This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Menu

Welcome to Connected World

Your go-to source for latest insights from our lawyers. Through sharp analysis and commentary, we explore the pressures facing businesses today.

| less than a minute read

The battle between EU supervisory authorities: European Data Protection Board adopts its first Art 65 GDPR decision

Last week, the European Data Protection Board adopted its first Article 65 GDPR decision and we eagerly await the full decision and outcome in due course. 

This has been a matter of real interest for large organisations who process data across various EU member states and as such, may be subject to decisions and views with input from multiple supervisory authorities across the EU. It is interesting to see Article 65 of the GDPR come into action and what does happen when the regulators disagree. 

Article 65 of the GDPR is intended to be invoked where a local supervisory authority, in this case the Irish Data Protection Commission ("DPC"), faces criticism from or does not agree with supervisory authorities in other EU Member States. 

In this case, various supervisory authorities made representations that they disagreed with certain allegations made against Twitter by the Irish DPC in respect of its GDPR compliance, following notification of a personal data breach in January 2019. 

The EDPB will publish its decision once the final decision has been communicated to Twitter as the relevant data controller. 

Following the submission by the LSA, the completeness of the file was assessed, resulting in the formal launch of the Art. 65 procedure on 8 September 2020. In compliance with Article 65 (3) GDPR and in conjunction with Article 11.4 of the EDPB Rules of Procedure, the default adoption timeline of one month was extended by a further month because of the complexity of the subject matter. On 9 November 2020, the EDPB adopted its binding decision and will shortly notify it formally to the Irish SA.

Tags

cyber risk, cyber