| Borders, Travel & Law Enforcement (BTLE) |
- Law Enforcement Directive
- Cross-border requests for e-evidence
- Adequacy decisions under the LED and, with regard to access to transferred data by law enforcement and national intelligence under authorities in third countries, under the GDPR
- Passenger Name Records (PNR)
- Border controls
|
| Compliance, e-Government and Health (CEH) |
- Codes of conduct, certification and accreditation
- Data Protection Impact Assessments and Data Protection by Design and by Default (in cooperation with the Technology ESG)
- Compliance with public law and eGovernment
- eHealth and European Health Data Space
- Processing of personal data for scientific research purposes
- Data Governance Act, Data Act
|
| Cooperation (COOP) |
- General focus on cooperation and consistency mechanism under the GDPR and related legislative developments
- Procedural questions concerning Article 56 GDPR and Chapter VII (Section 1 and 2) GDPR
- Procedural questions relating to cooperation cases where there is no establishment in the EU
- International mutual assistance and other cooperation tools to enforce the GDPR outside the EU (Art. 50 GDPR) (in cooperation with the ITS ESG)
- Application of cooperation and consistency mechanism in connection to new EU legislations
|
| Coordinators (COORD) |
- General coordination between the Expert Subgroup Coordinators
- Coordination on the EDPB Work Programme
- Ensuring harmonised working methods between subgroups
|
| Enforcement (ENF) |
- EDPB binding decisions
- Developing and proposing a coordinated enforcement strategy and coordinating the Coordinated Enforcement Framework
- Guidelines on Article 65 and 66 GDPR
- Providing analysis to the Cooperation subgroup on the basis of practical experiences
- Platform for sharing of information about investigation activities
- Practical questions on investigations
- Guidance on the practical application of Chapter VII GDPR including exchanges on concrete cases
|
| Financial Matters (FMESG) |
- Application of data protection principles in the financial sector e.g. taxation, fight against financial crime, digital currency, payment services, credits, insurances, digital identity, etc.
- On a case-by-case basis, providing inputs to international or European financial institutions, authorities or organisations (e.g. ECB, ESMA, EBA, EIOPA, FATF, etc.)
|
| International Transfers (ITS) |
- Chapter V GDPR (International transfer tools and policy issues), more specifically:
European Commission Adequacy decisions
- Administrative arrangements between public authorities and bodies
- Codes of conduct and certification as transfer tools (in cooperation with the CEH ESG)
- BCRs and contractual clauses for transfers of personal data
- Article 48 GDPR (in cooperation with the BTLE ESG)
|
| IT Users (ITUsers) |
- Developing and testing IT tools used by the EDPB with a practical focus:
- Collecting feedback on the IT system from users
- Adapting the systems and manuals
- Discussing other business needs including tele- and videoconference system
|
| Key Provisions (KEYP) |
- Core concepts and principles of the GDPR, including Chapter I (e.g. scope, definitions like LSA and large-scale processing), Chapter II (main principles), Chapter III (e.g. rights of individuals, transparency), Chapter IV (e.g. DPO – in cooperation with CEH ESG, ENF ESG and TECH ESG) and Chapter IX
|
| Social Media (SOCM) |
- Analysing social media services, conceived as online platforms that focus on enabling the development of networks and communities of users, among which information and content is shared and whereby additional functions provided by social media services include targeting, personalisation, application integration, social plug-ins, user authentication, analytics and publishing
- Analysing established and emerging functions offered by social media, including the underlying processing activities and corresponding risks for the rights and freedoms of individuals
- Developing guidance, recommendations and best practices in relation to both the offer and use of social media functions, in particular for economic or political reasons
- Digital Services Act
- Political advertising
|
| Strategic Advisory (SAESG) |
- Strategic questions affecting the whole EDPB (including the discussion on the EDPB Strategy, the Work Programme, contributions to the evaluation of GDPR)
- Discuss documents for which legal deadlines are applicable (i.e. Art. 64(2), 65 and 66 procedures)
- Clarification of strategic-guidance on questions that could not be resolved in the ESGs or task forces
- Procedural rules and practices for the EDPB
|
| Technology (TECH) |
- Technology, innovation, information security, confidentiality of communication in general
- Encryption
- Data breach notifications
- Data Protection Impact Assessments and Data Protection by Design and by Default (in cooperation with the CEH ESG)
- Emerging technologies, innovation and other challenges related to privacy: reflecting on data protection risks and opportunities of current and future technological developments
- AI Act
|
| Cross-Regulatory Interplay and Cooperation (CRIC) |
- Clarify the links and build on synergies between the regulatory frameworks of data protection, competition and consumer protection law, including also the Digital Markets Act, in order to provide expertise and resources to support dialogue between Data Protection Authorities (DPAs) and other regulatory bodies and prepare common positions
- Provide expertise, exchange information and promote best practices as regards cross-regulatory governance and cooperation, in particular in the context of the implementation of the EU Digital rulebook
|