During its plenary of 2 September 2020, The Board adopted Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users.
Guidelines on the concepts of controller and processor in the GDPR
The Board adopted Guidelines on the concepts of controller and processor in the GDPR. Since the entry into application of the GDPR, questions have been raised as to what extent the GDPR brought changes to these concepts, particularly regarding the concept of joint controllership (as laid down in Article 26 GDPR and following several CJEU rulings), as well as the obligations for processors (in particular Article 28 GDPR) laid down in Chapter IV of the GDPR.
Guidelines on the targeting of social media users
The Guidelines aim to provide practical guidance to stakeholders and contain various examples of different situations so that stakeholders can quickly identify the ‘scenario’ that is closest to the targeting practice they intend to deploy. The main aim of the Guidelines is to clarify the roles and responsibilities of the social media provider and the targeted individual.