October 26, 2020

Volume X, Number 300

Advertisement

October 26, 2020

Subscribe to Latest Legal News and Analysis

October 23, 2020

Subscribe to Latest Legal News and Analysis

EDPB Adopts Guidelines on Relevant and Reasoned Objection under Article 60 of the GDPR

During its 39th plenary session on October 8, 2020, the European Data Protection Board (“EDPB”) adopted guidelines on relevant and reasoned objection under the General Data Protection Regulation (“GDPR”) (the “Guidelines”). The Guidelines relate to the cooperation and consistency provisions set out in Chapter VII of the GDPR, under which a lead supervisory authority (“LSA”) has a duty to cooperate with other concerned supervisory authorities (“CSAs”) in order to reach a consensus.

Specifically, an LSA is required under Article 60(3) of the GDPR to submit a draft decision to the CSAs, which may then raise a relevant and reasoned objection within a specific timeframe. The Guidelines aim to establish a common understanding of the meaning of ‘relevant and reasoned.’

With respect to the requirement that an objection be “relevant,” the Guidelines require a direct connection between the objection and the draft decision at issue. The Guidelines add: “More specifically, the objection needs to concern either whether there is an infringement of the GDPR or whether the envisaged action in relation to the controller or processor complies with the GDPR.”

“Consequently, the objection raised fulfils the criterion of being ‘relevant’ when, if followed, it would entail a change leading to a different conclusion as to whether there is an infringement of the GDPR or as to whether the envisaged action . . . as proposed by the LSA, complies with the GDPR.”

The condition that an objection be “reasoned” requires that it include clarifications and arguments as to why an amendment of the decision is proposed, and demonstrate how the change would lead to a different conclusion with respect to whether there is an infringement of the GDPR or whether the envisioned action complies with the GDPR. The Guidelines emphasize that CSAs should provide sound reasoning by referencing legal arguments or factual arguments, where applicable.

In addition, the Guidelines state: “In order for an objection to be adequately reasoned, it should be coherent, clear, precise and detailed in explaining the reasons for objection. It should set forth, clearly and precisely, the essential facts on which the CSA based its assessment, and the link between the envisaged consequences of the draft decision . . . and the significance of the anticipated risks. Moreover, the CSA should clearly indicate which parts of the draft decision they disagree with.”

 The EDPB welcomes comments on the Guidelines until November 24, 2020. Comments may be submitted here.

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 289
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement