Artikkel 68
European Data Protection Board

Offisielle tekster Retningslinjer
og beslutninger
Vurderinger
EU-regulering
Vurderinger
nasj. regulering
Vis forordningens fortaletekst relatert til art. 68 keyboard_arrow_down Skjul forordningens fortaletekst relatert til art. 68 keyboard_arrow_up

(72) Profiling is subject to the rules of this Regulation governing the processing of personal data, such as the legal grounds for processing or data protection principles. The European Data Protection Board established by this Regulation (the ‘Board’) should be able to issue guidance in that context.

(77) Guidance on the implementation of appropriate measures and on the demonstration of compliance by the controller or the processor, especially as regards the identification of the risk related to the processing, their assessment in terms of origin, nature, likelihood and severity, and the identification of best practices to mitigate the risk, could be provided in particular by means of approved codes of conduct, approved certifications, guidelines provided by the Board or indications provided by a data protection officer. The Board may also issue guidelines on processing operations that are considered to be unlikely to result in a high risk to the rights and freedoms of natural persons and indicate what measures may be sufficient in such cases to address such risk.

(105) Apart from the international commitments the third country or international organisation has entered into, the Commission should take account of obligations arising from the third country's or international organisation's participation in multilateral or regional systems in particular in relation to the protection of personal data, as well as the implementation of such obligations. In particular, the third country's accession to the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to the Automatic Processing of Personal Data and its Additional Protocol should be taken into account. The Commission should consult the Board when assessing the level of protection in third countries or international organisations.

(124) Where the processing of personal data takes place in the context of the activities of an establishment of a controller or a processor in the Union and the controller or processor is established in more than one Member State, or where processing taking place in the context of the activities of a single establishment of a controller or processor in the Union substantially affects or is likely to substantially affect data subjects in more than one Member State, the supervisory authority for the main establishment of the controller or processor or for the single establishment of the controller or processor should act as lead authority. It should cooperate with the other authorities concerned, because the controller or processor has an establishment on the territory of their Member State, because data subjects residing on their territory are substantially affected, or because a complaint has been lodged with them. Also where a data subject not residing in that Member State has lodged a complaint, the supervisory authority with which such complaint has been lodged should also be a supervisory authority concerned. Within its tasks to issue guidelines on any question covering the application of this Regulation, the Board should be able to issue guidelines in particular on the criteria to be taken into account in order to ascertain whether the processing in question substantially affects data subjects in more than one Member State and on what constitutes a relevant and reasoned objection.

(136) In applying the consistency mechanism, the Board should, within a determined period of time, issue an opinion, if a majority of its members so decides or if so requested by any supervisory authority concerned or the Commission. The Board should also be empowered to adopt legally binding decisions where there are disputes between supervisory authorities. For that purpose, it should issue, in principle by a two-thirds majority of its members, legally binding decisions in clearly specified cases where there are conflicting views among supervisory authorities, in particular in the cooperation mechanism between the lead supervisory authority and supervisory authorities concerned on the merits of the case, in particular whether there is an infringement of this Regulation.

(139) In order to promote the consistent application of this Regulation, the Board should be set up as an independent body of the Union. To fulfil its objectives, the Board should have legal personality. The Board should be represented by its Chair. It should replace the Working Party on the Protection of Individuals with Regard to the Processing of Personal Data established by Directive 95/46/EC. It should consist of the head of a supervisory authority of each Member State and the European Data Protection Supervisor or their respective representatives. The Commission should participate in the Board's activities without voting rights and the European Data Protection Supervisor should have specific voting rights. The Board should contribute to the consistent application of this Regulation throughout the Union, including by advising the Commission, in particular on the level of protection in third countries or international organisations, and promoting cooperation of the supervisory authorities throughout the Union. The Board should act independently when performing its tasks.

Vis direktivets fortaletekst relatert til art. 68 keyboard_arrow_down Skjul direktivets fortaletekst relatert til art. 68 keyboard_arrow_up

(65)  Whereas, at Community level, a Working Party on the Protection of Individuals with regard to the Processing of Personal Data must be set up and be completely independent in the performance of its functions; whereas, having regard to its specific nature, it must advise the Commission and, in particular, contribute to the uniform application of the national rules adopted pursuant to this Directive;

GDPR

Article 68 provides for the establishment of an European Data Protection Board, which will have legal personality and will be represented by its Chair, instead of the Article 29 Working Party.

The Board shall be composed of the head of one supervisory authority of each Member State and of the European Data Protection Supervisor, or their respective representatives. If a Member State has more than one supervisory authority responsible for monitoring the application of the provisions pursuant to this Regulation, a joint representative shall be appointed in accordance with that Member State's law.

The Commission and the European Supervisor shall have the right to participate in the activities and meetings of the Board but without voting rights. For this purpose, the Commission shall designate a representative (paragraph 5).

The Chair of the Board shall communicate to the Commission the activities of the Board.

In the cases referred to in Article 65, such as where the Board must adopt a binding decision, the European Data Protection Supervisor shall have voting rights only on decisions which concern principles and rules applicable to the Union institutions, bodies, offices and agencies and correspond in substance to those of this Regulation (paragraph 6).

