Task Force on transfers to international organizations

The request was successful.

Dear European Data Protection Supervisor,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

1 CONTEXT of the Request

The EDPB has published a mailing dated 18.11.2021 with the identifier OUT2021-00156 to Miguel de Serpa Soares online:

https://edpb.europa.eu/system/files/2021...

There, on page 1, reference is made, among other things, to a "Task Force": "Task Force on transfers to international organizations established by the European Data Protection Supervisor." This is the passage to which my question refers.

2 REQUEST itself

2.1 Indication of which members belong to this "Task Force" (companies, international organizations, regulatory authorities, etc.).

2.2 Indication of when this "Task Force" was established.

2.3 Indication of the legal form of this "Task Force".

2.4 The founding charter of the "Task Force", which provides information about its tasks, objectives and mode of operation.

2.5 Indication of how this "Task Force" interacts with the supervisory authorities responsible for data protection.

2.6 Minutes of the meetings of the "Task Force".

2.7 Studies, legal opinions and other documents supporting the work of the "Task Force" to date.

Yours faithfully,

Heiko Roth

European Data Protection Supervisor

3 Attachments

Dear Mr. Roth,

We acknowledge receipt of your request, registered on 19.01.2022. In
accordance with Article 7(1) of Regulation (EU) No 1049/2001 regarding
public access to European Parliament, Council and Commission documents,
you will receive a reply within 15 working days (by 09.02.2022).

Your case number is 2022-0076.

Please note that your personal data will only be processed for the
purposes of replying to your request and in accordance with the privacy
statement set out below. More information on how the EDPS process personal
information can be found on our [1]website.

You have lodged your application via the AsktheEU.org website. Please note
that this is a private website which has no link with any institution of
the European Union. The European Data Protection Supervisor is not
accountable for any technical issues or problems linked to the use of this
system.

Yours sincerely,

 

 

  EDPS Secretariat
[2]cid:image001.png@01D4D8CD.D37C9700
[3]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [4][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[5]Twitter [6]@EU_EDPS  
[7]Website www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation) on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, we are processing your
personal data, where proportionate and necessary, for the purpose of
answering your request. The legal base for this processing operation is
Regulation (EU) 1049/2001 and Article 52(4) of the Regulation (EU)
2018/1725. Subject to applicable rules under EU legislation, the personal
data relating to you, as provided in your request as well as personal data
that might be collected while processing your request, are used solely for
the purpose of replying to your request. EDPS staff members dealing with
the request will have access to the case file containing your personal
data on a need-to-know basis. All access to case files is logged. Your
personal data are not disclosed outside the EDPS. Your personal data will
be stored electronically for a maximum of ten years after the closure of
the case, or as long as the EDPS is under a legal obligation to do so. You
have the right to access your personal data held by the EDPS and to
relevant information concerning how we use it. You have the right to
rectify your personal data. Under certain conditions, you have the right
to ask that we delete your personal data or restrict its use. We will
consider your request, take a decision and communicate it to you. For more
information, please see Articles 14 to 21, 23 and 24 of the Regulation.
Please note that in some cases restrictions under Article 25 of the
Regulation may apply. Any request to exercise your rights should be
addressed to the EDPS at [8][EDPS request email]. You may contact the data
protection officer of the EDPS ([9][email address]), if you have
any remarks or complaints regarding the way we process your personal data.
You have the right to lodge a complaint with the EDPS, as supervisory
authority. Any such request should be addressed to the EDPS at
[10][EDPS request email]. You can reach the EDPS in the following ways:
E-mail: [11][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium. For more
information, please refer to the extended version of the data protection
notice available on the EDPS website:
[12]https://edps.europa.eu/data-protection/o....

 

 

References

Visible links
1. https://secure.edps.europa.eu/EDPSWEB/we...
3. file:///tmp/tel:+3222831900
4. mailto:[EDPS request email]
6. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
8. mailto:[EDPS request email]
9. mailto:[email address]
10. mailto:[EDPS request email]
11. mailto:[EDPS request email]
12. https://edps.europa.eu/data-protection/o...

European Data Protection Supervisor

6 Attachments

Dear Mr Roth,

 

Please find enclosed a letter to your attention electronically signed by
Leonardo Cervera Navas on the above-mentioned subject.

 

Best regards,

 

  EDPS Secretariat

' (+32) 228 319 00   | Fax +32 2 283 19 50
[1]Email [2][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
[3]Twitter [4]@EU_EDPS   [5]Website [6]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

 

 

References

Visible links
2. mailto:[EDPS request email]
4. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
6. http://www.edps.europa.eu/
http://www.edps.europa.eu/

Dear European Data Protection Supervisor,

Please pass this on to the person who reviews confirmatory applications.

