EDPB adopts draft Guidelines on the right of access and a letter on cookie consent

The Guidelines address the following key aspects of a data subject’s right of access under the GDPR:

• the scope of the right of access;
• the information that should be provided to the data subject by data controller;
• requirements as to the form of the access request;
• how information should be provided;
• the meaning of manifestly unfounded or excessive requests; and
• practical examples.

The Guidelines will be subject to a six-week public consultation. 

In addition, the EDPB adopted a letter addressing the harmonisation of cookie consent interpretation throughout the EEA (the Letter).The EDPB responds to two letters from French associations in which the signatories called for a consistent interpretation of cookie consent requirements by the EDPB. The Letter confirmed the EDPB’s commitment to the harmonisation of application of data protection rules throughout the EU. 

The EDPB chair Andrea Jelinek highlighted the following:

• establishment of the EDPB cookie taskforce, in September 2021, to coordinate the responses to complaints about cookie banners filed by the privacy rights organisation “none of your business” (noyb) with several supervisory authorities in the European Economic Area; and
• issuing an updated version of the Guidelines 05/2020 on consent, in May 2020, where the EDPB provided additional clarifications regarding cookie walls and the modalities of providing consent in an online environment (e.g. whether scrolling through the website constitutes consent),

as steps the EDPB has taken to promote a harmonised approach throughout the EU. The Letter states that neither the EDPB nor EEA supervisory authorities “have any interest or intention to deviate from the text, spirit or intent of the e-privacy legal framework and the GDPR”.

Other issues discussed by the plenary of 18 January 2022 include the Cybercrime Convention, the EU Anti-Money Laundering and Counter Terrorism proposal, the national contest conducted by the Italian supervisory authority on the use of icons for information and transparency, and a review  of the internal EDPB guidelines on cooperation procedure under Art. 60 GDPR.

Read the EDPB press release on adopting Guidelines on Right of Access and letter on cookie consent, and the Letter. The draft Guidelines on the right of access have not been made available at the time of issuing this Update. Read the EDPB plenary agenda.