New Year, New Plan: EDPB Issues 2021-2023 Strategy

January 5, 2021Alerts

It's a new year and everyone makes resolutions, even the European Data Protection Board (EDPB).

In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors located outside the EEA.

Pillar 1Advancing harmonization and facilitating compliance — this means striving for a maximum degree of consistency in the application of data protection rules and limiting fragmentation among member states.

Action items:

  • Provide further guidance on key notions of European Union data protection law.
  • Promote development and implementation of compliance mechanisms for controllers and processors (e.g. codes of conduct and certifications).
  • Foster the development of common tools for a wider audience (non-experts and Small or Medium Enterprises) and engage in awareness-raising and outreach activities.

Pillar 2Supporting effective enforcement and efficient cooperation between national supervisory authorities

Action items:

  • Encourage and facilitate use of the full range of cooperation tools.
  • Implement a Coordinated Enforcement Framework (CEF) to facilitate joint actions in a flexible but coordinated manner.
  • Establish a Support Pool of Experts (SPE) on the basis of a pilot project, with a view of providing material support in the form of expertise that is useful for investigations and enforcement activities.

Pillar 3Fundamental rights approach to new technologies — continuously monitor new and emerging technologies and their potential impact on the fundamental rights and daily lives of individuals.

Action items:

  • Proactively monitoring, assessing and establishing common positions and guidance as regards new technological applications in areas such as artificial intelligence (AI), biometrics, profiling, ad tech.
  • Reinforcing data protection by design and by default and accountability.
  • Intensify engagement and cooperation with other regulators (e.g. consumer protection and competition authorities) and policymakers.

Pillar 4The global dimension — set and promote high EU and global standards for international data transfers to third countries in the private and the public sector.

Action items:

  • Promote the use of transfer tools ensuring an essentially equivalent level of protection and increase awareness on their practical implementation: develop and provide further practical guidance.
  • Engage in dialogue with international organizations and institutional networks in order to provide leadership in data protection.
  • Facilitate the engagement between EDPB members and the supervisory authorities of third countries with a focus on cooperation in enforcement cases involving controllers/processors located outside the European Economic Area.

Odia Kagan is a partner in the firm's Privacy & Data Security Practice and Chair of the GDPR Compliance & International Privacy Practice. For questions about this alert or assistance with GDPR compliance issues, contact Odia at [email protected] or 215.444.7313.