SlideShare a Scribd company logo

Didier Reynders letter to the EU Parliament

LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP

Amid mounting criticism of Ireland’s privacy watchdog, top European Commission official Didier Reynders has come to Dublin’s defense, brushing off calls to penalize the country over claims it has failed to uphold Europeans’ privacy rights. The defense, in a letter to MEPs, comes after lawmakers including Sophie in ‘t Veld and Tineke Strik from the Netherlands and Cornelia Ernst and Birgit Sippel from Germany urged the EU executive to open a disciplinary procedure against Dublin.

News & Politics
1 of 4
Download to read offline
MEP Sophie in ‘t Veld MEP Birgit Sippel MEP Tineke Strik MEP Cornelia Ernst DIDIER REYNDERS Rue de la Loi, 200 B-1049 Brussels MEMBER OF THE EUROPEAN COMMISSION Phone: +32-2 295 09 00 JUSTICE Didier.Reynders@ec.europa.eu Brussels, Ares S(2021) 8673573 Honourable Members, I would like to thank you for your letter of 6 December 2021, in which you are asking a number of questions on the enforcement of the General Data Protection Regulation (GDPR). Let me first underline that I fully share the conviction that a robust enforcement of data protection rules is essential. I am also fully committed to ensure such an effective enforcement. As you are aware, on 24 June 2020 the Commission has issued a detailed evaluation report on the GDPR1 , based on an extensive feedback received from various stakeholders. In this context, we have analysed the cooperation mechanism and presented our views. We considered that it was too early to come to definitive conclusions on how the system functions. I believe this conclusion is still valid today: in the last months, the intensive work of data protection authorities, making use of the tools provided by the GDPR, has led to important results. The cooperation mechanism is used routinely by data protection authorities2 . As shown by the figures from the European Data Protection Board (EDPB), until December 2021, 848 procedures related to the one-stop-shop (Article 60 GDPR) have been triggered out of which 303 final decisions have been issued. The figure about the proportion of cases dealt by the Irish DPC mentioned in your letter appears to be a misinterpretation of the statistic produced by the EDPB. The cases listed in the IMI case register used by the EDPB are not all deemed to trigger Article 60 procedures. Among others, they include also cases where informal exchange of information is on-going under mutual assistance, “local cases” (under Article 56 GDPR), cases not meeting the cross-border requirement and other cases that for various reasons do not fall under the scope of application of Article 60. Article 60 procedure is only one of the possible ways to resolve data protection investigations and, therefore, the ratio between 1 Communication from the Commission to the European Parliament and the Council - two years of application of the General Data Protection Regulation | European Commission (europa.eu) 2 With two Article 65 GDPR decisions adopted.
the number of Article 60 submissions and the total number of cases registered for a given data protection authority3 is not a relevant indicator. When looking at Article 60 proceedings, it is also important to distinguish between cases which can be resolved quickly, since they do not require extensive investigations, and cases which require complex legal and economic assessment or pose novel issues. These complex cases, in particular those which require discussions concerning the most contentious issues (see below on the DPC draft decision on WhatsApp), might require several months or years as it is the case for instance for competition law investigations. Against this background, let me now turn to the specific questions raised in your letter. Your first question concerns the criteria that the Commission uses to monitor the application of the GDPR in the Member States. The Commission is implementing the approach presented in the Communication issued last year on the GDPR. Among the issues we had identified concerning the application of the GDPR was whether national laws raise questions on the proportionality of the interference with the right to data protection. This is why we initiated infringement proceedings against Poland (disproportionate obligation on judges to provide information for the purposes of publication about specific non-professional activities) and Hungary (legislation on paedophile offenders and amending certain laws for the protection of children), as part of proceedings covering several topics. Another key priority identified in our Communication was the independence and resources of the national data protection authorities. In this respect, it is positive that there has been an increase in staff around 60% and in budget around 80% for national data protection authorities, taken together in the EEA, between 2016 and 20214 . However, despite this overall progress, the situation is uneven between Member States and a majority of the authorities considers their resources still insufficient. This is why we will pursue our efforts to argue for more human and financial resources for data protection authorities. The Commission did not hesitate to start infringement procedures, where necessary, to ensure the independence of data protection authorities. This is important to preserve citizens’ trust that their fundamental rights are duly protected and to guarantee the functioning of the entire data protection system in the Union. In particular, after having carefully analysed the situation, including information provided by complainants, the Commission raised concerns that some members of the Belgian data protection authority do not fulfil the requirements for independence, as they are not free from external influence or have incompatible occupations. The Commission sent a reasoned opinion to Belgium on 12 November 2021 and the Belgian authorities will have to reply by 12 January 2022. Following the launch of the infringement procedure, the Belgian Parliament is now discussing a new legislation on the data protection authority. We will assess a possible new draft legislation, as well as the other information that will put forward by the Belgian authorities to see whether the Commission concerns are addressed. Should similar situations arise in other Member States, the Commission will take the necessary measures as it did in the case of Belgium. 3 We understand this is how the ratio of 98% in the case of the Irish DPC has been calculated. 4 As shown in the Commission GDPR report issued last year and the updated figures provided by the EDPB to the Parliament.
