Technology Subgroup meeting
14.06.2018, Brussels
Draft Minutes
Welcome to Participants
Adoption of the minutes of the Technology Subgroup meeting (23.04.2018)
The minutes of the last Technology Subgroup meeting were approved.
Outline and adoption of the Agenda
The draft agenda was revised to include a short discussion on the Coordinators Meeting on the 16th
of June. The revised Agenda was then adopted.
Update from the plenary
The Coordinator provided a short summary on the outcome of the last plenary on the 24th and 25th
of May 2018.
Introduction by the Secretariat
The Secretariat informed the participants that
are the contact persons of the EDPB secretariat for the technology subgroup.
Regarding the communication between the EDPB Secretariat and the participants, the secretariat
explicitly asked people sending emails to the TECH subgroup mailing list to mention the name of the
subgroup ([TECH]) in the subject of each e-mail.
In line with the GDPR and the ROP, the EDPB Secretariat is responsible for and available to:
-
cooperate with the Coordinator of the technology subgroup and assist him in finding an
appropriate
date of meeting;
-
Liaise with the Coordinator for the preparation of the
agenda of meetings and to
communicate it to the subgroup members by email at least 10 days ahead of the meeting (in
line with the current draft EDPB Rules of Procedure art 26.2),
-
Communicate any relevant
documents to the subgroup members;
-
Attend the meetings and draft the
minutes that will be submitted to the Coordinator before
a circulation to the SG members for approval
-
Other actions might be provided by the EDPB secretariat (e.g. acting as rapporteur, providing
translations).
-
Any invitation of experts, guests, or external parties has to be done by the Coordinator via the
EDPB secretariat (current RoP, Art. 9.2).
Coordinators’ meeting on 15.06.2018
The Coordinator provided information that the certification / accreditation topic currently handled by
the TECH subgroup might be transferred to another subgroup in the future. The opinion of the
participants was divided on this point, some agreeing with the current state, some favouring a
decrease of the workload.
The Coordinator noted that
a. although the Agendas are packed, the Technology subgroup is delivering.
b. the EDPB needs to avoid discussing the same issue in multiple subgroups to not recreate work.
ICANN (
)
The draft letter to ICANN was discussed.
The discussion revolved around the issues of the qualification of employees’ email addresses as
personal data, the logging of who accessed information in the non-public WHOIS entries and which
data should be included in the public WHOIS. The rapporteur will update the draft.
DG JUST and DG CNECT mentioned that there might be need for additional guidance in the
forthcoming months.
Deadlines:
18 June: the rapporteur sends the updated version of the document to the Technology SG
members
19 June: the members give their feedback
20 June: the final document will be sent to the Secretariat for uploading on Circa
Members are also asked to provide at a later date answers to following:
a) Does your national legislation provide for a specific legal basis which requires
registrars/registries to disclose personal data concerning registrants to third parties upon
request, under certain conditions or otherwise?
b) Does your national legislation impose any restriction on logging of access maintained by
registrars/registries (or in general) in case access is sought by a law enforcement or other
agency?
Google Task Force (
Accreditation
The rapporteur updated the guidelines based on the results of the public consultations.
Deadlines:
15 July: the participants will provide comments to the rapporteur.
31 July: the rapporteur will circulate a consolidated draft taking into account the comments
to allow for discussion at the September meeting.
Facebook letter (
Deadlines:
20 June: the rapporteur will consolidate the comments and a final document will be sent to
the Secretariat for distribution
DPIA: Article 35 (4) and (5) lists (
)
The Coordinator informed the members that various DPAs have circulated lists of processing activities
requiring a DPIA. The Chair has informed the Coordinator about involving the Technology Subgroup in
the assessment of these lists. The objective would be to have a substantive discussion at the next TS
and adoption of opinions at the September plenary.
Many participants stated that their DPA is ready to send their list.
The Secretariat raised that the formal submission of the draft lists need to be made via the EDPB IT
System (IMI) and clarified aspects of the management of the deadline.
The Coordinator will inform the members with results on the Plenary and FoP discussion on this item
by email.
Data breach notification
The Coordinator asked to receive an indication of which SA received how many notifications.
Participants raised that there is a need to share information on the breaches but it is not clear how
this shall be done. After a discussion among members, it was agreed that the Secretariat will provide
a manual on the use of IMI for communicating information about data breaches.
Secretariat explained that the procedure to follow in IMI is inherently linked with the question
whether there is a cross-border processing activity (i.e. when there is a cross-border processing
activity the workflows of Art. 56 / 60 may be used, otherwise the workflow of voluntary mutual
assistance for informing other authorities).
Members considered whether in case a DPA envisages to inform other DPAs on occurred data breach
notifications the information can be broadcasted via IMI to all DPAs.
Deadlines:
30 June: the Secretariat will provide a Guidance document on possible use of the IMI-System
for the sharing of data breach related information.
Other topics TS members wish to share
EDPB IT Task Force (
The Agenda Item was skipped.
Connected Cars (
The rapporteur informed the members on the state of play and invited for comments on this
document by the end of June, and will then provide an updated version in July.
Blockchain
DG JUST proposed to work on this topic and shape the discussion. The members decided to discuss
this in the September meeting and, if need is, request a mandate from the Board.
Annex: List of Attendees
Members
AT, BE, BG, CZ, DE (Federal, Mecklenburg-Vorpommern, Schleswig-Holstein), DK, EDPS, EE, EL, FI, FR,
HU, IE, IT, LU, MT, NL, PL, RO, SE, SI, UK
EEA
NO
Commission
DG CNECT, DG JUST
Secretariat