EDPB adopts final version of Recommendations on Schrems II supplementary measures, adopts letter to EU Institutions on the privacy and data protection aspects of a possible digital euro and publishes joint opinion on AI Regulation.
During its latest plenary session, the EDPB adopted a final version of the Recommendations on supplementary measures following public consultation. The Recommendations were first adopted in draft in November 2020 following the CJEU ruling in the Schrems II case. They aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate supplementary measures where they are needed to ensure an essentially equivalent level of protection for the data they transfer to third countries.
The final version of the Recommendations includes several changes addressing feedback from the consultation. Among the main modifications are:
The European Commission has recently published new standard contractual clauses for international transfers and the Recommendations aim to provide assistance in relation to clause 14 of the new clauses and the possible need to implement supplementary measures.
The EDPB also adopted a letter addressed to EU Institutions on the privacy and data protection aspects of a possible digital euro. In the letter, the EDPB stresses that a very high standard of privacy and data protection is crucial to reinforce the trust of end users and should be considered a distinctive element in the offering of a digital euro, representing a key factor of success. Such concerns should be taken into account from the design stage. In addition, the EDPB recommends that the EU body in charge of the design of the project performs a high-level data protection impact assessment.
Finally, the EDPB also adopted a joint EDPB-EDPS opinion on the draft AI Regulation.