The European Data Protection Board (EDPB) has asked that The European Commission clarifies some issues before accepting the draft EU-Japan adequacy decision. The note of caution was sounded during the Board’s fifth Plenary Session, held on 4th and 5th of December.
The Board in particular see that;
“a number of concerns remain, such as the protection of personal data, transferred from the EU to Japan, throughout their whole life cycle.”
They go on to recommend that the European Commission should “address the requests for clarification made by the EDPB, to provide further evidence and explanations regarding the issues raised and to closely monitor the effective application.”
The same session also noted with approval the emergence of DPIA lists created by national supervising authorities. These are national lists of activities that the supervising authority consider would require a Data Protection Impact Assessment. Although the decision of whether to carry out an assessment is normally the responsibility of the data controller, such lists provide, according to EDPB Chair Andrea Jelinek
“an excellent opportunity for the EDPB to test the possibilities and challenges of consistency in practice. The GDPR does not require full harmonisation or an ‘EU list’, but requires more consistency, which we have achieved in all of these opinions by agreeing on a common view.”
The full press release can be read on the EDPB website and the full opinion of the Board (published on 17 December 2018) can be downloaded here.