Tag Archives: Article 29 Working Party

South Korea joins APEC’s Cross Border Privacy Rules system

This week, it was officially announced that South Korea has become the fifth country to join the Asia-Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. This system was developed by APEC in 2011 to “build consumer, business and regulator trust in cross border flows of personal information” and thus facilitate e-commerce among APEC … Continue Reading

More GDPR questions answered: new guidelines on DPIAs

Although considered burdensome by some, data protection impact assessments (DPIAs) help controllers assess any data protection implications of their processing operations, with the added benefit of demonstrating compliance with the EU General Data Protection Regulation (GDPR). The Article 29 Working Party (WP29) recently published Guidelines on DPIAs and on determining whether processing is “likely to … Continue Reading

Article 29 Working Party issues guidance on data portability, DPOs and lead supervisory authorities

As we enter 2017, 2018 doesn’t seem that far away…and with the new General Data Protection Regulation (GDPR) due to come into effect from 25 May 2018, organisations are running out of time to ensure compliance with the new data protection requirements. It is therefore not surprising that the Article 29 Working Party (“Working Party”) … Continue Reading

International Data Transfers Face Further Setbacks: MEPs and the EDPS Reject the Privacy Shield & the Adequacy Challenge Spreads to EU Model Clauses

The options available to EU organisations for lawfully transferring personal data from Europe to the United States appear to be dwindling. In particular, there have been further setbacks to the approval of the Privacy Shield and, separately, a new legal challenge to the validity of EU model contract clauses. For more information click here to … Continue Reading

Privacy Shield does not achieve adequacy of protection under current regime, say EU Data Protection Authorities

On 13 April, the Article 29 Data Protection Working Party (‘WP29’) published its opinion on whether the proposed Privacy Shield programme, which is intended to replace the now-invalid Safe Harbor pact for facilitating trans-Atlantic data flows, achieved an adequate level of protection. The WP29 acknowledged that many of the shortcomings of Safe Harbor have been … Continue Reading

The CNIL sets expectations as to the ‘EU-U.S. Privacy Shield’ and starts implementing enforcement measures in case of Safe Harbor remediation default

The CNIL issued a press release February 4, setting expectations concerning the “EU-U.S. Privacy Shield” work-in-progress. In the same time, it has switched to enforcement mode concerning Safe Harbor remediation failure. Click here to read more in the issued Client Alert.… Continue Reading

Article 29 Working Party updates its Opinion on applicable law

The Article 29 Working Party (WP29) has updated its Opinion on applicable law and has introduced a new ‘inextricable link’ test representing a new element to the existing ‘in the context of the activities of an establishment’ criteria. This updated Opinion follows the Court of Justice of the European Union’s (CJEU) judgment in the case … Continue Reading

The Article 29 Working Party releases statement on Safe Harbor

On 16 October, the Article 29 Working Party released a statement (“Statement”) on the implications of the Court of Justice of the European Union’s (“CJEU”) judgment in Maximillian Schrems v Data Protection Commissioner (C-362-14). In that judgment, the CJEU invalidated the Safe Harbor regime, which for 15 years had been one of the main tools available to … Continue Reading

Privacy in financial markets, not to be ignored

The Article 29 Working Party published a letter it sent to the European Commission urging it to consider the data protection and privacy issues when adopting the secondary regulations (‘Regulations’) necessary to implement two European Union financial services laws. These Regulations are required as part of the implementation of the EU Markets in Financial Instruments … Continue Reading

APEC and Article 29 Working Party cooperation helps facilitate growth of BCRs and CBPRs

In late May, the Article 29 Working Party published the letter it sent to the APEC Data Protection subgroup. The letter follows previous discussions and extends cooperation between the two international organisations on data transfer mechanisms, and sets out new plans to align the EU Binding Corporate Rules (‘BCR’) with the APEC Cross-Border Privacy Rules … Continue Reading

Article 29 Working Party publishes opinion on draft Data Protection Regulation

Following adoption by the EU Council of the draft General Data Protection Regulation (the ‘draft Regulation’) in June, the Article 29 Working Party has published an opinion based on draft proposals set out by the various EU institutions, and which is likely to be referred to during the trilogue negotiations currently underway. The opinion follows … Continue Reading

Drones and their data protection implications: Guidance provided by Article 29 Working Party

