CoC regulating the processing of personal data related to commercial information

29 April 2021
Code owners
ANCIC
Type
Code for Controllers/Processors subject to GDPR
Scope
National
Monitoring Body
Organismo di Monitoraggio del codice di condotta sulle informazioni commerciali (www.odminformazionicommerciali.it), accredited by the IT SA with decision No. 59 of 11th February 2021.
CoC regulating the processing of personal data related to commercial information 72.4KB
Download

CoC regulating credit assessment systems managed by private entities

6 October 2022
Code owners
AISREC, CTC and ASSILEA
Type
Code for Controllers/Processors subject to GDPR
Scope
National
Monitoring Body
Organismo di Monitoraggio del codice di condotta per i sistemi di informazione creditizia (www.odmsic.it) accredited by the IT SA with the said decision of 6th October 2022
CoC regulating credit assessment systems managed by private entities 244.1KB
Download

CoC regulating the sector of job agencies

11 January 2024
Code owners
ASSOLAVORO (the national trade association of job agencies)
Type
Code for Controllers/Processors subject to GDPR
Scope
National
Monitoring Body
(website under construction) accredited with the same decision No. 12 of 11th January 2024
CoC regulating the sector of job agencies 325.4KB
Download file 1
CoC regulating the sector of job agencies - Annex 1 53.8KB
Download file 2
CoC regulating the sector of job agencies - Annex 2 231KB
Download file 3

CoC regulating the sector of telemarketing and tele-selling

7 March 2024
Code owners
Asseprim, AssoCall, ASSOCONTACT, Assotelecomunicazioni, Confcommercio, Confindustria, DMA – Data & Marketing Association Italia, OIC – Osservatorio Imprese Consumatori
Type
Code for Controllers/Processors subject to GDPR
Scope
National
Monitoring Body
(website under construction) accredited with the same decision No. 148 of 7th March 2024
CoC regulating the sector of telemarketing and tele-selling 168.2KB
Download

  • EDPB meeting with Data Protection Authorities from countries having been subject to an EU adequacy decision

    8 October 2024

  • EDPB stakeholder event on upcoming guidelines on ‘Consent or Pay’

    18 November 2024

  • European Law Institute Annual Conference and Meetings

    9 October 2024

    • EDPB plenaries, subgroups and taskforces

    EDPB plenaries

    The Members of the EDPB take decisions and adopt EDPB documents at EDPB plenary meetings.

    During plenary meetings, the EDPB members also:

    • discuss developments or policy questions of significant strategic importance and decide on any action required
    • give mandates and directions to subgroups and taskforces
    • receive information and updates on the work of subgroups, taskforces or the EDPB Secretariat

    More information about the functioning of the EDPB plenary meetings can be found in the EDPB Best practices for the organisation of EDPB Plenary meetings

    The plenary meetings take place either in person or remotely at least once per month:

    Agenda Minutes

     

    Subgroups and taskforces

    Guidance, opinions, decisions, statements and letters are prepared in subgroups or taskforces. 

    Subgroups

    Subgroups Scope of Mandate
    Borders, Travel & Law Enforcement (BTLE) 
    • Law Enforcement Directive
    • Cross-border requests for e-evidence
    • Adequacy decisions under the LED and, with regard to access to transferred data by law enforcement and national intelligence under authorities in third countries, under the GDPR
    • Passenger Name Records (PNR)
    • Border controls 
    Compliance, e-Government and Health (CEH) 
    • Codes of conduct, certification and accreditation
    • Data Protection Impact Assessments and Data Protection by Design and by Default (in cooperation with the Technology ESG)
    • Compliance with public law and eGovernment
    • eHealth and European Health Data Space  
    • Processing of personal data for scientific research purposes
    • Data Governance Act, Data Act 
       