Direktivet

All practitioners of the data protection law are aware of the major role played by the Article 29 Working Party set up by the Directive. This advisory and independent group is composed of; a representative of the supervisory authority or authorities designated by each Member State , a representative of the authority or authorities established for the Community institutions/bodies, and a representative of the Commission.

The G29 is the author of many opinions and recommendations on current issues related to the technological developments with respect to the protection of the personal data. Its entire works are freely available on the site http://ec.europa.eu/justice/data-protection/article-29/index_fr.htm .

Utfordringer

We do not see  a priori  any specific implementation difficulties. 

Forordning
1e 2e

Art. 68

1.   The European Data Protection Board (the ‘Board’) is hereby established as a body of the Union and shall have legal personality.

2.   The Board shall be represented by its Chair.

3.   The Board shall be composed of the head of one supervisory authority of each Member State and of the European Data Protection Supervisor, or their respective representatives.

4.   Where in a Member State more than one supervisory authority is responsible for monitoring the application of the provisions pursuant to this Regulation, a joint representative shall be appointed in accordance with that Member State's law.

5.   The Commission shall have the right to participate in the activities and meetings of the Board without voting right. The Commission shall designate a representative. The Chair of the Board shall communicate to the Commission the activities of the Board.

6.   In the cases referred to in Article 65, the European Data Protection Supervisor shall have voting rights only on decisions which concern principles and rules applicable to the Union institutions, bodies, offices and agencies which correspond in substance to those of this Regulation.

1. forslag close

Art. 64 

1. A European Data Protection Board is hereby set up.

2. The European Data Protection Board shall be composed of the head of one supervisory authority of each Member State and of the European Data Protection Supervisor.

3. Where in a Member State more than one supervisory authority is responsible for monitoring the application of the provisions pursuant to this Regulation, they shall nominate the head of one of those supervisory authorities as joint representative.

4. The Commission shall have the right to participate in the activities and meetings of the European Data Protection Board and shall designate a representative. The chair of the European Data Protection Board shall, without delay, inform the Commission on all activities of the European Data Protection Board.

 

2. forslag close

Art. 64

1a. The European Data Protection Board is hereby established as body of the Union and shall have legal personality.

1b. The European Data Protection Board shall be represented by its Chair.

2. The European Data Protection Board shall be composed of the head of one supervisory authority of each Member State or his/her representative and of the European Data Protection Supervisor.

3. Where in a Member State more than one supervisory authority is responsible for monitoring the application of the provisions pursuant to this Regulation, (…) a joint representative shall be appointed in accordance with the national law of that Member State.

4. The Commission and the European Data Protection Supervisor or his/her representative shall have the right to participate in the activities and meetings of the European Data Protection Board without voting right. The Commission shall designate a representative. The chair of the European Data Protection Board shall, communicate to the Commission (…) the activities of the European Data Protection Board.

Direktiv close

Art. 29

1. A Working Party on the Protection of Individuals with regard to the Processing of Personal Data, hereinafter referred to as 'the Working Party', is hereby set up.

It shall have advisory status and act independently.

2. The Working Party shall be composed of a representative of the supervisory authority or authorities designated by each Member State and of a representative of the authority or authorities established for the Community institutions and bodies, and of a representative of the Commission.

Each member of the Working Party shall be designated by the institution, authority or authorities which he represents. Where a Member State has designated more than one supervisory authority, they shall nominate a joint representative. The same shall apply to the authorities established for Community institutions and bodies.

3. The Working Party shall take decisions by a simple majority of the representatives of the supervisory authorities.

4. The Working Party shall elect its chairman. The chairman's term of office shall be two years. His appointment shall be renewable.

5. The Working Party's secretariat shall be provided by the Commission.

6. The Working Party shall adopt its own rules of procedure.

7. The Working Party shall consider items placed on its agenda by its chairman, either on his own initiative or at the request of a representative of the supervisory authorities or at the Commission's request.

Art. 68

Det europeiske personvernråd

1. Det europeiske personvernråd («Personvernrådet») opprettes med dette som et EU-organ med status som juridisk person.

2. Personvernrådet skal representeres av sin leder.

3. Personvernrådet skal bestå av lederen for en tilsynsmyndighet i hver av medlemsstatene samt av EUs datatilsyn, eller deres respektive representanter.

4. Dersom en medlemsstat har mer enn én tilsynsmyndighet med ansvar for å føre tilsyn med anvendelsen av bestemmelsene i denne forordning, skal det utnevnes en felles representant i samsvar med nasjonal rett i nevnte medlemsstat.

5. Kommisjonen skal ha rett til å delta i Personvernrådets aktiviteter og møter uten stemmerett. Kommisjonen skal utpeke en representant. Lederen for Personvernrådet skal underrette Kommisjonen om Personvernrådets aktiviteter.

6. I tilfellene nevnt i artikkel 65 skal EUs datatilsyn ha stemmerett bare i forbindelse med beslutninger som gjelder prinsipper og regler som får anvendelse på Unionens institusjoner, organer, kontorer og byråer, og som i hovedsak tilsvarer dem i denne forordning.

Gamle loven close

 

Ingen tilsvarende bestemmelse

close