The EDPB adopted a statement on the future ePrivacy Regulation

The EDPB adopted a statement on the future ePrivacy Regulation

On November 19th, the EDPB met for its 42nd plenary session. During the plenary, the European Commission presented two new sets of draft Standard Contractual Clauses (SCCs) and the EDPB adopted a statement on the future ePrivacy Regulation.
The European Commission presented two draft SCCs: one set of SCCs for contracts between controllers and processors, and another one for data transfers outside the EU. The draft controller-processor SCCs are fully new and have been developed by the Commission in accordance with Art. 28 (7) GDPR and Art. 29 (7) of Regulation 2018/1725. These SCCs will have an EU-wide effect and aim to ensure full harmonisation and legal certainty across the EU when it comes to contracts between controllers and their processors. In addition, the Commission presented another set of SCCs for the transfer of personal data to third countries pursuant to Art. 46 (2) © GDPR. These SCCs will replace the existing SCCs for international transfers that were adopted on the basis of Directive 95/46 and needed to be updated to bring them in line with GDPR requirements, as well as with the CJEU’s ‘Schrems II’ ruling, and to better reflect the widespread use of new and more complex processing operations often involving multiple data importers and exporters. The Commission has requested a joint opinion from the EDPB and the EDPS on the implementing acts on both sets of SCCs. Read more…