    Cooperation (COOP)
    • General focus on cooperation and consistency mechanism under the GDPR and related legislative developments
    • Procedural questions concerning Article 56 GDPR and Chapter VII (Section 1 and 2) GDPR
    • Procedural questions relating to cooperation cases where there is no establishment in the EU
    • International mutual assistance and other cooperation tools to enforce the GDPR outside the EU (Art. 50 GDPR) (in cooperation with the ITS ESG)
    • Application of cooperation and consistency mechanism in connection to new EU legislations
    Coordinators (COORD)
    • General coordination between the Expert Subgroup Coordinators
    • Coordination on the EDPB Work Programme
    • Ensuring harmonised working methods between subgroups
    Enforcement (ENF)
    • EDPB binding decisions
    • Developing and proposing a coordinated enforcement strategy and coordinating the Coordinated Enforcement Framework
    • Guidelines on Article 65 and 66 GDPR
    • Providing analysis to the Cooperation subgroup on the basis of practical experiences
    • Platform for sharing of information about investigation activities
    • Practical questions on investigations
    • Guidance on the practical application of Chapter VII GDPR including exchanges on concrete cases
    Financial Matters (FMESG)
    • Application of data protection principles in the financial sector e.g. taxation, fight against financial crime, digital currency, payment services, credits, insurances, digital identity, etc.
    • On a case-by-case basis, providing inputs to international or European financial institutions, authorities or organisations (e.g. ECB, ESMA, EBA, EIOPA, FATF, etc.)
    International Transfers (ITS)
    • Chapter V GDPR (International transfer tools and policy issues), more specifically:
      European Commission Adequacy decisions
    • Administrative arrangements between public authorities and bodies
    • Codes of conduct and certification as transfer tools (in cooperation with the CEH ESG)
    • BCRs and contractual clauses for transfers of personal data
    • Article 48 GDPR (in cooperation with the BTLE ESG)
       
    IT Users (ITUsers)
    • Developing and testing IT tools used by the EDPB with a practical focus:
      • Collecting feedback on the IT system from users
      • Adapting the systems and manuals
      • Discussing other business needs including tele- and videoconference system
    Key Provisions (KEYP)
    • Core concepts and principles of the GDPR, including Chapter I (e.g. scope, definitions like LSA and large-scale processing), Chapter II (main principles), Chapter III (e.g. rights of individuals, transparency), Chapter IV (e.g. DPO – in cooperation with CEH ESG, ENF ESG and TECH ESG) and Chapter IX
    Social Media (SOCM)
    • Analysing social media services, conceived as online platforms that focus on enabling the development of networks and communities of users, among which information and content is shared and whereby additional functions provided by social media services include targeting, personalisation, application integration, social plug-ins, user authentication, analytics and publishing
    • Analysing established and emerging functions offered by social media, including the underlying processing activities and corresponding risks for the rights and freedoms of individuals
    • Developing guidance, recommendations and best practices in relation to both the offer and use of social media functions, in particular for economic or political reasons
    • Digital Services Act
    • Political advertising 
       
    Strategic Advisory (SAESG)
    • Strategic questions affecting the whole EDPB (including the discussion on the EDPB Strategy, the Work Programme, contributions to the evaluation of GDPR)
    • Discuss documents for which legal deadlines are applicable (i.e. Art. 64(2), 65 and 66 procedures)
    • Clarification of strategic-guidance on questions that could not be resolved in the ESGs or task forces
    • Procedural rules and practices for the EDPB
    Technology (TECH) 
    • Technology, innovation, information security, confidentiality of communication in general
    • Encryption
    • Data breach notifications
    • Data Protection Impact Assessments and Data Protection by Design and by Default (in cooperation with the CEH ESG)
    • Emerging technologies, innovation and other challenges related to privacy: reflecting on data protection risks and opportunities of current and future technological developments
    • AI Act  
    Cross-Regulatory Interplay and Cooperation (CIC)
    • Clarifying the links and build on synergies between the regulatory frameworks of data protection, competition and consumer protection law, including also the Digital Markets Act, in order to provide expertise and resources to support dialogue between Data Protection Authorities (DPAs) and other regulatory bodies and prepare common positions
    • Providing expertise, exchange information and promote best practices as regards cross-regulatory governance and cooperation, in particular in the context of the implementation of the EU Digital rulebook

     

    Taskforces

    Taskforces Scope of Mandate
    Taskforce on Generative AI Enforcement
    • Serving as a platform for the exchange of information on investigations related to Generative AI cases in order to enhance cooperation between DPAs and ensure compliance with the GDPR
    • Facilitating coordination of external communication by  DPAs on  enforcement  activities  concerning Artificial Intelligence
    • Preparing a public report on the work undertaken by the taskforce
       
    Taskforce on Fining
    • Developing of guidelines on the imposition of administrative fines and on the harmonisation of the calculation of fines
    • Monitoring and further harmonisation of the imposition of administrative fines, e.g. solving remaining issues not addressed in detail in the guidelines 
    Taskforce on International Engagement
    • Strengthening exchanges between EDPB members as regards the participation in multilateral fora in the field of data protection and privacy (for instance, Council of Europe, Global Privacy Assembly, G7 Data Protection Authorities Roundtable, OECD, Spring Conference).  


     

    Subscribe to