Tag Archives: Article 29 Working Party

First Annual Privacy Shield Review Will Comprehensively Assess the Framework

The first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) is scheduled to occur in September 2017 in Washington, D.C.  The first review is particularly important for the nascent framework, as regulators in both the U.S. and the EU are expected to closely scrutinize the operation of the first year of the Privacy Shield, … Continue Reading

New EU GDPR Guidance: Data Portability, Data Protection Officers, and the One Stop Shop

The Article 29 Working Party (“WP29”) – the representatives of national data protection regulators in the EU – has issued new guidance on three important aspects of the new General Data Protection Regulation (“GDPR”), which comes into force in May 2018. This first salvo of GDPR-focused guidance concerns: the new “Right to Data Portability”, an … Continue Reading

EU and US Unveil the New Privacy Shield

At a joint press conference in Brussels this morning (July 12, 2016), EU Commissioner Jourová and the U.S. Secretary of Commerce, Penny Pritzker, presented the new EU-U.S. data transfer mechanism (see press release here, adequacy decision text here, annexes here and Q&A factsheet here).  The press conference followed the approval of the underlying adequacy decision … Continue Reading

Privacy Shield Deal Passes Major EU Hurdle

On July 8, 2016, the draft EU-U.S. Privacy Shield adequacy decision was formally approved by the so-called “Article 31 Committee” of EU Member States (see press release, here). That approval opens the door for the College of EU Commissioners to approve the Privacy Shield on Monday (July 11).  Once translated and published in the Official … Continue Reading

The CNIL and EDPS Launch Public Consultations

On June 16, 2016, the French data protection authority (“CNIL”) launched a public consultation on the General Data Protection Regulation (“GDPR).   The consultation focuses on four priority themes set out in the Article 29 Working Party’s 2016 Action plan: the data protection officer; the right to data portability; data protection impact assessments; and certification.… Continue Reading

European Data Protection Supervisor Opinion on the Privacy Shield

On May 30, the European Data Protection Supervisor (the “EDPS”) issued an opinion on the Privacy Shield, see opinion here and press release here.  The EDPS acknowledged that the European Commission’s draft adequacy decision on the Privacy Shield is a step in the right direction and shows a number of improvements compared to the EU-U.S. … Continue Reading

European Parliament Passes Resolution on the Privacy Shield

This morning (May 26, 2016) the European Parliament (“EP”) approved a non-binding resolution on the proposed EU – U.S. Privacy Shield (see resolution here and press release here).  The resolution is far more positive in relation to the Privacy Shield than some of the proposals floated by some political groups earlier this week (see, for instance, the resolution proposed … Continue Reading

EU Data Protection Authorities Call For Further Clarifications on the EU-U.S. Privacy Shield and Raise Some Concerns

By Helena Marttila-Bridge and Monika Kuschewsky Today, the Article 29 Data Protection Working Party (“Working Party”), a group consisting of representatives from the European data protection authorities, the European Data Protection Supervisor, and the European Commission, published its opinion on the EU-U.S. Privacy Shield draft adequacy decision (“Opinion”) (see here). The Opinion is accompanied by … Continue Reading

Advocacy Group Letter Opposes Privacy Shield

Yesterday, a group of twenty-seven privacy and civil liberties organizations sent a letter to EU officials opposing the EU-U.S. Privacy Shield, which was released last month and is currently being reviewed by the Article 29 Working Party in the EU.  According to the letter, the Privacy Shield “manifestly fails” to meet the standards set by … Continue Reading

Privacy Shield: Top Five Reasons It’s Tougher Than the Safe Harbor, Whether You Should Certify, and Next Steps

As noted in our post yesterday, the text of the EU-U.S. Privacy Shield, the upcoming trans-Atlantic data-transfer framework between the EU and U.S. to replace the invalidated U.S.-EU Safe Harbor, has been released by the U.S. Department of Commerce.  Commerce’s release coincided with the release of a draft adequacy decision by the European Commission. A … Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper, Phil Bradley-Schmieg and Joseph Jones Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union … Continue Reading

