Opinions

2024

EDPB-EDPS Joint Opinions

EDPB Opinions

  1. Opinion 22/2024 on certain obligations following from the reliance on processor(s) and sub-processor(s) - Adopted on 7/10/2024;
  2. Opinion 21/2024 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Talan Group - Adopted on 17/9/2024;
  3. Opinion 20/2024 on the draft decision of the North Rhine-Westphalian Supervisory Authority regarding the Controller Binding Corporate Rules of the Viega Group - Adopted on 17/9/2024;
  4. Opinion 19/2024 on the EuroPrise criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) - Adopted on 16/7/2024;
  5. Opinion 18/2024 on the draft decision of the Austrian Supervisory Authority regarding DSGVO-zt GmbH certification criteria - Adopted on 16/7/2024;
  6. Opinion 19/2024 on the EuroPrise criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) - Adopted on 16/7/2024;
  7. Opinion 17/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the FCC Group - Adopted on 16/7/2024;
  8. Opinion 16/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the AVATURE Group - Adopted on 16/7/2024;
  9. Opinion 15/2024 on the draft decision of the SPANISH DATA PROTECTION AGENCY Supervisory Authority regarding the Processor Binding Corporate Rules of the AVATURE Group - Adopted on 16/7/2024;
  10. Opinion 15/2024 on the draft decision of the SPANISH DATA PROTECTION AGENCY Supervisory Authority regarding the Processor Binding Corporate Rules of the AVATURE Group - Adopted on 16/7/2024;
  11. Opinion 14/2024 on the draft decision of the Estonian Supervisory Authority regarding the Processor Binding Corporate Rules of the Mercans Group - Adopted on 16/7/2024;
  12. Opinion 13/2024 on the draft decision of the Supervisory Authority of Liechtenstein regarding the Controller Binding Corporate Rules of the Ivoclar Vivadent Group - Adopted on 18/6/2024;
  13. Opinion 12/2024 on the draft decision of the French Supervisory Authority regarding the “Code of Conduct for Service Providers in Clinical Research” submitted by EUCROF - Adopted on 18/6/2024;
  14. Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR - Adopted on 23/5/2024;
  15. Opinion 10/2024 on the draft decision of the competent supervisory authority of Sweden regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/5/2024;
  16. Opinion 9/2024 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the Genpact Group - Adopted on 23/5/2024;
  17. Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms - Adopted on 17/04/2024;
  18. Opinion 7/2024 on the draft decision of the German North Rhine Westphalia Supervisory Authority regarding the EU Cloud Service Data Protection (Auditor) certification criteria - Adopted on 17/4/2024;
  19. Opinion 6/2024 on the draft list of the Latvian SA on pro-cessing operations exempt from the data protection impact assessment requirement (Art. 35.5 GDPR) - Adopted on 16/4/2024;
  20. Opinion 05/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the MAPFRE Group - Adopted on 14/3/2024;
  21. Opinion 04/2024 on the notion of main establishment of a controller in the Union under Art. 4.16(a) GDPR - Adopted on 13/2/2024;
  22. Opinion 3/2024 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Accenture Group - Adopted on 13/02/2024;
  23. Opinion 2/2024 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the TELEFÓNICA Group - Adopted on 13/02/2024;
  24. Opinion 01/2024 on the draft decision of the Dutch Supervisory Authority regarding the Processor Binding Corporate Rules of the Booking.com Group - Adopted on 16/01/2024;

2023

EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 01/2023 on the Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 - Adopted on 19 September 2023

