On Monday, 24 February, the European Data Protection Board (EDPB) published its opinion on reviewing the General Data Protection Regulation (GDPR). Its conclusion is clear: after only 20 months of application, it would be “premature” to revise the legislation at this stage.
In fact, the Commission must submit a report to the European Parliament and the EU Council on the evaluation and review of the regulation by 25 May 2020, taking into account the positions of the co-legislators and the opinion of the EDPB.
According to the EDPB, the application of the regulation in the EU has been “successful”, and the regulation is even considered a “model” at an international level. It has had the desired effect, since it has strengthened data protection as a fundamental right and standardised the interpretation of data protection principles in the EU.
The EU Council adopted its position on reviewing the regulation (see EUROPE 12405/14) at the end of January, listing a series of issues to be clarified, including how the regulation would be applied to new technologies.
In its opinion, the EDPB reiterates that the regulation was designed to be “technologically neutral” so as to be comprehensive and to foster innovation. Thus, it considers that the regulation is fully applicable to emerging technologies.
However, it criticises the lack of resources allocated to national supervisory authorities to carry out their tasks successfully. “The effective application of the powers and tasks attributed by the GDPR to SAs is largely dependent on the resources available to them,” it states by way of a reminder.
Rather than revising the GDPR itself, the EDPB is calling on the European Commission, the EU Council, and the European Parliament to step up their efforts towards adopting the ePrivacy Regulation in order to complete the EU framework for data protection and confidentiality of communications.
Read the opinion: https://bit.ly/391jegU (Original version in French by Marion Fontana)