Final
Technology Subgroup meeting
6th November 13:30 - 7th November 2018 16:15, Brussels
1/ Welcome and Introduction
Minutes
With an amendment of the SE SA the minutes were adopted.
Approval of the Agenda
The draft agenda was revised to add a letter prepared by the Secretariat on behalf of the Chair
regarding the request for consultation by the Commission (see agenda item 5.2) and discussion on the
work programme under AOB.
The amended agenda was adopted.
Update from the plenary
The Coordinator informed the participants on the outcome of the last plenary regarding the items
concerning the subgroup:
The Opinions on DPIA Lists were adopted and the follow up is ongoing
The next set of DPIA Lists can be submitted by SAs for an Opinion.
A mandate was granted for the Data Protection by Design and by Default Guidelines.
Revision of the mandates of the subgroups set on the Agenda for November Plenary
The subgroups were requested to provide a Work Plan
Dates for the next meetings
The Coordinator informed the participants of the dates proposed for the future meetings, until the
summer 2019. The Secretariat is in the process of confirming the availability of the rooms. Once the
availability has been confirmed the dates will be shared with the participants.
13/11/2018
2/ Accreditation & Certification guidelines (Rapporteur:
)
The Coordinator reminded the subgroup that in the future, after adoption of the guidelines, the
subject will be transferred to the EGOV subgroup (which should also be renamed).
On the Accreditation Guidelines, after the public consultation, and the Annex:
The subgroup agreed to send the guidelines and annex to the December plenary, for adoption. The
Coordinator reminded that the documents should be sent to Secretariat for uploading on CircaBC by
22 November.
On the Certification Guidelines, after the public consultation, and the Annex:
The lead rapporteur provided a revised version of the guidelines after the public consultation.
Finally, the members of the subgroup discussed whether they have received applications for approval
of certification criteria and a discussion on this item will be scheduled for the next subgroup meeting.
3/ Data breach Notification
State of Play (Rapporteur:
)
The
provided an update on the number of data breach notifications received and invited other
participates to share numbers. They informed participants about a webinar held on Personal Data
Breach Notification and notification requirements, which was joined live by around 3000 organizations
2
13/11/2018
and around 1500 additional within 24h after the event. As a next step they plan to address reports on
phishing.
informed participants that the draft report of the OECD on comparability of data breach notification
systems will be shared upon request. It is planned to amend the questionnaire and re-do it one year
after the GDPR came into application to allow for a comparability of Data Breaches, and a discussion
at the next ICDPPC.
Discussion on the process applicable to the draft decisions (Rapporteur: FR)
4/ Opinion on Data Protection by design and by default (Rapporteur:
)
The draft Guidelines were revised taking into account the input given by the co-rapporteurs. It was
agreed that the target audience is controllers and processors, as long as this helps controllers fulfil
their obligation.
The scope and proposed outline of the guidelines was discussed.
It was agreed that comments will be provide by 15 November and a new version will be circulated for
the next meeting, where also the interaction with Art 32 will be discussed.
3
13/11/2018
5/ Connected Vehicles
Draft Opinion (Rapporteur:
)
The rapporteur presented the draft guidelines on connected vehicles and mobility related
applications.
The scope of the document was discussed,
The rapporteur will create a new version by the end of November.
The document is scheduled for adoption in the first Quarter of 2019
Letter on behalf of the Chair (Rapporteur: Secretariat)
The Chair requested the Secretariat to draft a letter in the context of the EC’s request for consultation
on the draft delegated regulation on Cooperative intelligent transport systems. The draft letter is
based on the 2017 WP29 opinion on C-ITS, and was drafted by the Secretariat in collaboration with
rapporteur of the opinion. The draft letter is scheduled for adoption on 16 November.
Participants were asked to provide written comments until the end of the day.
6/ Opinion on DPIA Lists (Lead rapporteur: )
The Coordinator informed that the procedure for final adoption may need to be clarified in the Rules
of Procedure. This will be discussed at the Plenary.
On four items present in the submitted lists the lead rapporteur asked the participants for their
opinion on whether they are likely to result in a high risk.
At the next subgroup meeting the amended draft decisions sent by the SAs will be discussed. In case
an SA did not follow the Opinion of the Board, Rapporteur proposes to ask the Chair SA to trigger art.
65, representing the members of the Board.