EDPB Opinions

  1. Opinion 36/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Booking.com Group - Adopted on 28/12/2023
  2. Opinion 35/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Carlsberg Group - Adopted on 13/12/2023
  3. Opinion 34/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Processor Binding Corporate Rules of the Cerner Group - Adopted on 13/12/2023
  4. Opinion 33/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of the Cerner Group - Adopted on 13/12/2023
  5. Opinion 32/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Thalès Group - Adopted on 28/11/2023
  6. Opinion 31/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Thalès Group - Adopted on 28/11/2023
  7. Opinion 30/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Sodexo Group - Adopted on 28/11/2023
  8. Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group - Adopted on 28/11/2023
  9. Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group - Adopted on 28/11/2023
  10. Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group - Adopted on 28/11/2023
  11. Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group - Adopted on 16/10/2023
  12. Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group - Adopted on 16/11/2023
  13. Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group - Adopted on 16/11/2023
  14. Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group - Adopted on 16/11/2023
  15. Opinion 22/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for employee data of the UPS Group - Adopted on 16/11/2023
  16. Opinion 21/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the UPS Group - Adopted on 16/11/2023
  17. Opinion 20/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Comcast Corporation Group - Adopted on 16/11/2023
  18. Opinion 19/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the American Express Global Business Travel Group - Adopted on 16/11/2023
  19. Opinion 18/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the Collibra Group - Adopted on 7/11/2023
  20. Opinion 17/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Informatica Group - Adopted on 28/9/2023
  21. Opinion 16/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Informatica Group - Adopted on 28/9/2023
  22. Opinion 15/2023 on the draft decision of the Dutch Supervisory Authority regarding the Brand Compliance certification criteria - Adopted on 19/9/2023
  23. Opinion 14/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Vestas Wind Systems Group - Adopted on 27/7/2023
  24. Opinion 13/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 11/7/2023
  25. Opinion 12/2023 on the draft decision of the competent supervisory authority of Cyprus regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 11/7/2023
  26. Opinion 11/2023 on the draft decision of the competent supervisory authority of Sweden regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 11/7/2023
  27. Opinion 10/2023 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the PROSEGUR Group - Adopted on 30/6/2023
  28. Opinion 9/2023 on the draft decision of the Italian Supervisory Authority regarding the Controller Binding Corporate Rules of Vertiv - Adopted on 17/5/2023
  29. Opinion 8/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Autodesk Group - Adopted on 5/5/2023
  30. Opinion 7/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Autodesk Group - Adopted on 5/5/2023
  31. Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group - Adopted on 23/3/2023;
  32. Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework - Adopted on 28/2/2023;
  33. Opinion 4/2023 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 3/2/2023;
  34. Opinion 03/2023 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 3/2/2023;
  35. Opinion 02/2023 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR - Adopted on 3/2/2023;
  36. Opinion 1/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR - Adopted on 3/2/2023.

2022

EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 04/2022 on the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse - Adopted on 28/7/2022;
  2. EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space - Adopted on 12/7/2022;
  3. EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) - Adopted on 4/5/2022;
  4. EDPB-EDPS Joint Opinion 1/2022 on the extension of Covid-19 certificate Regulation - Adopted on 14/3/2022

EDPB Opinions

  1. Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group - Adopted on 6/12/2022
  2. Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group - Adopted on 28/11/2022
  3. Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group - Adopted on 28/11/2022
  4. Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group - Adopted on 18/11/2022
  5. Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) - Adopted on 10/10/2022;
  6. Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group - Adopted on 7/10/2022;
  7. Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group - Adopted on 30/9/2022;
  8. Opinion 25/2022 regarding the European Privacy Seal (EuroPriSe ) certification criteria for the certification of processing operations by processors - Adopted on 13/9/2022;
  9. Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group - Adopted on 7/9/2022;
  10. Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group - Adopted on 7/9/2022;
  11. Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group - Adopted on 7/9/2022;
  12. Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group - Adopted on 26/8/2022;
  13. Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group - Adopted on 26/8/2022;
  14. Opinion 19/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Mercedes- Benz Group - Adopted on 26/8/2022;
  15. Opinion 18/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group - Adopted on 26/8/2022;
  16. Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group - Adopted on 1/8/2022;
  17. Opinion 16/2022 on the draft decision of the competent supervisory authority of Slovenia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  18. Opinion 15/2022 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  19. Opinion 14/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 4/7/2022;
  20. Opinion 13/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  21. Opinion 12/2022 on the draft decision of the competent supervisory authority of France regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  22. Opinion 11/2022 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 4/7/2022;
  23. Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  24. Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group - Adopted on 4/5/2022;
  25. Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group - Adopted on 19/4/2022;
  26. Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited - Adopted on 19/4/2022;
  27. Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group - Adopted on 19/4/2022;
  28. Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group - Adopted on 18/3/2022;
  29. Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  30. Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group - Adopted on 7/2/2022;
  31. Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria - Adopted on 1/2/2022;

2021

EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) - Adopted on 18/6/2021;
  2. EDPB-EDPS Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery - Adopted on 8/4/2021 (v.1.1);
  3. EDPB-EDPS Joint Opinion 03/2021 on the Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Adopted on 9/6/2021 (v.1.1);
  4. EDPB-EDPS Joint Opinion 2/2021 on standard contractual clauses for the transfer of personal data to third countries - Adopted on 14/1/2021;
  5. EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors - Adopted on 14/1/2021;

EDPB Opinions

  1. Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject - Adopted on 14/12/2021;
  2. Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/11/2021;
  3. Opinion 37/2021 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 30/11/2021;
  4. Opinion 36/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  5. Opinion 35/2021 on the draft decision of the competent supervisory authority of Belgium regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 30/11/2021;
  6. Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis - Adopted on 26/10/2021;
  7. Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier - Adopted on 26/10/2021;
  8. Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea - Adopted on 24/9/2021;
  9. Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  10. Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group - Adopted on 2/8/2021;
  11. Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) - Adopted on 2/8/2021;
  12. Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) - Adopted on 2/8/2021;
  13. Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  14. Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group - Adopted on 2/8/2021;
  15. Opinion 25/2021 on the draft decision of the competent supervisory authority of Lithuania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 20/7/2021;
  16. Opinion 24/2021 on the draft decision of the competent supervisory authority of Slovakia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  17. Opinion 23/2021 on the draft decision of the competent supervisory authority of Czech Republic regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 20/7/2021;
  18. Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  19. Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group - Adopted on 1/7/2021;
  20. Opinion 20/2021 on Tobacco Traceability System - Adopted on 18/6/2021;
  21. Opinion 19/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 1/6/2021;
  22. Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) - Adopted on 19/5/2021;
  23. Opinion 17/2021 on the draft decision of the French Supervisory Authority regarding the European code of conduct submitted by the Cloud Infrastructure Service Providers (CISPE) - Adopted on 19/5/2021;
  24. Opinion 16/2021 on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe - Adopted on 19/5/2021;
  25. Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  26. Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom - Adopted on 13/4/2021;
  27. Opinion 13/2021 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  28. Opinion 12/2021 on the draft decision of the competent supervisory authority of Portugal regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/3/2021;
  29. Opinion 11/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  30. Opinion 10/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/3/2021;
  31. Opinion 09/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Controller Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  32. Opinion 08/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Processor Binding Corporate Rules of Luxoft Group - Adopted on 16/2/2021;
  33. Opinion 07/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  34. Opinion 06/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of Kumon Group - Adopted on 16/2/2021;
  35. Opinion 05/2021 on the draft Administrative Arrangement for the transfer of personal data between the Haut Conseil du Commissariat aux Comptes (H3C) and the Public Company Accounting Oversight Board (PCAOB) - Adopted on 2/2/2021;
  36. Opinion 04/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  37. Opinion 03/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of BDO - Adopted on 22/1/2021;
  38. Opinion 02/2021 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Elanders Group - Adopted on 22/1/2021;
  39. Opinion 01/2021 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Saxo Bank Group - Adopted on 22/1/2021.

2020

EDPB Opinions

  1. Opinion 32/2020 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of Equinix - Adopted on 15/12/2020;
  2. Opinion 31/2020 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 7/12/2020;
  3. Opinion 30/2020 on the draft decision of the competent supervisory authority of Austria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  4. Opinion 29/2020 on the draft decision of the Lower Saxony Supervisory Authority regarding the Controller Binding Corporate Rules of Novelis Group - Adopted on 8/12/2020;
  5. Opinion 28/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Iberdrola Group - Adopted on 8/12/2020;
  6. Opinion 27/2020 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Coloplast Group - Adopted on 8/12/2020;
  7. Opinion 26/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 7/12/2020;
  8. Opinion 25/2020 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Tetra Pak - Adopted on 31/7/2020;
  9. Opinion 24/2020 on the draft decision of the Norwegian Supervisory Authority regarding the Controller Binding Corporate Rules of Jotun - Adopted on 31/7/2020;
  10. Opinion 23/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  11. Opinion 22/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  12. Opinion 21/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 23/7/2020;
  13. Opinion 20/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  14. Opinion 19/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  15. Opinion 18/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 23/7/2020;
  16. Opinion 17/2020 on the draft Standard Contractual Clauses submitted by the SI SA (Article 28(8) GDPR) - Adopted on 19/5/2020;
  17. Opinion 16/2020 on the draft decision of the competent supervisory authority of the Czech Republic regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  18. Opinion 15/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  19. Opinion 14/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adopted on 25/5/2020;
  20. Opinion 13/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  21. Opinion 12/2020 on the draft decision of the competent supervisory authority of Finland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  22. Opinion 11/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  23. Opinion 10/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 25/5/2020;
  24. Opinion 9/2020 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Reinsurance Group of America Adopted on 14/4/2020;
  25. Opinion 8/2020 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Reinsurance Group of America - Adopted on 14/4/2020;
  26. Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 22/4/2020;
  27. Opinion 6/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Fujikura Automotive Europe Group (FAE Group) - Adopted on 29/1/2020;
  28. Opinion 5/2020 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  29. Opinion 4/2020 on the draft decision of the competent supervisory authority of the United Kingdom regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adopted on 29/1/2020;
  30. Opinion 3/2020 on the France data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  31. Opinion 2/2020 on the Belgium data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;
  32. 33.Opinion 1/2020 on the Spanish data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 28/1/2020;

