Pareri

2024

Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

Pareri EDPB (EDPB Opinions)

1. Parere 28/2024 su alcuni aspetti della protezione dei dati relativi al trattamento dei dati personali nel contesto dei modelli di IA - Adottato il 17/12/2024;
2. Parere 27/2024 sui criteri di conformità del marchio della certificazione in merito alla loro approvazione da parte del Consiglio come sigillo europeo per la protezione dei dati ai sensi dell’articolo 42, paragrafo 5, del GDPR. - Adottato il 2/12/2024;
3. Parere 26/2024 sulla bozza di decisione dell’Autorità di Vigilanza di Brema relativa al “Catalogo dei criteri per la certificazione del trattamento informatico dei dati personali ai sensi dell’art. 42 GDPR (‘GDPR - information privacy standard’)” presentato - Adottato il 2/12/2024;
4. Parere 25/2024 sulla bozza di decisione dell’Autorità di controllo dell’Assia (Germania) in merito alle regole aziendali vincolanti per i responsabili del trattamento del gruppo Infosys - Adottato il 2/12/2024;
5. Parere 24/2024 sulla bozza di decisione dell’Autorità di Vigilanza dell’Assia (Germania) in merito alle Norme Vincolanti d’Impresa del titolare del trattamento del Gruppo Infosys - Adottato il 2/12/2024;
6. Parere 23/2024 sul progetto di decisione dell’Autorità di vigilanza irlandese in merito alle norme vincolanti per i titolari del trattamento del Gruppo Aptiv - Adottato il 4/11/2024;
7. Parere 22/2024 su alcuni obblighi derivanti dall’affidamento a incaricati e subincaricati del trattamento - Adottato il 7/10/2024;
8. Parere 21/2024 sul progetto di decisione dell’Autorità di vigilanza francese relativo alle regole aziendali vincolanti per gli incaricati del trattamento del Gruppo Talan - Adottato il 17/9/2024;
9. Parere 20/2024 sul progetto di decisione dell’Autorità di vigilanza della Renania Settentrionale-Vestfalia in merito alle norme vincolanti d’impresa del titolare del trattamento del Gruppo Viega - Adottato il 17/9/2024;
10. Parere 19/2024 sui criteri di certificazione di EuroPrise in merito alla loro approvazione da parte del Consiglio come sigillo europeo per la protezione dei dati ai sensi dell’articolo 42.5 (GDPR) - Adottato il 16/7/2024;
11. Parere 18/2024 sulla bozza di decisione dell’Autorità di vigilanza austriaca relativa ai criteri di certificazione di DSGVO-zt GmbH - Adottato il 16/7/2024;
12. Parere 19/2024 sui criteri di certificazione di EuroPrise in merito alla loro approvazione da parte del Consiglio come sigillo europeo per la protezione dei dati ai sensi dell’articolo 42.5 (GDPR) - Adottato il 16/7/2024;
13. Parere 17/2024 sul progetto di decisione dell’Autorità di vigilanza spagnola in merito alle Regole vincolanti d’impresa del Gruppo FCC - Adottato il 16/7/2024;
14. Parere 16/2024 sulla bozza di decisione dell’Autorità di Vigilanza spagnola in merito alle Norme Vincolanti d’Impresa del Gruppo AVATURE - Adottato il 16/7/2024;
15. Parere 15/2024 sul progetto di decisione dell’Autorità di controllo dell’AGENZIA SPAGNOLA PER LA PROTEZIONE DEI DATI in merito alle norme vincolanti d’impresa del Gruppo AVATURE per il responsabile del trattamento - Adottato il 16/7/2024;
