, Law Enforcement, Mutual Assistance Between Member States for AI Oversight, Artificial Intelligence, Marketing, DPIA, Codes of Conduct, Data Governance for AI, Cookies

## Summary

EDPB Work Programme 2021/2022 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body established by the General Data Protection Regulation (GDPR). The EDPB has the following main tasks: To issue opinions, guidelines, recommendations and best practices to promote a common understanding of the GDPR and the Law Enforcement Directive (LED); To advise the European Commission on any issue related to the protection of personal data in the Union; To…

## Sections (4)

### ¶1

The items accompanied by an asterisk (*) have already been adopted in their first version, but are to be finalised after public consultation.

### ¶2

Either on the EDPB’s own initiative or upon request, for instance from the European Commission. For EDPB opinions on adequacy decisions, see Pillar IV below. Guidelines on controller and processor* 1 Guidelines on Article 23 GDPR* Guidelines on the targeting of social media users* Guidelines on data subject rights Guidelines on legitimate interest Guidelines on processing of personal data for medical and scientific research purposes Guidelines on children’s data Guidance on remuneration against personal data Pillar I - Advancing harmonisation and facilitating compliance As mentioned in the EDPB Strategy, in addition to providing practical and accessible guidance, the EDPB will develop and promote tools that help to implement data protection in practice, taking into account practical experiences of different stakeholders on the ground. Efforts will also go to make proactive use of the consistency mechanism, as well as of other tools in order to address potential divergences in the application of the GDPR. Pillar II - Supporting effective enforcement and efficient cooperation between national supervisory authorities The EDPB will facilitate a more efficient functioning of the cooperation and consistency mechanism linking all national supervisory authorities, which work together to enforce European data protection law, by streamlining internal processes, combining expertise and promoting enhanced coordination. The EDPB will also strive to develop a genuine EU-wide enforcement culture among supervisory authorities. Therefore, it will actively endeavour to fulfil its role as a forum for the regular exchange of information on ongoing cases. • Encouraging and facilitating the use of the full range of cooperation tools enshrined in Chapter VII of the GDPR and Chapter VII of the LED and continuously evaluating and improving the efficiency and effectiveness of these tools, as well as further promoting a common application of key concepts in the cooperation procedure • Implementation of the Coordinated Enforcement Framework (CEF) 3 to carry out annual coordinated actions on pre-defined topics to allow SAs to pursue joint actions in a flexible but coordinated manner, ranging from joint awareness raising and information gathering to enforcement sweeps and joint investigations. • Implementation of the Support Pool of Experts (SPE) 4 : the EDPB will launch the SPE pilot project to provide material support to EDPB Members in the form of expertise that is useful for investigations and enforcement activities, and to enhance cooperation and solidarity between EDPB Members by sharing, reinforcing and complementing strengths and addressing operational needs.

### ¶3

EDPB Document on Coordinated Enforcement Framework under Regulation 2016/679 (https://edpb.europa.eu/our-work-tools/our-documents/ovrigt/ edpb-document-coordinated-enforcement-framework-under-regulation_en).

### ¶4

EDPB Document on Terms of Reference of the EDPB Support Pool of Experts (https://edpb.europa.eu/our-work-tools/our-documents/other/edpb- document-terms-reference-edpb-support-pool-experts_en). Guidance on Art. 60 GDPR – One-stop-shop Guidance on Art. 61 GDPR – Mutual assistance Guidelines on Article 65 GDPR Guidelines on the calculation of administrative fines Assessment of the practical implementation of the amicable settlement Pillar III - A fundamental rights approach to new technologies As mentioned in the EDPB Strategy, the EDPB will monitor new and emerging technologies and their potential impact on the fundamental rights and daily lives of individuals, and will help to shape Europe’s digital future in line with our common values and rules, while continuing to work with other regulators and policymakers to promote regulatory coherence and enhanced protection for individuals. • Reinforcing the application of fundamental data protection principles and individual rights and establishing common positions and guidance, especially in the context of new technologies • Strengthening cooperation with external stakeholders (ENISA advisory group, ISO liaison, Contact point of the Stakeholder Cybersecurity Certification Group, etc.) Guidelines on examples regarding Data breach notifications* Guidelines on Blockchain Guidelines on Anonymisation and Pseudonymisation Guidelines on the use of facial recognition technology in the area of law enforcement Guidelines on virtual voice assistants* Guidelines on data protection in social media platform interfaces: practical recommendations Any additional guidance on legal implications relating to technological issues, such as Cloud computing, Artificial intelligence/Machine Learning, Digital Identity & Identity Federation, Data Brokers, Internet of Things, and payment methods Pillar IV - The global dimension As mentioned in the EDPB Strategy, the EDPB is determined to set and promote high EU and global standards for international data transfers to third countries and will reinforce its engagement with the international community to promote EU data protection as a global model and to ensure effective protection of personal data beyond the EU borders. • Providing guidance on the use of transfer tools ensuring an essentially equivalent level of protection and increasing awareness on their practical implementation and issues relating to government access to personal data • Engaging with the international community to promote EU data protection as a global model and to ensure effective protection of personal data beyond EU borders Recommendations on supplementary measures (on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data)* Opinions on and review of adequacy decisions (UK, Republic of Korea, review of Japan decision, any revision of 95/46 adequacy decisions...) PNR agreements (UK, Canada, Japan...) Guidelines on codes of conduct as a tool for international transfers Guidelines on certification as a tool for international transfers Guidelines on Article 37 LED (transfers subject to appropriate safeguards) Guidance on Article 48 GDPR (transfers or disclosures not authorised by Union law) Territorial scope (Article 3) of the GDPR and its interplay with Chapter V Statement on the proposed second additional protocol to the Council of Europe Convention on Cybercrime International agreements involving transfers, including FATCA and OECD CRS Approval procedure for Article 46.3(a) ad-hoc contractual clauses and Article 46.2(d) GDPR standard data protection clauses • Facilitating the engagement between EDPB members and the supervisory authorities of third countries with a focus on cooperation in enforcement cases involving controllers/ processors located outside the EEA Annex - Documents already adopted in early 2021 Statement on new draft provisions of the second additional protocol to the Council of Europe Convention on Cybercrime (Budapest Convention) Recommendations on the adequacy referential under the Law Enforcement Directive EDPB Document on the response to the request from the European Commission for clarifications on the consistent application of the GDPR, focusing on health research EDPB-EDPS Joint Opinion on Standard contractual clauses between controllers and processors EDPB-EDPS Joint Opinion on Standard contractual clauses for the transfer of personal data to third countries Guidelines on relevant and reasoned objection under Regulation 2016/679 Guidelines on processing personal data in the context of connected vehicles and mobility related applications EDPB-EDPS Joint Opinion on Standard contractual clauses for the transfer of personal data to third countries Guidelines on relevant and reasoned objection under Regulation 2016/679 Guidelines on processing personal data in the context of connected vehicles and mobility related applications

---
Generated by overview.legal · https://overview.legal/posts/126048 · 2026-07-17
