EDPB dealing with 162 cross border cases but no fines issued as yet

The European Data Protection Board (EDPB) has by now 162 cross-border cases on its case register, the Board’s Chair Andrea Jelinek said in Brussels today. She would not confirm when the first large fines would be issued - ‘we are investigating’ she said. When asked about a public register of fines, she said this would not be possible unless the details were anonymised. Under her native Austrian DP law, the authority has to anonymise any details if they publicise details of fines.

Jelinek said that the first five months of the GDPR have been busy for the authorities. Some 18,000 breach notifications have been received by the 25 EU DPAs which have issued their statistics, and 15 One Stop Shop procedures have been started at the Board. In addition, there have been 233 procedures relating to Mutual Assistance between the DPAs.

The international DPA conference is currently taking place in Brussels hosted by the European Data Protection Supervisor. Jelinek said that she echoes the calls of one of the speakers, Tim Cook, Apple’s CEO, for a comprehensive US federal privacy law. She recently gave evidence in the US Senate on the GDPR. Jelinek said that the second annual review of the EU-US Privacy Shield will report in November. It was not yet certain whether the EDPB would issue an opinion.