During its 31st plenary session that took place on 9 June 2020, the European Data Protection Board:
- decided to establish a task force to coordinate potential actions and to get a more comprehensive overview of the popular Chinese social network, TikTok’s processing and practices across the EU;
- adopted a letter regarding the use of Clearview AI facial recognition technologies by law enforcement authorities;
- adopted a response to the ENISA advisory group and has appointed Gwendal Legrand, the CNIL general secretary, as its representative;
- adopted a letter in response to an Open Letter from NOYB (a privacy association).
The EDPB announced its decision to establish a task force to coordinate potential actions and to acquire a more comprehensive overview of TikTok’s processing and practices across the EU
This decision follows the MEP Körner’s request regarding the Social Media raising question about TikTok’s data protection practice.
Furthermore, it will be very interesting to see whether the EDPB will take this opportunity to tackle the issue regarding personal data transfer to China. Indeed, the CJUE will soon issue a judgement regarding the validity of the Standard Contractual Clauses to transfer personal data to the US (Facebook vs Shrem CJEU case). This judgement may raise the fact that the potential unrestricted access to personal data by US governmental agencies is in contradiction with the provisions of the Standard Contractual Clauses and if so, with any other transfer mechanism. If the CJEU raises this point as did the General Advocate, it is very likely that this decision will also apply to China.
The EDPB shares the MEP’s concerns regarding the use of Clearview AI technologies by law enforcement
Clearview AI is a company providing law enforcement with facial recognition technologies.
Even though the EDPB acknowledges that the Law Enforcement Directive (EU) 2016/680 allows law enforcement authorities to process biometric data for uniquely identifying a natural person provided conditions of Articles 8 and 10 of the Directive are met, the EDPB has doubts as to whether any Union or Member State law provides a legal basis for using a service such as the one offered by Clearview AI.
Subject to further analysis and investigation, the EDPB considers that the use of a service such as Clearview AI by law enforcement authorities in the European Union would likely not be consistent with the EU data protection regime.
As a result, the EDPB announced upcoming work on the use of facial recognition technology by law enforcement authorities.
The EDPB adopted a response to an Open Letter by NOYB (a privacy association)
In response to the NOYBD open letter regarding cooperation between the Supervisory Authorities and the consistency procedures, the Board states that it is aware of the issues requiring improvement (e.g. the differences in national administrative procedural laws and practices and the time and resources needed to resolve cross-border cases).
The Board reiterates it is committed to finding solutions to the extent these issues lie in its scope of competence.