[GDPR] the WP29 & EDPB?
The Article 29 Working Party (WP29) is the predecessor to the European Data Protection Board (EDPB), which was established under the General Data Protection Regulation (GDPR). WP29 was an advisory body composed of representatives from the national data protection authorities of all EU member states, as well as the European Data Protection Supervisor. Its primary role was to provide guidance and recommendations on the interpretation and application of the EU Data Protection Directive and other data protection laws.
One of the main differences between WP29 and EDPB is the legal basis for their establishment. WP29 was established under the EU Data Protection Directive, which was repealed and replaced by the GDPR in May 2018. EDPB, on the other hand, was established under the GDPR and is responsible for ensuring consistent application of the regulation throughout the EU.
Another key difference between WP29 and EDPB is the scope of their responsibilities. While WP29 was primarily focused on providing guidance and recommendations on the interpretation and application of the EU Data Protection Directive, EDPB has a broader mandate under the GDPR. In addition to providing guidance and recommendations, EDPB is responsible for promoting cooperation and consistency among national data protection authorities, developing and maintaining a list of processing activities that require a data protection impact assessment (DPIA), reviewing and issuing opinions on draft codes of conduct, certification mechanisms, and other guidelines related to data protection, and monitoring the implementation of the GDPR.
Overall, while WP29 and EDPB share some similarities in terms of their composition and focus on data protection, EDPB has a broader mandate and a stronger legal basis for its establishment. As the primary body responsible for ensuring consistent application of the GDPR throughout the EU, EDPB plays a critical role in protecting individuals’ privacy rights and promoting responsible data handling practices across the EU.
Territorial Scope of GDPR
Territorial Scope of GDPR In the modern world, data is flowing across borders at an unprecedented rate. This creates risks for the data since most laws are only effective within their respective borders and cannot guarantee adequate protection when the data is transferred abroad. It is for this reason that the General Data Protection Regulation […]
Learn more
Independent Supervisory Authorities Under GDPR
Independent Supervisory Authorities Under GDPR The EU’s General Data Protection Regulation (“GDPR”) is an incredibly useful framework to protect personal data. However, all rules are only as good as our ability to enforce them, a legal framework alone cannot protect personal data. As such, independent enforcement agencies are required to put the regulations into practice. […]
Learn more
E-Privacy Directive
E-Privacy Directive The Directive 2002/58/EC or e-Privacy Directive (ePD) – also known as the Privacy and Electronic Communications Directive, is a regulatory framework established by the European Union (EU) to protect the privacy of individuals. With similar functions to the General Data Protection Regulation (GDPR), the ePD remains in effect alongside the GDPR with the […]
Learn more