The European Data Protection Board (EDPB) has published a number of outcomes from its December 2021 plenary, including:

  • its contribution to the European Commission's evaluation and review of the Data Protection Law Enforcement Directive (LED),(1) which seeks to harmonise the level of individuals' data protection across the European Union in the area of law enforcement. In particular, the EDPB urged those member states still in the implementation phase to invest all means possible to ensure compliant transposition and avoid further delays. The EDPB also reaffirmed its commitment to provide guidance on how the LED should be interpreted and provide independent assessments of future draft adequacy decisions on the LED's requirements in respect of enforceable rights, effective redress and safeguards for onward transfers. The EDPB also emphasised that in order for the LED to be implemented effectively, member states will need to ensure that supervisory authorities are adequately resourced to reflect their increased workload;
  • its agreed support pool of experts project plan, which aims to support EDPB members by providing expertise to facilitate investigations and enforcement activities, and to enhance cooperation and solidarity between EDPB members by drawing on shared strengths and identifying and addressing operational requirements;
  • its formal response to Member of the European Parliament István Ujhelyi in relation to hacking spyware Pegasus, confirming that the Hungarian National Authority for Data Protection and Freedom of Information has competency to carry out the investigation procedure regarding the alleged use of spyware by Hungarian authorities, but that the EDPB will support its members in respect of such matters; and
  • its final version of the guidelines on examples regarding data breach notifications, which bolster the pre-existing article 29 Working Party guidance on data breach notifications, and aim to help controllers decide how to manage data breaches and the factors to be considered in risk assessments.

For further information on this topic please contact Lauren Pettit, Lizzie Charlton or Paula Barrett at Eversheds Sutherland by telephone (+44 20 7919 4500) or email ([email protected], [email protected] or [email protected]). The Eversheds Sutherland website can be accessed at


(1) Directive (EU) 2016/680.