EDPB adopts final Guidelines on the concepts of Controller and Processor, the Guidelines on virtual voice assistants and new Guidelines on codes of conduct as transfer tool

Jane Finlayson-Brown
Allen & Overy LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Allen & Overy LLP

On 8 July 2021, the European Data Protection Board (EDPB) announced the outcomes of its plenary session that took place on 7 July.

During the plenary session, the EDPB adopted new Guidelines on codes of conduct as a tool for transfers (the Guidelines on COC). The EDPB explains that the Guidelines on COC seek to clarify the application of Articles 40(3) and 46(2)(e) GDPR. These provisions stipulate that codes of conduct, after having been approved by a competent supervisory authority and granted general validity within the EEA by the European Commission, may also be used, and adhered to, by controllers and processors that are not subject to the GDPR, in order to provide appropriate safeguards for transfers of data outside of the EEA. (The Guidelines on COC were not available at the time of this publication.)

The EDPB also adopted a final version of the Guidelines on the concepts of Controller and Processor. The final version incorporates further clarifications of the concepts of controller, joint controllers and processors following public consultation. (The Guidelines were not available at the time of this publication.)

In addition, the EDPB adopted a final version of the Guidelines on Virtual Voice Assistants (the Guidelines on VVA), that aim to assist relevant stakeholders on how to address a series of compliance challenges for virtual voice assistants. (The Guidelines on VVA were not available at the time of this publication.)

The EDPB further announced its decision to disband its TikTok taskforce, which was created to address TikTok’s practices in the EU, exchange information between supervisory authorities and coordinate potential enforcement actions. The EDPB explained that TikTok now has an establishment in the EU, and has identified its establishment in Ireland as the main establishment for the ongoing case concerning the TikTok app. The GDPR one-stop-shop procedure now applies and the Irish supervisory authority (the DPC) is the lead authority in charge of the files.

The EDPB also decided that its first coordinated enforcement action will focus on public sector bodies’ use of cloud-based services.
Other topics discussed by the EDPB plenary session include (i) the guidelines on the use of social media by public bodies, (ii) internal guidelines on handling complaints against public authorities or private bodies processing data on the basis of legal obligation or performance of a public task, (iii) response to the members of European Parliament on FATCA, and (iv) the US order to retain airlines passengers' health data.

See here for the EDPB press release and here for the agenda for the 51st plenary session.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Allen & Overy LLP | Attorney Advertising

Written by:

Allen & Overy LLP
Allen & Overy LLP
Contact
more
less

Allen & Overy LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide