Guidelines 07/2020 on the concepts of controller and processor in the GDPR

EU FlagWe continue our series of blog posts on the draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR” (“draft Guidelines”) issued by the European Data Protection Board (“EDPB”) on 7 September 2020. This issue focuses on the updates to the concept of joint controller.  See our previous issues on the draft Guidelines’ proposed updates to the concepts of processor here and on controller here.   Please note that the proposed Guidelines are subject to change in response to feedback received but are unlikely to be amended significantly in their final form.

Part 3: Focus on Joint Controllers

What is new in the draft Guidelines?

The draft Guidelines incorporate the holdings of recent judgments of the Court of Justice of the EU (“CJEU”) that expand and clarify the concepts of controller and joint controller.

What are the criteria for classification as joint controllers?


Continue Reading What’s New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 3)

EU FlagThis is the second in our series of posts on the draft Guidelines 07/2020 on the concepts of controller and processor in the GDPR (the “draft Guidelines”) issued on 7 September 2020 by the European Data Protection Board (“EDPB”).  This post focuses on the updates to the concept of controller. See our previous post regarding the concept of processors here.  Upcoming posts will address joint controllers, “third parties” and “recipients.”

Please note that the EDPB has invited businesses to provide their feedback on the draft Guidelines by 19 October 2020.

Continue Reading What’s New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 2)

EU FlagThis is the first in a series of posts that discuss the key concepts and issues addressed in a set of draft guidelines recently issued by the European Data Protection Board (“EDPB”).  Comments on the draft guidelines are due by 19 October 2020.

Part 1: Focus on Processors

On 7 September 2020, the EDPB published the draft “Guidelines 07/2020 on the concepts of controller and processor in the GDPR.” Businesses and members of the public may provide feedback on the draft Guidelines by 19 October 2020.
Continue Reading What’s New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 1)