Lake Como CEDPO Statement

May 24, 2022

Lake Como CEDPO Statement

CEDPO held its first in person board meeting of the post COVID pandemic era on the banks of Lake Como. The objectives of the meeting were (i) to discuss the current European data protection legislative landscape, (ii) take stock of member observations and activities, and (iii) define common priorities and objectives for the CEDPO work program of 2022-2023. There were a number of privacy industry observers in attendance to participate in the discussion. The meeting was hosted by CEDPO Italian member ASSO DPO ahead of their annual 8th Data Protection Congress in Milan.

Most notably, the meeting centred on the continued impact of the European Commission’s strategy for data on the data protection officer (DPO) and data protection practitioners (DPP). The constant flow of new rules being introduced on data governance and fair access has amplified the pivotal role that DPOs and DPPs serve in their organisations. At the macro level, the EU data strategy[1] is designed to enhance the EU single market and boost the data economy to ensure regional competitiveness and a position of leadership in the global data economy. In addition, and critical to the strategy, is the defence and promotion of European values and rights in the digital world.

It is an ambitious EU priority intended to transform the economy and put Europe at the forefront of technological advancement, while protecting the fundamental rights of individuals.

Several legislative developments are now in progress to support the strategy:

  • Artificial Intelligence Act (2021/0106(COD))
  • Digital Markets Act (2020/0374(COD))
  • Digital Services Act (2020/0361(COD))
  • Data Act (2022/0047(COD))
  • Data Governance Act (2020/0340(COD))

Lastly, we continue to wait for developments on the realisation of the e-privacy regulation – another foundation of the digital single market strategy – which will lay down rules regarding electronic communications affecting a broad range of organisations operating within the communications ecosystem.

Navigating this complex regulatory framework is a new challenge for DPOs and DPPs alike, adding to the existing challenges presented by continuously evolving and disruptive environments at both the technology level, e.g. with A.I., and from the legal perspective, as demonstrated by the Schrems II case[2] invalidating the Privacy Shield. Furthermore, the GDPR some 4 years on continues to require consistent interpretation and guidance, with the European Data Protection Board and the European Commission frequently seeking stakeholder consultations on GDPR related topics.

DPOs and DPPs need to be made aware of the Commission’s strategy on data in the same vein as on GDPR or ePrivacy related topics. Therefore, CEDPO is committed to several activities to provide support in this regard:

  • Establishing a legal entity and presence in Brussels Belgium in order to further its advocacy activities and initiatives and to be closer to the European Institutions, and the associated regulatory, and policy development process.
  • Informing CEDPO members and the public on the intersections between the European data strategy and the protection of personal data including the role of DPOs and DPPs and organising content sessions and events to further DPO and DPP learning and specialised knowledge.
  • Developing joint-position papers and statements on behalf of CEDPO members in the area of data protection and governance, e.g. in response to public consultations emanating from the European regulatory and institutional community.
  • Attending and speaking at EU policy oriented events in the interests of our members and good data protection policy and practice.
  • Engaging and providing technical, legal and operational expertise to the EU Institutions as appropriate.
  • Cooperating with like-minded organisations and associations in the field of data protection and governance both at national and pan-European level.


CEDPO as a European voice stands for the representation and promotion of DPOs and DPPs while providing opinion on balanced, practicable and effective data protection implementation.

You can download the PDF version of the Lake Como Statement here.