Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Learn how GA4GH helps expand responsible genomic data use to benefit human health.
Our Strategic Road Map defines strategies, standards, and policy frameworks to support responsible global use of genomic and related health data.
Discover how a meeting of 50 leaders in genomics and medicine led to an alliance uniting more than 5,000 individuals and organisations to benefit human health.
GA4GH Inc. is a not-for-profit organisation that supports the global GA4GH community.
To guide our collaborative, globe-spanning alliance, GA4GH relies on a Standards Steering Committee and an Executive Committee.
The Funders Forum brings together organisations that offer both financial support and strategic guidance.
The EDI Advisory Group responds to issues raised in the GA4GH community, finding equitable, inclusive ways to build products that benefit diverse groups.
Distributed across four Host Institutions, our staff team supports the mission and operations of GA4GH.
Curious who we are? Meet the people and organisations across six continents who make up GA4GH.
More than 500 organisations connected to genomics — in healthcare, research, patient advocacy, industry, and beyond — have signed onto the mission and vision of GA4GH as Organisational Members.
These core Organisational Members are genomic data initiatives that have committed resources to guide GA4GH work and pilot our products.
This subset of Organisational Members whose networks or infrastructure align with GA4GH priorities has made a long-term commitment to engaging with our community.
Local and national organisations assign experts to spend at least 30% of their time building GA4GH products.
Anyone working in genomics and related fields is invited to participate in our inclusive community by creating and using new products.
Wondering what GA4GH does? Learn how we find and overcome challenges to expanding responsible genomic data use for the benefit of human health.
Study Groups define needs. Participants survey the landscape of the genomics and health community and determine whether GA4GH can help.
Work Streams create products. Community members join together to develop technical standards, policy frameworks, and policy tools that overcome hurdles to international genomic data use.
GIF solves problems. Organisations in the forum pilot GA4GH products in real-world situations. Along the way, they troubleshoot products, suggest updates, and flag additional needs.
NIF finds challenges and opportunities in genomics at a global scale. National programmes meet to share best practices, avoid incompatabilities, and help translate genomics into benefits for human health.
Communities of Interest find challenges and opportunities in areas such as rare disease, cancer, and infectious disease. Participants pinpoint real-world problems that would benefit from broad data use.
See all our products — always free and open-source. Do you work on cloud genomics, data discovery, user access, data security or regulatory policy and ethics? Need to represent genomic, phenotypic, or clinical data? We’ve got a solution for you.
All GA4GH standards, frameworks, and tools follow the Product Development and Approval Process before being officially adopted.
Learn how other organisations have implemented GA4GH products to solve real-world problems.
Help us transform the future of genomic data use! See how GA4GH can benefit you — whether you’re using our products, writing our standards, subscribing to a newsletter, or more.
Help create new global standards and frameworks for responsible genomic data use.
Align your organisation with the GA4GH mission and vision.
Solve your real-world data problems with support from this valuable network of global institutions.
Work with like-minded groups committed to better data use in areas like rare disease, cancer, and infectious disease.
Share your thoughts on all GA4GH products currently open for public comment.
Solve real problems by aligning your organisation with the world’s genomics standards. We offer software dvelopers both customisable and out-of-the-box solutions to help you get started.
Learn more about upcoming GA4GH events. See reports and recordings from our past events.
Speak directly to the global genomics and health community while supporting GA4GH strategy.
Be the first to hear about the latest GA4GH products, upcoming meetings, new initiatives, and more.
Questions? We would love to hear from you.
Read news, stories, and insights from the forefront of genomic and clinical data use.
Attend an upcoming GA4GH event, or view meeting reports from past events.
See new projects, updates, and calls for support from the Work Streams.
Read academic papers coauthored by GA4GH contributors.
Listen to our podcast OmicsXchange, featuring discussions from leaders in the world of genomics, health, and data sharing.
Check out our videos, then subscribe to our YouTube channel for more content.
View the latest GA4GH updates, Genomics and Health News, Implementation Notes, GDPR Briefs, and more.
Discover all things GA4GH: explore our news, events, videos, podcasts, announcements, publications, and newsletters.