16. Parere 15/2024 sul progetto di decisione dell’Autorità di controllo dell’AGENZIA SPAGNOLA PER LA PROTEZIONE DEI DATI in merito alle norme vincolanti per i responsabili del trattamento del Gruppo AVATURE - Adottato il 16/7/2024;
17. Parere 14/2024 sul progetto di decisione dell’Autorità di vigilanza estone in merito alle norme vincolanti per i responsabili del trattamento del Gruppo Mercans - Adottato il 16/7/2024;
18. Parere 13/2024 sul progetto di decisione dell’Autorità di vigilanza del Liechtenstein relativo alle norme vincolanti d’impresa del titolare del trattamento del Gruppo Ivoclar Vivadent - Adottato il 18/6/2024;
19. Parere 12/2024 sul progetto di decisione dell’Autorità di vigilanza francese riguardante il “Codice di condotta per i fornitori di servizi nella ricerca clinica” presentato da EUCROF - Adottato il 18/6/2024;
20. Parere 11/2024 sull’uso del riconoscimento facciale per snellire il flusso dei passeggeri aeroportuali (compatibilità con gli articoli 5, paragrafo 1, lettere e) e f), 25 e 32 del GDPR) - Adottato il 23/5/2024;
21. Parere 10/2024 sul progetto di decisione dell’autorità di controllo competente della Svezia in merito all’approvazione dei requisiti per l’accreditamento di un organismo di certificazione ai sensi dell’articolo 43.3 (GDPR) - Adottato il 23/5/2024;
22. Parere 9/2024 sulla bozza di decisione dell’Autorità di vigilanza rumena relativa alle Binding Corporate Rules per i responsabili del trattamento di Genpact Group - Adottato il 23/5/2024;
23. Parere 08/2024 sul consenso valido nel contesto dei modelli di consenso o pagamento implementati dalle grandi piattaforme online - Adottato il 17/04/2024;
24. Parere 7/2024 sulla bozza di decisione dell’Autorità di vigilanza tedesca della Renania Settentrionale-Vestfalia in merito ai criteri di certificazione UE per la protezione dei dati dei servizi cloud (Auditor) - Adottato il 17/4/2024;
25. Parere 6/2024 sulla bozza di elenco dell’Autorità di vigilanza lettone sulle operazioni di trattamento esenti dall’obbligo di valutazione d’impatto sulla protezione dei dati (art. 35.5 GDPR) - Adottato il 16/4/2024;
26. Parere 05/2024 sulla bozza di decisione dell’Autorità di Vigilanza spagnola relativa al titolare delle Binding Corprorate Rules del Gruppo MAPFRE - Adottato il 14/3/2024;
27. Parere 04/2024 sulla nozione di stabilimento principale di un titolare del trattamento nell’Unione ai sensi dell’art. 4.16(a) GDPR. 4.16(a) GDPR](https://www.edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-042024-notion-main-establishment_en) - Adottato il 13/2/2024;
28. Parere 3/2024 sulla bozza di decisione dell’Autorità di vigilanza irlandese in merito alle regole aziendali vincolanti per il responsabile del trattamento (Processor Binding Corporate Rules) del gruppo Accenture - Adottato il 13/02/2024;
29. Parere 2/2024 sulla bozza di decisione dell’Autorità di vigilanza spagnola relativa alle Norme vincolanti d’impresa del titolare del trattamento del Gruppo TELEFÓNICA - Adottato il 13/02/2024;
30. Parere 01/2024 sulla bozza di decisione dell’Autorità di vigilanza olandese relativa alle Norme vincolanti d’impresa del responsabile del trattamento del Gruppo Booking.com - Adottato il 16/01/2024;

