European Data Protection Board Opinions
Real life examples of GDPR decisions taken by national SAs and EDPB’s take on them
EDPB has published new opinions on several GDPR related decisions taken by the National Supervisory Authorities. The EDPB has revised, among other cases:
– the draft decision of the Irish Supervisory Authority (SA) re the Controller and the Processor Binding Corporate Rules (BCR) of Reinsurance Group of America
– the draft list of the competent SA of France re the processing operations exempt from the requirement of a DPIA (Art 35.5 GDPR)
– the draft decision of the Spanish SA re the Controller BCR of Fujikura Automotive Europe Group (FAE Group)
– the draft decision of the competent SA of Luxembourg re the approval of the requirements for accreditation of a certification body pursuant to Art 43.3 GDPR
European Data Protection Board Guidelines
New EDPB guidelines on geolocation and other tracing tools and on the processing of health data for research purposes in the context of the COVID-19 outbreak
During its 23rd plenary session, the European Data Protection Board adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.
The guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak aim to shed light on the most urgent legal questions concerning the use of health data, such as the legal basis of processing, further processing of health data for the purpose of scientific research, the implementation of adequate safeguards and the exercise of data subject rights.