The European Data Protection Board has adopted a number of statements at its recent plenary session including a call for adoption of the ePrivacy Regulation to be accelerated. The statement reiterates the EDPB’s view that the ePrivacy Regulation must under no circumstances lower the level of protection offered by the current ePrivacy Directive 2002/58/EC and must complement the GDPR by providing additional strong guarantees for all types of electronic communications. It goes on to state that:
“Far from being an obstacle to the development of new technologies and services, the ePrivacy Regulation is needed to ensure a level playing field and legal certainty for market operators. The EDPB invites member states to ensure a high level of protection and to finalise their negotiating position without further delay, so that negotiations with the European Parliament can begin as soon as possible.”
The four other statements adopted are as follows:
- an opinion on the interplay between the ePrivacy Directive 2002/58/EC and the General Data Protection Regulation (EU) 2016/679. The opinion addresses the question of whether the fact that the processing of personal data comes under the scope of both the GDPR and the ePrivacy Directive, limits the effectiveness of data protection authorities under the GDPR. In its opinion, the EDPB confirms that it considers data protection authorities sufficiently competent to enforce the GDPR.
- an overview on the effectiveness of the GDPR. It covers the cooperation mechanism and the consistency findings nine months on from the entry into force of the GDPR. The EDPB concludes that the GDPR cooperation and consistency mechanism work reasonably well in practice.
- a statement on the use of personal information as part of political campaigning. The key points of the statement cover personal data revealing political opinions, personal data that has been made public, lawful processing of personal data, automated decision-making and targeted messages.
- opinions on the draft list of the competent supervisory authorities of Iceland and Spain regarding the processing operations subject to the requirement of a data protection impact assessment.
