𝗖𝗼𝗱𝗲 𝗼𝗳 𝗖𝗼𝗻𝗱𝘂𝗰𝘁 𝗳𝗼𝗿 𝗱𝗲𝗹𝗶𝘃𝗲𝗿𝘆 𝘀𝗲𝗿𝘃𝗶𝗰𝗲 𝗽𝗿𝗼𝘃𝗶𝗱𝗲𝗿𝘀 𝗶𝗻 𝗱𝗮𝘁𝗮 𝗽𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻

The ongoing #digitalization of #retail and associated #goodsdelivery has led to the #harmonization of #data formats. In addition to unique #barcodes on every #parcel, this includes the mandatory advance #exchange of data on the retail goods contained in the parcel themselves.

The use of #harmonizeddata for every parcel containing goods which crosses a national border within the #EU has been mandatory since 1 July 2021. Since 1 January 2021, according to the global #postal #datamodel of the Universal Postal Union (#UPU), data on postal items containing goods exchanged between #postaloperators in cross-border postal #traffic must follow standardized #specifications. The EU Customs Data Model follows the UPU #model, although it is not identical. 

The data which it describes is generally data subject to the EU General Data Protection #Regulation (GDPR (EU)2016/679). In future, #personaldata will flow seamlessly through #merchandise #managementchains, including EU-wide #dataexchange with freight and #logisticsoperators, #authorities, and #companies. Just as in the field of #parceldelivery, #datasharing is becoming the #rule rather than the exception.

Increasing #digitalization has led to a #growth in legal #uncertainties, both in national, intra-EU and cross-border data exchange, and the processing of personal data. These uncertainties will be eliminated by the introduction of standardized Codes of Conduct specific to the delivery market.

These will:

– ensure that #compliance with the Code of Conduct (developed specifically for data used for the delivery of parcels containing goods and approved by the Data Protection Authority (#DPA)) indicates compliance with the obligations of a controller under the #GDPR;

– constitute „appropriate #guarantees for #datatransmission to a third country or to an #internationalorganization„;

– need to be considered when assessing the #impact of an intended #processing operation as part of a #dataprotection impact assessment, and

– give due consideration to participation in Codes of Conduct in the event of a fine.

Codes of Conduct pursuant to Art. 40 GDPR provide a method of self-regulation for the purpose of removing #legal uncertainties related to the GDPR and the processing of personal data within the postal delivery #market. The national Codes of Conduct will represent #guidelines for good data protection practice and are intended to standardize the data protection behaviour of those responsible and of processors. National standardization authorities are already engaged in developing their respective Codes of Conduct.