4th Plenary meeting
16 November 2018, Charlemagne building, Rue de la Loi 170, 1047 Brussels
1. Adoption of the minutes and the agenda
1.1 Minutes of the 3rd EDPB meeting
The minutes were approved. The members of the EDPB requested more transparency on the
changes made on the minutes before the plenary meeting and following requests by members. A
finalised draft version should be made available at least 24h before the next plenary meeting and
the requested changes need to be identified in track changes with a reference to the member that
requested the change. Any request for change less than 24h before the meeting should be
introduced in person at the meeting itself.
A member of the EDPB also asked to first submit the minutes to the coordinators of the subgroups
before circulating them to the EDPB. The Chair agreed to this proposal as long as it is possible time
1.2 Draft agenda of the 4th meeting
The draft agenda was approved. Items 2.1.1, 2.1.2, 2.2, 2.4, 2.5 and 2.11 of the agenda were
declared confidential according to Art. 33 RoP.
2. FOR DISCUSSION AND/OR ADOPTION - Current Focus of the EDPB
2.1.1 Reorganisation of the EDPB Subgroups – discussion and adoption -
Based on EDPB members’ contributions, the Chair team together with the EDPB Secretariat
developed a compiled proposal paper, which was presented to the members of the EDPB. The
members of the EDPB discussed a part of this document during the last plenary meeting. Discussions
on the rest of the document took place.
Regarding the Cooperation subgroup, the EDPB decided to keep the name of this subgroup and to
keep its mandate with the addition of the general focus on procedures, procedural questions of
Chap VII section 1 and 2 GDPR and procedural questions in case where there is no establishment in
the EU. The check of which documents need to be translated during the OSS procedure should also
be attributed to the cooperation SG. The Cooperation subgroup will have back-to-back meetings
with the Enforcement subgroup.
Regarding the Enforcement subgroup, the EDPB decided to keep the name of this subgroup and that
this subgroup will also deal with exchange of information on concrete cases. The final indent
description of the mandate in the table at the end of the paper should be adapted to read “develop
and propose an EDPB enforcement strategy ”.
Regarding the Financial matter subgroup, the EDPB members decided to keep the name of this
subgroup and to keep its mandate. It will be activated when necessary and will meet via
teleconference where possible.
Regarding the Fining taskforce, the EDPB members decided to keep the name of this subgroup and
Regarding the ITS subgroup, the EDPB members decided to keep the name of this subgroup and to
keep its mandate. Close cooperation with BTLE SG on article 48 GDPR and with Cooperation SG on
article 50 GDPR remains.
Regarding the IT User subgroup, no remark has been raised on the proposal to have such a SG and
on the description of its mandate.
Regarding the Key provisions subgroups, the EDPB members decided to keep the name of this
subgroup and to keep its mandate, as described in the paper.
Regarding the Social media subgroup, the EDPB members decided to keep the name of this
subgroup and to keep its mandate, as described in the paper with one modification: the word
“develop” needs to be changed into “provide” guidance.
Regarding the FOP subgroup, the EDPB members decided to change its name into “Strategic
Advisory subgroup”. It will be kept as a subgroup and will be convened every 2-3 months. All SAs
should take part in those meetings and the filtering effect of this subgroup regarding issues not
solved in subgroups should be used. This decision will be reviewed at the end of 2019.
Regarding the group of Coordinators, The group of coordinators will be maintained and it will be
used notably for ensuring harmonised working methods between subgroups.
Regarding the e-Government subgroup and the Technology subgroup, further discussions are still
needed and a proposal will be presented at the December plenary.
2.1.2 Update on Brexit – state of play -
COM briefed the EDPB members on the draft withdrawal agreement.
The COM informed the EDPB on the organisation of a sectorial seminar with EU 27 on Brexit and data
protection law, scheduled for 27 November. COM will share soon the details to the members of the
UK SA also presented its views on the negotiations on Brexit and the withdrawal agreement.
2.1.3 Consultation on COM’s draft question and answer document on interplay
between Clinical Trial Regulation and GDPR: attribution of the topic to one or more
SGs – discussion and request for mandate
The EDPB gave the requested mandate to the E-Government SG and the Key Provisions SG.
notified their wish to be co-rapporteur on this issue.
SEC will contact the COM to ask an extension of the deadline.
2.2 Opinion on the Commission’s Japan Adequacy Decision – state of play and
2.3 Information and exchange of different strategies of SAs – discussion
The EDPB agreed on the importance to share information on the development of operational
management strategies, of tools and research materials, and on knowledge and questions
experienced by the national SAs. The EDPB discussed the methodology to ensure such an
information sharing approach. Some ideas came up like sharing electronically the information,
sharing it orally during the FOP or plenary meeting or to use the network of communication officers
explained that it is currently working on a collaborative tool.
EDPB members asked the SEC to elaborate a template for sharing information together with
COM informed the members that there will be a kick off meeting on the 3rd of December on the
awareness actions undertaken by the SAs that are co-financed by the COM though grants. All SAs
who are beneficiaries have to attend; the other SAs are also invited in order to promote consistency
between the various national actions. COM also informed that a new call for proposals restricted to
SAs will be issued in 2019.
2.4 Guidelines on the application of the territorial scope of the GDPR – discussion -
2.5 Observers – discussion and decision on the status -
COM explained the rules governing observer status under EU law with reference to the note it
circulated in view of the Plenary. It stressed the exceptional nature of such a status and the very strict
conditions that the EDPB has to apply in considering whether to admit observers, considering its new
nature as an EU body with decision-making power.
The EDPB agreed to welcome Albania
SAs as observers of
, Liechtenstein and Iceland
, with regard to GDPR related matters, received already from the
entry into force of the amendment to the EEA agreement on 20th July 2018 a right to participate as
members to the EDPB activities, without voting rights and without the right to be elected as chair and
vice-chair. However, their positions shall be recorded separately. They are also observers by virtue of
international agreements with regard to the ePrivacy Directive and the Schengen acquis, including
Directive 2016/680. Switzerland
has an observer status by virtue of the Schengen agreement with regard to issues relating
exclusively to the Schengen acquis, including Directive 2016/680. It is required to appoint one
The EDPB agreed to work on article 8 of the ROP to ensure clarity, including on the question of which
agenda items (of both subgroup and plenary meetings) may be attended by observers.
A working group will be created to that end with representatives of
2.6 Update of the EDPB Rules of Procedure after the EEA agreement – adoption
SEC explained the three changes suggested in the ROP:
- one on the EFTA-EEA countries;
- one on the calculation of the deadlines; and
- one on the procedure on public access to document.
In addition to those 3 changes, SEC explained that two mandates are requested: one on the article
64 procedure and one on the written procedure.
14 SAs agreed to those requests and changes but the 2/3 majority could not be met as the remaining
members of the EDPB present to the meeting was not sufficient. A written procedure will be
The same working group as for the modification of article 8 of the ROP will work on the respective
mandates, should they be adopted following the written procedure.
2.7 International cooperation for the protection of personal data - Article 50 GDPR –
state of play and discussion
This agenda point was discussed later in the meeting. Discussions took place on this point but no
decision could be taken as the quorum was not met anymore.
2.8 Letter of response to Consumers International, Privacy International, and
Norwegian Consumer Council regarding the Deceived By Design report – adoption
The rapporteur informed the EDPB members that the draft letter is withdrawn.
2.9 Informal consultation on the Draft Commission Delegated Regulation with regard
to the provision of EU-wide Cooperative Intelligent Transport Systems – discussion
presented its draft answer. The EDPB adopted the draft answer.
2.10 Video-conferencing system – discussion and adoption
presented its info note and the possible options. The EDPB decided to follow the
recommendation of the IT users subgroup and to choose option 3 as a long-term solution, while as a
short-term use option 1.
2.11 Privacy Shield – Second Annual Review – oral state of play -
One member of the EDPB, who participated in the second annual review, made a detailed oral state
of play. A fact-finding document has been shared with the members of the EDPB.
2.12 5th Annual Review TFTP – COM letter – Discussion
Discussions took place on this point but no decision could be taken as the quorum was not met
A member of the EDPB shared its intention to initiate a 64.2 procedure
A member of the EDPB asked to have a template for preparing the annual report
A member of the EDPB shared the state of play of an investigation regarding the RICE project.
SEC informed the members that it has received a letter from an MEP regarding this
investigation and that an answer needs to be drafted. The member of the EDPB requested the
attribution of a mandate for a guideline on article 85 GDPR.
Following the discussion on the electoral package presented by Commissioner Jourová at the
last Plenary, COM informed the members of the EDPB about the next meetings of the election
networks involving SAs (21.01 and 04.04). It also informed the members on the future
consultation of the EDPB by the COM (DG CNECT) on guidance to be issued under the
Regulation on the free flow of non-personal data in the EU. Finally, COM informed the
members of the EDPB that it has received questions and complaints about the fact that some
national guidelines are not in line with the EDPB guidelines. COM invited the members of the
EDPB to check their national guidance to ensure that they are in line with the EDPB guidelines.
4. Attendance list SAs of:
AT, BE, BG, CY, CZ, DE, DK, EDPS, EE, EL, ES, FI, FR, HR, HU, IE, IT, IS, LI, LT, LU, LV, MT, NL, PT, RO, SE,
SI, SK, UK
- European Commission
- EDPB Secretariat