Tag Archives for " WP29 "

What’s new in WP29’s final guidelines on transparency?

The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation.

When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, transparent, intelligible and easily accessible” and “in writing or by other means,” as well as what information should be provided and when and how to provide this information to data subjects.

Source: What’s new in WP29’s final guidelines on transparency?

EU privacy watchdogs to look into harvesting of data from social media

European Union privacy watchdogs will look deeper into the harvesting of personal data from social networks for economic or political purposes following the scandal engulfing Facebook Inc. after data from nearly 87 million users was improperly accessed.

“A multi-billion dollar social media platform saying it is sorry simply is not enough,” Andrea Jelinek, chair of the group of EU data protection authorities, said in a statement on Thursday.

Source: EU privacy watchdogs to look into harvesting of data from social media

Deciphering “Legitimate Interests”: Report based on more than 40 cases from practice

FPF and Nymity collaborated to compile a Report on actual cases from practice and relevant guidance from the Article 29 Working Party and individual Data Protection Authorities (DPAs) concerning the use of “legitimate interests” as a lawful ground for processing under EU data protection law.

Our aim is to help organizations better understand how to use and apply legitimate interests as a lawful basis for processing, while at the same time contributing to enhanced personal data protection for individuals.

Source: Deciphering “Legitimate Interests”: Report based on more than 40 cases from practice

Article 29 Working Party issues Guidance On Data Breach Notifications

Article 29 Data Protection Working Party released updated guidelines in relation to personal data breach notifications and automated individual decision-making and profiling under the General Data Protection Regulation.

Source: Europe: Article 29 Working Party Guidance – Data Breach Notifications

Once more, into the breach: Final guidelines on notification under GDPR

Many privacy pros in the U.S., with long experience complying with breach notification laws, were staggered by the GDPR’s 72-hour notification time frame. They hoped that the guidance from the WP29 would shed some light on questions such as when the notification clock starts ticking, what constitutes “awareness” of a breach, and how to determine the level of risk that triggers notification.

The draft Guidelines did address these issues, with helpful points suggesting that the WP29 had drawn lessons from the experience of other jurisdictions.

Source: Once more, into the breach: Final guidelines on notification under GDPR

Working party publishes draft of GDPR guidelines on data export

On February 12, 2018, the Article 29 Working Party (WP29) published guidance regarding Article 49 of the General Data Protection Regulation (GDPR) for public comment. The deadline for submitting comments on the draft is March 26, 2018.

Like the current EU Data Protection Directive, the GDPR prohibits the onward transfer of Personal Data to: (1) a country that has not been deemed  to provide an adequate  level of protection (e.g. the U.S.); and (2) where the entity therein has committed to handle the personal data of European data subjects applying appropriate safeguards in accordance with Article 46 of the GDPR.

For example, organizations comply with Article 46 by implementing Binding Corporate Rules (BCRs) or Standard Contractual Clauses or by participating in a recognized certification mechanism such as the EU-US Privacy Shield Framework.  However, Article 49 of the GDPR provides for transfers to entities in a country without an adequate level of protection under a series of narrowly tailored exceptions called derogations.

Source: Working party publishes draft of GDPR guidelines for Article 49 (export derogations)

WP29 brings Binding Corporate Rules in line with the GDPR

On February 6, 2018, the Article 29 Working Party (WP29) adopted updated guidelines on Binding Corporate Rules (“ BCRs “), which replace the previous WP29 working documents 153 and 195 on BCRs and Processor BCRs.

BCRs are one of the permitted data export solutions under European data protection law, allowing members of a corporate group that have committed to a binding and approved set of data protection rules to transfer personal data within their organization (including from inside the European Economic Area to outside of it).

Source: WP29 brings Binding Corporate Rules in line with the GDPR

Buttarelli gives the post-Brexit options for the UK and insights into the EU DP Board

Giovanni Buttarelli, European Data Protection Supervisor, in London yesterday, explained that Elizabeth Denham, UK Information Commissioner, has been working hard to explore different scenarios to ensure that the UK will continue working as a partner with the European Union after 29 March next year when it becomes a 3rd country.

He referred to the data protection impact of the UK staying one or two steps outside the European Union.

Source: Buttarelli gives the post-Brexit options for the UK and insights into the EU DP Board – Privacy Laws & Business

Article 29 Working Party Comments on FATCA

Article 29 Working responded to a letter on effect of U.S. Foreign Account Tax Compliance Act (FATCA) on European citizens who, due to U.S.
citizenship law, are either “accidental Americans” or dual European/US nationals.

At the moment all EU Member States have now signed individual intergovernmental agreements (IGAs) with the US. These IGAs provide the legal basis for the processing of the personal data of American nationals in the context of FATCA. In addition, EU data protection authorities have been monitoring the measures taken by European governments
to implement FATCA at national level.

Source: ARTICLE29 Newsroom – Letter of the Chair of the ART 29 WP to FATCA – European Commission

1 2 3 5
>