EU Council urges clarification on how GDPR applies to new technologies

In its position on the application of the EU General Data Protection Regulation (GDPR), the European Union’s Council of Ministers states that while the GDPR is, in general, a success, several areas need more attention.

The Council highlights, in this 17 page document, the need to examine and clarify as soon as possible how the GDPR is applied to, and is able to respond to, challenges posed by new technologies. It specifically mentions topics such as the use of big data, artificial intelligence and algorithms, as well as the Internet of Things, block-chain technology, facial recognition, new types of profiling, and ‘deep fake’ technology.

The Council also calls for efficient working arrangements of supervisory authorities in cross-border cases. It says that it is too early to fully assess the functioning of the cooperation and consistency mechanism, but the future common decisions will contribute to a clearer understanding and consistent application of the GDPR as well as reducing discrepancies in its application.

It says further clarifications are needed on situations where a representative of a controller or a processor is established outside the EU and does not comply with its obligations. ‘It would be helpful to have information on … what steps supervisory authorities are taking to ensure compliance with this obligation,’ the Council says.

The Council states that the Standard Contractual Clauses need to be reviewed and revised in view of the GDPR. It supports the Commission’s plan to report in 2020 on the review of the existing adequacy decisions adopted under the Data Protection Directive, and encourages the Commission to examine the potential for adopting new adequacy decisions.

The Commission will submit a first report on the evaluation and review of the Regulation to the European Parliament and the Council by 25 May 2020, followed by reports every four years thereafter.

See Council position and findings on the application of the General Data Protection Regulation (GDPR)

Read more about this topic, and the use of Standard Contractual Clauses, in the February issue of PL&B International Report.