On 18 December 2002, the EDPB published Guidelines 10/2020 on restrictions under Article 23 GDPR, seeking to provide a thorough analysis of the criteria to apply restrictions, the assessments that need to be observed, how data subjects can exercise their rights once the restriction is lifted, and the consequences for infringements of Article 23 of the GDPR.
At a glance, the Guidelines address the grounds for restricting the data subjects’ rights, including national security and public defense, the objectives of general public interest, and the prevention, investigation, detection, and prosecution of ethics breaches for regulated professions. Moreover, the guidelines cover the requirements restrictions of data subjects’ rights have to fulfill in accordance with Article 23 of the GDPR, such as the need for specifying in the legislation the conditions under which controllers are empowered to resort to any such restrictions.
These Guidelines are subject to public consultation, and the feedback should be sent by 12 February 2021 at the latest.
The consultation page is available here.