Skip to main content

EDPB adopts statement on DPAs role in AI Act framework, EU-U.S. Data Privacy Framework FAQ and new European Data Protection Seal

5 days 5 hours ago

Brussels, 17 July - During its latest plenary, the European Data Protection Board (EDPB) adopted a statement on the Data Protection Authorities’ (DPAs) role in the Artificial Intelligence Act (AI Act) framework.

According to the EDPB, DPAs already have experience and expertise when dealing with the impact of AI on fundamental rights, in particular the right to protection of personal data, and should therefore be designated as Market Surveillance Authorities (MSAs) in a number of cases. This would ensure better coordination among different regulatory authorities, enhance legal certainty for all stakeholders and strengthen the supervision and enforcement of both the AI Act and EU data protection law.

According to the AI Act, Members States shall appoint MSAs at national level before 2 August 2025, for the purpose of supervising the application and implementation of the AI Act.

In its statement, the EDPB recommends that:

  • As already indicated in the AI Act, DPAs should be designated as MSAs for high-risk AI systems used for law enforcement, border management, administration of justice and democratic processes;
  • Member States should consider appointing DPAs as MSAs also for other high-risk AI systems, taking account of the views of the national DPA, particularly where those high-risk AI systems are in sectors likely to impact natural persons rights and freedoms with regard to the processing of personal data;
  • DPAs, where appointed as MSAs, should be designated as the single points of contact for the public and counterparts at Member State and EU levels;
  • Clear procedures should be established for cooperation between MSAs and the other regulatory authorities which are tasked with the supervision of AI systems, including DPAs. In addition, appropriate cooperation should be established between the EU AI Office and the DPAs/EDPB.

EDPB Deputy Chair Irene Loizidou Nicolaidou said: “DPAs should play a prominent role in enforcing the AI Act as most AI systems involve processing of personal data. I strongly believe that DPAs are suitable for this role because of their full independence and deep understanding of the risks of AI for fundamental rights, based on their existing experience.”

Next, the Board adopted two Frequently Asked Questions (FAQ) documents concerning the EU-U.S. Data Privacy Framework (DPF), aimed at providing more clarification on the functioning of the DPF.

The FAQ for individuals provides information on the functioning of the DPF: how to benefit from it, how to lodge a complaint and how this complaint will be handled.

Likewise, the FAQ for businesses explains which U.S. companies are eligible to join the DPF: what to do before transferring personal data to a company in the U.S. which is DPF-certified, and where to find further guidance.

Finally, the EDPB adopted an opinion approving the EuroPriSe Criteria Catalogue for  the  certification of processing activities by processors, resulting in a European Data Protection Seal.* European Data Protection Seals serve as important tools contributing to GDPR compliance.

In September 2022, the EDPB had adopted an opinion on the EuroPriSe certification criteria, enabling their recognition in Germany as certification criteria for processing operations by processors. Following an update of the scheme, this new opinion approves the criteria as being applicable in the whole EU/EEA, and as a European Data Protection Seal.

GDPR certification contributes to the demonstration of compliance efforts and to increased transparency and trust. It allows for better assessment of the degree of protection offered by products, services, processes or systems used by organisations that process personal data.

Note to editors:

*The EuroPrise European Data Protection Seal will be added to the register of certification mechanisms and data protection seals in accordance with Article 42(8) GDPR.

The opinion on the approval of the EuroPriSe certification scheme as European Data Protection Seal, adopted during the EDPB Plenary, is subject to the necessary legal, linguistic and formatting checks and will be made available on the EDPB website once it has been completed.


New Talk with Paul Ash is out!

1 week 6 days ago
New Talk with Paul Ash is out! miriam Tue, 07/09/2024 - 15:50 Tue, 07/09/2024 - 12:00

Watch our new Talk with the Chief Executive of the Christchurch Call Foundation.

1 Full video here
European Data Protection Supervisor

Europrivacy at the Privacy Symposium

2 weeks 3 days ago
Europrivacy and the European Centre for Certification and Privacy were delighted to participate at the Privacy Symposium conference in Venice, Italy during June 10-14, 2024. The conference brought together close to a thousand experts and authorities in data protection and regulation. The conference provided an opportunity to discuss the future of data protection certification and […]
Europrivacy Community

1st European Data Protection Seal

2 weeks 3 days ago
The 1st European Data Protection Seal under GDPR has been officially delivered to PwC Luxembourg. The Europrivacy certificate has been formally delivered by TAM Cert in a ceremony at the Privacy Symposium Conference in Venice. Europrivacy certificates are delivered under Art. 43 GDPR and become valid once registered in the Official Registry of Europrivacy Certificates […]
Europrivacy Community

New Europrivacy training programme available in the Europrivacy Online Academy

2 weeks 4 days ago
The new edition of the academy addresses received comments and latest changes in the Europrivacy specifications. It brings several important enhancements:1️. Clearer, simplified content, better tailored to the needs of those in charge of implementation and assessment activities;2️. Inclusive design with clearer visual and auditive elements and closed captioning;3️. Transcripts and transcript search available for […]
Europrivacy Community

How to turn GDPR compliance into a smooth and rewarding process?