2023

Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

1. EDPB-EDPS Joint Opinion 01/2023 on the Proposal for a Regulation of the European Parliament and of the Council laying down additional procedural rules relating to the enforcement of Regulation (EU) 2016/679 - Adottato il 19 September 2023

Pareri EDPB (EDPB Opinions)

1. Opinion 36/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Booking.com Group - Adottato il 28/12/2023
2. Opinion 35/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Carlsberg Group - Adottato il 13/12/2023
3. Opinion 34/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Processor Binding Corporate Rules of the Cerner Group - Adottato il 13/12/2023
4. Opinion 33/2023 on the draft decision of the Hesse Supervisory Authority (Germany) regarding the Controller Binding Corporate Rules of the Cerner Group - Adottato il 13/12/2023
5. Opinion 32/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Thalès Group - Adottato il 28/11/2023
6. Opinion 31/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Thalès Group - Adottato il 28/11/2023
7. Opinion 30/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Sodexo Group - Adottato il 28/11/2023
8. Opinion 29/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Sodexo Group - Adottato il 28/11/2023
9. Opinion 28/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Servier Group - Adottato il 28/11/2023
10. Opinion 27/2023 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the Tessi Group - Adottato il 28/11/2023
11. Opinion 26/2023 on the draft decision of the Romanian Supervisory Authority regarding the Processor Binding Corporate Rules of the OSF Global Services Group - Adottato il 16/10/2023
12. Opinion 25/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the SHV Holding N.V. Group - Adottato il 16/11/2023
13. Opinion 24/2023 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the Nestlé Group - Adottato il 16/11/2023
14. Opinion 23/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for customer data of the UPS Group - Adottato il 16/11/2023
15. Opinion 22/2023 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules for employee data of the UPS Group - Adottato il 16/11/2023
16. Opinion 21/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the UPS Group - Adottato il 16/11/2023
17. Opinion 20/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the Comcast Corporation Group - Adottato il 16/11/2023
18. Opinion 19/2023 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of the American Express Global Business Travel Group - Adottato il 16/11/2023
19. Opinion 18/2023 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of the Collibra Group - Adottato il 7/11/2023
20. Opinion 17/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Informatica Group - Adottato il 28/9/2023
21. Opinion 16/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Informatica Group - Adottato il 28/9/2023
22. Opinion 15/2023 on the draft decision of the Dutch Supervisory Authority regarding the Brand Compliance certification criteria - Adottato il 19/9/2023
23. Opinion 14/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Vestas Wind Systems Group - Adottato il 27/7/2023
24. Opinion 13/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 11/7/2023
25. Opinion 12/2023 on the draft decision of the competent supervisory authority of Cyprus regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 11/7/2023
26. Opinion 11/2023 on the draft decision of the competent supervisory authority of Sweden regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 11/7/2023
27. Opinion 10/2023 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the PROSEGUR Group - Adottato il 30/6/2023
28. Opinion 9/2023 on the draft decision of the Italian Supervisory Authority regarding the Controller Binding Corporate Rules of Vertiv - Adottato il 17/5/2023
29. Opinion 8/2023 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Autodesk Group - Adottato il 5/5/2023
30. Opinion 7/2023 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Autodesk Group - Adottato il 5/5/2023
31. Opinion 6/2023 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Royal Greenland Group - Adottato il 23/3/2023;
32. Opinion 5/2023 on the European Commission Draft Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework - Adottato il 28/2/2023;
33. Opinion 4/2023 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 3/2/2023;
34. Opinion 03/2023 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 3/2/2023;
35. Opinion 02/2023 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR - Adottato il 3/2/2023;
36. Opinion 1/2023 on the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 GDPR - Adottato il 3/2/2023.

2022

Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

1. EDPB-EDPS Joint Opinion 04/2022 on the Proposal for a Regulation of the European Parliament and of the Council laying down rules to prevent and combat child sexual abuse - Adottato il 28/7/2022;
2. EDPB-EDPS Joint Opinion 03/2022 on the Proposal for a Regulation on the European Health Data Space - Adottato il 12/7/2022;
3. EDPB-EDPS Joint Opinion 2/2022 on the Proposal of the European Parliament and of the Council on harmonised rules on fair access to and use of data (Data Act) - Adottato il 4/5/2022;
4. EDPB-EDPS Joint Opinion 1/2022 on the extension of Covid-19 certificate Regulation - Adottato il 14/3/2022

Pareri EDPB (EDPB Opinions)

