The European Data Protection Board published its final guidelines on controllers, joint controllers and processors

FEDMA considers that the new guidelines still tend to over emphasize joint controllership. However, FEDMA notes some new relevant examples on marketing which seem to clarify some of the issues we had raised.

FEDMA had at the same time answered the consultation on the EDPB Guidelines 8/2020 on the targeting of social media users. The final version of those guidelines was published by the EDPB in April 2021. The guidelines still provide that for the prospect’s targeting, consent will be required: legitimate interests is not an appropriate basis here, as the prospect does not have the reasonable expectation that her data will be used for re-targeting. The new document also provides that where the ePrivacy Directive applies (dropping for cookies or pixels), then it is likely that the processing of personal data will be based on consent.

Finally, the EDPB also published its consultation on the guidelines for codes of conducts as a tool for safe international data transfers. FEDMA is reviewing the consultation and will provide an answer. Indeed, FEDMA supports GDPR codes of conduct as a tool for better enforcement.