7/ Presentation on Blockchain
The JRC gave a presentation on Blockchain and distributed ledger systems. They clarified that there is
no guaranteed anonymity. The presentation closed with possible future applications within the
European institutions, and a discussion on whether or not the group should consider including
blockchain on its 2019 work programme.
8/ Guidelines on Video Surveillance
The draft was discussed.
The aim is to adopt the document in early 2019. Comments are to be provided by 16 November; the
rapporteurs will provide a new version by end of November, and at the next subgroup meeting, the
discussion should focus more on possible use cases which could be included in the opinion. One of the
objectives of the opinion would be to provide practical guidance on use cases, as suggested in the
mandate that was granted by the plenary.
4
13/11/2018
9/ Any other Business
ICANN (Rapporteur:
)
The rapporteur gave an update on the status of ICANN and its compliance with the GDPR. The
participants were informed that a written update will be shared.
ISO (Rapporteur:
)
The rapporteur informed that an updated state of play on standards was circulated. Of specific interest
are the Personal Information Management Systems.
Work programme for 2019
The Coordinator invited the participants to consider items, as requested by the Chair. It was noted,
that ongoing items will have to be included, i.e. the ePrivacy Regulation, C-ITS, DPIA Opinions,
Connected Vehicles, Video Surveillance, Certification and Accreditation and the Data Protection by
Design and by Default Guidelines.
The members of the subgroup were requested to use the circulated template to submit items of
interest by 15 November.
One of the coordinators of the Social Media Subgroup (SMSG) shared topics currently be considered
by the SMSG as potential strategic priorities in terms of supervision and guidance. The aim of the
intervention was to ensure mutual awareness and to identify possible interactions.
10/
To-do/Next steps
Next meeting on the 11/12 or the 19-20/12, depending on the availability of the
room. The dates of the S1 2019 TS will be circulated once the Secretariat has
1 Welcome
confirmed the availability of the room.
The minutes of the previous meeting are adopted, after taken into account the
comments from SE.
The accreditation guidelines and its annex will be adopted at the December
Plenary.
The final version
of the guidelines must be finalized and sent to the co rapporteurs for the 15/11,
2 Certification and and uploaded to CIRCA for the 22/11.
accreditation
The Infonote must be provided by the Secretariat for the 15/11 and uploaded to
CIRCA on the 22/11.
Comments on the annex of the certification guidelines to be sent to the rapporteur
before 16/11. New version prepared by the rapporteur for the 30/11.
The certification guidelines and the annex will be discussed at the next TS.
3 Data Breach
Notification
5
13/11/2018
4 Data protection
Comments to be sent to the rapporteur before 16/11. New version prepared by the
by design and by
rapporteur for the 30/11.
default
Document will be discussed at the next TS.
5 connected
Comments to be sent to the rapporteur before 16/11. New version prepared by the
Vehicle
rapporteur for the 30/11.
Document will be discussed at the next TS
The response to the EC consultation on C-ITS will be adopted at the next plenary.
Comments to be sent to the Secretariat ASAP.
The Infonote must be provided by the Secretariat for the 15/11 and uploaded to
CIRCA on the 22/11.
6 Art 35.4 lists The 4 new opinions will be finalized and adopted at the next plenary. The drafts will
be finalized and shared with the concerned DPAs ASAP.
The Infonote must be provided by the Secretariat for the 15/11 and uploaded to
CIRCA on the 22/11.
The manual will be finalized for next TS.
The response from the DPAs to the 22 opinions will be circulated to the TS along
with the analysis, and will be discussed at the next TS.
7 Blockchain
8 Video
Comments sent to the rapporteur before 16/11. New version prepared by the
surveillance
rapporteur for the 30/11.
The document should focus on examples
9 AOB
TS participant provide inputs for the 2019 work program by email to the
coordinator by the 15/11. The result will be presented to the December Plenary. TS
participants are invited to provide as much details as possible.
11/ Annex: Attendance List
SAs:
AT, BE, BG, CZ, DE-Schleswig Holstein, DE-Federal, DE Mecklenburg-Western Pomerania, DK, EDPS, EE,
ES, FI, FR, HR, HU, IE, IT, LU, LV, MT, NL, PL, PT, RO, SE, SK, UK
EFTA-EEA: NO
Further attendees:
- European Commission
- EDPB Secretariat
6
13/11/2018