2 weeks 4 days ago
While non-compliance can get a high visibility, the effort of compliance is often invisible and perceived as a cost by data controllers and processors. The European Data Protection Seal, Europrivacy, provides a comprehensive methodology to facilitate and value GDPR compliance in a smooth, efficient, and rewarding manner. It’s simple: 1️. To start with, you can access […]
Europrivacy Community

Revised version of Europrivacy certification scheme general specification and requirements

2 weeks 4 days ago
We are proud to announce the release of the revised version of Europrivacy certification scheme general specification and requirements. This new version takes into account the comments and feedback received from our partners and supervisory authorities. It brings several important enhancements to make the process of GDPR compliance assessment and certification more efficient and enjoyable, […]
Europrivacy Community

Europrivacy – A new wave is coming

2 weeks 4 days ago
We are excited and delighted to inform you that following the EA decision, several certification bodies are completing their accreditation procedure for Europrivacy under Art. 43 GDPR. Our official partners are already engaged by clients to start delivering the first wave of official European Data Protection Seals. Europrivacy criteria have been officially approved by the […]
Europrivacy Community

Newsletter #110 is out!

2 weeks 6 days ago
Newsletter #110 is out! miriam Tue, 07/02/2024 - 18:34 Wed, 07/03/2024 - 12:00

This newsletter presents the EDPS’ main activities of the last 30 days: look back on the topical debates of our Summit, join us for a Techdispatch on neurodata, read up on our Opinion on sustainable fisheries and aquaculture, and more. 

1 Read it now
European Data Protection Supervisor

New episode of Newsletter Digest!

2 weeks 6 days ago
New episode of Newsletter Digest! miriam Tue, 07/02/2024 - 18:29 Sat, 07/06/2024 - 12:00

Explore with us this month's topics: AI, the role of data protection officers, latest Opinions and more

1 Have a listen
European Data Protection Supervisor

Coordinated Supervision Committee appoints new coordinator

2 weeks 6 days ago

The Coordinated Supervision Committee (CSC) elected Fanny Coudert from the European Data Protection Supervisor (EDPS) as its new coordinator for a term of two years. Ms. Coudert succeeds former coordinator Clara Guerra from the Portuguese Data Protection Authority (DPA).

Fanny Coudert will lead the work of the Committee with the support of Deputy Coordinators Sebastian Hümmeler from the Federal German DPA and Matej Sironic from the Slovenian DPA.

EDPB Chair Anu Talus said: “I would like to thank outgoing CSC coordinator Clara Guerra for her valuable work in the past years, which helped the CSC grow and expand. Today, the CSC ensures that the supervision of 5 bodies, agencies and systems  is seamlessly coordinated by its members. This work is crucial for an EU without internal borders.” 
I would also like to welcome Fanny Coudert and I look forward to working with her. I am confident that her expertise can contribute positively and significantly to the expanding workload of the CSC.”

Editor's note:

The Coordinated Supervision Committee ensures the coordinated supervision of the large EU Information Systems and of EU bodies, offices and agencies in accordance with Article 62 of Regulation 2018/1725 or with the EU legal act establishing the large scale IT system or EU body, office or agency. The Committee was created within the framework of the European Data Protection Board (EDPB) and brings together the EU supervisory authorities (SAs) and the European Data Protection Supervisor (EDPS), as well as the supervisory authorities of the Non-EU Schengen Member States, when foreseen under EU law.

The CSC currently covers the Internal Market Information system (IMI), Eurojust, the European Public Prosecutor’s Office (EPPO), Europol and the Schengen Information System (SIS). Gradually, the Committee will also cover other IT systems, bodies, offices and agencies in the fields of Border, Asylum and Migration (EES, Eurodac, ETIAS, VIS, and their interoperability), Police and Justice Cooperation (ECRIS-TCN) and the next generation Prüm. 
You can find more information on the Committee here.

About the CSC Coordinator and Deputy Coordinators mandates:

The Coordinator and the Deputy Coordinators are designated for a term of two years starting from the date of their respective elections and they may be re-elected once for a further two years.
Deputy Coordinator Sebastian Hümmeler was re-elected for the second time on 29 November 2023 and Deputy Coordinator Matej Sironic was elected on 10 April 2024.



