The Federal Commissioner for Data Protection and Freedom of Information (BfDI), Professor Ulrich Kelber, has agreed with its colleagues of the European Data Protection Board (EDPB) to establish a task force. Its has the aim to guarantee that the organization “Non-of-your-business” claims related to the use of Google and Facebook’s services by european providers are processed quickly and in a uniform way all over Europe.
The BfDI: EDPB is sending a strong signal with the task force. The crucial question is if these Google and Facebook services are in compliance with the European legislation on personal data protection will find out an uniform reply all over Europe.
The non-governmental organization noyb non-your-business had filed 101 complaints against the use of Google Analytics and Facebook Connect by European companies after the announcement of the Schrems II ruling. Complaints are directed at all national regulators, including five data protection regulators in the German state. In terms of content, the complaints relate to the question of whether Google and Facebook are allowed to transmit personal data in the United States through the products mentioned and therefore whether their use by the websites of European suppliers is legal or not.
Both groups are now based on the so-called standard contractual clauses of the European Union. If they have taken the “additional measures” required by the European Court of Justice as a supplement to the standard contractual clauses and whether these measures are sufficient to ensure the level of protection required by the Court of Justice in the United States is the central issue of the complaint procedure. As a result, EDPB has set up a second joint task force from Germany and France. In particular, this should develop criteria for assessing the transmission of data in individual cases, criteria for additional measures and procedural aspects for their implementation.
In addition, at yesterday’s meeting, the EDPS adopted guidelines on the terms responsible for treatment and responsible for processing, which are central to the General Regulation on Data Protection, as well as guidance on targeting social media users.