Preiskel & CoPreiskel & Co
Preiskel & Co
  • Home
  • About Us
    • Diversity, Social Responsibility, and Pro Bono
  • Services
    • Corporate
    • Commercial
    • Regulatory
    • Competition & Antitrust
    • Data Protection, Privacy, and Retention
    • Intellectual Property
    • Dispute Resolution
    • Employment
  • Sectors
    • Telecommunications
    • IT, Technology, & Internet
    • Media and Broadcasting
    • Websites, Blogging, & Social Media
    • Film & Television
    • Gambling & Online Gaming
    • Leisure & Retail
    • Energy & Minerals
    • Cryptocurrency & Blockchain
    • Creative Industries
  • People
    • Daniel Preiskel
    • Ronnie Preiskel
    • Tim Cowen
    • Jose Saras
    • Robert Dougans
    • Tina Cowen
    • D A T Green
    • Karthyaeni Vittala
    • Richard Stewart
    • Mor Swiel
    • Ilanit Appelfeld
    • Stephen Dnes
    • Daniel Oakland
    • Robert Harvey
    • Martina Raciti
    • Joanna Coombs-Huang
    • Xavier Prida
    • Mark Clough
    • Stewart White
    • Alison MacFarlane
    • Hannah Leader
    • Peter Dally
    • Antony Corel
    • Sue Warwick
    • Shardi Shameli
    • Stephen Hornsby
    • Ewelina Korgol
    • Maria Constantin
    • Sophia Yakhno
  • International
  • Blog
  • News
    • Publications
  • Contact
Menu back  

EDPB: new sets of guidelines for consultation on the calculation of fines and use of facial recognition technology

May 26, 2022By Preiskel & Co

On the 16th of May 2022, The European Data Protection Board (“EDPB”) has adopted, in its latest plenary session held on 12 May 2022, two new guidelines, one on the calculation of fines under the EU GDPR and the second guideline on the use of facial recognition technology in law enforcement. These two sets of guidelines are open for public consultation until 27 June 2022. They are summarised in turn below.

Guidelines on the calculation of fines

These guidelines aim to harmonise the methodology used by data protection authorities (DPAs). The guidelines also include harmonised ‘starting points’ for calculating a fine, taking into consideration three elements:

  1. the categorisation of infringements by nature;
  2. the seriousness of the infringement; and
  3. the turnover of a business.

The guidelines currently propose a five-step calculation method:

  1. DPAs must first establish if the case concerns one or more circumstances of sanctionable conduct and if these have led to infringements. The purpose is to clarify if all (or some) of the infringements are subject to fines.
  2. DPAs must rely on a starting point for the calculation of the fine for which there is a harmonised method provided by the EDPB.
  3. DPAs must consider any aggravating or mitigating factors that can alter the amount of the fine, for which the EDPB provides a consistent interpretation.
  4. DPAs to determine the legal maximums of fines (Article 83 (4)-(6) GDPR) and to ensure that these amounts are not exceeded.
  5. DPAs need to analyse whether the calculated final amount meets the requirements of effectiveness, dissuasiveness, and proportionality or whether adjustments to the amount are necessary.

Guidelines on the use of facial recognition technology in the area of law enforcement

These guidelines provide guidance to EU and national law makers, and to law enforcement authorities, on implementing and using facial recognition technology systems.

The guidelines note that the facial recognition tools should only be used in compliance with the Law Enforcement Directive (“LED”) and used only in a necessary and proportionate manner, as set out in the Charter of Fundamental Rights.

A ban on the use of facial recognition technology in certain cases is also referred to, such as in cases of:

  1. remote biometric identification of individuals in publicly accessible spaces;
  2. facial recognition systems categorising individuals based on their biometrics into groups according to ethnicity, gender, political or sexual orientation or other grounds for discrimination;
  3. facial recognition or similar technologies to infer emotions of a natural person;
  4. processing of personal data in a law enforcement context that would rely on databases populated by collection of personal data on a mass-scale and in an indiscriminate way i.e., by “scraping” photographs and facial pictures accessible online.