European Commission issues guidance on the impact of the Schrems (Safe Harbor) ruling of the EU’s Highest Court

By Monika Kuschewsky and Vera Coughlan Following the judgment of the Court of Justice of the EU of October 6 in the Schrems case (Case C-362/14) (see our previous blog post here), today, the European Commission issued guidance on transfers of personal data from the EU to the U.S. post Schrems. For the press release see … Continue Reading

Schrems (Safe Harbor) Judgment – German Data Protection Authorities Issue Position Paper

Today, the German supervisory authorities (“German DPAs”) responsible for data protection at federal and state (Länder) level published a position paper on the EU-U.S. Safe Harbor (available in German – see here).  This 14-point position paper follows a meeting that these authorities held last week.  Key points include: following the Safe Harbor judgment of the … Continue Reading

Article 29 WP On the Schrems Ruling (Safe Harbor) − Latest Developments and Next Steps

The Article 29 Data Protection Working Party (“Article 29 WP”), an EU advisory body on data protection composed of representatives of the national data protection authorities (“DPAs”), the European Data Protection Supervisor and the European Commission, met in plenary on Thursday, October 15, to discuss the first consequences of the judgment of the Court of … Continue Reading

Article 29 Working Party Updates BCR Guidance

On June 2, 2015, the Article 29 Working Party updated its published guidance on the topic of Processor BCRs.  In their latest guidance document, the Working Party focus specifically on the sensitive topic of disclosures to  law enforcement agencies (LEAs). By means of Processor BCRs, data processors are able to share EU-originating personal data within … Continue Reading

Article 29 Working Party Clarifies Scope of Health Data in Apps and Devices

The Article 29 Data Protection Working Party (Working Party), an independent EU advisory body on data protection and privacy, responded to a request from the European Commission made in the framework of the Commission’s  mHealth initiative to clarify the definition of data concerning health in relation to lifestyle and wellbeing apps.  (See more here, and here … Continue Reading

Article 29 Working Party Publishes Working Document Setting Out Cooperation Procedure for Issuing Common Opinions on Contractual Clauses

By Tom Jackson On November 26, 2014, the Article 29 Working Party adopted a working document setting out a cooperation procedure for issuing common opinions on contractual clauses considered as compliant with the EC Model Clauses (the “Working Document”).  The Working Document sets out the framework for a procedure designed to streamline the process of … Continue Reading

European Data Protection Regulators Release Joint Statement on European Values

By Tom Jackson On November 26, 2014, the Article 29 Working Party released a short joint statement containing a series of declarations on:  (i) “European values”; (ii) “surveillance for security purposes”; and (iii) the “European influence.”  The joint statement emphasizes the balance to be struck between protecting data protection rights and allowing national intelligence agencies … Continue Reading

Have EU Privacy Regulators Just Spelled the End of Web Tracking?

On November 25, 2014, the Article 29 Working Party (“WP29”) issued an opinion paper on device fingerprinting (the “Opinion”).  The Opinion builds on existing guidance on cookies (Opinion 04/2012) and confirms that organizations wishing to generate “device fingerprints” by storing or accessing information on a user’s device must obtain user consent (unless an exemption applies). … Continue Reading

Article 29 Working Party Publishes Full Guidance On CJEU Right To Be Forgotten Ruling Against Google

Late last week, the Article 29 Working Party released a short press statement announcing that it had agreed guidance for the implementation of the May 2014 CJEU ruling against Google on the “right to be forgotten.”  See our first post on the Working Party’s guidance here.  The Working Party has now published a full 20-page … Continue Reading

Article 29 Working Party Agrees Right to Be Forgotten Guidance Following May 2014 CJEU Ruling Against Google

On November 25, 2014, the Article 29 Working Party agreed guidelines for data protection authorities seeking to apply the Court of Justice of the European Union (CJEU) ruling reached earlier this year against Google, which has become known as the right to be forgotten or “RTBF” ruling.  The full guidelines have not yet been published, … Continue Reading

Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related … Continue Reading
LexBlog