Articles

Digital Law Up(to)date: Violation of several provisions of the “GDPR for EU Institutions” by the European Parliament

Digital Law Up(to)date: Violation of several provisions of the “GDPR

Digital Law Up(to)date: Violation of several provisions of the “GDPR for EU Institutions” by the European Parliament

24.01.2022 EU law

On 5 January 2022, the EDPS issued a reprimand to the European Parliament for non-compliance with several provisions of the “GDPR for EU Institutions”, and ordered it to update within one month from the date of the decision its data protection notices of an internal corona testing website.

On 5 January 2022, the European Data Protection Supervisory (EDPS) issued a reprimand to the European Parliament for non-compliance with several provisions of the “GDPR for EU Institutions” (the regulation 2018/1725), and ordered it to update within one month from the date of the decision its data protection notices of an internal corona testing website (see the EDPS decision here). The starting point for this decision was a complaint filed by NOYB on behalf of six members of the European Parliament.

In concrete terms, the EDPS concludes that the European Parliament:

  • Fails to fulfil its responsibilities as controller and to use a processor providing sufficient guarantees to implement appropriate technical and organisational measures (articles 26(1) and 29(1)); 
  • Fails to provide documentation relating to the detailed instructions given to the processor for the setting up and functioning of the website (article 29(3));
  • Fails to respect the principle of transparency, accountability and the data subjects’ right to information because of the inaccurate data protection notice and cookie banner on the dedicated website (articles 4(1)(a) and 14, 4(2), and 15);
  • Relies  on the Standard Contractual Clauses in the absence of a demonstration that personal data of data subjects transferred to the US (by the use of Google analytics and Stripe cookies) were provided an essential equivalent level of protection (articles 46 and 48(2)(b));
  • Fails to protect information (the cookies) transmitted to, stored in, related to, processed by and collected from the users’ terminal equipment (article 37); 
  • Fails to reply to the data subjects’ request for access to their personal data (articles 14(4) and 17)).


By Edouard Cruysmans and Erik Valgaeren

 

Team

Related news

11.05.2022 NL law
De afweging van grondrechten in het kader van corona

Articles - COVID-19 heeft de maatschappij voor dilemma’s geplaatst bij de afweging van volksgezondheid en bescherming van kwetsbaren tegenover vrijheden van het individu. In Tijdschrift voor Arbeidsrecht in Context schetsen Frederiek Fernhout en Judica Krikke de onderliggende rechten en vrijheden die vastgelegd zijn in het Europese grondrechtenkader, de AVG en nationale arbeidswetgeving en bespreken zij hoe deze tegen elkaar moeten worden afgewogen in de context van coronamaatregelen.

Read more

26.04.2022 EU law
Digital Law Up(to)date: Further clarification by the CJEU on the retention of traffic and location electronic communications data for the purpose of combating serious crime

Articles - On 5 April 2022, the Grand Chamber of the Court of Justice of the European Union first confirmed that EU law precludes national legislative measures which provide, as a preventative measure, for the general and indiscriminate retention of traffic and location data relating to electronic communications, for the purpose of combating serious crime.

Read more

10.03.2022 EU law
De Dataverordening (“Data Act”)

Short Reads - De Europese Commissie heeft op 23 februari 2022 de Europese dataverordening (“Data Act”) voorgesteld, die het delen van data beoogt te bevorderen. Steeds meer gegevens worden door mensen en machines gegenereerd, bewaard en hergebruikt. Data en data-analyse kan een bijdrage leveren aan de efficiëntie van maatschappelijke processen, onderzoek en innovatie stimuleren en het concurrentievermogen van industrieën versterken. Veel data is echter niet vrij toegankelijk.  

Read more