EDPB adopts draft Guidelines on the right of access and a letter on cookie consent

Allen & Overy LLP

Allen & Overy LLP

On 19 January 2022, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place earlier this week. The EDPB adopted new guidelines that provide guidance on various aspects of data subjects’ rights of access and clarify how the right of access should be implemented in different situations (the Guidelines).

The Guidelines address the following key aspects of a data subject’s right of access under the GDPR:

  • the scope of the right of access;
  • the information that should be provided to the data subject by data controller;
  • requirements as to the form of the access request;
  • how information should be provided;
  • the meaning of manifestly unfounded or excessive requests; and
  • practical examples.

The Guidelines will be subject to a six-week public consultation.

In addition, the EDPB adopted a letter addressing the harmonisation of cookie consent interpretation throughout the EEA (the Letter).The EDPB responds to two letters from French associations in which the signatories called for a consistent interpretation of cookie consent requirements by the EDPB. The Letter confirmed the EDPB’s commitment to the harmonisation of application of data protection rules throughout the EU.

The EDPB chair Andrea Jelinek highlighted the following:

  • establishment of the EDPB cookie taskforce, in September 2021, to coordinate the responses to complaints about cookie banners filed by the privacy rights organisation “none of your business” (noyb) with several supervisory authorities in the European Economic Area; and
  • issuing an updated version of the Guidelines 05/2020 on consent, in May 2020, where the EDPB provided additional clarifications regarding cookie walls and the modalities of providing consent in an online environment (e.g. whether scrolling through the website constitutes consent),

as steps the EDPB has taken to promote a harmonised approach throughout the EU. The Letter states that neither the EDPB nor EEA supervisory authorities “have any interest or intention to deviate from the text, spirit or intent of the e-privacy legal framework and the GDPR”.

Other issues discussed by the plenary of 18 January 2022 include the Cybercrime Convention, the EU Anti-Money Laundering and Counter Terrorism proposal, the national contest conducted by the Italian supervisory authority on the use of icons for information and transparency, and a review of the internal EDPB guidelines on cooperation procedure under Art. 60 GDPR.

Read the EDPB press release on adopting Guidelines on Right of Access and letter on cookie consent, and the Letter. The draft Guidelines on the right of access have not been made available at the time of issuing this Update. Read the EDPB plenary agenda.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Allen & Overy LLP | Attorney Advertising

Written by:

Allen & Overy LLP

Allen & Overy LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.