New Year, New Plan: EDPB Issues 2021-2023 StrategyJanuary 5, 2021 – Alerts
It's a new year and everyone makes resolutions, even the European Data Protection Board (EDPB).
In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors located outside the EEA.
Pillar 1: Advancing harmonization and facilitating compliance — this means striving for a maximum degree of consistency in the application of data protection rules and limiting fragmentation among member states.
- Provide further guidance on key notions of European Union data protection law.
- Promote development and implementation of compliance mechanisms for controllers and processors (e.g. codes of conduct and certifications).
- Foster the development of common tools for a wider audience (non-experts and Small or Medium Enterprises) and engage in awareness-raising and outreach activities.
Pillar 2: Supporting effective enforcement and efficient cooperation between national supervisory authorities
- Encourage and facilitate use of the full range of cooperation tools.
- Implement a Coordinated Enforcement Framework (CEF) to facilitate joint actions in a flexible but coordinated manner.
- Establish a Support Pool of Experts (SPE) on the basis of a pilot project, with a view of providing material support in the form of expertise that is useful for investigations and enforcement activities.
Pillar 3: Fundamental rights approach to new technologies — continuously monitor new and emerging technologies and their potential impact on the fundamental rights and daily lives of individuals.
- Proactively monitoring, assessing and establishing common positions and guidance as regards new technological applications in areas such as artificial intelligence (AI), biometrics, profiling, ad tech.
- Reinforcing data protection by design and by default and accountability.
- Intensify engagement and cooperation with other regulators (e.g. consumer protection and competition authorities) and policymakers.
Pillar 4: The global dimension — set and promote high EU and global standards for international data transfers to third countries in the private and the public sector.
- Promote the use of transfer tools ensuring an essentially equivalent level of protection and increase awareness on their practical implementation: develop and provide further practical guidance.
- Engage in dialogue with international organizations and institutional networks in order to provide leadership in data protection.
- Facilitate the engagement between EDPB members and the supervisory authorities of third countries with a focus on cooperation in enforcement cases involving controllers/processors located outside the European Economic Area.
Odia Kagan is a partner in the firm's Privacy & Data Security Practice and Chair of the GDPR Compliance & International Privacy Practice. For questions about this alert or assistance with GDPR compliance issues, contact Odia at [email protected] or 215.444.7313.