Latest Updates from EDPB, ICO, and House of Lords: Main Establishment, Website Auditing Tool, Enterprise Data Strategy, and More

The European Data Protection Board (EDPB) has recently adopted an opinion on the notion of the main establishment of a controller in the EU, which has raised questions about the one-stop-shop mechanism under the General Data Protection Regulation (GDPR). The EDPB’s conclusions shed light on the importance of a controller’s “place of central administration” in the EU in determining the lead supervisory authority in cross-border data protection cases.

In addition to this, the EDPB has launched a new website auditing tool to help analyse website compliance with data protection laws. This tool is designed to assist both legal and technical auditors at data protection authorities, as well as businesses who want to test their own websites for compliance.

Meanwhile, the UK Information Commissioner’s Office (ICO) has consulted on its draft Enterprise Data Strategy, which outlines how the ICO will use data to inform its corporate, regulatory, and strategic priorities. The ICO’s ‘show, not tell’ approach aims to drive efficiencies in how it regulates by making better use of data and technology.

Furthermore, the ICO has warned organisations to proactively make advertising cookies compliant, with enforcement action looming for non-compliance. The ICO’s focus on cookie banners aligns with similar stances taken by other EU data protection authorities.

The ICO has also published new guidance on content moderation and data protection, in line with the UK Online Safety Act 2023. This guidance aims to ensure regulatory consistency between data protection and online safety regimes.

Additionally, the ICO has announced a campaign promoting responsible data sharing to safeguard children and young people. The ICO emphasizes that data protection law provides a framework for making decisions about sharing data appropriately.

Lastly, the House of Lords Committee on the Constitution has published a report on the Data Protection and Digital Information Bill, raising concerns about key issues that need to be addressed before the bill becomes law.

Overall, these developments highlight the ongoing efforts of data protection authorities to ensure compliance with data protection laws and to protect individuals’ privacy rights in an increasingly digital world.