1. Opinion 32/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ramboll Group - Adottato il 6/12/2022
2. Opinion 31/2022 on the draft decision of the Slovak Supervisory Authority regarding the Processor Binding Corporate Rules of Piano Group - Adottato il 28/11/2022
3. Opinion 30/2022 on the draft decision of the Slovak Supervisory Authority regarding the Controller Binding Corporate Rules of Piano Group - Adottato il 28/11/2022
4. Opinion 29/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the DSV Group - Adottato il 18/11/2022
5. Opinion 28/2022 on the Europrivacy criteria of certification regarding their approval by the Board as European Data Protection Seal pursuant to Article 42.5 (GDPR) - Adottato il 10/10/2022;
6. Opinion 27/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of LEYTON Group - Adottato il 7/10/2022;
7. Opinion 26/2022 on the draft decision of the Data Protection Authority of Bavaria for the Private Sector regarding the Controller Binding Corporate Rules of the Munich Re Reinsurance Group - Adottato il 30/9/2022;
8. Opinion 25/2022 regarding the European Privacy Seal (EuroPriSe ) certification criteria for the certification of processing operations by processors - Adottato il 13/9/2022;
9. Opinion 24/2022 on the draft decision of the Swedish Supervisory Authority regarding the Processor Binding Corporate Rules of the Samres Group - Adottato il 7/9/2022;
10. Opinion 23/2022 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of the Samres Group - Adottato il 7/9/2022;
11. Opinion 22/2022 on the draft decision of the Liechtenstein Supervisory Authority regarding the Controller Binding Corporate Rules of Hilti Group - Adottato il 7/9/2022;
12. Opinion 21/2022 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of the Ellucian Group - Adottato il 26/8/2022;
13. Opinion 20/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of the Ellucian Group - Adottato il 26/8/2022;
14. Opinion 19/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Mercedes- Benz Group - Adottato il 26/8/2022;
15. Opinion 18/2022 on the draft decision of the Baden- Württemberg (Germany) Supervisory Authority regarding the Controller Binding Corporate Rules of the Daimler Truck Group - Adottato il 26/8/2022;
16. Opinion 17/2022 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the ANTOLIN Group - Adottato il 1/8/2022;
17. Opinion 16/2022 on the draft decision of the competent supervisory authority of Slovenia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 4/7/2022;
18. Opinion 15/2022 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 4/7/2022;
19. Opinion 14/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 4/7/2022;
20. Opinion 13/2022 on the draft decision of the competent supervisory authority of Bulgaria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 4/7/2022;
21. Opinion 12/2022 on the draft decision of the competent supervisory authority of France regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 4/7/2022;
22. Opinion 11/2022 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 4/7/2022;
23. Opinion 09/2022 on the draft decision of the Danish Supervisory Authority regarding the Processor Binding Corporate Rules of Bioclinica Group - Adottato il 4/5/2022;
24. Opinion 08/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Bioclinica Group - Adottato il 4/5/2022;
25. Opinion 07/2022 on the draft decision of the Hungarian Supervisory Authority regarding the Controller Binding Corporate Rules of MOL Group - Adottato il 19/4/2022;
26. Opinion 06/2022 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Groupon International Limited - Adottato il 19/4/2022;
27. Opinion 05/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of the Lundbeck Group - Adottato il 19/4/2022;
28. Opinion 04/2022 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Norican Group - Adottato il 18/3/2022;
29. Opinion 03/2022 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the WEBHELP Group - Adottato il 7/2/2022;
30. Opinion 02/2022 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the WEBHELP Group - Adottato il 7/2/2022;
31. Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria - Adottato il 1/2/2022;

