EDPB finalizes Article 48 guidelines

In early June, the European Data Protection Board (EDPB) announced the adoption of the final version of its guidelines for Article 48 of the GDPR. These guidelines, finalized following a period of public consultation, focus on transfers of personal data to authorities outside the European Union. They clarify how EU organizations should handle requests from non-European authorities to provide them with consumer data. 

The EDPB clarifies that when such requests are made, they are not necessarily binding, and organizations must follow these and other regulations closely to ensure they remain compliant with the law and adequately protect consumers’ personal information. In most cases, a valid international agreement is required to establish the legal basis and maintain data privacy standards for such transfers. Otherwise, transfers may only be permitted in exceptional situations and must be evaluated on a case-by-case basis.

‍

In addition to these guidelines, the EDPB introduced two new Support Pool of Experts (SPE) projects aimed at helping authorities better understand issues related to artificial intelligence and data protection.

‍

Find the guidelines here:

https://www.edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-022024-article-48-gdpr_en

‍

And the new projects here:

https://www.edpb.europa.eu/our-work-tools/our-documents/support-pool-experts-projects/law-compliance-ai-security-data_en

‍

https://www.edpb.europa.eu/our-work-tools/our-documents/support-pool-experts-projects/fundamentals-secure-ai-systems-personal_en

‍