2019

EDPB-EDPS Joint Opinions

  1. EDPB-EDPS Joint Opinion 1/2019 on the processing of patients’ data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI) - Adopted on 12/7/2019;

EDPB Opinions

  1. Opinion 16/2019 on the draft decision of the Belgian Supervisory Authority regarding the Binding Corporate Rules of ExxonMobil Corporation - Adopted on 12/11/2019.
  2. Opinion 15/2019 on the draft decision of the competent supervisory authority of the United Kingdom regarding the Binding Corporate Rules of Equinix Inc. - Adopted on 8/10/2019;
  3. Opinion 14/2019 on the draft Standard Contractual Clauses submitted by the DK SA (Article 28(8) GDPR) - Adopted on 9/7/2019;
  4. Opinion 13/2019 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  5. Opinion 12/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  6. Opinion 11/2019 on the draft list of the competent supervisory authority of the Czech Republic regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adopted on 10/7/2019;
  7. Opinion 10/2019 on the draft list of the competent supervisory authority of Cyprus regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35(4) GDPR) - Adopted on 9/7/2019;
  8. Opinion 9/2019 on the Austrian data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adopted on 9/7/2019;
  9. Opinion 8/2019 on the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment - Adopted on 9/7/2019;
  10. Opinion 7/2019 on the draft list of the competent supervisory authority of Iceland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  11. Opinion 6/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 12/3/2019;
  12. Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities - Adopted on 12/3/2019;
  13. Opinion 4/2019 on the draft AA between EEA and non-EEA Financial Supervisory Authorities - Adopted on 12/2/2019;
  14. Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) - Adopted on 23/1/2019;
  15. Opinion 2/2019 on the draft list of the competent supervisory authority of Norway regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 23/1/2019;
  16. Opinion 01/2019 on the draft list of the competent supervisory authority of the Principality of Liechtenstein regarding the processing operations subject to the requirement of a data protection impact assessment (Article 17.4 GDPR) - Adopted on 23/1/2019.

2018

EDPB Opinions

  1. Opinion 28/2018 regarding the European Commission Draft Implementing Decision on the adequate protection of personal data in Japan - Adopted on 5/12/2018;
  2. Opinion 27/2018 on the draft list of the competent supervisory authority of Slovenia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  3. Opinion 26/2018 on the draft list of the competent supervisory authority of Luxembourg regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  4. Opinion 25/2018 on the draft list of the competent supervisory authority of Croatia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  5. Opinion 24/2018 on the draft list of the competent supervisory authority of Denmark regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 4/12/2018;
  6. Opinion 23/2018 on Commission proposals on European Production and Preservation Orders for electronic evidence in criminal matters (Art. 70.1.b) - Adopted on 23/9/2018;
  7. Opinion 22/2018 on the draft list of the competent supervisory authority of the United Kingdom regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  8. Opinion 21/2018 on the draft list of the competent supervisory authority of Slovakia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  9. Opinion 20/2018 on the draft list of the competent supervisory authority of Sweden regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  10. Opinion 19/2018 on the draft list of the competent supervisory authority of Romania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  11. Opinion 18/2018 on the draft list of the competent supervisory authority of Portugal regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  12. Opinion 17/2018 on the draft list of the competent supervisory authority of Poland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  13. Opinion 16/2018 on the draft list of the competent supervisory authority of the Netherlands regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  14. Opinion 15/2018 on the draft list of the competent supervisory authority of Malta regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  15. Opinion 14/2018 on the draft list of the competent supervisory authority of Latvia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  16. Opinion 13/2018 on the draft list of the competent supervisory authority of Lithuania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  17. Opinion 12/2018 on the draft list of the competent supervisory authority of Italy regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  18. Opinion 11/2018 on the draft list of the competent supervisory authority of Ireland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  19. Opinion 10/2018 on the draft list of the competent supervisory authority of Hungary regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  20. Opinion 9/2018 on the draft list of the competent supervisory authority of France regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  21. Opinion 8/2018 on the draft list of the competent supervisory authority of Finland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  22. Opinion 7/2018 on the draft list of the competent supervisory authority of Greece regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  23. Opinion 6/2018 on the draft list of the competent supervisory authority of Estonia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  24. Opinion 5/2018 on the draft list of the competent supervisory authorities of Germany regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  25. Opinion 4/2018 on the draft list of the competent supervisory authority of Czech Republic regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  26. Opinion 3/2018 on the draft list of the competent supervisory authority of Bulgaria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  27. Opinion 2/2018 on the draft list of the competent supervisory authority of Belgium regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018;
  28. Opinion 1/2018 on the draft list of the competent supervisory authority of Austria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adopted on 25/9/2018.