Tag Archives: Article 29 Working Party

Article 29 Working Party Emphasizes Importance of Personal Data Protection for Big Data Operations and Development

A recent statement from the Article 29 Working Party, the independent European advisory body on data protection and privacy, comprised of representatives of the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission, finds that the EU data protection principles, outlined in the EU Data Protection … Continue Reading

European Data Protection Regulators Clarify the Scope of the Balancing Test Required for Reliance on the “Legitimate Interests” Ground for Data Processing

On 9 April, the Article 29 Working Party (“WP29”) adopted an Opinion on the notion of legitimate interests of the data controller under Article 7(f) of the EU Data Protection Directive 95/46/EC (the “Opinion”).  The Opinion has two main objectives:  to ensure correct interpretation and implementation of the “legitimate interest” ground for data processing at … Continue Reading

European Regulators Set Out Data Anonymization Standards

By Kristof van Quathem and Dan Cooper On April 10, 2014, the Article 29 Working Party adopted an Opinion on anonymization techniques.  The Working Party accepts that anonymization techniques can help individuals and society reap the benefits of “open data” initiatives – initiatives intended to make various types of data more freely available – while … Continue Reading

EU Article 29 Working Party Publishes Guidance on Data Breach Notification

Last week, the Article 29 Data Protection Working Party published a non-binding Opinion on data breach notifications, titled Opinion 03/2014 on Personal Data Breach Notification (the Opinion).  The Opinion provides helpful new guidance to companies seeking to understand whether or not notifications about a breach must be made to European privacy regulators and/or affected individuals … Continue Reading

European Regulators and the Eternal Cookie Debate

By Dan Cooper and Mark Young This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website providers that … Continue Reading

French Data Protection Authority: 3-Month Deadline for Google to Comply With Privacy Laws

The CNIL announced in a press release on Thursday that it has issued a formal notice to Google Inc. that requires the search engine to provide clear and sufficient information to users about how their data is being used. In particular, the Paris based regulator wants Google to: Define specified and explicit purposes to allow … Continue Reading

Article 29 Working Party Releases New Opinion on Purpose Limitation

On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”.  The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, “explicit” and “legitimate” purposes, and not … Continue Reading

Article 29 Working Party Releases Further Comments on EU Data Protection Reform

On 27 February 2013, the Article 29 Working Party published its latest statement regarding the draft General Data Protection Regulation (the “Regulation”), which continues to undergo revision in the European Parliament and Council.  (The latest European body to comment on the draft was the European Parliament’s Committee on Employment and Social Affairs (EMPL), which published … Continue Reading

Must Google Forget You?

The Court of Justice of the European Union (“CJEU”) in Luxembourg heard argument yesterday concerning the “right to be forgotten”—specifically, whether search engines such as Google must block search results when asked by European citizens to remove references to themselves.  This particular case—which is representative of approximately 200 similar cases in Spain—came before the CJEU … Continue Reading

Commissioner Reding Speaks to the European Council on the Proposed Data Protection Regime

By Fredericka Argent On 26 October, 2012, Commissioner Viviane Reding, the Vice President of the European Commission, gave a speech in Luxembourg following the conclusion of a meeting of the Justice Council (a body of ministers representing Member State justice and home affairs departments, and part of the European Council).  The speech covered a variety … Continue Reading

CNIL and Article 29 Working Party Release Report on Google Privacy Policy

By Dan Cooper On 16 October, 2012, the French data protection authority, the CNIL, released a report on behalf of the Article 29 Working Party that examines Google’s compliance with European data protection law.  The report marks a new stage in an investigation which began nine months ago, when Google announced that it intended to … Continue Reading

Article 29 Working Party Publishes Guidance on Binding Corporate Rules for Processors

On 19 June 2012, the Article 29 Working Party (WP29), a group that gathers the data protection authorities of all twenty-seven EU Member States, published a working document that sets out a full checklist of the requirements that binding corporate rules (BCRs) for processors must meet.  BCRs are internal rules applying to entities of a multinational … Continue Reading

Biometric Data Under the Privacy Microscope

The Electronic Frontier Foundation and the Immigration Policy Center last week released an interesting report on law enforcement’s increasing efforts to gather biometric data, and associated risks of data inaccuracy, racial profiling, erroneous deportations, security breaches, and privacy invasions.  The report calls for greater accountability in the biometrics context, including collection and retention limitations; clear … Continue Reading

Korean Regulators to Investigate Google’s Privacy Policy Changes

The Korean Herald reports that the Korea’s Communications Commission (KCC) has opened an investigation into Google’s rollout of its new privacy policy in that country.  The investigation reportedly will focus on whether the company has received sufficient consent to the changes to Google’s existing policy and whether Google is collecting more data than is required … Continue Reading

Article 29 Working Party Releases Opinion on Geo-Location Data for Smart Mobile Devices

On Monday, the Article 29 Working Party released its new Opinion on geo-location data collection and processing in smart mobile devices.  The paper comes on the heels of a recent furor over the extent to which smart phones collect, process and transmit location data without the full knowledge and consent of the phone’s users.  It represents the first … Continue Reading

The Article 29 Working Party and Breach Notification in the EU

The Article 29 Working Party recently released an opinion on data breach notification in the EU. The opinion addresses two main issues: Experience to date with the existing breach notification rules in the ePrivacy Directive. The breach notification obligation imposed by article 4.3-5 of the ePrivacy Directive (2002/58/EC) only applies to providers of electronic communications … Continue Reading