The European Centre for Certification and Privacy is delighted to announce that the International Accreditation Forum (IAF) has formally reviewed and approved the Interprivacy (IP-CS.1) certification scheme as adequate for accredited certification worldwide. IAF is the international organisation of accreditation authorities. It brings together 90 accreditation bodies, 30 association members and the 6 regional accreditation […]

The post Interprivacy approved by the International Accreditation Forum (IAF) appeared first on Europrivacy Community.

The post Europrivacy Webinar on Data Act Compliance & Assessment appeared first on Europrivacy Community.

In this issue, has the European Commission organised a micro-targeting campaign on X? EDPS reprimands EPSO, and organises its first AI correspondents meeting, plus what is a privacy protector? And, as always, there is a lot more in this edition.

Read here

Have a listen

Brussels, 13 February - The EDPB published the Coordinated Supervision Committee's (CSC) biannual activity report (July 2022 - December 2024).

Over the last two years, the CSC worked on the integration of the large-scale EU information technology (IT) systems within its scope. During the reporting period, it took over the supervision of the upgraded Schengen Information System (SIS) and the Visa Information System (VIS).

In addition, the Committee prepared for the arrival of new systems and for the implementation of interoperability regulations.

The Committee has also published a set of recommendations on the Internal Market Information System (IMI) transparency obligations for data controllers.

In addition, in July 2023, the CSC published ‘Europol’s information systems - a guide for exercising data subjects’ rights: the right of access, rectification, erasure and restriction’.

Following the 2022 Audit Report of the EDPS on Europol’s processing of personal data of minors under 15 years old, provided to Europol by third countries and international organisations and marked as suspects, the CSC undertook a coordinated activity to analyse the input from several Member States.

During the past two years, the Committee also promoted dialogue and engagement with stakeholders, particularly with civil society.

Update: Brussels, 27 February - The CSC has also adopted its work programme 2025-2026. To ensure a continuous high level of protection of individuals’ rights, the Committee will dedicate closer attention to following topics:

• allocation of roles (controller, joint controller, processor) in the systems falling under the Justice and Home Affairs (JHA) interoperability framework
• streamlined cooperation when handling complaints (JHA interoperability framework and Europol, Eurojust, European Public Prosecutor’s Office).

CSC’s future work

Looking forward to the coming years, the CSC is ready to welcome more EU IT systems and EU bodies, offices or agencies within its scope. As the range of the CSC’s activities continues to expand, the Committee will keep its organisation and operation under constant review to ensure an effective and efficient supervision.

In addition, the CSC will continue to assist national data protection authorities (DPAs) in their work, by providing further clarification on the interpretation of EU and national laws. The Committee will also foster the exchange of information and best practices, and provide support for joint audits and coordinated inspections.

Taking advantage of its unique framework and broad perspective, the CSC will ensure the proper monitoring of multiple data flows among systems, transversal interactions and sharing of information between EU agencies and bodies. To this end, and to guarantee a high level of data protection, the Committee will keep developing coordinated supervisory activities.

Background

The CSC is a group of DPAs, which together ensure coordinated supervision of large scale IT systems, and of EU bodies, offices and agencies falling under its scope.

The CSC enjoys an autonomous functioning and positioning and it adopts its own rules of procedure and working methods. The Committee was established within the framework of the EDPB.
 

The post Europrivacy Public Webinar appeared first on Europrivacy Community.

Brussels, 12 February - During its February 2025 plenary meeting, the European Data Protection Board (EDPB) adopted a statement on age assurance and decided to create a taskforce on AI enforcement. In addition, the Board also adopted recommendations on the 2027 World Anti-Doping Agency (WADA) World Anti-Doping Code.

In a statement on age assurance, the EDPB lists ten principles for the compliant processing of personal data when determining the age or age range of an individual. The statement aims to ensure a consistent European approach to age assurance, to protect minors while complying with data protection principles. 

EDPB Chair Anu Talus said: “Age assurance is essential to ensure that children do not access content that is not appropriate for their age.  At the same time, the method to verify age must be the least intrusive possible and the personal data of children must be protected. The principles put forward by the EDPB will help the industry to assess an individual’s age in a way that is compliant with data protection principles, while protecting children’s wellbeing.”

The EDPB is also cooperating with the European Commission on age verification in the context of the Digital Services Act (DSA) working group.

During the plenary, the Board also decided to extend the scope of the ChatGPT task force to AI enforcement. In addition, the EDPB members underlined the need to coordinate DPAs' actions regarding urgent sensitive matters and for that purpose will set up a quick response team. 

EDPB Chair Anu Talus said: “The GDPR is a legal framework that promotes responsible innovation. The GDPR has been designed to maintain high data protection standards while fully leveraging the potential of innovation, such as AI, to benefit our economy. The EDPB’s task force on AI enforcement and the future quick response team will play a crucial role in ensuring this balance, coordinating the DPAs' actions and supporting them in navigating the complexities of AI while upholding strong data protection principles.”

During the plenary, the EDPB also adopted recommendations on the 2027 WADA World Anti-Doping Code. When processing personal data for anti-doping purposes, it is essential to respect and safeguard the personal data of athletes. In many cases, this will involve the processing of sensitive personal data, such as health data derived from biological samples.

The EDPB’s main objective is to assess the compatibility of the WADA Anti-doping Code and International Standard for Data Protection (ISDP) with the GDPR. The Anti-doping Code and Standards should hold the National Anti-Doping Organisations (NADOS) subject to a standard equivalent to that of the GDPR when processing personal data for anti-doping purposes. 
The EDPB’s recommendations address key principles of data protection, such as the need for an appropriate legal basis for the processing of personal data and purpose limitation. The recommendations also address the fact that individuals need to be fully informed about the processing of their personal data and can effectively exercise their rights.

Note to editors:
The recommendations on the 2027 World Anti-Doping Agency (WADA) World Anti-Doping Code, adopted during the EDPB Plenary, are subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once the process has been completed.