During its plenary section, the European Data Protection Board (EDPB) has adopted 3.2 recommendations on adequacy parameters for the implementation of the Data Protection Directive in criminal matters. The plenary section has also adopted opinions on the draft provisions of the additional protocol to the convention on cybercrime and on administrative disposals for personal data transfer. 

Recommendations benchmarks for the personal data protection adequacy

The role of the EDPB is to guarantee the uniform application of the european personal data protection right, including the Personal Data Protection Directive in the field of criminal matters. 

The new recommendations of the Board establish those factors that we need to keep in mind while we are assessing the personal data protection level of adequacy in a third country when it is applied the Data Protection Directive in criminal matters. 

For example, the document recalls the concept of adequacy according to the Data Protection Directive in criminal matters and the jurisprudence of the European Court of Justice. It is established also the European legislation in personal data protection applicable to the police and judicial cooperation in criminal matters. 

Position on the administrative agreement of data transfers

The EDPB has adopted a declaration on the administrative agreement for data transfers between the french Haut Conseil du Commissariat aux Comptes (H3C) and the US Public Accountancy Supervisory Board (PCAOB). The proposal will be under investigation by the french authority for national approval. 

The french authority will control the implementation of the administrative agreement and, if necessary, it can suspend transfers of data by H3C if the agreement ceases to provide to data subjects a level of protection in accordance with European requirements. 

Opinions on the disposals of the second additional protocol of the convention on cybercriminal

The opinion on the new draft provisions of the Second Additional Protocol to the Cybercrime Convention complements the contribution of the European Data Protection Board to the draft Additional Protocol to the Convention (Budapest Convention).

The EDPS recalls that the provisions currently under discussion may affect the conditions under which personal data can be accessed for law enforcement purposes in the EU. He also invites the institutions concerned to closely follow the ongoing negotiations.

Answer to the Commission’s questions on scientific research

The Council also responded in plenary to questions from the European Commission on the processing of personal data for scientific research. The questions concerned, inter alia, the criteria for processing personal data in scientific health research.

The answers provided by the EDPS constitute a preliminary position on the matter and aim to clarify the application of the General Data Protection Regulation in scientific health research. The Data Protection Board is currently developing guidelines on the processing of personal data for scientific research purposes, which address these issues.

Finally, members of the Data Protection Board discussed the recent update of WhatsApp’s privacy policy.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA FINLANDIA