Dear members, please find below a summary of the discussions that took place during our recent PLA WG meeting.
Agenda Items (AIs):
- Progress status check on CCPA-GDPR mapping validation exercise and reviewers' findings.
- Latest updates with regards to the PLA CoC submission to CNIL
- AoB
Participants (5):
Paul Benedek
Martim T. Barata
Lefteris Skoutaris (PM)
Linda Strick
Mariusz Trajfacki
Meeting Minutes (MMs):
1. Progress status check on CCPA-GDPR mapping validation exercise and reviewers' findings.
- The CCPA – GDPR Mapping validation exercise has been successfully completed. Many thanks to all the professionals participating and Mark, Paul and Mariusz for carrying out the last assignments,
- The co-chair's team that performed the initial mapping has already started reading through the provided comments of the group,
- The comments provided by the group are of 2 types. Ones referring to the correctness of the mapping, while others to the differences between the compared law and regulation,
- The co-chair's team will provide its answers within the mapping tool to discuss with the group during the next PLA WG meeting (AP1). Major focus during the discussion will be given to some of the comments on which the co-chair team has a different opinion on,
- Martim commented on the reference of recitals by professionals in the mappings, and that those were not taken into consideration as they do not constitute legal provisions (these are to be considered in the gap analysis that will follow),
- Lefteris to invite all participants in this mapping validation exercise at the next PLA WG meeting (AP2).
2. Latest updates with regards to the PLA CoC submission to CNIL
- CSA is expecting that CNIL is going to ask for further amendments to the submitted PLA CoC based on the EDPB published recommendations on codes of conducts,
- The Code has been submitted for review to the Greek and Bavarian DPAs and the team is awaiting for their feedback.
3.AoB
- Paul has been participating at the Blockchain WG meetings, where GDPR issues around small contracts are discussed. Noted that the PLA WG and its members can bring added value and raise awareness to other groups working on privacy related topics and vice versa,
- Linda brought into the discussion a hot topic of discussion within CSA, that of "International Data transfers" . In this context the EDPB has published for comments the guidelines for standard contractual clauses (deadline to receive comments is by 21st December). Martim added that the discussion on this matter was extending the PLA CoC as a transfer tool under article 46 of the GDPR,
- Paul is interested in contributing to this call for comments (AP3),
- Paul asked if CSA has in place an ad-hoc group that would respond to the calls from the EDPB or EC for providing recommendations & contributing. Linda replied that this is not currently the case but CSA is open to continue discussion on how professionals in this group can join forces and contribute. Linda offered to post in Circle the outcome of internal CSA discussions on this matter,
- Next call is scheduled for December 8th , 6 pm EEST (5 pm CET / 8 am PST / 11 am EST).
Actions Points (APs)
AP1: Co-chair's team is kindly asked to provide its answers within the mapping tool to discuss with the group during the next PLA WG meeting.AP2: Lefteris to invite all participants in this mapping validation exercise at the next PLA WG meeting.
AP3: Paul is interested in contributing to this call for comments, and kindly asked from Linda to consider his representation in such an activity.
Please let me know if I have missed to include something essential from our meeting.
Looking forward to your contributions by our next meeting.
Best regards,
Lefteris
------------------------------
Eleftherios Skoutaris
Program Manager
Cloud Security Alliance
------------------------------