B

Berlin Group

The International Working Group on Data Protection in Telecommunications (IWGDPT) was established in 1983 on the initiative of a number of national data protection authorities in the world. The secretariat has since then been provided by the data protection authority of Berlin (Berliner Datenschutz-beauftragter). Membership in the Group is not limited to national data protection authorities, but extends also to representatives from the private and NGO sectors.

Over the last years, the Group has focused on data protection and privacy related issues of information technology in the wide sense, with a special focus on Internet-related developments.

More information on Berlin group

Best available techniques

Best Available Techniques refer to the most effective and advanced stage in the development of activities and their methods of operation, which indicate the practical suitability of particular techniques for providing in principle the basis for complying with the EU data protection framework. They are designed to prevent or mitigate risks on privacy and security.

Council Directive 96/61/EC of 24 September 1996 concerning integrated pollution prevention and control provides for the following definitions, which could be applied by analogy:

"techniques" shall include both the technology used and the way in which the system is designed, built, maintained, operated and replaced;
"available" techniques shall mean those developed on a scale which allows implementation in the relevant sector, under economically and technically viable conditions, taking into consideration the costs and advantages, whether or not the techniques are used or produced inside the Member State in question, as long as they are reasonably accessible to the operator;
"best" shall mean most effective in achieving a high general level of protection.

Binding corporate rules

Binding corporate rules (BCRs) are a legal tool that can be used by multinational companies to ensure an adequate level of protection for the intra-group transfers of personal data from a country in the EU or the European Economic Area (EEA) to a third country.

The use of BCRs requires, in principle, the approval of each of the EU or EEA data protection authorities from whose country the data are to be transferred.

The Article 29 Working Party has adopted a number of documents to guide companies willing to use this tool:

WP 107: Working Document Setting Forth a Co-Operation Procedure for Issuing Common Opinions on Adequate Safeguards Resulting From “Binding Corporate Rules” (pdf);
WP 108: Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules (pdf);
WP 133: Recommendation 1/2007 on the Standard Application for Approval of Binding Corporate Rules for the Transfer of Personal Data;
WP 153: Working Document setting a table with the elements and principles to be found in Binding Corporate Rules (pdf);
WP 154: Working Document Setting up a framework for the structure of Binding Corporate Rules (pdf);
WP 155: Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules (pdf)

Biometrics

Biometrics or biometric systems are methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioural traits.

Such methods have already been used for a long time. However, the new element which triggers data protection considerations is that a machine can now automatically conduct these methods and possibly recognise humans with measurable accuracy.

+ View more news

News

European Commission brings use of Microsoft 365 into compliance with data protection rules for EU institutions and bodies

28 July 2025

Press release on the European Commission's compliance with the use of Microsoft 365.

Targeted modifications of the GDPR: EDPB & EDPS welcome simplification of record keeping obligations and request further clarifications

9 July 2025

EDPS and EDPB a Joint Opinion on the European Commission’s Proposal for a Regulation amending certain regulations, including the GDPR.

Read Press Release

Read Joint Opinion

From Cradle to Cloud: Surveillance and Digitalisation around Childhood

7 July 2025

EDPS and EDPB Trainees organised a conference to reflect and foster discussion on the digital rights of children.

Read the EDPS - EDPB trainees' blogpost.

Watch the recording.

+ View full agenda

Agenda

4 September 2025

ECPC Advanced Master’s in Privacy, Cybersecurity, and Data Management, Opening lecture by Wojciech Wiewiórowski on "Reflection on the tensions and balances between data protection and security, particularly in the context of the EDPS’s work on migration, border control, and surveillance-related initiatives at the EU level" at Maastricht University, Maastricht, The Netherlands.

17 July 2025 - 18 July 2025

Leonardo Cervera Navas taking part in the Congress of the Data Protection Officers of Spanish Universities, Alicante, Spain

17 July 2025

Wojciech Wiewiórowski taking part in the Technologist Roundtable Series for Policymakers: Diving Deeper into “Machine Unlearning” and Technical Guardrails, Brussels, Belgium (via a video link)

15 July 2025

Leonardo Cervera Navas taking part in a roundtable dinner with with Horacio Gutierrez, Senior Executive Vice President, Chief Legal and Compliance Officer, The Walt Disney Company, Brussels, Belgium

14 July 2025

Leonardo Cervera Navas taking part in "Fête nationale française 2025" organised by the Permanent Representation of France to the European Union, Bruxelles, Belgium