The European Data Protection Supervisors, united into the European Data Protection Board (EDPB) have adopted two different guidelines GDPR: on the targeting of users of social media and on the inner procedure of EDPB for the resolution of controversial.
In addition, the EDPB has adopted a declaration that invites member States to verify if their international agreements are in compliance to European privacy legislations.
Guidelines for the targeting of social media
Targeting of users of social media is a way to address the advertising. Is part of the revenue model of many providers of social media.
Those guidelines are focused on the roles and responsibilities of advertisers or social media providers. Those guidelines process, among other things, the risks for user’s privacy and the most important requirements of the privacy legislation, like a legal basis for the processing.
The EDPB has published a preliminary version of guidelines in October 2020. The interested parties can comment the text. Based on the responses, the EDPB has implemented some changes.
Guidelines for the inner procedure of controversial resolution
Have supervisory authorities inside the EDPB disagreed on the assessment of cross-border cases of big dimensions? They can solve their controversial by the EDPB. The result is a binding decision. The supervisory shall control this. The EDPB has adopted guidelines in which this procedure is assessed step by step.
By the way, the EDPB has recently adopted the first binding version. On the 9th of November 2020, the EDPB has changed the decision of the Irish Data Protection Authority. This decision refers to a Twitter data breach.
The guideline on the application of the article 65, paragraph 1, letter a) of the General Data Protection Regulation are not opens to the public consultation.
Even if it is an inner procedure, the EDPB considers important provide transparence of the events. The EDPB decisions will refer all of us.
Do you have any comments or suggestion on guidelines? You can share it to the EDPB until the 28th of May 2021.
Declaration on international agreements
Finally, the EDPB has adopted the declaration on international agreements including transferences. In it, the EDPB invites member states to carefully verify if international agreements which have concluded with countries out of the European Union respect the European legislation on privacy.
Think about cooperation agreement between a Supervisory Authority in Europe and another one out of Europe.
Do these agreements involve the transfer of personal data? Therefore, European citizens must be able to count on the fact that the protection of European privacy laws continues to be applied.
Otherwise, Member States must align agreements with the GDPR and the Police and Justice Directive as soon as possible. They must also take account of recent case law, such as the Schrems II judgment of the Court of Justice.
The final text of the Guidelines on targeting social media users:
edpb_guidelines_082020_on_the_targeting_of_social_media_users_enSOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DEI PAESI BASSI – AP