purpose limitation

On April 3, 2019, the Association of German Supervisory Authorities (“Datenschutzkonferenz” or “DSK”) issued a paper (available here in German) on the interpretation of “broad consent” for scientific research in Recital 33 of the GDPR and the interplay with the definition of consent  and the principle of purpose limitation.

According to the DSK, broad consent

The Article 29 Data Protection Working Party (“Working Party”), the independent European advisory body on data protection and privacy, comprised of representatives of the data protection authorities of each of the EU member states, the European Data Protection Supervisor (the “EDPS”) and the European Commission, has identified a number of significant data protection challenges related to the Internet of Things. Its recent Opinion 08/2014 on the Recent Developments on the Internet of Things (the “Opinion”), adopted on September 16, 2014 provides guidance on how the EU legal framework should be applied in this context. The Opinion complements earlier guidance on apps on smart devices (see InsidePrivacy, EU Data Protection Working Party Sets Out App Privacy Recommendations, March 15, 2013).
Continue Reading Internet of Things Poses a Number of Significant Data Protection Challenges, Say EU Watchdogs

A recent statement from the Article 29 Working Party, the independent European advisory body on data protection and privacy, comprised of representatives of the national data protection authorities of the EU Member States, the European Data Protection Supervisor and the European Commission, finds that the EU data protection principles, outlined in the EU Data Protection Directive 95/46/EC, are still valid and appropriate for the development and use of big data analysis.

The statement responded to recent calls by stakeholders that certain data protection principles under EU law should be “substantially reviewed” to enable promising developments in big data operations. The Article 29 Working Party Statement, adopted on September 16, 2014, acknowledged that challenges presented by big data might require “innovative thinking” on how to address key data protection principles; but, the protection of personal data remains fundamentally engrained in building trust between companies and consumers.Continue Reading Article 29 Working Party Emphasizes Importance of Personal Data Protection for Big Data Operations and Development

Data is everywhere. The amount of data on the global level is growing by 50 percent annually. 90 [percent] of the world’s data has been generated within the past two years alone,” explains the International Working Group on Data Protection in Telecommunications in their Opinion of May 6, 2014, titled, “Working Paper on Big Data and Privacy: Privacy principles under pressure in the age of Big Data analytics“. The Working Group, founded in 1983, has adopted numerous recommendations and since the beginning of the 90s focused on the protection on privacy on the Internet. Its members include representatives from data protection authorities and other bodies of national public administrations, international organizations and scientists from all over the world.


Continue Reading Big Data Analysis is Possible Without Infringing Key Privacy Principles, Says International Working Group

On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”.  The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, “explicit” and “legitimate” purposes, and not process the data for further purposes that are incompatible with the purposes for which data were originally collected.  As each of these terms have been interpreted differently in different Member States, causing potential confusion for data controllers operating in multiple jurisdictions, one of the main aims of the Working Party paper is to provide clearer, more harmonized interpretations of the principle.  The paper also aims to generally clarify the current legal framework and assist policy makers in drafting the new EU data protection legal framework, and offers guidance on specific scenarios (such as so-called “Big Data” processing).
Continue Reading Article 29 Working Party Releases New Opinion on Purpose Limitation