2 Aug 2021
This Brief aims to clarify the roles of the European Data Protection Board (‘the Board’) and the Article 29 Working Party (WP29) in interpreting the GDPR, against the backdrop of their development as well as their most important tasks, powers, and competences.
Avid readers of the GA4GH GDPR Forum will have likely noticed that past briefs have mentioned GDPR interpretations by the European Data Protection Board (‘the Board’) and the Article 29 Working Party (WP29). This Brief aims to clarify their roles in interpreting the GDPR, against the backdrop of their development as well as their most important tasks, powers, and competences, particularly about the Board’s mandate to contribute to the consistent application of the GDPR throughout the EU.
Overview of the European Data Protection Board
The Board is an independent body that has been established to promote the effective and consistent interpretation and application of the GDPR across the EU. The Board is the successor organization to the WP29 since the coming-into-force of the GDPR. The Board has larger powers than its predecessor, especially with regard to dispute resolution and consensus building related to the consistency mechanism introduced by the GDPR where it has co-decision-making powers with SAs, even though its role remains principally an advisory one. The Board may exceptionally work with the European Data Protection Supervisor, which is a SA for EU institutions with certain advisory functions.
Guidance from the European Data Protection Board
The Board can issue guidance related to the interpretation of the GDPR. In a non-closed list, the GDPR lists 25 areas, including advising the European Commission, and related to the circumstances in which a personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, as well as related to international transfers and particularly to codes of conduct, to list the most relevant advisory tasks for data processing for genomic research.
As was the case with its predecessor, the Board solicits public feedback before issuing guidance, which consists of issuing draft guidance and then giving stakeholders six weeks to comment. (List of open and closed public consultations.)
Opinions from the European Data Protection Board
Within the frame of the consistency mechanism, the Board can issue opinions on draft decisions of SAs and on matters of general application. An example for such an opinion is the case where a draft code of conduct implicates data processing activities in multiple EU Member States. Before a SA approves such a code, it must ask the Board to provide an opinion. The opinion is not binding for the subsequent decision of the European Commission to approve the general validity of a code within the EU. Nevertheless, only a code that has first received an opinion of the Board stating that the code complies with the GDPR’s rigorous standards can be submitted to the Commission. The Board may also issue opinions on other matters, such as determinations from SAs regarding when a data protection impact assessment is required. Any SA or the European Commission may further seize the Board to issue an opinion regarding matters that affect more than one Member State.
Further to this, the Board can issue decisions that bind SAs pursuant to the dispute resolution procedure and the urgency procedure.
Binding Nature of the Guidelines and Opinions
The interpretive guidance in the guidelines and opinions of the Board are not binding for SAs (cf. binding decisions) and for courts. They are better thought of as interpretive aids rather than a bona fide source of law. However, they may have a binding effect on the Board itself, especially where the Board issues a binding decision that is informed by the Board’s own guidelines and opinions. This is why it has particular relevance that the Board has endorsed some WP29 guidelines such as those on consent and transparency. The endorsement of guidelines of the WP29, particularly related to issues that are subject to technological development and their changing legal assessment, risks overlooking the state-of-the-art and becoming ‘frozen in time’ instead of being replaced.
Exceptionally, even non-binding guidelines may come to represent a leading, authoritative interpretation on data protection law when cited with approval by the Court of Justice of the European Union. Although not frequent, we have seen the Court cite the Board in approval of their interpretation.
We have compiled a list of guidelines that are indeed relevant for readers below.
Article 29 Working Party / European Data Protection Board Guidelines Relevant to the GA4GH Community
Relevant GDPR Provisions
Michael Beauvais is an academic associate at McGill University’s Centre of Genomics and Policy.
Fruzsina Molnar-Gabor is research group leader at the Heidelberg Academy of Sciences and Humanities and lecturer at the Legal Faculty of Heidelberg University.
For a list of previous briefs, please consult here.
Please note that GDPR Briefs neither constitute nor should be relied upon as legal advice. Briefs represent a consensus position among Forum Members regarding the current understanding of the GDPR and its implications for genomic and health-related research. As such, they are no substitute for legal advice from a licensed practitioner in your jurisdiction.