Loading...
Skip to main content

Wie viele Websites verwenden auch die Websites der BSA Cookies, um das effiziente Funktionieren dieser Websites sicherzustellen und unseren Nutzern die bestmögliche Erfahrung zu bieten. In unserer Cookie-Erklärung erfahren Sie mehr darüber, wie wir Cookies verwenden und wie Sie die Cookie-Einstellungen Ihres Browsers ändern können. Wenn Sie diese Seite weiterhin verwenden, ohne Ihre Cookie-Einstellungen zu ändern, stimmen Sie unserer Verwendung von Cookies zu.

X

OCT 09, 2024 | EUROPEAN UNION | BELGIUM

BSA Raises Concerns Over EDPB Opinion on Sub-Processors

BRUSSELS – Thomas Boué, Director General – Policy EMEA, at BSA | The Software Alliance, issued the following statement in response to opinion 22/2024 from the European Data Protection Board (EDPB), adopted on October 7, 2024, on Article 64(2) of the General Data Protection Regulation (GDPR) on certain obligations following from the reliance on processor(s) and sub-processor(s). 

The EDPB notably concludes that “controllers should have the information on the identity (i.e., name, address, contact person) of all processors, sub-processors etc. readily available at all times (...), regardless of the risk associated with the processing activity. To this end, the processor should proactively provide to the controller all this information and should keep them up to date at all times.” This opinion challenges existing well-established practices and has major implications for businesses, especially those leveraging cloud services, to the detriment of both the controller (business customer) and processor (cloud service provider). 

“BSA is concerned about the EDPB's latest opinion, which disrupts well-established and effective privacy protections that are built upon the relationships between data controllers and processors, and which currently rely on contractual agreements to cover the issue. The EDPB's decision introduces a significant new requirement on data controllers to be aware of all processors in their entire sub-processing chain and on data processors to proactively provide such information to the controllers. 

Imposing such an end-to-end requirement would overburden businesses, especially small and medium-sized enterprises (SMEs), without providing real improvements in the level of data protection. It would also be unrealistic for both cloud service providers acting as processors and their business customers acting as controllers. 

At BSA, we firmly believe that the current approach—where data controllers and processors, as well as processors and sub-processors, maintain their relationships based on monitoring and well-defined contractual agreements—remains the most effective way to ensure data protection. 

Additionally, BSA wishes to express its concern about the limited involvement of stakeholders in the EDPB process on this important issue for our members and the industry as a whole. This would be a significant change that, if appropriate, should be considered, at the very least, through legislative process, with the appropriate stakeholders’ involvement. In light of the ongoing consultations on the Digital Operational Resilience Act's (DORA) subcontracting of ICT services and transparency requirements, we believe that a prior dialogue between financial and privacy regulators would have helped achieve better alignment and consistency.” 

BSA will continue advocating for policies that support innovation, growth, and a competitive marketplace while maintaining healthy data security and transparency standards. 

TAGS:

ÜBER BSA

Die Business Software Alliance (www.bsa.org) ist die globale Stimme der Software-Industrie gegenüber Politik und Wirtschaft. Die Mitglieder der BSA gehören zu den innovativsten Unternehmen weltweit und erarbeiten neue Software-Lösungen, die die Wirtschaft antreiben und das moderne Leben von heute prägen.

PRESSEKONTAKT

Michael O’Brien

For Media Inquiries

PRESSEKONTAKT

Media Inquiries

PRESSEKONTAKT

Media Inquiries

CONTACTO DE PRENSA

Media Inquiries