I am filing the following confirmatory application with regards to my access to documents request 'Task Force on transfers to international organizations'.

Context:
Thank you for your letter of 02/09/2022 responding to my inquiries. My complaint relates to this letter: https://www.asktheeu.org/en/request/1056...

Complaint:
In the above letter you link to four documents (PDF files). The web links provided there are not accessible:

https://edps.europa.eu/0128_2021-0795_12...
https://edps.europa.eu/0128_2021-0795_13...
https://edps.europa.eu/0128_2021-0795_14...
https://edps.europa.eu/0128_2021-0795_15...

For each of these links the error message "Page not found" appears. Also one use Download-Manager displays the "error 404". So the files seems actually not been uploaded. Please provide me with the four files as attachments to my request. - thank you very much!

A full history of my request and all correspondence is available on the Internet at this address: http://www.asktheeu.org/en/request/task_...

Yours faithfully,
HR

European Data Protection Supervisor

3 Attachments

Dear Mr Roth,

 

There was a problem with our website which is fixed now. Please find below
the working links to the files you requested:

 

1.      COO.6515.100.3.419459 -
[1]https://edps.europa.eu/system/files_en?f...
 

2.      COO.6515.100.4.435278 -
[2]https://edps.europa.eu/system/files_en?f...

3.      COO.6515.100.2.435278 -
[3]https://edps.europa.eu/system/files_en?f...

4.      Draft Agenda Meeting of the Task Force on Transfers to
International Organisations 16 September 2021 [14:30 –16:30] -
[4]https://edps.europa.eu/system/files_en?f...

 

Kind regards

 

 

  EDPS Secretariat
[5]cid:image001.png@01D4D8CD.D37C9700
[6]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›   Email
 [7][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[8]Twitter [9]@EU_EDPS  
[10]Website [11]www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation) on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, we are processing your
personal data, where proportionate and necessary, for the purpose of
answering your request. The legal base for this processing operation is
Regulation (EU) 1049/2001 and Article 52(4) of the Regulation (EU)
2018/1725. Subject to applicable rules under EU legislation, the personal
data relating to you, as provided in your request as well as personal data
that might be collected while processing your request, are used solely for
the purpose of replying to your request. EDPS staff members dealing with
the request will have access to the case file containing your personal
data on a need-to-know basis. All access to case files is logged. Your
personal data are not disclosed outside the EDPS. Your personal data will
be stored electronically for a maximum of ten years after the closure of
the case, or as long as the EDPS is under a legal obligation to do so. You
have the right to access your personal data held by the EDPS and to
relevant information concerning how we use it. You have the right to
rectify your personal data. Under certain conditions, you have the right
to ask that we delete your personal data or restrict its use. We will
consider your request, take a decision and communicate it to you. For more
information, please see Articles 14 to 21, 23 and 24 of the Regulation.
Please note that in some cases restrictions under Article 25 of the
Regulation may apply. Any request to exercise your rights should be
addressed to the EDPS at [12][EDPS request email]. You may contact the data
protection officer of the EDPS ([13][email address]), if you have
any remarks or complaints regarding the way we process your personal data.
You have the right to lodge a complaint with the EDPS, as supervisory
authority. Any such request should be addressed to the EDPS at
[14][EDPS request email]. You can reach the EDPS in the following ways:
E-mail: [15][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium. For more
information, please refer to the extended version of the data protection
notice available on the EDPS website:
[16]https://edps.europa.eu/data-protection/o...

 

References

Visible links
1. https://edps.europa.eu/system/files_en?f...
2. https://edps.europa.eu/system/files_en?f...
3. https://edps.europa.eu/system/files_en?f...
4. https://edps.europa.eu/system/files_en?f...
6. file:///tmp/tel:+3222831900
7. mailto:[EDPS request email]
9. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
11. http://www.edps.europa.eu/
http://www.edps.europa.eu/
12. mailto:[EDPS request email]
13. mailto:[email address]
14. mailto:[EDPS request email]
15. mailto:[EDPS request email]
16. https://edps.europa.eu/data-protection/o...

Dear European Data Protection Supervisor,

thank you for fixing the website error.

Two queries:

1) The four files contain the respective meeting agendas. Are there no meeting notes or supporting documents of the respective meeting beyond that? - Example: "draft template of administrative arrangement prepared by EUIs DPOs" (No. 2.1, meeting of May 25th 2021) - why can't these documents be provided?

2) In addition, I am still not quite clear why this task force exists - can you tell me something more about this?

Yours sincerely,
HR

European Data Protection Supervisor

3 Attachments

Dear Mr Roth,

 

The list of documents in the reply sent to you on 09.02.2022 is
exhaustive. There are no further documents in EDPS's possession.

