Commission publishes Communication on the GDPR’s first year of implementation
On 24 July, the European Commission published a Communication looking at the impact of the EU data protection rules just over one year after the entry into application of the GDPR and how they can be improved further.
The Commission said that it will use all the tools at its disposal, including infringement procedures, to ensure compliance and limit fragmentation by Member States.
The next steps for the Commission is to draft a report to be published by 25 May 2020, assessing the progress made, including a review of the previous adequacy decisions adopted under the old Data Protection Directive.
EDPS holds high level discussion on the challenges for data protection and competitiveness in the digital age
On 9 July, the European Data Protection Supervisor (EDPS) and the German Federal Commissioner for Data Protection and Freedom of Information (BfDI) organised a discussion focusing on the challenges for data protection and competitiveness in the digital age. The business models that competition authorities were interested were entirely data-driven; with a focus on concerns around data protection and competition.
One solution proposed is to enforce access to data, forcing companies to open their databases so that others can compete. However, the problem for competition authorities is how to grant access to personal data under the current rules of the GDPR. Another avenue would be to limit data gathering and the processing of personal data, thus ensuring fair competition and keeping the markets open for new players. A full overview of the debate is available here.
European Data Protection Board holds Twelfth Plenary session
On July 9-10, the EEA Data Protection Authorities and the European Data Protection Supervisor (EDPS), assembled in the European Data Protection Board (EDPB), met for their twelfth plenary session. The full press release is available here.
During the meeting, the EDPB adopted various documents, including: Guidelines on Video Surveillance, which will be subject to public consultation; a joint EDPB-EDPS reply to the LIBE Committee on the implications of the US CLOUD Act; and an Art. 64 GDPR opinionon the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment.
Commission publishes notices to stakeholders on Brexit and the application of EU rules
Following the request by the UK, the European Council (Article 50) adopted on 11 April 2019, a decision extending until 31 October 2019, the period provided for in Article 50(3) TEU for the country’s withdrawal from the EU. It is now foreseen that the UK would become, as of 1 November 2019 a 'third country'. As such, the European Commission has published further notices to help stakeholders prepare.
A full list of the Brexit preparedness notices published thus far is available here.
DATES FOR YOUR DIARY
26 September: AIG Meeting - Strategy for AIG Directors' Lunch, EASA Offices, 14:00 - 15:00
2 October: AIG Directors’ Lunch, Stanhope Hotel, Brussels, 12:30 - 14:30