On your second and third questions on the application and enforcement of the GDPR in Ireland, we have not so far identified issues with the Irish data protection rules or have evidence that these rules have not been respected. However, the Commission will continue to follow closely the developments, as in any other Member States. On the specific issue of the enforcement by the Irish DPC, we note that the DPC has submitted 7 cases to the Article 60 procedures, including one on Facebook in October and the latest one on Instagram on 3 December. One of the results of these submissions has been the imposition by the DPC of a fine of EUR 225 million on WhatsApp in August, the second largest fine after the one imposed by the Luxembourgish data protection authority on Amazon.com Inc, also this summer (EUR 746 million according to available information5 ). Since then, these two fines have been challenged by the companies concerned. We now need to await the result of the judicial process. In addition, on 1 November WhatsApp lodged a direct action before the General Court of the European Union against the EDPB decision addressed to the DPC in this case6 . This case will bring very important clarifications as to the nature of the consistency mechanism. These high-level cases against big techs are only part of the activity of the Irish DPC. In addition, not all investigations carried out by data protection authorities lead to a “decision” and therefore are included in the EDPB statistics of cases closed with a decision. The DPC, as other data protection authorities, may close cases without a decision. The GDPR gives individuals the right to submit a complaint and to be informed of the progress of the complaint and its outcome. The Irish implementing legislation provides that, in the case of complete resolution of a complaint by amicable settlement, the complaint is understood to be withdrawn. Such cases are closed without a decision. This possibility exists only if the complainant agrees to withdraw the complaint. The GDPR does not preclude the complaint to be withdrawn. The resolution of a matter which was subject to a complaint through amicable settlement gives the complainant a quick and effective remedy and spares the supervisory authority’s resources. This is true for local and cross-border cases. The GDPR refers to “amicable settlement” in Recital 131. Many data protection authorities apply this instrument, even if in different ways. Your fourth and fifth questions concern the launch of infringement procedures. As indicated above, the Commission started infringement proceedings against three Member States for violations of the GDPR, in line with the approach presented in our Communication on the GDPR. I can assure you that we will continue to pursue this approach in the months and years to come and not hesitate to intervene, where needed, to ensure an effective enforcement of the GDPR. On your sixth question, in my introductory comments I already stressed the need to consider with great prudence the robustness of the indicators. Furthermore, in July 2021, the cross-party Justice Committee of the Irish Parliament and Senate adopted a report which includes a series of recommendations on the work of the DPC. While I cannot comment on such report, I find it positive that steps are taken at national level to discuss how to address any possible issues with the GDPR implementation. It is indeed in the first place for Member States to ensure the implementation of EU legislation. 5 The Luxembourgish DPA has not confirmed officially the amount of the fine since it is not allowed to communicate about individual case (it will be able to do so only after the deadline for appeal has expired). 6 T-709/21WhatsApp v EDPB.
On your seventh and eight questions, I would like to clarify that, during the discussions within the EDPB, all DPAs are expressing their views how different provisions of the GDPR should be interpreted. Indeed, while establishing the EDPB the legislator provided that the very purpose of the consistency mechanism is to allow for an open discussion and transparent and honest exchange of different points of view on how the GDPR should be interpreted7 . The question which data can be processed on the basis of contract8 is a complex matter, which is now subject to two ongoing preliminary rulings proceedings at the CJEU9 . There are different views and approaches expressed concerning this matter. The discussion led to the publication of the guidelines initially for public consultation and then to the final adoption in the form which you refer to. As a general remark, the Commission would like to stress in this context that the six legal bases for the processing of personal data under the GDPR are equally valid and protective. Whatever the legal basis that the controller chooses to rely on, it has to comply with all GDPR requirements, including the principles of accountability, fairness and data minimisation. The Commission is very closely following the work of the EDPB. It participates to all EDPB meetings (plenaries and subgroups), offering its experience and expertise, albeit without voting right. I was informed that the independent data protection authorities gathered in the EDPB were working on the guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of provision of online services to data subjects. It is however not for the Commission to comment on the exchanges of views in the context of the EDPB, and certainly not to launch infringement proceedings against a Member State for the views expressed by its data protection authority in this context, irrespective of whether the Commission agrees or disagrees with it. To conclude, let me reiterate that the Commission is committed to ensure the effective application of the GDPR and will not hesitate, if necessary, to make full use of its powers under the Treaty to ensure its enforcement. Yours sincerely, (e-signed) Didier REYNDERS 7 See also EDPB statement of 16/12/21: https://edpb.europa.eu/news/news/2021/edpb-statement-edpb-cooperation- elaboration-guidelines en 8 Art 6(1)(b) GDPR. 9 Case C-446/21 but also C-221/21.