2021

Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

1. EDPB-EDPS Joint Opinion 5/2021 on the proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) - Adottato il 18/6/2021;
2. EDPB-EDPS Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery - Adottato il 8/4/2021 (v.1.1);
3. EDPB-EDPS Joint Opinion 03/2021 on the Proposal for a regulation of the European Parliament and of the Council on European data governance (Data Governance Act) - Adottato il 9/6/2021 (v.1.1);
4. EDPB-EDPS Joint Opinion 2/2021 on standard contractual clauses for the transfer of personal data to third countries - Adottato il 14/1/2021;
   • Annex to the EDPB - EDPS Joint Opinion 2/2021 - Comments and suggested changes to the Draft SCCs - Adottato il 14/1/2021;
5. EDPB-EDPS Joint Opinion 1/2021 on standard contractual clauses between controllers and processors - Adottato il 14/1/2021;
   • Annex 1 to the EDPB - EDPS Joint Opinion 1/2021 - Comments and suggested changes to the Draft Implementing Decision - Adottato il 14/1/2021;
   • Annex 2 to the EDPB - EDPS Joint Opinion 1/2021 - Comments and suggested changes to the Draft SCCs - Adottato il 14/1/2021;

Pareri EDPB (EDPB Opinions)

1. Opinion 39/2021 on whether Article 58(2)(g) GDPR could serve as a legal basis for a supervisory authority to order ex officio the erasure of personal data, in a situation where such request was not submitted by the data subject - Adottato il 14/12/2021;
2. Opinion 38/2021 on the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 20/11/2021;
3. Opinion 37/2021 on the draft decision of the competent supervisory authority of Malta regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 30/11/2021;
4. Opinion 36/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 30/11/2021;
5. Opinion 35/2021 on the draft decision of the competent supervisory authority of Belgium regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 30/11/2021;
6. Opinion 34/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Otis - Adottato il 26/10/2021;
7. Opinion 33/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Carrier - Adottato il 26/10/2021;
8. Opinion 32/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the Republic of Korea - Adottato il 24/9/2021;
9. Opinion 31/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of the COLT Group - Adottato il 2/8/2021;
10. Opinion 30/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of the COLT Group - Adottato il 2/8/2021;
11. Opinion 29/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of Oregon Tool, Inc (Formerly “Blount”) - Adottato il 2/8/2021;
12. Opinion 28/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of Oregon Tool, Inc (formerly “Blount”) - Adottato il 2/8/2021;
13. Opinion 27/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Processor Binding Corporate Rules of the Internet Initiative Japan Group - Adottato il 2/8/2021;
14. Opinion 26/2021 on the draft decision of the Supervisory Authority of North Rhine-Westphalia (Germany) regarding the Controller Binding Corporate Rules of the Internet Initiative Japan Group - Adottato il 2/8/2021;
15. Opinion 25/2021 on the draft decision of the competent supervisory authority of Lithuania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 20/7/2021;
16. Opinion 24/2021 on the draft decision of the competent supervisory authority of Slovakia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 20/7/2021;
17. Opinion 23/2021 on the draft decision of the competent supervisory authority of Czech Republic regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 20/7/2021;
18. Opinion 22/2021 on the draft decision of the French Supervisory Authority regarding the Processor Binding Corporate Rules of the CGI Group - Adottato il 1/7/2021;
19. Opinion 21/2021 on the draft decision of the French Supervisory Authority regarding the Controller Binding Corporate Rules of the CGI Group - Adottato il 1/7/2021;
20. Opinion 20/2021 on Tobacco Traceability System - Adottato il 18/6/2021;
21. Opinion 19/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 1/6/2021;
22. Opinion 18/2021 on the draft Standard Contractual Clauses submitted by the LT SA (Article 28(8) GDPR) - Adottato il 19/5/2021;
23. Opinion 17/2021 on the draft decision of the French Supervisory Authority regarding the European code of conduct submitted by the Cloud Infrastructure Service Providers (CISPE) - Adottato il 19/5/2021;
24. Opinion 16/2021 on the draft decision of the Belgian Supervisory Authority regarding the “EU Data Protection Code of Conduct for Cloud Service Providers” submitted by Scope Europe - Adottato il 19/5/2021;
25. Opinion 15/2021 regarding the European Commission Draft Implementing Decision pursuant to Directive (EU) 2016/680 on the adequate protection of personal data in the United Kingdom - Adottato il 13/4/2021;
26. Opinion 14/2021 regarding the European Commission Draft Implementing Decision pursuant to Regulation (EU) 2016/679 on the adequate protection of personal data in the United Kingdom - Adottato il 13/4/2021;
27. Opinion 13/2021 on the draft decision of the competent supervisory authority of Romania regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 23/3/2021;
28. Opinion 12/2021 on the draft decision of the competent supervisory authority of Portugal regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 23/3/2021;
29. Opinion 11/2021 on the draft decision of the competent supervisory authority of Norway regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 23/3/2021;
30. Opinion 10/2021 on the draft decision of the competent supervisory authority of Hungary regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 23/3/2021;
31. Opinion 09/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Controller Binding Corporate Rules of Luxoft Group - Adottato il 16/2/2021;
32. Opinion 08/2021 on the draft decision of the Baden- Wurttemberg Supervisory Authority regarding the Processor Binding Corporate Rules of Luxoft Group - Adottato il 16/2/2021;
33. Opinion 07/2021 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Kumon Group - Adottato il 16/2/2021;
34. Opinion 06/2021 on the draft decision of the Spanish Supervisory Authority regarding the Processor Binding Corporate Rules of Kumon Group - Adottato il 16/2/2021;
35. Opinion 05/2021 on the draft Administrative Arrangement for the transfer of personal data between the Haut Conseil du Commissariat aux Comptes (H3C) and the Public Company Accounting Oversight Board (PCAOB) - Adottato il 2/2/2021;
36. Opinion 04/2021 on the draft decision of the Belgian Supervisory Authority regarding the Processor Binding Corporate Rules of BDO - Adottato il 22/1/2021;
37. Opinion 03/2021 on the draft decision of the Belgian Supervisory Authority regarding the Controller Binding Corporate Rules of BDO - Adottato il 22/1/2021;
38. Opinion 02/2021 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Elanders Group - Adottato il 22/1/2021;
39. Opinion 01/2021 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Saxo Bank Group - Adottato il 22/1/2021.

