The main focus of the joint supervision is on service providers whose main place of business is located in one of the Baltic States and who offer their services throughout the Baltics. In addition, each country's DPA can independently extend the scope of supervision to the activities of companies operating in only one country.
The purpose of the joint supervision is to verify compliance with the requirements of the GDPR and, therefore, proactively address potential threats to personal data in a sector which has increasingly and rapidly grown in the past years.
To date, the DPAs have not yet published the results of the joint supervision, including any recommendations. Upon doing so, the recommendations will likely serve as a good illustration not only to the providers of short-term rental of vehicles but also to other data controllers.
The decision to carry out joint sector-based supervision was decided in 2021, at the meeting of the Baltic DPAs. At the meeting, among other things, it was concluded that none of the Baltic DPAs have sufficient resources to adequately fulfill their obligations arising from the legal framework. Additionally, it was discussed that the most relevant topics in the Baltic States are the processing of personal data in social networks and via video surveillance. To ensure the maximum use of available resources, it was agreed to provide mutual support in matters related to international cooperation.
Referenced from the website of the Estonian DPA:
https://www.aki.ee/et/uudised/balti-riikide-jarelevalveasutuste-kohtumine-2021-aastal (in Estonian)
Article provided by INPLP member: Mari-Liis Orav (TGS Baltic, Estonia)
Discover more about the INPLP and the INPLP-Members
Dr. Tobias Höllwarth (Managing Director INPLP)