EU Commission Issues Report on Implementing Certain GDPR Provisions, Including Obtaining Children’s Consent and Processing Special Categories of Personal Data

White and Williams LLP
Contact
LinkedIn
Facebook
X
Send
Embed

White and Williams LLP

On January 6, 2021, the European Union (EU) Commission’s Directorate-General for Justice and Consumers published its Report on the implementation of specific provisions of Regulation (EU) 2016/679 (the Report). The Report addresses the implementation of EU Member States General Data Protection Regulation (GDPR) Articles governing, which includes obtaining children’s consent, processing special categories of personal data, restrictions to the exercise of data subjects’ rights, tensions between rights to personal data protection and the right to freedom of expression, and national derogations for scientific or historical research, statistical, or public interest purposes. Given the United Kingdom’s departure from the EU, the Report does not cover implementations of the provisions by the UK.

Two observations given some emphasis by the Report are:

  • While the overwhelming majority of the Members States have implemented various restrictions to data subjects’ rights under Article 23 for purposes of public security, public administration, public health, taxation and migration, they have not implemented the conditions under Article 23(1) (including the necessity and proportionality test) or the safeguards under Article 23(2) (purpose of processing, categories of personal data, scope of the restrictions introduced, etc.).
  • While “a sizeable number of Members States” have adopted various exemptions/derogations in relation to data processing in connection with journalism, and for the purposes of academic, artistic or literary expression, only “several Member States” provide for a case-by-case assessment for such exemptions/derogations. Also, “more often than not, no specific balancing or reconciliation test is identified in the national legislation.”

Other observations made by the Report include:

  • A majority of the Member States have set an age limit lower than 16 years for the validity of the consent of a minor in relation to information society services.
  • Most Member States provide for conditions/limitations with regard to the processing of genetic data, biometric data or data concerning health, which typically consist in listing the categories of persons who have access to such data, ensuring that they are subject to confidentiality obligations, or making processing subject to prior authorization.
  • For Article 23 restrictions based on public security and public interest (including public administration, public health, taxation, and migration), “some Member States” have enacted restrictions in the areas of social security and the “supervision of financial market participants, functioning of the guarantee systems and resolution and macroeconomic analyses.” An “overwhelming majority of Member States do not sufficiently implement” the measures and safeguards specified under Article 23(2).
  • A majority of the Member States provide for provisions aiming to reconcile the right to the protection of personal data with the right to freedom of expression and information.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White and Williams LLP | Attorney Advertising

Written by:

White and Williams LLP
White and Williams LLP
Contact
more
less

White and Williams LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide