Skip to content
Guidance · EDPB ·work-programme-2019-2020 EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

EDPB Work Programme 2019-2020

Summary

1 12.02 .19 EDPB Work Program 2019/2020 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU and EEA EFTA data protection supervisory authorities. T he EDPB is established by the General Data Protection Regulation (GDPR) . The EDPB is composed of representatives of the national EU and EEA EFTA…

How it connects

Full text

1 12.02 .19 EDPB Work Program 2019/2020 The European Data Protection Board The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union, and promotes cooperation between the EU and EEA EFTA data protection supervisory authorities. T he EDPB is established by the General Data Protection Regulation (GDPR) . The EDPB is composed of representatives of the national EU and EEA EFTA data protection supervisory authorities, and the European Data Protection Supervisor (EDPS). The EDPB has the following main tasks:  To i ssue opinions, guidelines, recommendations and best practices to promote a common unde rstanding of the GDPR and the Law Enforcement Directive ;  To a dvise the Europe an Commission on any issue related to the protection of personal data in the Union;  To contribute to the consistent application of the GDPR , in particular in cross - border data protection cases  To promote cooperation and the effective exchange of information and best practice between national supervisory authorities In line with the Article 29 of the EDPB Rules of procedure , the EDPB has developed its two - year work program for 2019 and 2020. After having endorsed guidelines adopted by the WP29 and after having issued guidelines on the interpretation of the new provisions introduced by the GDPR, the EDPB now aim s to focus more on specific items or technologies . T he work program of the EDPB is based on the need s identified by the members as priority for stakeholders as well as the EU legislator planned activit ies . The EDPB will regularly monitor the impleme ntation of its work program which might be updated. 2 12.02 .19 Activities for 2019 - 2020 I. Guidelines  Guidelines on Codes of Conduct and Monitoring Bodies  Guidelines on delisting  Guidelines on PSD2 and GDPR  Guidelines on international transfers between public bodies for administrative cooperation purposes  Guidelines Certification and Codes of Conduct as a tool for transfers  Guidelines on Connected vehicles  Guidelines on Certification (finalisation after the public consultation)  Guidelines on video surveillance  Guidelines on Data Protection by Design and by Default  Guidelines on Targeting of social media users  Guidelines on children’s data  Guidelines on reliance on Art. 6(1) b in the context of online services  Guidel ines on concepts of controller and processor (Update of the WP29 Opinion)  Guidelines on the notion of legitimate interest of the data controller (Update of the WP29 Opinion)  Guidelines on the Territorial Scope of the GDPR (finalisation after the public consultation )  Guidelines on the powers of DPAs in accordance with Art. 47 of the Law Enforcement Directive  Guidelines on data subjects rights with main focus at a first stage on the rights of access, erasure, objection, restriction and limitations to these rights II. Consistency o pinions  Opinion on administrative arrangement between EEA and non EEA financial market regulators  Opinion on Interplay between GDPR and ePrivacy III. Other type s of activities  Privacy Shield - Follow - up of the Joint Review  ePrivacy Regulation  Procedural rules on the Supervision of EU large scale IT systems  Consultation from the Commission on the Clinical Trials Regulation  Reflection paper on international mutual assistance and other cooperation tools to enforce the GDPR outside the E U (Art. 50)  EDPB Enforcement Strategy  FATCA - Statement in response to the European Parliament’s resolution  Statement on the use of personal data in the context of elections  Enhancement of existing IT solutions and development of new IT solutions  Data breach notifications  Consultation from the Commission on the report regarding the evaluation and review of the GDPR according to Art. 97 3 12.02 .19 IV. Recurrent activities a. Consistency opinion s and decision s  Opinions regarding relevant draft decision from competent supervisory authorities, such as decisions on  DPIA lists (Art. 35 ( 4) - (5))  C odes of conduct  A ccreditation criteria for code monitoring and certification bodies and certification criteria under Art. 42(5) (European Data Protection Seal)  S tandard contractual clauses for international transfers under Art. 46(2)  S tandard contractual clauses for processors under Art. 28(8)  A d hoc contractual clauses for international transfers under Art. 46(3)  B inding C orporate R ules (Art. 47(1))  Any opinion on matter of general application or producing effects in several member States, on the basis of a request from any supervisory authority, the Chair or the Commission under Art. 64(2)  Any binding decision in the context of dispute resolution ( Art. 65(1) ) or urgency procedure ( Art. 66) b. Legislative consultation  Any opinion, statement, advice on the request of the Commission following the adoption of proposals for a legislative act, international agreement or when preparing delegated acts or implementing acts, where the act is of particular importance for the protection of individuals’ rights and freedoms with regard to the proce ssing of personal data, such as o pinion s on future or review of ex isting Adequacy decisions V. Possible topics  Guidelines on the interpretation of Art. 48 GDPR  Guidance on the interaction between the Regulation on the free flow of non - personal data in the EU and the GDPR  Opinion on cross - border request s for e - evidence  Comments on updated PNR agreement with Canada  Update of guidance on government access to data both in Essential Guarantees paper and A dequacy R eferential  Enforcement against controllers in 3rd countries  e - Invoices and creation of centralized databases by Ministries of Finance  Use of credit cards for distant payments and post - transaction reten tion of card numbers  Good practices regarding research projects  Approval procedure for ad hoc contractual clauses  Blockchain  Interoperability between BCRs  Use of new technologies, such as AI, connected assistants

Similar Content