Both sets of guidelines will be submitted for public consultation for a period of 6 weeks, following which, a final version of the guidelines taking into consideration the stakeholder feedback received will be adopted. The final version will include a reference table with a range of starting points for the calculation of a fine, depending on the severity of the infringement and the turnover of the organisation.

Find out more about the guidelines here, or provide your feedback on the guidelines before the 27th of June 2022 here.

Please contact Jose Saras if you have any questions regarding the above.

The material contained in this article is only for general review of the topics covered and does not constitute any legal advice. No legal or business decision should be based on its content.

 

Leave Comment

Cancel reply

Your email address will not be published. Required fields are marked *

clear formSubmit

Latest Preiskel & Co blog posts
  • BEIS releases first annual report on NSIA 2021
    June 23, 2022
  • OFCOM’S GENERAL CONDITIONS CHANGES IN RELATION TO THE EUROPEAN ELECTRONIC COMMUNICATIONS CODE
    June 23, 2022
  • UK Government reveals Data Reform Bill
    June 22, 2022
  • A costly factor in enforcement action undermines the Rule of Law: UK Supreme Court Rules on CMA v Pfizer/Flynn costs appeal
    June 20, 2022
  • Artificial Intelligence and the Metaverse
    June 16, 2022
  • Record £9bn pumped into UK private tech firms in first three months of 2022, placing UK second behind the US globally
    June 13, 2022
  • EDPB: new sets of guidelines for consultation on the calculation of fines and use of facial recognition technology
    May 26, 2022
  • Claim against NHS Trust for breach of DPA 1998 and misuse of private information dismissed
    April 28, 2022
  • TikTok Class action for the Misuse of Child Personal Data
    April 28, 2022
  • ICO consultation on draft guidance for the research provisions within the UK GDPR and the DPA 2018
    April 20, 2022
  • European Strategy for Artificial Intelligence – a framework to regulate AI and its potential impact on the UK
    April 19, 2022
  • Meta hit by 17 million euro fine by Irish regulator
    April 19, 2022

The Preiskel Blog

  • BEIS releases first annual report on NSIA 2021 23 Jun 2022
  • OFCOM’S GENERAL CONDITIONS CHANGES IN RELATION TO THE EUROPEAN ELECTRONIC COMMUNICATIONS CODE 23 Jun 2022
  • UK Government reveals Data Reform Bill 22 Jun 2022
  • A costly factor in enforcement action undermines the Rule of Law: UK Supreme Court Rules on CMA v Pfizer/Flynn costs appeal 20 Jun 2022

Preiskel news

  • Daniel Preiskel and Xavier Prida lecturing to Academia Mexicana del Derecho Informático and Abogado Digital
  • Preiskel & Co advises Mexico-based premium content production company Dopamine
  • Danny Preiskel was ranked as a Global Elite Thought Leader in Telecoms & Media by WhosWhoLegal Data 2022
  • Danny Preiskel featured in GCCM (Global Carrier Community Magazine)
Preiskel tweets
  • RT @VRobCompLaw: Speaker interviews - Competition Law in Conversation Cloud computing is becoming a new frontier for digital competition. W…6 days ago
  • RT @TC_4KBW: A precedent for paying songwriters and creators properly? https://t.co/VZ9E8eJvor8 days ago
  • RT @TC_4KBW: Have we lost the regulatory plot? Is it time to use “R vs Big Tech” when it comes to giving the Digital Markets Unit more powe…8 days ago
Preiskel & Co LLP
4 King's Bench Walk,
Temple,
London
EC4Y 7DL
United Kingdom

Tel: +44 20 7332 5640
Email: info@preiskel.com

Find us on:

TwitterLinkedinMail
© Preiskel & Co LLP 2022 | Site map | Legal notices | Privacy | Cookie Policy | Privacy | Fraud Notice