2020

Pareri EDPB (EDPB Opinions)

1. Opinion 32/2020 on the draft decision of the Dutch Supervisory Authority regarding the Controller Binding Corporate Rules of Equinix - Adottato il 15/12/2020;
2. Opinion 31/2020 on the draft decision of the competent supervisory authority of Poland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 7/12/2020;
3. Opinion 30/2020 on the draft decision of the competent supervisory authority of Austria regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 7/12/2020;
4. Opinion 29/2020 on the draft decision of the Lower Saxony Supervisory Authority regarding the Controller Binding Corporate Rules of Novelis Group - Adottato il 8/12/2020;
5. Opinion 28/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Iberdrola Group - Adottato il 8/12/2020;
6. Opinion 27/2020 on the draft decision of the Danish Supervisory Authority regarding the Controller Binding Corporate Rules of Coloplast Group - Adottato il 8/12/2020;
7. Opinion 26/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 7/12/2020;
8. Opinion 25/2020 on the draft decision of the Swedish Supervisory Authority regarding the Controller Binding Corporate Rules of Tetra Pak - Adottato il 31/7/2020;
9. Opinion 24/2020 on the draft decision of the Norwegian Supervisory Authority regarding the Controller Binding Corporate Rules of Jotun - Adottato il 31/7/2020;
10. Opinion 23/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 23/7/2020;
11. Opinion 22/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 23/7/2020;
12. Opinion 21/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 23/7/2020;
13. Opinion 20/2020 on the draft decision of the competent supervisory authority of Greece regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 23/7/2020;
14. Opinion 19/2020 on the draft decision of the competent supervisory authority of Denmark regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 23/7/2020;
15. Opinion 18/2020 on the draft decision of the competent supervisory authority of the Netherlands regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 23/7/2020;
16. Opinion 17/2020 on the draft Standard Contractual Clauses submitted by the SI SA (Article 28(8) GDPR) - Adottato il 19/5/2020;
17. Opinion 16/2020 on the draft decision of the competent supervisory authority of the Czech Republic regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 25/5/2020;
18. Opinion 15/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 25/5/2020;
19. Opinion 14/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 (GDPR) - Adottato il 25/5/2020;
20. Opinion 13/2020 on the draft decision of the competent supervisory authority of Italy regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 25/5/2020;
21. Opinion 12/2020 on the draft decision of the competent supervisory authority of Finland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 25/5/2020;
22. Opinion 11/2020 on the draft decision of the competent supervisory authority of Ireland regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 25/5/2020;
23. Opinion 10/2020 on the draft decision of the competent supervisory authorities of Germany regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 25/5/2020;
24. Opinion 9/2020 on the draft decision of the Irish Supervisory Authority regarding the Processor Binding Corporate Rules of Reinsurance Group of America Adottato il 14/4/2020;
25. Opinion 8/2020 on the draft decision of the Irish Supervisory Authority regarding the Controller Binding Corporate Rules of Reinsurance Group of America - Adottato il 14/4/2020;
26. Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adottato il 22/4/2020;
27. Opinion 6/2020 on the draft decision of the Spanish Supervisory Authority regarding the Controller Binding Corporate Rules of Fujikura Automotive Europe Group (FAE Group) - Adottato il 29/1/2020;
