During its 28th plenary session of May 20, 2020, the European Data Protection Board (EDPB) adopted recommendations on the draft Standard Contractual Clauses submitted by the Slovenian Supervisory Authority (SA) and decided on the publication of a register containing ‘one-stop-shop’ decisions.
1. The EDPB adopted an opinion containing recommendation on the draft Standard Contractual Clauses (SCCs) for controller-processor clauses submitted by the Slovenian Supervisory Authority.
According to Article 28(6) GDPR, contracts or other legal acts to be entered into between controllers and processors may be based on standard contractual clauses adopted by a Member state Supervisory Authority.
If all recommendations made by the EDPB in its recommendation are implemented, the Slovenian SA will be able to adopt this draft agreement as Standard Contractual Clauses pursuant to Article 28(8) GDPR.
2. The EDPB has decided to publish a register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website.
Under the one-stop-shop mechanism (OSS) applicable to cross-border processing of personal data, the Lead Supervisory Authorities (LSA) is in charge of preparing the draft decisions and works together with the other concerned Supervisory Authorities to reach consensus. As of April 2020, LSAs have adopted 103 final OSS decisions and the EDPB intends to publish summaries in English.
The information will be released once the validation of the relevant LSA is obtained and in accordance with the conditions provided by its national legislation.