Tag Archives for " WP29 "

EDPB adopts letter regarding the PSD2 Directive

The European Data Protection Board (EDPB) adopted a letter on behalf of the EDPB Chair addressed to Sophie in’t Veld MEP regarding the revised Payments Services Directive (PSD2 Directive). In its reply to Sophie in’t Veld the EDPB sheds further light on ‘silent party data’ by Third Party Providers, the procedures with regard to giving and withdrawing consent, the Regulatory Technical Standards, the cooperation between banks and the European Commission, EDPS and WP29 and what remains to be done to close any remaining data protection gaps.

Source: Letter regarding the PSD2 Directive – European Data Protection Board

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR).

Source: GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Article 29 Working Party Releases Updated Standard Application Forms for BCRs

On April 11, 2018, the Article 29 Working Party (the “Working Party”) adopted two Recommendations on the Standard Application for Approval of Data Controller or Processor Binding Corporate Rules for the Transfer of Personal Data.

Binding Corporate Rules (“BCRs”) are one of the mechanisms offered to companies to transfer data outside the European Economic Area to a country which does not provide an adequate level of protection for the data according to Article 45 of the GDPR. These Recommendations, in the form of questionnaires, are intended to help BCR applicants demonstrate how they fulfill the requirements of Article 47 of the GDPR.

Source: Article 29 Working Party Releases Updated Standard Application Forms for BCRs

Validating The Identity of An Individual Making a Data Subject Access Request

How Far Can I Go TO Validate The Identity of An Individual Making a Data Subject Access Request?

The Article 29 Working Party (an advisory body made up of a representative from the data protection authority of each European Union Member State, the European Data Protection Supervisor, and the European Commission) has confirmed that there are no specific requirements in the GDPR on how to authenticate a person that requests information about themselves and companies are required to establish procedures to ascertain the identity of a requestor to ensure that they do not accidentally disclose personal data to the wrong person.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: How Far Can I Go To Validate The Identity of An Individual Making a Data Subject Access Request?

What’s new in WP29’s final guidelines on transparency?

The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation.

When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, transparent, intelligible and easily accessible” and “in writing or by other means,” as well as what information should be provided and when and how to provide this information to data subjects.

Source: What’s new in WP29’s final guidelines on transparency?

EU privacy watchdogs to look into harvesting of data from social media

European Union privacy watchdogs will look deeper into the harvesting of personal data from social networks for economic or political purposes following the scandal engulfing Facebook Inc. after data from nearly 87 million users was improperly accessed.

“A multi-billion dollar social media platform saying it is sorry simply is not enough,” Andrea Jelinek, chair of the group of EU data protection authorities, said in a statement on Thursday.

Source: EU privacy watchdogs to look into harvesting of data from social media

Deciphering “Legitimate Interests”: Report based on more than 40 cases from practice

FPF and Nymity collaborated to compile a Report on actual cases from practice and relevant guidance from the Article 29 Working Party and individual Data Protection Authorities (DPAs) concerning the use of “legitimate interests” as a lawful ground for processing under EU data protection law.

Our aim is to help organizations better understand how to use and apply legitimate interests as a lawful basis for processing, while at the same time contributing to enhanced personal data protection for individuals.

Source: Deciphering “Legitimate Interests”: Report based on more than 40 cases from practice

Article 29 Working Party issues Guidance On Data Breach Notifications

Article 29 Data Protection Working Party released updated guidelines in relation to personal data breach notifications and automated individual decision-making and profiling under the General Data Protection Regulation.

Source: Europe: Article 29 Working Party Guidance – Data Breach Notifications

Once more, into the breach: Final guidelines on notification under GDPR

Many privacy pros in the U.S., with long experience complying with breach notification laws, were staggered by the GDPR’s 72-hour notification time frame. They hoped that the guidance from the WP29 would shed some light on questions such as when the notification clock starts ticking, what constitutes “awareness” of a breach, and how to determine the level of risk that triggers notification.

The draft Guidelines did address these issues, with helpful points suggesting that the WP29 had drawn lessons from the experience of other jurisdictions.

Source: Once more, into the breach: Final guidelines on notification under GDPR

1 2 3 5
>