28. Opinion 5/2020 on the draft decision of the competent supervisory authority of Luxembourg regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adottato il 29/1/2020;
29. Opinion 4/2020 on the draft decision of the competent supervisory authority of the United Kingdom regarding the approval of the requirements for accreditation of a certification body pursuant to Article 43.3 GDPR - Adottato il 29/1/2020;
30. Opinion 3/2020 on the France data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 28/1/2020;
31. Opinion 2/2020 on the Belgium data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 28/1/2020;
32. 33.Opinion 1/2020 on the Spanish data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 28/1/2020;

2019

Pareri congiunti EDPB-EDPS (EDPB-EDPS Joint Opinions)

1. EDPB-EDPS Joint Opinion 1/2019 on the processing of patients’ data and the role of the European Commission within the eHealth Digital Service Infrastructure (eHDSI) - Adottato il 12/7/2019;

Pareri EDPB (EDPB Opinions)

1. Opinion 16/2019 on the draft decision of the Belgian Supervisory Authority regarding the Binding Corporate Rules of ExxonMobil Corporation - Adottato il 12/11/2019.
2. Opinion 15/2019 on the draft decision of the competent supervisory authority of the United Kingdom regarding the Binding Corporate Rules of Equinix Inc. - Adottato il 8/10/2019;
3. Opinion 14/2019 on the draft Standard Contractual Clauses submitted by the DK SA (Article 28(8) GDPR) - Adottato il 9/7/2019;
   • DK SA Standard Contractual Clauses for the purposes of compliance with art. 28 GDPR (January 2020);
4. Opinion 13/2019 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adottato il 10/7/2019;
5. Opinion 12/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adottato il 10/7/2019;
6. Opinion 11/2019 on the draft list of the competent supervisory authority of the Czech Republic regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR) - Adottato il 10/7/2019;
7. Opinion 10/2019 on the draft list of the competent supervisory authority of Cyprus regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35(4) GDPR) - Adottato il 9/7/2019;
8. Opinion 9/2019 on the Austrian data protection supervisory authority draft accreditation requirements for a code of conduct monitoring body pursuant to article 41 GDPR - Adottato il 9/7/2019;
9. Opinion 8/2019 on the competence of a supervisory authority in case of a change in circumstances relating to the main or single establishment - Adottato il 9/7/2019;
10. Opinion 7/2019 on the draft list of the competent supervisory authority of Iceland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 12/3/2019;
11. Opinion 6/2019 on the draft list of the competent supervisory authority of Spain regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 12/3/2019;
12. Opinion 5/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities - Adottato il 12/3/2019;
13. Opinion 4/2019 on the draft AA between EEA and non-EEA Financial Supervisory Authorities - Adottato il 12/2/2019;
    • Draft administrative arrangement for the transfer of personal data between - Adottato il 7/1/2019;
14. Opinion 3/2019 concerning the Questions and Answers on the interplay between the Clinical Trials Regulation (CTR) and the General Data Protection regulation (GDPR) - Adottato il 23/1/2019;
15. Opinion 2/2019 on the draft list of the competent supervisory authority of Norway regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 23/1/2019;
16. Opinion 01/2019 on the draft list of the competent supervisory authority of the Principality of Liechtenstein regarding the processing operations subject to the requirement of a data protection impact assessment (Article 17.4 GDPR) - Adottato il 23/1/2019.

