HomeInsightsEuropean Data Protection Board makes privacy recommendations for use of cloud services by public sector and adopts report on Cookie Banner Task Force


The EDPB has adopted a report on the findings of its first coordinated enforcement proceedings, which focused on the use of cloud-based services by the public sector, carried out under the Coordinated Enforcement Framework, which aims to establish deeper cooperation between data protection authorities (DPAs) to achieve better efficiency and consistency.

In 2022, 22 DPAs across the EEA (including the EDPS) launched coordinated investigations into the use of cloud-based services by the public sector. Around 100 public bodies in total were investigated, including European institutions, covering a wide range of sectors (such as health, finance, tax, education, buyers and providers of IT services).

In its report on the findings, the EDPB underlines the need for public bodies to act in full compliance with the GDPR and includes recommendations for public sector organisations when using cloud-based products or services. Details of action already taken by DPAs in the field of cloud computing is also included.

The EDPB has also adopted a report on the work undertaken by the Cookie Banner Task Force, which was established in September 2021 to coordinate the response to complaints concerning cookie banners filed with several DPAs by the privacy campaign group, NOYB. The Task Force aimed to promote cooperation, information sharing and best practices between DPAs, to ensure a consistent approach to cookie banners across the EEA. In the report, the DPAs agreed upon a joint interpretation of the applicable provisions of the E-Privacy Directive (2002/58/EC) and the GDPR (2016/679/EU), in relation to reject buttons, pre-ticked boxes, banner design, and withdraw icons. To read the EDPB’s news release in full and for links to the reports, click here.