SRIW represents an entire European ecosystem in establishing self- and coregulatory measures, resulting in a unique expertise. Reading the EDPB’s strategy, SRIW recognizes and appreciates the explicit reference to codes of conduct, a primary co-regulatory measure under GDPR.
Additionally, SRIW recognizes that the EDPB’s focus points significantly overlap with SRIW’s public recommendations, as they are enshrined in its consultation, papers, and statements. See also SCOPE Europe’s remark on the EDPB’s strategy.
Approaching Data Protection Globally
GDPR enables international data transfers, provided that such transfer will not unduly affect data subjects’ rights and freedoms. Legitimacy of international data transfers have been challenged repeatedly, particularizing which type of measures must be implemented in case of such transfers. However, uncertainties remain. Thus, it is appreciated that EDPB will take actions to clarify and eventually enable and facilitate international data transfers. Within our ecosystem SRIW has, by means of its subsidiary SCOPE Europe, gained valuable expertise, striving to facilitate duly protected transfers. E.g., by developing contractual clauses with industry stakeholders or via the EU Cloud CoC General Assembly’s Working Group dedicated to a Third Country Transfer Code of Conduct.
Addressing a growingly complex, cross-regulatory landscape
Within Europe a significant number of new legislative acts have been published in recent years. Several of them with intensive overlaps, particularly with GDPR. While some legislative acts try to balance their relationship towards GDPR per individual provision, others remain generic simply stating GDPR remains untouched. Such overlaps will result in challenges, in how to remain compliant with any of such acts – that may even be conflicting in their intentions. SRIW and its ecosystem has continously published its thoughts and findings on these matters, e.g., related to the AI Act, in its response to the EC Initiative on its GDPR report, or its 5 years of GDPR resumé.
Harmonized and cooperative enforcing culture
GDPR was deemed to harmonize data protection across Europe. GDPR was aiming high, yet it is claimed by several parties that harmonization has not been reached. In this respect, SRIW and its ecosystem provided feedback on the EC’s enforcement initiative, or the related EDPB consultation on administrative fines. In both cases, one of the recommendations was further outlining the potential of codes of conduct.
Harmonized interpretation of GDPR
Especially transnational codes of conduct may contribute to a harmonized yet practical interpretation of GDPR. In this respect, it is appreciated that EDPB supports such perspective in its new strategy. Further details can, e.g., be found in the 5 years of GDPR resumé.
Availability for in-depth exchange
SRIW and its ecosystem, with unique expertise in drafting codes of conduct – including such pursuant Art. 40 GDPR – as well as establishing and acting as an accredited monitoring body pursuant Art. 41 GDPR, we would like to emphasize our availability to the EDPB. We will be more than thrilled to kick-off a continuous and cooperative exchange. SRIW and its ecosystem will be able to provide first-hand, on the field experiences building bridges from theory to practice.
About Selbstregulierung Informationswirtschaft e.V.
Selbstregulierung Informationswirtschaft e.V. (SRIW) is a non-profit association with European focus. Ever since its establishment in 2011 and as the primary of a pan-European ecosystem, SRIW assembled first-hand experiences in the establishment of trusted self- and co-regulatory instruments in the information economy. Additionally, the association benefits from its independent subsidiaries across Europe and its diverse and constantly growing membership. The everyday business of the association centres on harmonising industry practices with social demands and political requirements. The mechanism considered fit for purpose is balanced and monitored self- and co-regulatory frameworks facilitating effective data and consumer protection. SRIW strives to collect and amplify valuable experiences to improve the necessary and independent structures required for the development, approval and monitoring of codes of conduct. By actively connecting experts and bringing together interested stakeholders, SRIW serves as a forum for exchange and discussions, providing the impetus for kicking-off frontrunner initiatives. The ecosystem includes SCOPE Europe srl, most probably Europe’s leading independent Monitoring Body. SRIW’s subsidiary became known in supporting the first officially approved transnational (European-wide) code of conduct, i.e. the EU Data Protection code of conduct for Cloud Service Providers and becoming the first ever accredited transnational Monitoring Body as well as the first Monitoring Body which was accredited by more than one data protection supervisory authority and for more than one code of conduct.