2018

Pareri EDPB (EDPB Opinions)

1. Opinion 28/2018 regarding the European Commission Draft Implementing Decision on the adequate protection of personal data in Japan - Adottato il 5/12/2018;
2. Opinion 27/2018 on the draft list of the competent supervisory authority of Slovenia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 4/12/2018;
3. Opinion 26/2018 on the draft list of the competent supervisory authority of Luxembourg regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 4/12/2018;
4. Opinion 25/2018 on the draft list of the competent supervisory authority of Croatia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 4/12/2018;
5. Opinion 24/2018 on the draft list of the competent supervisory authority of Denmark regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 4/12/2018;
6. Opinion 23/2018 on Commission proposals on European Production and Preservation Orders for electronic evidence in criminal matters (Art. 70.1.b) - Adottato il 23/9/2018;
7. Opinion 22/2018 on the draft list of the competent supervisory authority of the United Kingdom regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
8. Opinion 21/2018 on the draft list of the competent supervisory authority of Slovakia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
9. Opinion 20/2018 on the draft list of the competent supervisory authority of Sweden regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
10. Opinion 19/2018 on the draft list of the competent supervisory authority of Romania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
11. Opinion 18/2018 on the draft list of the competent supervisory authority of Portugal regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
12. Opinion 17/2018 on the draft list of the competent supervisory authority of Poland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
13. Opinion 16/2018 on the draft list of the competent supervisory authority of the Netherlands regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
14. Opinion 15/2018 on the draft list of the competent supervisory authority of Malta regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
15. Opinion 14/2018 on the draft list of the competent supervisory authority of Latvia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
16. Opinion 13/2018 on the draft list of the competent supervisory authority of Lithuania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
17. Opinion 12/2018 on the draft list of the competent supervisory authority of Italy regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
18. Opinion 11/2018 on the draft list of the competent supervisory authority of Ireland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
19. Opinion 10/2018 on the draft list of the competent supervisory authority of Hungary regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
20. Opinion 9/2018 on the draft list of the competent supervisory authority of France regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
21. Opinion 8/2018 on the draft list of the competent supervisory authority of Finland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
22. Opinion 7/2018 on the draft list of the competent supervisory authority of Greece regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
23. Opinion 6/2018 on the draft list of the competent supervisory authority of Estonia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
24. Opinion 5/2018 on the draft list of the competent supervisory authorities of Germany regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
25. Opinion 4/2018 on the draft list of the competent supervisory authority of Czech Republic regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
26. Opinion 3/2018 on the draft list of the competent supervisory authority of Bulgaria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
27. Opinion 2/2018 on the draft list of the competent supervisory authority of Belgium regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018;
28. Opinion 1/2018 on the draft list of the competent supervisory authority of Austria regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR) - Adottato il 25/9/2018.