European Data Protection Board

The European Data Protection Board (EDPB) has started its operation since the implementation of the General Data Protection Regulation 2016/679 (GDPR), i.e. the 25th of May 2018, succeeding the so-called “Article 29 Working Party” (WP 29), in line with the relevant provision of the GDPR.

The EDPB was established as an independent European organisation, with the main task of promoting consistent implementation of the GDPR and Directive 2016/680 on law enforcement in the EU and encouraging cooperation between national supervisory authorities.

It consists of the chairpersons or representatives of the supervisory authorities of the EU Member States and the European Data Protection Supervisor (EDPS). Only in matters of GDPR, representatives of the supervisory authorities of the countries of the European Economic Area (EEA), Norway, Iceland and Liechtenstein may participate as members of the EDPB, but without the right to vote or to be elected as chairperson or deputy chairperson. The European Commission, as well as the monitoring authority for the above three EEA countries, may also participate in the work of the EDPB in matters of GDPR, but without the right to vote. It has its seat in Brussels and is assisted by a Secretariat provided by the EDPS.

The responsibilities and tasks of the EDPB include in particular the following:

  • Providing general guidance to clarify legislation, including guidelines, recommendations and best practices;
  • Advising the European Commission on any matter relating to the protection of personal data and new legislative proposals in the European Union;
  • Issuing findings of consistency in cross-border data protection cases; and
  • Encouraging cooperation and effective exchange of information and best practices between national supervisory authorities.

Furthermore, the EDPB issues an annual report on its activities, which is published and transmitted to the European Parliament, the Council and the Commission.

In order to organise its work more effectively, the EDPB confirmed or reorganised existing sub-groups of experts set up by WP 29 and set up new ones for specific categories of topics. In 2018, subgroups of specialists worked on the following subjects:

  1. border surveillance, passenger transport, police and judiciary sector (formerly third pillar),
  2. compliance, e-government and health;
  3. cooperation between national data protection authorities;
  4. law enforcement,
  5. financial matters,
  6. transfers of data to third countries;
  7. users of information technology;
  8. uniform interpretation of the basic concepts;
  9. strategy;
  10. social media and
  11. opinions.

 

Article 29 Working Party

WP 29, which was replaced by the EDPB, was established under Article 29 of Directive 95/46/EC and operated until the implementation of the GDPR.WP 29 was consultative with regard to the European Commission but was independent of it. It consisted of the presidents or representatives of the Personal Data Protection Authorities of the 28 Member States of the European Union, a representative of the European Data Protection Supervisor and a representative of the European Commission.

It looked at issues of particular importance or issues of particular interest in the protection of personal data and were included in the first pillar of the EU. The issues were dealt with either at the request of the European Commission or on a proposal from the members of the Party. The Party issued opinions and working papers.

You can see the opinions of WP 29 here.

The guidelines of the EDPB are available here.