On 24 February 2023, the European Data Protection Board (“EDPB”) published the three guidelines adopted during its 75th Plenary meeting in their final versions following public consultation:
- Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR – following public consultation, these guidelines were updated and supplemented with further clarifications such as: (i) detailing the responsibilities of the controller when the data exporter is a processor, (ii) further examples to clarify aspects of the direct collection, as well as the meaning of “the data importer is in a third country” and (iii) an annex with further illustrations of the examples included in the guidelines;
- Guidelines 07/2022 on certification as a tool for transfers – following public consultation, these guidelines (i.e., that complement Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the GDPR) were updated to reflect the comments received;
- Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: how to recognize and avoid them – following public consultation, these guidelines include updated wording (e.g., the term “dark pattern” has been replaced by the term “deceptive design patterns”, including in the guideline’s title) and further clarifications such as: (i) how to integrate these guidelines in the design thinking process, and (ii) a second annex summarizing all the best practices deemed to offer a first step toward a standardized way for users to effectively control their data and exercise their rights.
The press release announcing the final versions of the said EDPB guidelines is available here.