TechDispatch on Neurodata

3 weeks 5 days ago
TechDispatch on Neurodata matthijs Wed, 06/26/2024 - 12:08 Thu, 06/27/2024 - 12:00

The new TechDispatch will delve into the processing of Neurodata within a constantly evolving market of services. In recent years, there is a worrying trend towards a technically possible, though ethically and legally questionable use of some neurotechnologies.

1 Read more
European Data Protection Supervisor

Zdravko Vukić elected new Deputy Chair of the European Data Protection Board

1 month ago

Brussels, 19 June - During its latest plenary, the Members of the European Data Protection Board (EDPB) elected Zdravko Vukić, Director of the Croatian Personal Data Protection Agency, as Deputy Chair. Vukić replaces Aleid Wolfsen (Chair of the Dutch Data Protection Authority), who has reached the end of his five-year mandate as EDPB Deputy Chair.
Over the coming years, Zdravko Vukić, together with fellow Deputy Chair Irene Loizidou Nikolaidou, will work closely together with EDPB Chair Anu Talus to ensure the consistent application of EU data protection rules and to promote effective cooperation among data protection authorities throughout the European Economic Area (EEA).

EDPB Deputy Chair Zdravko Vukić said:

“I am honoured and thankful to be elected EDPB Deputy Chair. The EDPB is a prominent and influential EU decision-making body, which plays a key role in shaping a digital society that is in line with EU common values.

All EDPB Members work together closely to raise awareness of GDPR at both national and EU levels, to empower individuals to exercise their rights and help companies, including small businesses, understand their compliance obligations.

In the years to come, I will make it my responsibility as Deputy Chair to continue pursuing these objectives and I will be committed to enhancing enforcement cooperation to address emerging challenges with innovative approaches and tools.

In order to deliver these results, we have to ensure that the DPAs and the EDPB Secretariat, serving as crucial link between authorities, are adequately staffed. As Deputy Chair, I will devote special attention and time to this crucial aspect too.”

EDPB Chair Anu Talus said:

“I would like to thank outgoing Deputy Chair Aleid Wolfsen for his commitment and contribution over the past years, which helped us as a Board to grow together and achieve excellent results.

I also look forward to working with Deputy Chair Zdravko Vukić to face the challenge of the increasing number of tasks of the EDPB.”

While it is already common practice for the EDPB to hold a public consultation after the adoption of the first version of guidelines, the Board decided it may also consult stakeholders prior to the preparation of guidelines on a case-by-case basis.
This prior consultation will enable the EDPB to take on stakeholders’ comments, questions and practical examples during the initial drafting period.


IPEN event on “Human oversight of automated decision-making”

1 month 1 week ago
IPEN event on “Human oversight of automated decision-making” matthijs Thu, 06/13/2024 - 10:36 Tue, 09/03/2024 - 12:00

The EDPS and the University of Karlstad are hosting an Internet Privacy Engineering Network (IPEN) event on "Human supervision of automated decisions" on 3 September 2024.

Read more

When: 3 September 2024, 14:00-18:00 CEST

  • Physical Attendance: Eva Eriksson lecture hall, Universitetsgatan 2, 651 88 Karlstad, Sweden (registration required, link available soon)
  • Online Participation: Connection link will be provided before the event

Topic: Human oversight of automated decision-making


EU regulations such as the General Data Protection Regulation (GDPR) and the Artificial Intelligence Act (AIA) mandate human oversight in automated decision-making processes to ensure fairness and accountability.

  • GDPR Article 22: Grants individuals the right to avoid decisions based solely on automated processing that significantly affects them.
  • AIA Article 14(2): Requires human oversight of high-risk AI systems to protect health, safety, and fundamental rights.
  • AIA Recital 73: Stresses the importance of identifying appropriate human oversight measures before AI systems are marketed or put into service.

Additionally, the 2019 Ethics guidelines for trustworthy AI advocate for "Human agency and oversight" as one of the seven ethical principles to ensure AI is trustworthy and ethically sound.






1 Read more
European Data Protection Supervisor

New episode of the Newsletter Digest is out!

1 month 2 weeks ago
New episode of the Newsletter Digest is out! miriam Fri, 06/07/2024 - 14:47 Sat, 06/08/2024 - 12:00

Let’s explore topics such as: AI in the EU institutions; upcoming European Data Protection Summit: Rethinking Data in a Democratic Society; EU-Canada agreement on transfers of Passenger Name Record and latest talks. 

1 Have a listen
European Data Protection Supervisor