Lors de sa 17e séance plénière, l'EDPB a notamment adopté des avis sur les exigences d'accréditation des organismes de contrôle des codes de conduite (BE, ES, FR), des lignes directrices sur les véhicules connectés, des lignes directrices sur le traitement des données à caractère personnel par des dispositifs vidéo, des avis sur les exigences en matière d'accréditation des organismes de certification (LU, UK), un avis sur les BCR du groupe Fujikura Automotive Europe, une lettre sur les algorithmes déloyaux et sur la Convention sur la cybercriminalité du Conseil de l'Europe:
Brussels, 30 January - On January 28th and 29th, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their seventeenth plenary session. During the plenary, a wide range of topics was discussed.
The EDPB adopted its opinions on the Accreditation Requirements for Codes of Conduct Monitoring Bodies submitted to the Board by the Belgian, Spanish and French supervisory authorities (SAs). These opinions aim to ensure consistency and the correct application of the criteria among EEA SAs.
The EDPB adopted draft Guidelines on Connected Vehicles. As vehicles become increasingly more connected, the amount of data generated about drivers and passengers by these connected vehicles is growing rapidly. The EDPB guidelines focus on the processing of personal data in relation to the non-professional use of connected vehicles by data subjects. More specifically, the guidelines deal with the personal data processed by the vehicle and the data communicated by the vehicle as a connected device. The guidelines will be submitted for public consultation.
The Board adopted the final version of the Guidelines on the processing of Personal Data through Video Devices following public consultation. The guidelines aim to clarify how the GDPR applies to the processing of personal data when using video devices and to ensure the consistent application of the GDPR in this regard. The guidelines cover both traditional video devices and smart video devices. The guidelines address, among others, the lawfulness of processing, including the processing of special categories of data, the applicability of the household exemption and the disclosure of footage to third parties. Following public consultation, several amendments were made.
The EDPB adopted its opinions on the draft accreditation requirements for Certification Bodies submitted to the Board by the UK and Luxembourg SAs. These are the first opinions on accreditation requirements for Certification Bodies adopted by the Board. They aim to establish a consistent and harmonised approach regarding the requirements which SAs and national accreditation bodies will apply when accrediting certification bodies.
The EDPB adopted its opinion on the draft decision regarding the Fujikura Automotive Europe Group’s Controller Binding Corporate Rules (BCRs), submitted to the Board by the Spanish Supervisory Authority.
Letter on unfair algorithms
The EDPB adopted a letter in response to MEP Sophie in’t Veld’s request concerning the use of unfair algorithms. The letter provides an analysis of the challenges posed by the use of algorithms, an overview of the relevant GDPR provisions and existing guidelines addressing these issues, and describes the work already undertaken by SAs.
Letter to the Council of Europe on the Cybercrime Convention
Following the Board’s contribution to the consultation process on the negotiation of a second additional protocol to the Council of Europe Convention on Cybercrime (Budapest Convention), several EDPB Members actively participated in the Council of Europe Cybercrime Committee’s (T-CY) Octopus Conference. The Board adopted a follow-up letter to the conference, stressing the need to integrate strong data protection safeguards into the future Additional Protocol to the Convention and to ensure its consistency with Convention 108, as well as with the EU Treaties and Charter of Fundamental Rights.
During its January Plenary Session, the EDPB adopted the following documents:
- Article 64 Opinions on Accreditation Requirements for Codes of Conduct Monitoring Bodies, submitted to the Board by:
- Guidelines on Connected Vehicles
- Guidelines on the processing of Personal Data through Video Devices (following public consultation)
- Article 64 Opinions on Accreditation Requirements for Certification Bodies, submitted to the Board by:
- Article 64 Opinion on the Fujikura Automotive Europe Group’s Controller BCRs
- Letter on unfair algorithms
- Letter to the Council of Europe on the Cybercrime Convention
- Document on the procedure for the approval of certification criteria by the EDPB resulting in a common certification: the European Data Protection Seal