EDPB

EDPB is the European Data Protection Board, an independent European Union European Union body that aims to ensure consistent application of General Data Protection Regulation (GDPR) across all European Economic Area (EEA) countries, including Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden. The EDPB works closely with the European Commission, European Parliament, and Council of the European Union to develop and implement data protection policies. It also collaborates with other EU agencies, such as the European Data Protection Supervisor (EDPS) and the European Union Agency for Fundamental Rights (FRA). The EDPB's work is informed by the Charter of Fundamental Rights of the European Union and the Treaty on the Functioning of the European Union.

Overview

The EDPB is composed of representatives from the national data protection authorities of each EEA country, as well as the European Data Protection Supervisor (EDPS). The board's primary objective is to ensure that the General Data Protection Regulation (GDPR) is applied consistently across the EEA, thereby protecting the fundamental rights of European Union citizens, including the right to privacy and the right to data protection. The EDPB works closely with other EU bodies, such as the European Commission, European Parliament, and Council of the European Union, to develop and implement data protection policies. It also collaborates with international organizations, such as the Organisation for Economic Co-operation and Development (OECD) and the United Nations (UN), to promote data protection standards globally. The EDPB's work is guided by the principles of data protection by design and by default, as outlined in the General Data Protection Regulation.

History and establishment

The EDPB was established on May 25, 2018, with the entry into force of the General Data Protection Regulation (GDPR). The GDPR replaced the Data Protection Directive 95/46/EC and introduced a new framework for data protection in the European Union. The EDPB was created to replace the Article 29 Data Protection Working Party (WP29), which was established in 1995 to provide guidance on the implementation of the Data Protection Directive 95/46/EC. The EDPB's establishment was a key component of the European Union's efforts to strengthen data protection in the EU, as outlined in the Digital Single Market strategy. The EDPB's first chair was Andrea Jelinek, who was appointed by the European Commission and has played a key role in shaping the board's work. The EDPB has also worked closely with other EU agencies, such as the European Union Agency for Network and Information Security (ENISA) and the European Institute for Gender Equality (EIGE).

Structure and composition

The EDPB is composed of representatives from the national data protection authorities of each EEA country, as well as the European Data Protection Supervisor (EDPS). The board has a chair and two deputy chairs, who are elected by the members of the board. The EDPB also has a secretariat, which is provided by the European Commission. The board's members include representatives from the Austrian Data Protection Authority, Belgian Data Protection Authority, Bulgarian Commission for Personal Data Protection, Croatian Personal Data Protection Agency, Cypriot Commissioner for Personal Data Protection, Czech Office for Personal Data Protection, Danish Data Protection Agency, Estonian Data Protection Inspectorate, Finnish Data Protection Ombudsman, French National Commission on Informatics and Liberty (CNIL), German Federal Commissioner for Data Protection and Freedom of Information (BfDI), Greek Data Protection Authority, Hungarian National Authority for Data Protection and Freedom of Information (NAIH), Icelandic Data Protection Authority, Irish Data Protection Commission, Italian Garante per la protezione dei dati personali, Latvian Data State Inspectorate, Liechtenstein Data Protection Office, Lithuanian State Data Protection Inspectorate, Luxembourg National Commission for Data Protection (CNPD), Maltese Information and Data Protection Commissioner (IDPC), Dutch Data Protection Authority, Norwegian Data Protection Authority, Polish Personal Data Protection Office (UODO), Portuguese National Commission for Data Protection (CNPD), Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP), Slovak Office for Personal Data Protection, Slovenian Information Commissioner, Spanish Agency for Data Protection (AEPD), and Swedish Authority for Privacy Protection (IMY).

Key responsibilities and tasks

The EDPB has several key responsibilities and tasks, including providing guidance on the interpretation and application of the General Data Protection Regulation (GDPR). The board also issues opinions on matters related to data protection, such as the European Commission's adequacy decisions regarding third countries, including United States, Canada, Japan, and South Korea. The EDPB also provides advice to the European Commission on matters related to data protection, such as the development of new data protection regulations and the negotiation of international agreements, including the EU-US Privacy Shield and the EU-Japan Economic Partnership Agreement. The board also cooperates with other EU bodies, such as the European Data Protection Supervisor (EDPS) and the European Union Agency for Fundamental Rights (FRA), to promote data protection standards and protect the fundamental rights of European Union citizens. The EDPB has also worked closely with international organizations, such as the International Conference of Data Protection and Privacy Commissioners (ICDPPC) and the Asia-Pacific Economic Cooperation (APEC) forum.

Notable guidelines and decisions

The EDPB has issued several notable guidelines and decisions, including guidelines on the GDPR's provisions on data protection by design and by default, data subject rights, and data breach notification. The board has also issued opinions on matters related to data protection, such as the use of artificial intelligence and machine learning in data processing, and the protection of personal data in the context of cloud computing. The EDPB has also provided guidance on the application of the GDPR in specific sectors, such as healthcare and finance. The board's guidelines and decisions are informed by the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) case law, including the Schrems II judgment. The EDPB has also worked closely with other EU agencies, such as the European Union Agency for Network and Information Security (ENISA) and the European Institute for Gender Equality (EIGE), to promote data protection standards and protect the fundamental rights of European Union citizens.

Relationship with other EU bodies

The EDPB works closely with other EU bodies, including the European Commission, European Parliament, and Council of the European Union. The board also cooperates with other EU agencies, such as the European Data Protection Supervisor (EDPS) and the European Union Agency for Fundamental Rights (FRA). The EDPB also has a close relationship with the national data protection authorities of each EEA country, which are responsible for enforcing the General Data Protection Regulation (GDPR) at the national level. The board's work is also informed by the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) case law, including the Schrems II judgment. The EDPB has also worked closely with international organizations, such as the Organisation for Economic Co-operation and Development (OECD) and the United Nations (UN), to promote data protection standards globally. The EDPB's relationship with other EU bodies is guided by the principles of subsidiarity and proportionality, as outlined in the Treaty on the Functioning of the European Union. Category:European Union agencies