Plenary Session of the European Data Protection Board
The National Center for Personal Data Protection (NCPDP), for information purpose, communicates about the participation of the representatives of the institution at the 51st Plenary Session of the European Data Protection Board (EDPB), which was held online on 7 July, 2021.
During the Plenary, the EDPB adopted several documents, among which:
· Guidelines on Codes of Conduct (CoCs) as a tool for transfers. The main purpose of the guidelines is to clarify the application of articles 40 (3) and 46 (2) (e) of the GDPR.
· A final version of the Guidelines on Virtual Voice Assistants (VVA). The Guidelines aim to provide recommendations to relevant stakeholders on how to address some of the most relevant compliance challenges for VVAs.
· Guidelines on the concepts of Controller and Processor. These Guidelines aim to provide clarifications concerning fundamental concepts such as (joint) controller and processor.
· Following the establishment of TikTok in the EU and the identification of its main establishment in Ireland for the ongoing cases related to the TikTok app, the EDPB decided to disband its TikTok Taskforce. This Taskforce was created to coordinate potential actions from the EEA supervisory authorities (SAs) and to acquire a more comprehensive overview of TikTok’s processing and practices across the EU. At the time the Taskforce was created, there was no main establishment for TikTok in the EU and the Taskforce aimed to facilitate the exchange of information between SAs. Now, the One-Stop-Shop procedure applies and the Irish SA (DPC) was designated as the lead authority in charge of the files.
· EDPB discussed possible topics for its first coordinated enforcement action, following the EDPB’s decision to set up a Coordinated Enforcement Framework on 20 October 2020. The EDPB decided that the first action will concern the use of cloud-based services by public sector bodies and further work will now be carried out to specify the details and the scope in the upcoming months.
The NCPDP, as national supervisory authority for personal data processing, emphasizes the importance of the participation of the Republic of Moldova in the Plenary Sessions organized by the EDPB, as well as the weight of adopted documents.