Recommended

Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?Gabrielė Songin
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?VILT
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlTransatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlDaniel Parziale, CIPP/US
 
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016Anastasia Zagorodnaya (Amosova)
 

Recommended

Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?Gabrielė Songin
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?VILT
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
Transatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlTransatlantic Data Privacy - From Safe Harbor to Privacy Sheidl
Transatlantic Data Privacy - From Safe Harbor to Privacy SheidlDaniel Parziale, CIPP/US
 
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016
PLB Conference_Doing Business in Russia_Privacy Law Risk Update_July 5 2016Anastasia Zagorodnaya (Amosova)
 
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Amministratore Bluefactor
 
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Amministratore Bluefactor
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
euregs
euregseuregs
euregsbwgoodman
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesbjknight
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
United Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian CompanyUnited Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian CompanyBarry Schuman
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake Morgan
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR"John "Jeb"" Beckwith
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR"John "Jeb"" Beckwith
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
 
The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016Matheson Law Firm
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80Lyndsey Shaw
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORTMartina Lindblad
 

More Related Content

What's hot

Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Amministratore Bluefactor
 
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Amministratore Bluefactor
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands legalandgeneral
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesbjknight
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKSally Hunt
 
United Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian CompanyUnited Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian CompanyBarry Schuman
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake Morgan
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Dr. Donald Macfarlane
 
The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016Matheson Law Firm
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Faidepro
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18Fife Centre for Equalities
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 

What's hot (20)

Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
Att. patrizia giannini fordham university new york 19 july 2013 - electroni...
 
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
Att. patrizia giannini ggi lisbon conference 19 april 2013 - electronic dis...
 
IAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe position on the proposal for an ePrivacy regulation
IAB Europe position on the proposal for an ePrivacy regulation
 
euregs
euregseuregs
euregs
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representativesFOI reply from MoJ regarding meetings between Grayling and BFG representatives
FOI reply from MoJ regarding meetings between Grayling and BFG representatives
 
Data_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UKData_Privacy_Protection_brochure_UK
Data_Privacy_Protection_brochure_UK
 
United Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian CompanyUnited Kingdom GDPR Action Taken Against Canadian Company
United Kingdom GDPR Action Taken Against Canadian Company
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal Data
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016 Data Protection and Comnpliance with the GDPR Event 22 september 2016
Data Protection and Comnpliance with the GDPR Event 22 september 2016
 
The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016The International Comparative Legal Guide to: Data Protection 2016
The International Comparative Legal Guide to: Data Protection 2016
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
 
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
 

Similar to Didier Reynders letter to the EU Parliament

Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India SadanandGahivare
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsThe Economist Media Businesses
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...Feroot
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...CODE BLUE
 
