The European Data Protection Board (EDPB) has just publish two new guidelines: the first relates to the method for calculating fines issued under the GDPRthe other on the use of facial recognition technologies by law enforcement and judicial authorities.

    A new calculation method for GDPR fines

    On 12 May 2022, the 65th EDPS Plenary took place. On this occasion, the European Committee adopted new guidelines aiming to “harmonise the methods for calculating administrative fines adopted by national authorities”. Who says European regulation, says harmonization on the scale of the contains. This was not necessarily the case until now. This new rule on the calculation method for fines under the GDPR establishes a starting point and imposes the taking into account of three elements: the categorization of offenses by nature, the seriousness of the offense and the turnover of the company.

    In the same category

    Overview of a city in El Salvador.

    El Salvador receives 44 developing countries to talk about the future of bitcoin

    All of the European CNILs will therefore have to take these three criteria into account to determine the amount of the fines. In order to accurately calculate this amount, the competent authorities will have to determine whether the case in question “concerns one or more cases and whether they have led to one or more offences”. They must also consider aggravating or mitigating factors likely to increase or decrease the amount of the fine. The CNILs will also have to respect the legal ceilings for fines, as provided for in art. 83 (4)-(6) GDPR. Finally, the authorities must analyze whether the amount “meets the requirements of effectiveness, deterrence and proportionality”.

    The EDPS wants to strengthen European cooperation

    With this new guideline, the EDPS also wishes to strengthen European cooperation. The various authorities of the Union have recently reiterated their commitment to closer and more collective cross-border cooperation. To achieve this, they wish in particular facilitate the use of cooperation tools allowed by the GDPR, and in particular joint investigations between authorities. That’s not all, the European CNILs intend to intensify their exchanges of information, “in order to promote the rapid emergence of an informal consensus which may allow the advancement of common instructions”.

    The EDPS also recalled that facial recognition tools should only be used in strict compliance with the Police-Justice Directive. To put it simply, the European Committee wants these technologies are used only in case of extreme necessity and in a proportionate manner, as provided for in the Charter of Fundamental Rights of the European Union. On this subject, in France, the Senate pleads for the creation of an authority responsible for verifying the reliability of algorithms. In particular, the EDPS considers that there should be a ban on the remote biometric identification of individuals in spaces accessible to the public.