Controllers should keep identity of *all* processors and sub-processors "readily available at all times" and their obligation to verify (sub-)processors' ‘sufficient guarantees’ should apply regardless of the risk. The EDPB also shares legitimate interest Guidelines for public consultation and more.
Noteworthy points on involving others (earlier) in their work, opinions vs. guidelines, the political ads Regulation, and 🇸🇪 Supreme Admin. Court CJEU request regarding Art. 13-14 and camera surveillance.
EDPB opines that DPAs should be designated AI Act MSAs, adopted 🇪🇺-🇺🇸 DPF FAQs for individuals and businesses, and an opinion approving the EuroPriSe Criteria Catalogue for certifying processors' processing activities, resulting in a European Data Protection Seal.
EDPB SPE project: Article 60 One-Stop-Shop thematic case digest analysing Articles 17 and 21. Key takeaway: Create, document, implement and control policies and procedures, including complaints management. PS: The 'data subject journey' is your secret weapon!
Noteworthy points on both EUC and Microsoft appealing the EDPS decision, next steps for the Consent or Pay guidelines, and AI Act national competent authorities.
EDPB shares the output of their latest meeting: Opinion on facial recognition use in airports, ChatGPT Task Force report, and announces Generative AI Guidelines to come! Press release and files here. PS: 📧 Remember you can subscribe to all new CJEU/EDPB posts. Go to Account > Manage emails.
A strange occurance in my RSS feed today as this order from November 2023 suddenly appeared, giving the EDPB the right to intervene in the infamous SRB v EDPS case. So, not sure this is news. 🤷🏻♀️