Insurance EuropeInsurance Europe
EDPB implementation guidelines must be revised to avoid exceeding GDPR and adding unnecessary constraints

Insurance Europe has today published its response to a consultation by the European Commission in preparation for its evaluation and review report on the application of the General Data Protection Regulation (GDPR) of May 2020.

Insurance Europe raised concerns about guidelines from the European Data Protection Body (EDPB). While the guidelines can be useful implementation and compliance tools, they often exceed the requirements established in the GDPR, which in turn creates unjustified additional constraints. Therefore, any EDPB guidelines that go beyond GDPR should be revised in order to be aligned with the Regulation.

EDPB guidelines are also often drafted in a way that requires additional interpretation. This not only defeats the very purpose of the guidelines, but also prevents their direct application. The EDPB should therefore ensure that its guidelines provide appropriate legal clarity and do not leave room for various interpretations. 

Insurance Europe also raised concerns about gold-plating, regarding national guidance papers that have proposed diverging interpretations, for example on ‘legitimate interest’ and data protection impact assessment.

The full response is available here.

Published 3 February 2020