The Article 29 Working Party has published an Opinion (01/2015) about the data protection and privacy issues in relation to the utilisation of drones. The Working Party acknowledges the social and economic benefits of drones within the aviation market and the opportunities that could develop for law enforcement agencies, but emphasises that risks and threats … Continue Reading

Further guidance on Processor BCRs provided by Article 29 Working Party

The Article 29 Working Party has updated its guidance (the ‘Guidance’) on Processor Binding Corporate Rules (‘PBCRs’) in response to growing concerns that personal data, when transferred outside the European Union to countries without adequate protection, may be subject to access requests from those countries’ law enforcement agencies (‘LEA’) in situations which may not comply … Continue Reading

Article 29 Working Party issues its Cookie Sweep Combined Analysis – Report

On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators, including the UK’s ICO, France’s CNIL and Spain’s AEPD, in order to assess the current steps taken by website operators … Continue Reading

EU Art. 29 Working Party Opinion on the Internet of Things

The EU Article 29 Working Party (WP29) has issued an Opinion on ‘Recent Developments on the Internet of Things’ (Opinion). The Opinion stresses the privacy and security challenges generated by the development of the Internet of Things (IoT), while acknowledging the benefits of IoT to individual lives, and the prospect of significant economic growth within … Continue Reading

EU Art. 29 Proposes Class Actions to Enforce Privacy Rights

This month, the Article 29 Data Protection Working Party (Working Party) and the French Data Protection Authority (CNIL) held the European Data Governance Forum, an international conference focusing on the issues of privacy, innovation and surveillance in Europe. The conference highlighted many of the issues raised in the Joint Statement released by the Working Party … Continue Reading

UK High Court Defines Tests To Determine if Data is Personal

This post was written by Cynthia O’Donoghue. The UK High Court was forced to re-examine the concept of ‘personal data’ in the recent case of Kelway v The Upper Tribunal, Northumbria Police and the Information Commissioner (2013) EWHC 2575 (Admin). The case involved an application for judicial review by Dr Kelway against two decisions of … Continue Reading

European data protection watchdog proposes stricter regulation of profiling

The EU data protection watchdog, Article 29 Working Party (Art. 29 WP), has issued the Advice paper on essential elements of a definition and a provision on profiling within the EU General Data Protection Regulation. The document underlines the significance of creating profiles based on interlinked personal data, especially given the latest developments in geo … Continue Reading

Data protection vs. anti-money laundering, counter terrorism and traceable money transfers

Last month, the European Commission published a letter from the Article 29 Working Party (Art. 29 Working Party) to Juan Fernando López Aguilar, chair of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE). The letter addressed the proposed new directive on the prevention of money laundering and terrorist financing through financial … Continue Reading

EU Article 29 A29WP publishes new BCR guidance for processors

The European Union (EU) data protection body, the Article 29 Working Party (A29WP), in April adopted new guidance on Binding Corporate Rules for Processors (BCPRs). The document supplements the opinion from June 2012, which listed elements required for valid BCPRs, by further clarifying what provisions and mechanisms must be included before BCPRs can be authorised. … Continue Reading

EU Article 29 Working Party criticises the proposed Data Protection Impact Assessment templates for smart-meters

This post was written by Cynthia O’Donoghue. The Article 29 Working Party (A29WP) adopted the Opinion on Data Protection Impact Template Assessment for Smart Grid and Smart Metering Systems (Opinion), which evaluates the Privacy Impact Assessment (PIA) template that the member states intend to adopt. The PIA, which was prepared by industry representatives, seeks to … Continue Reading

The Article 29 Working Party tackles the most contested elements of the new Data Protection Regulation

This post was written by Cynthia O’Donoghue. The Article 29 Working Party (“Art. 29 WP”), which has already released two opinions (WP191 and WP199) regarding the draft General Data Protection Regulation (“Regulation”), issued a statement and two accompanying annexes addressing some of the most heavily debated elements. This statement addresses relaxation of rules for the … Continue Reading

Art. 29 Working Party seeks refined definition of ‘personal data’ in the proposed General Data Protection Regulation

This post was written by Cynthia O’Donoghue. In its second opinion on the proposed Data Protection Regulation, the Article 29 Working Party suggests that a natural person can be considered identifiable when, within a group of persons, he or she can be distinguished from other members of the group and consequently be treated differently. They … Continue Reading
LexBlog