Empty Link Skip to Content

Data Protection, Privacy and Technology

As the EU GDPR celebrates its fourth anniversary since coming into force on 25 May 2018, the European Data Protection Board ("EDPB") has been busy publishing guidelines in an effort to ensure the consistent application of the GDPR by national data protection authorities ("DPAs").

To date, the EDPB have adopted 58 Guidelines, and 6 recommendations. Enforcement activity by DPAs across the EU, including Ireland, has also ramped up with cumulative fines adding up to €1.55 billion at the end of 2021. Following the imposition of its record €225 million fine on WhatsApp for breach of its transparency obligations under the GDPR, the Irish Data Protection Commission ("DPC") recently issued a hefty €17 million fine on Meta for breach of its data security obligations, reflecting a move towards a more aggressive approach by the Regulator.

Key Themes in Data Protection and Technology

EDPB moves to enhance enforcement cooperation

Earlier this year, the EDPB met in Vienna, and released a statement confirming that they intend to enhance cooperation on enforcement strategy, particularly in relation to cases of strategic importance.

The EDPB has also recently adopted Guidelines 02/2022 on Article 60 of the GDPR, in an effort to increase the consistent application of the GDPR's provisions relating to the one-stop-shop.

In addition, the EDPB has adopted Guidelines 04/2022 on the calculation of administrative fines under the GDPR, which aim to harmonise the methodology DPAs use when calculating a fine, and ensure consistent application of enforcement of the GDPR. Under the GDPR, the calculation of the amount of a fine is at the discretion of each national DPA. The EDPB have set out a five-step approach for DPAs to follow when calculating a fine. However, the Guidelines highlight that the calculation of a fine is “no mere mathematical exercise” and that a case-by-case analysis is required.

“From now on, DPAs across the EEA will follow the same methodology to calculate fines. This will boost further harmonisation and transparency of the fining practice of DPAs".

EDPB Chair, Andrea Jelinek

Privacy & Data Protection Impact of EU Digital Market Strategy

As part of its EU Digital Market Strategy, the EU is speedily progressing several new regulations including the Digital Services Act, Digital Markets Act, the Data Governance Act, the Data Act, and the Artificial Intelligence Act which have their own enforcement frameworks. The EDPB and the EDPS have issued advice to the European Commission on these legislative proposals (see links below).

EDPB Joint Opinion 05/2021 on the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act).

EDPB-EDPS Statement on the Digital Service Package and Data Strategy

For instance, in their Joint Opinion on the Artificial Intelligence Act, the EDPB and EDPS recommend a ban on the use of  artificial intelligence ("AI")  systems that categorise individuals based on biometrics according to ethnicity, gender, political or sexual orientation or other discriminatory grounds. In addition, they recommend that the use of AI to infer emotions of a natural person should be prohibited, except under certain conditions in some well-defined cases (for instance for health and research purposes) where safeguards are in place.

In particular, the EDPB and EDPS have recommended that the European Commission clearly states in each of its legislative proposals that they should not affect or undermine the application of existing data protection rules, as well as to ensure that these rules prevail whenever personal data are being processed.

We understand the growing importance of data for the economy and society as outlined in the European Data Strategy. However, with “big data comes big responsibility”, therefore appropriate data protection safeguards must be put in place."

Wojciech Wiewiórowski, EDPS

The Latest Data Protection Developments

Download the Full Report