Tag Archives: Article 29 Working Party

As Max Schrems continues to do battle over Model Clauses in the Irish High Court, the Article 29 Working Party (WP29) has this week issued guidance surrounding EU-US Privacy Shield (Privacy Shield) related complaints. The guidance will be of note to any EU citizen wishing to complain about the handling of their personal data that has been transferred from the EU to one of the, as of 24 February, 1724 Privacy Shield registered organisations. It encompasses a template complaint form and Rules of Procedure and should provide parties concerned with all the information necessary to notify a breach under the 6 month old framework. The Rules of Procedure provide guidance on how an "Informal Panel of EU DPAs" (Panel) will operate in advising US organisations following a complaint. The Panel will aim to provide guidance within 60 days after receiving a complaint form. The complaint … Continue Reading ››
Just before the festive break, the Article 29 Working Party ("WP29"), the group representing national data protection regulators in the EU, issued new guidance on several key aspects of the new General Data Protection Regulation ("GDPR"). This is the first guidance of its kind issued by the WP29, and as such represents the first time the data protection authorities have revealed their thoughts on the interpretation of the GDPR. The guidance consists of three separate sets of guidelines and FAQs:
  • an explanation of the role of the now mandatory Data Protection Officer ("DPO");
  • a guide to the new right to data portability; and
  • guidance regarding the "one stop shop" mechanism for establishing the lead data protection authority in cases of cross-border data processing.
Although the guidance has been formally "adopted", the WP29 is welcoming comments from stakeholders until the end of January 2017, so it is possible that elements may be … Continue Reading ››
Datonomy summarises the latest developments in the ongoing saga of US data transfers. What's new? On 13 April, the Article 29 Working Party announced their eagerly awaited – but as it turned out,  somewhat inconclusive - conclusions on the proposed new EU-US Privacy Shield data transfer mechanism. A lunchtime press conference led by Article 29 Working Party Chairman Isabelle Falque-Pierrotin was followed by the publication in the late afternoon of two new documents: The documents analyse the Privacy Shield from two angles:
  • the commercial aspects
  • derogations for national security purposes.
See below ("What are the regulators' concerns") for a bit more detail on the content of these documents and the key concerns raised. As Datonomy readers … Continue Reading ››
Late on Friday 16 October, Europe’s data protection regulators issued an opinion enabling ongoing transfers of personal information from the EU to the US, at least for the time being. This followed on from the CJEU’s 6 October decision in the Schrems case that the so-called “safe harbor” regime used by more than 4000 US companies to legitimize the import of EU personal information was invalid. Following that decision a number of German data protection authorities ruled that “model clauses”, another mechanism used by thousands of other organisations to legitimize EU to US transfers, were also invalid. There was growing concern that the Article 29 Working Party, an influential body representing Europe’s data protection authorities, would follow the German approach creating more uncertainty and removing one of the few remaining limbs to support transfer. Businesses on both sides of the Atlantic can breathe a sigh of relief.  The opinion, although far from categorically … Continue Reading ››