Eu
ropean Data Protection Board
Rue Wi ertz, 60
1047 Brussels Anu Talus
Chair of the European Data Protection Board
Mr. Andres Munoz Mosquera
ACO Office of Legal Affairs, Director
SHAPE
7010 Mons, Belg ium
Brussels , 4 November 2024
Dea
r Mr. Andres Munoz Mosquera ,
Thank you the kind words on my election as Chair of the European Data Protection Board that you
shared in your letter of 29 April 2024, in which you also detail SHAPE’s legal position and request a
meeting with the EDPB to discuss data protection related matters .
As part of the international community, both NATO and the European Union are grounded in the rule
of law and a commitment to uphold human rights and values , as enshrined in the EU foundational
treaties and NATO’s guiding pr inciples. Further, e ntities that are subject to EU law must respect and
adhere to the fundamental right of protection of personal data, including as reflected in secondary legislation. Therefore, entities that transfer personal data to entities in third co untries or international
organisations (‘IOs’) need to comply with Regulation 2016/679 and Regulation (EU) 2018/1725 ,
including their rules on international transfers .
In that respect, the EDPB’s Guidelines 2/2020 on Articles 46 (2) (a) and 46 (3) (b) of
Regulation 2016/679 for transfers of personal data between EEA and non- EEA public authorities and
bodies
1, as well as additional EDPB guidance2, provide clarifications on transfers to IOs, which are also
relevant for SHAPE and NATO . This for instance includes clarifications on privileges and immunities
under international law as well as developing safeguards that take into account the status and features
of IOs .
1 https://www.edpb.europa.eu/our -work -tools/our -documents/guidelines/guidelines -22020 -articles -46-2- and-
46-3-b- regulation _en
2 See in particular Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679, as adopted by
the European Data Protection Board on 25 May 2018 ; or the Guidelines 3/2018 on the territorial scope of the
GDPR (Article 3)
Eu
ropean Data Protection Board
Rue Wi ertz, 60
1047 Brussels This
being said, t he EDPB is committed to continue engaging with NATO and SHAPE on the s hared
mission to protect human rights, including the right to privacy. In this spirit, I believe that both the
EDPB and SHAPE will benefit from an open dialogue on data protection related matters. Therefore, it
is my pleasure to invite you to meet the EDPB during an EDPB in- person Plenary meeting on 2 –3
December 2024, 11- 12 February or 8 -9 April.
I would appreciate if you inform the EDPB Secretariat as soon as is practical whether either of the
proposed date s is feasible for you. In that case, the EDPB Secretariat will provide further details.
Yours sincerely
Anu T
alus
Brief
On "04/29/2024", Mr. Andres Munoz Mosquera shared kind words about Anu Talus' election as Chair of the European Data Protection Board in a letter. The EDPB expressed its commitment to engaging with NATO and SHAPE on protecting human rights, including privacy, and invited Mr. Munoz Mosquera to discuss data protection matters in an open dialogue.
Highlights content goes here...
Purpose:
The purpose of this letter is to extend gratitude from the Chair of the European Data Protection Board, Anu Talus, to Andres Munoz Mosquera for his kind words on her election as Chair. The letter also aims to request a meeting between the EDPB and SHAPE to discuss data protection related matters.
Effects on Industry:
The effects of this update are primarily focused on organizations that transfer personal data to entities in third countries or international organizations (IOs). These organizations must comply with Regulation 2016/679 and Regulation (EU) 2018/1725, including their rules on international transfers. The EDPB’s Guidelines 2/2020 provide clarifications on transfers to IOs, which are also relevant for SHAPE and NATO.
Relevant Stakeholders:
The relevant stakeholders affected by this update include organizations that transfer personal data to entities in third countries or IOs, as well as the European Data Protection Board (EDPB) and SHAPE. This includes businesses, government agencies, and international organizations that handle sensitive information.
Next Steps:
To comply with or respond to this update, organizations should: 1) Review the EDPB’s Guidelines 2/2020 on Articles 46(2)(a) and 46(3)(b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies; 2) Familiarize themselves with the rules on international transfers, including privileges and immunities under international law; and 3) Develop safeguards that take into account the status and features of IOs.
Any Other Relevant Information:
The European Data Protection Board (EDPB) is committed to continuing its engagement with NATO and SHAPE on shared mission to protect human rights, including the right to privacy. A meeting between the EDPB and SHAPE has been proposed for December 2-3, February 11-12, or April 8-9, 2024. The EDPB Secretariat will provide further details if the proposed dates are feasible.
