Editor’s note: owing to the lack of case–law in the past two weeks, we have decided to report on other relevant EU data protection law news, certain of which dates back beyond two weeks.
-VIS SCG Activity Report 2023-2024 Published-
On 26th June, the EDPB published the Activity Report of the Visa Information System (VIS) Supervision Coordination Group (SCG) for the years 2023-2024. The SCG is composed of members of the DPAs of each EU/Schengen Member State and the EDPS. Its main mission is to monitor the implementation and application of the applicable VIS rules by the Member States and, where relevant, the EU bodies. As of the end of 2024, the work of the Group has been coordinated by the EDPB. In short, the Report covers, broadly speaking: the latest legal and technological developments related to the VIS and Schengen topics in general; the activities – e.g. meetings – performed by the members of the Group; specific topics dealt with by the Group – including the report on advance data deletion; and individual reports on Member States – including on the status quo in each Member State and its embassies, inspections performed by DPAs, and complaints submitted by data subjects.
-EDPB Issues New Documents-
On 5th June, the EDPB published, or announced, the following important documents:
- The ‘final version of the guidelines on data transfers to third country authorities’ (based on Article 48 GDPR);
- Two reports: ‘Law & Compliance in AI Security and Data Protection’ and ‘Fundamentals of Secure AI Systems with Personal Data’, produced in the framework of ‘two new Support Pool of Experts (SPE) projects’ bearing the same name. The reports will be made available ‘in the following months’.
- The EDPB also announced that it is working on ‘a joint EDPB-EDPS opinion on the draft proposal on the simplification of record-keeping obligation under the GDPR’, to be issued within 8 weeks.
-EDPS Annual Report 2024-
On 23rd of April 2025, the EDPB published their ‘Annual Report 2024’. The report, in essence, charts the activities of the EDPS in the reporting period – which ‘concludes the EDPS’ Mandate 2020 – 2024’ and the institution’s ‘20th Anniversary celebration’. In terms of content, the report covers a significant range of topics, including, amongst others, sections on: ‘Supervision & Enforcement: consistent data protection in EU institutions’; ‘Policy & Consultation for a safer digital future’; ‘Technology and Privacy: foresight, oversight and digital transformation’; ‘Artificial Intelligence: preparing for the EDPS’ future’; ‘Communicating with impact on data protection’; ‘Human Resources, Budget and
Administration’; ‘Governance and Internal Compliance’; and ‘Transparency and Access to Documents’. Owing to the significance, both de jure and de facto, of the EDPS in EU data protection law, and its scope, the report should hold something of interest for all involved in EU data protection law. Whilst the full report is over 100 pages long, a much briefer executive summary is available on the EDPS’s website.