The European Data Protection Board (EDPB) adopted on Wednesday 18 January a report on the findings of its first coordinated enforcement action on the use of ‘cloud’ services by the public sector.
Thus, the adopted report firstly stresses the need for public bodies to act in “full compliance” with the General Data Protection Regulation (GDPR). It also includes a list of recommendations for public sector organisations when using cloud-based products or services.
They should, among other things, ensure that the roles of the parties involved are “clearly and unequivocally determined” and that “a meaningful way to object to new sub processors” is possible, the report says.
“Public sector organisations across Europe are turning to cloud services and are finding it difficult to obtain GDPR compliant services and products. Personal data processed by public services must be treated with the utmost care, especially when processed by a third party”, commented EDPB President Andrea Jelinek.
In addition, a further report on the work undertaken by the ‘Cookie Banner Taskforce’, established in 2021 to coordinate the response to complaints about cookie banners, was also adopted.
Finally, this EDPB plenary session was also the occasion for Commissioner for Justice Didier Reynders to present the draft data adequacy decision for the EU-US privacy framework (see EUROPE 13083/20).
See the report on ‘cloud’ services: https://aeur.eu/f/4yf
See the report on the Cookie Banner Taskforce: https://aeur.eu/f/4yg (Original version in French by Thomas Mangin)