DPA, SDPC and TIA for the use of the Confluence service by EDPB

The request was successful.

Dear European Data Protection Board,

Based on the freedom of information in the EU Treaties, enshrined in Regulation 1049/2001, I request documents containing the following information:

Context:

Item 18 of the following minutes for the 101st Datenschutzkonferenz (DSK) meeting reads:
"Access to Confluence for the media officer at the Bavarian Regulatory Authority for New Media and for other specific supervisory authorities" Source of the minutes (in German): https://www.datenschutzkonferenz-online....

Inquiry and request for sending:

1) Indication whether and how the service Confluence of the company Atlassian is used by the EDPB. According to information from the BfDI (Federal Commissioner for Data Protection and Freedom of Information), the EDPB currently uses Confluence. This was the result of an inquiry (in German) via: https://fragdenstaat.de/anfrage/avv-sdpc...

2) If this service is used by the EDPB, for example to conduct meetings of the authority representatives:

a) I would like to know which authority is the contractual partner of the service provider Atlassian.

b) Please indicate whether and which transfers according to Art. 44 S. 1, 46 DSGVO are triggered by the use of the Confluence service and what purpose these transmissions serve.

c) I request all contracts concluded with Atlassian in this regard that are necessary under data protection law (redacted). At least by name: contract for commissioned processing according to Art. 28 DSGVO as well as standard data protection clauses according to Art. 46 DSGVO.

d) I request the provision of the "Transfer Impact Assessment" required pursuant to clause 14 of the current standard data protection clause sets of the EU Commission or the "Transfer Impact Assessment" required pursuant to Art. 46 (1) DSGVO in conjunction with the principles from Schrems II with respect to the data transfers that may be associated with the use of the Confluence service.

Best regards
Heiko Roth

European Data Protection Board

Thank you for your message and for your interest in data protection. We
will look into your request and get back to you within due time.
The EDPB Secretariat

Dear European Data Protection Board,

I made an editorial error in my initial inquiry. Instead of "DSGVO", it should of course read "GDPR" (General Data Protection Regulation). Sorry for that.

Yours faithfully,
Heiko Roth

European Data Protection Board

Dear Mr. Roth,

We confirm registration of your access to documents request and registered it today under reference 2022/04. Please use this reference for further correspondence.

We are currently assessing your request and will provide you with a reply within 15 working days (07/02/2022).

Please note that the EDPB specific privacy statement regarding the processing of personal data for the purposes of handling requests for access to documents is available on the EDPB website and can be viewed via this link: https://edpb.europa.eu/sites/edpb/files/...

Should you have any further queries, please do not hesitate to contact us.

Best regards,

The EDPB Secretariat

show quoted sections

European Data Protection Board

Dear Mr Roth,

We refer to your email dated 12/01/2022 in which you made a request for access to documents, registered on 17/01/2022 under reference number 2022/04.

Your application is currently being handled. However, we will not be in a position to complete the handling of your application within the time limit of 15 working days, which expires today (07/02/2022).

An extended time limit is needed, as your application covers a set of documents provided by third parties that must be consulted in accordance with Article 4(4) of Regulation (EC) No 1049/2001 regarding public access to documents.

In addition, your application also covers a considerable number of documents for whose assessment we need more time, due to the high amount of cases currently being dealt with by our team.

Therefore, we have to extend the time limit for another 15 working days in accordance with Article 7(3) of Regulation (EC) No 1049/2001 regarding public access to documents. The new deadline expires on 28/02/2022.

We apologize for this delay and for any inconvenience this may cause.

Yours sincerely,

On behalf of
Ventsislav Karadjov, deputy chair of the EDPB

show quoted sections

European Data Protection Board

18 Attachments

Dear Mr Roth,

 

Please find attached the answer from Mr. Karadjov, EDPB Deputy Chair, with
regard to your access request.

 

Sincerely,

 

The EDPB Secretariat

 

┌─────────────────────────────────────╥───────────────────────────────────────────────────────┐
│ ║European Data Protection Board │
│ ║ │
│ ║Postal address: Rue Wiertz 60, B-1047 Brussels │
│[1]cid:image001.png@01D42EFC.C1379A70║ │
│ ║Office address: Rue Montoyer 30, B-1000 Brussels │
│ ║ │
│ ║[2]cid:image003.png@01D42EFC.C1379A70 [3]edpb.europa.eu│
└─────────────────────────────────────╨───────────────────────────────────────────────────────┘

             

References

Visible links
3. https://www.edpb.europa.eu/