The European Data Protection Board (EDPB)
The "European Data Protection Board" has been established by the General Data Protection Regulation (GDPR). It replaces the Article 29 Working Party.
An EU independant body established according to the GDPR
The « European Data Protection Board » (EDPB) has been established according to the GDPR (articles 68 to 76). It was preceded by the Article 29 Working Party (Art. 29 WP), which was the informal platform for European data protection authorities to exchange views and develop a consistent approach of Directive 95/46.
The EDPB is entrusted with the following missions:
- Rendering formal opinions on the basis of article 64 of the GDPR,
- Adopting binding decisions on the basis of article 65 of the GDPR in case of disagreement between the data protection authorities,
- Contributing to the consistent application of the GDPR inter alia by issuing guidelines, recommendations, best practices.
Those missions are listed under article 70 of the GDPR. The working methods of the EDPB are detailed in the Rules of procedure of the EDPB, adopted on 25 May 2018.
The European Data Protection Board replaces the Article 29 Working Party.
The EDPB is composed of representatives of each Member State’s data protection authority and of the European Data Protection Supervisor. Representatives of the data protection authorities of Norway, Iceland and the Liechtenstein are also members of the EDPB but these members are not entitled to vote. The European Commission has the right to participate in the activities and meetings of the EDPB without voting right.
The Chair and the two deputy chairs of the EDPB are elected by simple majority of members entitled to vote. The term of office of the Chair and deputy chairs is five years, renewable once provided that they are still head of their national data protection authority.
Mrs Andrea Jelinek, head of the Austrian data protection authority, was elected on 25 May 2018 as the first Chair of the EDPB.
The EDPB is located in Brussels (30 rue Montoyer) and has its own Secretariat, which is provided by the European Data Protection Supervisor. The EDPB meets monthly, during plenary sessions. Extraordinary plenary sessions can also be organised if necessary.
The EDPB is responsible for ensuring:
- the consistent application of the GDPR,
- the performance of the tasks mentioned in the Police and Criminal Justice Data Protection Directive,
- and other applicable legislative instruments under EU law.
The EDPB can adopt general guidelines to clarify the meaning of EU texts regarding data protection, thus providing stakeholders with a consistent interpretation of their rights and obligations. It can also adopt opinions to ensure the uniform application of the GDPR, and binding decisions to settle arguments between data protection authorities when necessary.