On 15 December 2020, just as the year was coming to an end, the European Data Protection Board (EDPB) adopted their strategy for the next three-year period during its 43rd plenary session.
The European Data Protection Board is an independent European body composed of representatives of the national data protection authorities, and the European Data Protection Supervisor (EDPS).
The EDPB was established by the General Data Protection Regulation (GDPR) to contribute to the consistent application of data protection rules throughout the EU and cooperation between the EU’s supervisory authorities.
According to the most recent EDPB annual report for 2019, the main objectives for 2020 were aimed at providing guidance on controllers and processors, data subject rights, and the concept of legitimate interest and provide legislative consultations to the European Commission on issues related to the protection of personal data.
The EDPB strategy for 2021-2023 adds to its previous work and is directed at challenges in personal data protection within and beyond the EU borders, centered around four main pillars of their objectives, as well as a set of key actions to help achieve those initiatives.
Make sure to read the entire document on EDPB strategy for 2021-2023 or continue reading our summarized version.
PILLAR #1- ADVANCING HARMONISATION AND FACILITATING COMPLIANCE
The first pillar is dedicated to achieving maximum consistency in the application of data protection laws and minimizing fragmentation between the different Member States. Key actions will be focused on providing guidance on different areas of data protection to ensure consistent application and engagement with a wide range of external stakeholders including companies, DPOs, and different data protection professionals.
The EDPB will also promote the development and implementation of compliance mechanisms for controllers and processors through workshops and staff trainings.
The last key action when it comes to the first pillar will be fostering the development of common tools for a wider audience. Building on the resources already available, the Board will develop tools specifically tailored for non-expert professionals, such as SMEs, and for data subjects.
PILLAR #2- EFFECTIVE ENFORCEMENT AND EFFICIENT COOPERATION BETWEEN SUPERVISORY AUTHORITIES
Cooperation between national supervisory authorities is one of the key elements for ensuring the consistency mechanisms and enforce the GDPR as it was intended. Therefore the EDPB is set out to develop a genuine EU-wide enforcement culture.
Key actions that the EDPB will take are focused on bridging gaps and differences between national enforcement procedures and facilitate the use of the full range of cooperation tools.
The strategy mentions the implementation of a Coordinated Enforcement Framework (CEF) that will facilitate the coordination of enforcement actions driven by commonly identified priorities and using common methodologies.
To support the second pillar even further, the EDPB is set out to establish a – Support Pool of Experts (SPE). The SPE is supposed to provide support through expertise in investigations and enforcement activities of significant common interest and to enhance the cooperation between all supervisory authorities.
PILLAR #3- A FUNDAMENTAL RIGHTS APPROACH TO NEW TECHNOLOGIES
In the next three years, the EDPB will be monitoring emerging technologies in order to align them with the fundamental rights and societal values and monitor their impact on the lives of individuals. Key actions that will be taken to support the third pillar will be focused on assessing new technology, reinforcing data protection by design and by default, and intensifying engagement and cooperation with other regulators.
The EDPB is planning to achieve these goals by providing guidance on new technological applications in areas such as artificial intelligence (AI), biometrics, profiling or ad tech, as well as guidance on how to implement data protection principles effectively.
PILLAR #4- THE GLOBAL DIMENSION
The EDPB plans to enhance its engagement with the international community to promote EU data protection as a global model and to ensure effective protection of personal data beyond EU borders.
The main focus of the fourth pillar is on global standards for international data transfers to third countries in the private and public sector.
Key actions will be promoting the use of transfer tools for ensuring an essentially equivalent level of data protection and provide guidance on how to utilize these tools to provide a high level of protection guaranteed in the EEA.
Engaging with the international community is one of the important key actions set out to engage in the dialogue with international organizations and institutions to support the cooperation between EDPB and the supervisory authorities of third countries.