 

You will receive a separate answer to your request for information (the
second question from your e-mail).

 

Kind regards

 

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation) on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, we are processing your
personal data, where proportionate and necessary, for the purpose of
answering your request. The legal base for this processing operation is
Regulation (EU) 1049/2001 and Article 52(4) of the Regulation (EU)
2018/1725. Subject to applicable rules under EU legislation, the personal
data relating to you, as provided in your request as well as personal data
that might be collected while processing your request, are used solely for
the purpose of replying to your request. EDPS staff members dealing with
the request will have access to the case file containing your personal
data on a need-to-know basis. All access to case files is logged. Your
personal data are not disclosed outside the EDPS. Your personal data will
be stored electronically for a maximum of ten years after the closure of
the case, or as long as the EDPS is under a legal obligation to do so. You
have the right to access your personal data held by the EDPS and to
relevant information concerning how we use it. You have the right to
rectify your personal data. Under certain conditions, you have the right
to ask that we delete your personal data or restrict its use. We will
consider your request, take a decision and communicate it to you. For more
information, please see Articles 14 to 21, 23 and 24 of the Regulation.
Please note that in some cases restrictions under Article 25 of the
Regulation may apply. Any request to exercise your rights should be
addressed to the EDPS at [8][EDPS request email]. You may contact the data
protection officer of the EDPS ([9][email address]), if you have
any remarks or complaints regarding the way we process your personal data.
You have the right to lodge a complaint with the EDPS, as supervisory
authority. Any such request should be addressed to the EDPS at
[10][EDPS request email]. You can reach the EDPS in the following ways:
E-mail: [11][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium. For more
information, please refer to the extended version of the data protection
notice available on the EDPS website:
[12]https://edps.europa.eu/data-protection/o...

 

 

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/
8. mailto:[EDPS request email]
9. mailto:[email address]
10. mailto:[EDPS request email]
11. mailto:[EDPS request email]
12. https://edps.europa.eu/data-protection/o...

European Data Protection Supervisor

3 Attachments

Dear Sir,

 

Many thanks for your request to the European Data Protection Supervisor
(EDPS). Below please find the replies to your point 2.

 

2.1 Indication of which members belong to this "Task Force" (companies,
international organizations, regulatory authorities, etc.).

 

The taskforce is made of representatives of the EDPS, some international
organisations, the European Commission, some EU national supervisory
authorities and DPOs of some EUIs.

 

2.2 Indication of when this "Task Force" was established.

 

The taskforce was created following the Annual Workshop between
International Organisations (IOs) and the EDPS that took place on 8 and 9
October 2020.

 

2.3 Indication of the legal form of this "Task Force".

 

The taskforce is a purely informal discussion forum. The forum does not
have any legal form.

 

2.4 The founding charter of the "Task Force", which provides information
about its tasks, objectives and mode of operation.

 

There is no founding charter. The taskforce is a purely informal
discussion forum whose objective is to exchange on practical experiences
and difficulties relating to transfers to international organisations. In
doing so, the participants might use this opportunity to discuss specific
clauses and templates useful for the application of Regulation (EU)
2018/1725 of the European Parliament and of the Council of 23 October 2018
on the protection of natural persons with regard to the processing of
personal data by the Union institutions, bodies, offices and agencies and
on the free movement of such data (EUDPR). These discussions are however
without prejudice to the application of Chapter V of the EUDPR and the
powers of the EDPS to authorize specific transfers based on those clauses
and templates.

 

2.5 Indication of how this "Task Force" interacts with the supervisory
authorities responsible for data protection.

 

There is no interactions between the taskforce and EU national supervisory
authorities. Some representatives of EU national supervisory authorities
participate in the 'taskforce'. The EDPS as member of the EDPB may also
provide some updates – upon request – about the activities of this
taskforce to other EDPB members.

 

2.6 Minutes of the meetings of the "Task Force".

 

The taskforce is a purely informal discussion forum and no minutes are
taken.

 

2.7 Studies, legal opinions and other documents supporting the work of the
"Task Force" to date.

 

As explained, the participants might use the taskforce to discuss specific
clauses and templates useful for the application of Regulation (EU)
2018/1725 of the European Parliament and of the Council of 23 October 2018
on the protection of natural persons with regard to the processing of
personal data by the Union institutions, bodies, offices and agencies and
on the free movement of such data (EUDPR). But the taskforce does not have
any decision-making power and cannot therefore adopt any document or to
authorize transfers to international organisations.

 

Best regards,

 

  Olivier ROSSIGNOL
Head of Information &
Communication
[1]' (+32) 228 31900 | > MTS
07X060 
European Data Protection
Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[2]Twitter [3]@EU_EDPS  
[4]Website [5]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

[6]Privacy statement

 

show quoted sections