In its 2021-2023 strategy, the EDPB sets four pillars and action items associated with them, leaving the bombshell to the very last bullet point: focus on engagement and cooperation with supervisory authorities of third countries in enforcement cases involving controllers or processors located outside the EEA.

Pillar 1: Advancing harmonization and facilitating compliance — this means striving for a maximum degree of consistency in the application of data protection rules and limiting fragmentation among member states.

Action items:

• Provide further guidance on key notions of European Union data protection law.
• Promote development and implementation of compliance mechanisms for controllers and processors (e.g. codes of conduct and certifications).
• Foster the development of common tools for a wider audience (non-experts and Small or Medium Enterprises) and engage in awareness-raising and outreach activities.

Pillar 2: Supporting effective enforcement and efficient cooperation between national supervisory authorities

Action items:

• Encourage and facilitate use of the full range of cooperation tools.
• Implement a Coordinated Enforcement Framework (CEF) to facilitate joint actions in a flexible but coordinated manner.
• Establish a Support Pool of Experts (SPE) on the basis of a pilot project, with a view of providing material support in the form of expertise that is useful for investigations and enforcement activities.

Pillar 3: Fundamental rights approach to new technologies — continuously monitor new and emerging technologies and their potential impact on the fundamental rights and daily lives of individuals.

Action items:

• Proactively monitoring, assessing and establishing common positions and guidance as regards new technological applications in areas such as artificial intelligence (AI), biometrics, profiling, ad tech.
• Reinforcing data protection by design and by default and accountability.
• Intensify engagement and cooperation with other regulators (e.g. consumer protection and competition authorities) and policymakers.

Pillar 4: The global dimension — set and promote high EU and global standards for international data transfers to third countries in the private and the public sector.

Action items:

• Promote the use of transfer tools ensuring an essentially equivalent level of protection and increase awareness on their practical implementation: develop and provide further practical guidance.
• Engage in dialogue with international organizations and institutional networks in order to provide leadership in data protection.
• Facilitate the engagement between EDPB members and the supervisory authorities of third countries with a focus on cooperation in enforcement cases involving controllers/processors located outside the European Economic Area.