The new EU regulatory landscape - How might it impact digital advertising?
The new EU regulatory landscape - How might it impact digital advertising?The new EU regulatory landscape - How might it impact digital advertising?
The new EU regulatory landscape - How might it impact digital advertising?Nick Stringer
 
Spain is responsible for 80% of European Data Protection fines. (on page 3)
Spain is responsible for 80% of European Data Protection fines. (on page 3)Spain is responsible for 80% of European Data Protection fines. (on page 3)
Spain is responsible for 80% of European Data Protection fines. (on page 3)Aurélie Pols
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand TrustArc
 
Dla piper data breach report 2020
Dla piper data breach report 2020Dla piper data breach report 2020
Dla piper data breach report 2020Paperjam_redaction
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
M2 position paper telefonica
M2 position paper telefonicaM2 position paper telefonica
M2 position paper telefonicaBenjamin Bakouch
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborGayle Gorvett
 
Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"William Nyikuli
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Paul Richards
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2Keith Purves
 

Similar to Didier Reynders letter to the EU Parliament (20)

PL&B _UK_80
PL&B _UK_80PL&B _UK_80
PL&B _UK_80
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India Data Privacy Protection & Advisory - EY India
Data Privacy Protection & Advisory - EY India
 
Companies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next stepsCompanies, digital transformation and information privacy: the next steps
Companies, digital transformation and information privacy: the next steps
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
EXPERT WEBINAR: GDPR One Year Later — What Can We Learn from Investigations a...
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...
 
The new EU regulatory landscape - How might it impact digital advertising?
The new EU regulatory landscape - How might it impact digital advertising?The new EU regulatory landscape - How might it impact digital advertising?
The new EU regulatory landscape - How might it impact digital advertising?
 
Data breach report
Data breach reportData breach report
Data breach report
 
Spain is responsible for 80% of European Data Protection fines. (on page 3)
Spain is responsible for 80% of European Data Protection fines. (on page 3)Spain is responsible for 80% of European Data Protection fines. (on page 3)
Spain is responsible for 80% of European Data Protection fines. (on page 3)
 
The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand The Conversation Continues: Where International Data Transfers Stand
The Conversation Continues: Where International Data Transfers Stand
 
Dla piper data breach report 2020
Dla piper data breach report 2020Dla piper data breach report 2020
Dla piper data breach report 2020
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
M2 position paper telefonica
M2 position paper telefonicaM2 position paper telefonica
M2 position paper telefonica
 
Data Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe HarborData Privacy vs. National Security post Safe Harbor
Data Privacy vs. National Security post Safe Harbor
 
Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"Policy Brief on Europe's "Right to be Forgotten"
Policy Brief on Europe's "Right to be Forgotten"
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 
EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2EveryCloud_GDPR_Whitepaper_v2
EveryCloud_GDPR_Whitepaper_v2
 

More from LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP

Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to KnowWho’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to KnowLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 

More from LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP (20)

A.I. Has a Measurement Problem: Can It Be Solved?
A.I. Has a Measurement Problem: Can It Be Solved?A.I. Has a Measurement Problem: Can It Be Solved?
A.I. Has a Measurement Problem: Can It Be Solved?
 
Let’s Say Someone Did Drop the Bomb. Then What?
Let’s Say Someone Did Drop the Bomb. Then What?Let’s Say Someone Did Drop the Bomb. Then What?
Let’s Say Someone Did Drop the Bomb. Then What?
 
How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.How Tech Giants Cut Corners to Harvest Data for A.I.
How Tech Giants Cut Corners to Harvest Data for A.I.
 
Why democracy dies in Trumpian boredom (by Edward Luce)
Why democracy dies in Trumpian boredom (by Edward Luce)Why democracy dies in Trumpian boredom (by Edward Luce)
Why democracy dies in Trumpian boredom (by Edward Luce)
 
An interview with the director of "Zone of Interest"
An interview with the director of "Zone of Interest"An interview with the director of "Zone of Interest"
An interview with the director of "Zone of Interest"
 
"Schindler’s List" : an oral history with the actors
"Schindler’s List" : an oral history with the actors"Schindler’s List" : an oral history with the actors
"Schindler’s List" : an oral history with the actors
 
Chinese Startup 01.AI Is Winning the Open Source AI Race
Chinese Startup 01.AI Is Winning the Open Source AI RaceChinese Startup 01.AI Is Winning the Open Source AI Race
Chinese Startup 01.AI Is Winning the Open Source AI Race
 
The mismeasuring of AI: How it all began
The mismeasuring of AI: How it all beganThe mismeasuring of AI: How it all began
The mismeasuring of AI: How it all began
 
Google’s Gemini Marketing Trick: what a trickster!
Google’s Gemini Marketing Trick: what a trickster!Google’s Gemini Marketing Trick: what a trickster!
Google’s Gemini Marketing Trick: what a trickster!
 
Inside the Magical World of AI Prompters on Reddit
Inside the Magical World of AI Prompters on RedditInside the Magical World of AI Prompters on Reddit
Inside the Magical World of AI Prompters on Reddit
 
Regulators blame Bezos for making Amazon worse in new lawsuit details
Regulators blame Bezos for making Amazon worse in new lawsuit detailsRegulators blame Bezos for making Amazon worse in new lawsuit details
Regulators blame Bezos for making Amazon worse in new lawsuit details
 
Bariatric Surgery at 16
Bariatric Surgery at 16Bariatric Surgery at 16
Bariatric Surgery at 16
 
Palestinians Claim Social Media 'Censorship' Is Endangering Lives
Palestinians Claim Social Media 'Censorship' Is Endangering LivesPalestinians Claim Social Media 'Censorship' Is Endangering Lives
Palestinians Claim Social Media 'Censorship' Is Endangering Lives
 
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to KnowWho’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know
 
Why ChatGPT Is Getting Dumber at Basic Math
Why ChatGPT Is Getting Dumber at Basic MathWhy ChatGPT Is Getting Dumber at Basic Math
Why ChatGPT Is Getting Dumber at Basic Math
 
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data
U.S. and E.U. Finalize Long-Awaited Deal on Sharing DataU.S. and E.U. Finalize Long-Awaited Deal on Sharing Data
U.S. and E.U. Finalize Long-Awaited Deal on Sharing Data
 
Will A.I. Become the New McKinsey?
Will A.I. Become the New McKinsey?Will A.I. Become the New McKinsey?
Will A.I. Become the New McKinsey?
 
AI is already writing books, websites and online recipes
AI is already writing books, websites and online recipesAI is already writing books, websites and online recipes
AI is already writing books, websites and online recipes
 
What happens when ChatGPT lies about real people?
What happens when ChatGPT lies about real people?What happens when ChatGPT lies about real people?
What happens when ChatGPT lies about real people?
 
The Brilliant Inventor Who Made Two of History’s Biggest Mistakes
The Brilliant Inventor Who Made Two of History’s Biggest MistakesThe Brilliant Inventor Who Made Two of History’s Biggest Mistakes
The Brilliant Inventor Who Made Two of History’s Biggest Mistakes
 

Recently uploaded

57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdfGerald Furnkranz
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.NaveedKhaskheli1
 
Chandrayaan 3 Successful Moon Landing Mission.pdf
Chandrayaan 3 Successful Moon Landing Mission.pdfChandrayaan 3 Successful Moon Landing Mission.pdf
Chandrayaan 3 Successful Moon Landing Mission.pdfauroraaudrey4826
 
Quiz for Heritage Indian including all the rounds
Quiz for Heritage Indian including all the roundsQuiz for Heritage Indian including all the rounds
Quiz for Heritage Indian including all the roundsnaxymaxyy
 
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Axel Bruns
 
Top 10 Wealthiest People In The World.pdf
Top 10 Wealthiest People In The World.pdfTop 10 Wealthiest People In The World.pdf
Top 10 Wealthiest People In The World.pdfauroraaudrey4826
 
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaign
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election CampaignN Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaign
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaignanjanibaddipudi1
 
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep VictoryAP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victoryanjanibaddipudi1
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...Ismail Fahmi
 
complaint-ECI-PM-media-1-Chandru.pdfra;;prfk
complaint-ECI-PM-media-1-Chandru.pdfra;;prfkcomplaint-ECI-PM-media-1-Chandru.pdfra;;prfk
complaint-ECI-PM-media-1-Chandru.pdfra;;prfkbhavenpr
 
Referendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoReferendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoSABC News
 
Opportunities, challenges, and power of media and information
Opportunities, challenges, and power of media and informationOpportunities, challenges, and power of media and information
Opportunities, challenges, and power of media and informationReyMonsales
 
VIP Girls Available Call or WhatsApp 9711199012
VIP Girls Available Call or WhatsApp 9711199012VIP Girls Available Call or WhatsApp 9711199012
VIP Girls Available Call or WhatsApp 9711199012ankitnayak356677
 
Manipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkManipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkbhavenpr
 
Brief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerBrief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerOmarCabrera39
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Ismail Fahmi
 

Recently uploaded (16)

57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf57 Bidens Annihilation Nation Policy.pdf
57 Bidens Annihilation Nation Policy.pdf
 
Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.Global Terrorism and its types and prevention ppt.
Global Terrorism and its types and prevention ppt.
 
Chandrayaan 3 Successful Moon Landing Mission.pdf
Chandrayaan 3 Successful Moon Landing Mission.pdfChandrayaan 3 Successful Moon Landing Mission.pdf
Chandrayaan 3 Successful Moon Landing Mission.pdf
 
Quiz for Heritage Indian including all the rounds
Quiz for Heritage Indian including all the roundsQuiz for Heritage Indian including all the rounds
Quiz for Heritage Indian including all the rounds
 
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
Dynamics of Destructive Polarisation in Mainstream and Social Media: The Case...
 
Top 10 Wealthiest People In The World.pdf
Top 10 Wealthiest People In The World.pdfTop 10 Wealthiest People In The World.pdf
Top 10 Wealthiest People In The World.pdf
 
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaign
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election CampaignN Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaign
N Chandrababu Naidu Launches 'Praja Galam' As Part of TDP’s Election Campaign
 
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep VictoryAP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
AP Election Survey 2024: TDP-Janasena-BJP Alliance Set To Sweep Victory
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
 
complaint-ECI-PM-media-1-Chandru.pdfra;;prfk
complaint-ECI-PM-media-1-Chandru.pdfra;;prfkcomplaint-ECI-PM-media-1-Chandru.pdfra;;prfk
complaint-ECI-PM-media-1-Chandru.pdfra;;prfk
 
Referendum Party 2024 Election Manifesto
Referendum Party 2024 Election ManifestoReferendum Party 2024 Election Manifesto
Referendum Party 2024 Election Manifesto
 
Opportunities, challenges, and power of media and information
Opportunities, challenges, and power of media and informationOpportunities, challenges, and power of media and information
Opportunities, challenges, and power of media and information
 
VIP Girls Available Call or WhatsApp 9711199012
VIP Girls Available Call or WhatsApp 9711199012VIP Girls Available Call or WhatsApp 9711199012
VIP Girls Available Call or WhatsApp 9711199012
 
Manipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpkManipur-Book-Final-2-compressed.pdfsal'rpk
Manipur-Book-Final-2-compressed.pdfsal'rpk
 
Brief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert OppenheimerBrief biography of Julius Robert Oppenheimer
Brief biography of Julius Robert Oppenheimer
 
Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024Different Frontiers of Social Media War in Indonesia Elections 2024
Different Frontiers of Social Media War in Indonesia Elections 2024
 

Didier Reynders letter to the EU Parliament

  • 1. MEP Sophie in ‘t Veld MEP Birgit Sippel MEP Tineke Strik MEP Cornelia Ernst DIDIER REYNDERS Rue de la Loi, 200 B-1049 Brussels MEMBER OF THE EUROPEAN COMMISSION Phone: +32-2 295 09 00 JUSTICE Didier.Reynders@ec.europa.eu Brussels, Ares S(2021) 8673573 Honourable Members, I would like to thank you for your letter of 6 December 2021, in which you are asking a number of questions on the enforcement of the General Data Protection Regulation (GDPR). Let me first underline that I fully share the conviction that a robust enforcement of data protection rules is essential. I am also fully committed to ensure such an effective enforcement. As you are aware, on 24 June 2020 the Commission has issued a detailed evaluation report on the GDPR1 , based on an extensive feedback received from various stakeholders. In this context, we have analysed the cooperation mechanism and presented our views. We considered that it was too early to come to definitive conclusions on how the system functions. I believe this conclusion is still valid today: in the last months, the intensive work of data protection authorities, making use of the tools provided by the GDPR, has led to important results. The cooperation mechanism is used routinely by data protection authorities2 . As shown by the figures from the European Data Protection Board (EDPB), until December 2021, 848 procedures related to the one-stop-shop (Article 60 GDPR) have been triggered out of which 303 final decisions have been issued. The figure about the proportion of cases dealt by the Irish DPC mentioned in your letter appears to be a misinterpretation of the statistic produced by the EDPB. The cases listed in the IMI case register used by the EDPB are not all deemed to trigger Article 60 procedures. Among others, they include also cases where informal exchange of information is on-going under mutual assistance, “local cases” (under Article 56 GDPR), cases not meeting the cross-border requirement and other cases that for various reasons do not fall under the scope of application of Article 60. Article 60 procedure is only one of the possible ways to resolve data protection investigations and, therefore, the ratio between 1 Communication from the Commission to the European Parliament and the Council - two years of application of the General Data Protection Regulation | European Commission (europa.eu) 2 With two Article 65 GDPR decisions adopted.
  • 2. the number of Article 60 submissions and the total number of cases registered for a given data protection authority3 is not a relevant indicator. When looking at Article 60 proceedings, it is also important to distinguish between cases which can be resolved quickly, since they do not require extensive investigations, and cases which require complex legal and economic assessment or pose novel issues. These complex cases, in particular those which require discussions concerning the most contentious issues (see below on the DPC draft decision on WhatsApp), might require several months or years as it is the case for instance for competition law investigations. Against this background, let me now turn to the specific questions raised in your letter. Your first question concerns the criteria that the Commission uses to monitor the application of the GDPR in the Member States. The Commission is implementing the approach presented in the Communication issued last year on the GDPR. Among the issues we had identified concerning the application of the GDPR was whether national laws raise questions on the proportionality of the interference with the right to data protection. This is why we initiated infringement proceedings against Poland (disproportionate obligation on judges to provide information for the purposes of publication about specific non-professional activities) and Hungary (legislation on paedophile offenders and amending certain laws for the protection of children), as part of proceedings covering several topics. Another key priority identified in our Communication was the independence and resources of the national data protection authorities. In this respect, it is positive that there has been an increase in staff around 60% and in budget around 80% for national data protection authorities, taken together in the EEA, between 2016 and 20214 . However, despite this overall progress, the situation is uneven between Member States and a majority of the authorities considers their resources still insufficient. This is why we will pursue our efforts to argue for more human and financial resources for data protection authorities. The Commission did not hesitate to start infringement procedures, where necessary, to ensure the independence of data protection authorities. This is important to preserve citizens’ trust that their fundamental rights are duly protected and to guarantee the functioning of the entire data protection system in the Union. In particular, after having carefully analysed the situation, including information provided by complainants, the Commission raised concerns that some members of the Belgian data protection authority do not fulfil the requirements for independence, as they are not free from external influence or have incompatible occupations. The Commission sent a reasoned opinion to Belgium on 12 November 2021 and the Belgian authorities will have to reply by 12 January 2022. Following the launch of the infringement procedure, the Belgian Parliament is now discussing a new legislation on the data protection authority. We will assess a possible new draft legislation, as well as the other information that will put forward by the Belgian authorities to see whether the Commission concerns are addressed. Should similar situations arise in other Member States, the Commission will take the necessary measures as it did in the case of Belgium. 3 We understand this is how the ratio of 98% in the case of the Irish DPC has been calculated. 4 As shown in the Commission GDPR report issued last year and the updated figures provided by the EDPB to the Parliament.
  • 3. On your second and third questions on the application and enforcement of the GDPR in Ireland, we have not so far identified issues with the Irish data protection rules or have evidence that these rules have not been respected. However, the Commission will continue to follow closely the developments, as in any other Member States. On the specific issue of the enforcement by the Irish DPC, we note that the DPC has submitted 7 cases to the Article 60 procedures, including one on Facebook in October and the latest one on Instagram on 3 December. One of the results of these submissions has been the imposition by the DPC of a fine of EUR 225 million on WhatsApp in August, the second largest fine after the one imposed by the Luxembourgish data protection authority on Amazon.com Inc, also this summer (EUR 746 million according to available information5 ). Since then, these two fines have been challenged by the companies concerned. We now need to await the result of the judicial process. In addition, on 1 November WhatsApp lodged a direct action before the General Court of the European Union against the EDPB decision addressed to the DPC in this case6 . This case will bring very important clarifications as to the nature of the consistency mechanism. These high-level cases against big techs are only part of the activity of the Irish DPC. In addition, not all investigations carried out by data protection authorities lead to a “decision” and therefore are included in the EDPB statistics of cases closed with a decision. The DPC, as other data protection authorities, may close cases without a decision. The GDPR gives individuals the right to submit a complaint and to be informed of the progress of the complaint and its outcome. The Irish implementing legislation provides that, in the case of complete resolution of a complaint by amicable settlement, the complaint is understood to be withdrawn. Such cases are closed without a decision. This possibility exists only if the complainant agrees to withdraw the complaint. The GDPR does not preclude the complaint to be withdrawn. The resolution of a matter which was subject to a complaint through amicable settlement gives the complainant a quick and effective remedy and spares the supervisory authority’s resources. This is true for local and cross-border cases. The GDPR refers to “amicable settlement” in Recital 131. Many data protection authorities apply this instrument, even if in different ways. Your fourth and fifth questions concern the launch of infringement procedures. As indicated above, the Commission started infringement proceedings against three Member States for violations of the GDPR, in line with the approach presented in our Communication on the GDPR. I can assure you that we will continue to pursue this approach in the months and years to come and not hesitate to intervene, where needed, to ensure an effective enforcement of the GDPR. On your sixth question, in my introductory comments I already stressed the need to consider with great prudence the robustness of the indicators. Furthermore, in July 2021, the cross-party Justice Committee of the Irish Parliament and Senate adopted a report which includes a series of recommendations on the work of the DPC. While I cannot comment on such report, I find it positive that steps are taken at national level to discuss how to address any possible issues with the GDPR implementation. It is indeed in the first place for Member States to ensure the implementation of EU legislation. 5 The Luxembourgish DPA has not confirmed officially the amount of the fine since it is not allowed to communicate about individual case (it will be able to do so only after the deadline for appeal has expired). 6 T-709/21WhatsApp v EDPB.
  • 4. On your seventh and eight questions, I would like to clarify that, during the discussions within the EDPB, all DPAs are expressing their views how different provisions of the GDPR should be interpreted. Indeed, while establishing the EDPB the legislator provided that the very purpose of the consistency mechanism is to allow for an open discussion and transparent and honest exchange of different points of view on how the GDPR should be interpreted7 . The question which data can be processed on the basis of contract8 is a complex matter, which is now subject to two ongoing preliminary rulings proceedings at the CJEU9 . There are different views and approaches expressed concerning this matter. The discussion led to the publication of the guidelines initially for public consultation and then to the final adoption in the form which you refer to. As a general remark, the Commission would like to stress in this context that the six legal bases for the processing of personal data under the GDPR are equally valid and protective. Whatever the legal basis that the controller chooses to rely on, it has to comply with all GDPR requirements, including the principles of accountability, fairness and data minimisation. The Commission is very closely following the work of the EDPB. It participates to all EDPB meetings (plenaries and subgroups), offering its experience and expertise, albeit without voting right. I was informed that the independent data protection authorities gathered in the EDPB were working on the guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of provision of online services to data subjects. It is however not for the Commission to comment on the exchanges of views in the context of the EDPB, and certainly not to launch infringement proceedings against a Member State for the views expressed by its data protection authority in this context, irrespective of whether the Commission agrees or disagrees with it. To conclude, let me reiterate that the Commission is committed to ensure the effective application of the GDPR and will not hesitate, if necessary, to make full use of its powers under the Treaty to ensure its enforcement. Yours sincerely, (e-signed) Didier REYNDERS 7 See also EDPB statement of 16/12/21: https://edpb.europa.eu/news/news/2021/edpb-statement-edpb-cooperation- elaboration-guidelines en 8 Art 6(1)(b) GDPR. 9 Case C-446/21 but also C-221/21.