It’s been about a month since the GDPR came into effect and time to start considering what our new data protection landscape looks like.
Prior to implementation the WP29 was responsible for providing guidance on how the GDPR should be interpreted. And while they tried their best, all of us following it closely know there was still quite a bit of ambiguity. The drafters of the GDPR foresaw this and called for the creation of the European Data Protection Board (EDPB). This board is composed of all the heads of the EU regulatory bodies, and its primary role is to make sure the GDPR is applied consistently across the entire European Union.
So if there are conflicts between two different nations’ supervisory authorities on how they interpret or apply the GDPR, the EDPB will arbitrate the dispute. It’s also the body that will be responsible for determining whether countries outside the EU have sufficient data standards in place. But the EDPB is in start-up mode and with less than 20 full-time employees one might think it would be a while before its real impact is felt.
But it seems to be weighing in on various matters already. The EDPB has asked that the ePrivacy Regulation, which addresses issues like cookie consent, is brought into law quickly so that its application across the EU is consistent.