Privacy & Information Security Law Blog

On December 21, 2020, the European Data Protection Board (the “EDPB”) released its 2021-2023 Strategy (the “Strategy”). The Strategy aims at setting out the four main pillars of the EDPB strategic objectives through 2023 and key actions to help achieve those objectives:

First Pillar: Advancing Harmonization and Facilitating Compliance. The EDPB will continue to provide practical guidance on key notions of EU data protection law. In doing so, the EDPB will continue to engage with external stakeholders by organizing stakeholder events and public consultations. The EDPB will also further promote development and implementation of compliance mechanisms for controllers/processors (specifically codes of conduct and certifications) and common tools aiming at raising awareness of non-expert professionals (such as subject matter experts and data subjects, including children).

Second Pillar: Supporting Effective Enforcement and Efficient Cooperation Between National Supervisory Authorities. The EDPB will encourage and facilitate the use of the EU General Data Protection Regulation (“GDPR”) cooperation and consistency mechanisms, promote a common application of key concepts related to these procedures and work to strengthen the communication between supervisory authorities (“SAs”) in this context. The EDPB will also implement a Coordinated Enforcement Framework (“CEF”), facilitating joint actions in a flexible but coordinated manner using common methodologies. In addition, the EDPB will establish a Support Pool of Experts to provide material support in the form of expertise. This initiative will be relevant particularly in investigations and enforcement activities of significant common interest.

Third Pillar: A Fundamental Rights Approach to New Technologies. The EDPB will monitor new technologies and establish common positions and guidance in this respect, including in areas such as artificial intelligence, biometrics, profiling and ad tech. The EDPB will also continue to evaluate existing positions on applications such as cloud services and blockchain. According to the Strategy, the EDPB will also provide further guidance on data protection by design and by default as well as on accountability. In addition, the EDPB will intensify engagement and cooperation with other regulators, such as consumer protection and competition authorities, and policy makers to promote regulatory coherence and enhanced protection for individuals.

Fourth Pillar: The Global Dimension. The EDPB will promote high EU and global standards for international data transfers by promoting the use of transfer tools that ensure an essentially equivalent level of protection for the personal data transferred. Practical guidance will be developed on these existing and new transfer tools. The EDPB will also engage with the international community to promote EU data protection as a global model. Further, the EDPB will focus on cooperation with third country SAs, including in enforcement cases involving controllers/processors in third countries.

Read the full EDPB Strategy.