Technology Subgroup meeting
1/ Welcome to Participants
Adoption of the minutes of the Technology Subgroup meeting (14.06.2018)
The minutes of the last Technology Subgroup meeting were approved. The coordinator informed the
participants of the written procedure for adopting the minutes.
Outline and adoption of the Agenda
The draft agenda was adopted
2/ EDPB opinions on the Art 35.4 drafts lists - Day 1
In line with the draft agenda, it was agreed to continue the discussion on DPIA on the next day.
The rapporteur presented the updated Annex to the accreditation guidelines based on the comments
received. The rapporteur requested comments on the
the majority of the changes did not cause any issues, it became apparent that further discussion is
needed on specific items,
for which the participants agreed that
Since several issues required further discussions,
it was agreed to re-discuss the Annex at the next Technology Subgroup before submitting it for
adoption at the November plenary.
20 September: the participants will provide comments to the rapporteur.
4/ EDPB opinions on the Art 35.4 drafts lists - day 2 (
The rapporteur concluded the discussion by explaining the next steps and taks (role of the rapporteurs
and secretariat, FOP, plenary) before the expected adoption of the opinions at the next plenary
5/ Data breach notification
The rapporteur presented a state of play on th
rent amount of DBN they received and invited
other authorities to share their observations. The
reported that they observed an increase of 630%
in comparison to the last year. A common observation was, that some sectors are more likely to report
breaches, but also within a specific sector there are huge discrepancies.
The shared numbers per member from May 25 until August 31:
UK: 3000 until end of July, 710 followed up by their enforcement department.
DK 1200, roughly 1/3 followed up by investigation
EE: 33 over the period June, July, August.
NO: 153 from July 20 until August 31
PL: 1689 since May 25th
SE 889, 1/3 potentially severe.
SI: 35 since 25 May 2018
DE: 6.301 Data breach notifications throughout Germany
o Federal Commissioner: 2.326
o Mecklenburg-Western Pomerania: 26
o North Rhine-Westphalia: 468
o Bremen: 20
o Hesse: 240
o Rhineland-Palatinate: 43
o Thuringia: 22
o Bavaria (private sector): 1876
o Lower Saxony: 179
o Bavaria (public sector): 170
o Hamburg: 69
o Brandenburg: 42
o Saarland: 31
o Saxony: 90
o Saxony-Anhalt: 31
o Schleswig-Holstein: 200
o Berlin: 159
o Baden-Wuerttemberg: 309
It was proposed to consider
The coordinator reminded the participants that the OECD had provided a questionnaire on the issue
6/ Data protection by design and by default
The rapporteur presented the work done on the request for a mandate. The potential timeframe and
planning was discussed. It was agreed that the request for mandate will be sent to the Plenary. Should
the reorganization of Subgroups cause this item not to stay within the Technology subgroup, this will
be resolved at the Plenary as well.
7/ Video surveillance
The rapporteur presents a draft which covers the kinds of video-surveillance most generally in use
30 september: all members provide feedback to the rapporteur (
15 october: a new version will be prepared by the rapporteur for circulation.
8/ Other topics TS members wish to share
The rapporteur referred to the shared documents and stated that they will keep the subgroup up to
date on further developments.
Deceptive by Design
It was clarified that this item will be handled by the Social Media Subgroup.
This item was skipped
Annex: List of Attendees
AT, BE, BG, CZ, DE (Federal, Schleswig-Holstein), DK, EDPS, EE, EL, ES, FI, FR, HR, HU, IE, IT, LU, LV, MT,
NL, PL, PT, RO, SE, SI, UK
DG CNECT, DG JUST
MD (ad hoc)