Select Page

Author: Privacy Matters

EUROPE: Article 29 Working Party publish draft Guidelines on Transparency

  On 12 December 2017, the Article 29 Working Party (“WP29”) published draft guidance on the obligation of transparency, to be found here. An important topic, as transparency is intrinsically linked to fairness and the newly introduced principle of accountability under the GDPR. Please find the highlights below.   TRANSPARENCY: KEY ELEMENTS Chapter III of the GDPR provides the basis of the transparency principle. In particular article 12, which cuts this principle into the following elements: 1. “concise, transparent, intelligible, and easily accessible“ The WP29 explains this requirement as follows:– Information must always be presented efficiently and succinctly, in...

Read More

EUROPE: Article 29 Working Party publish draft Guidelines on Transparency

  On 12 December 2017, the Article 29 Working Party (“WP29”) published draft guidance on the obligation of transparency, to be found here. An important topic, as transparency is intrinsically linked to fairness and the newly introduced principle of accountability under the GDPR. Please find the highlights below.   TRANSPARENCY: KEY ELEMENTS Chapter III of the GDPR provides the basis of the transparency principle. In particular article 12, which cuts this principle into the following elements: 1. “concise, transparent, intelligible, and easily accessible“ The WP29 explains this requirement as follows:– Information must always be presented efficiently and succinctly, in...

Read More

EUROPE: Article 29 Working Party publish draft Guidelines on Consent

On 12 December 2017, the Article 29 Working Party (WP29) published draft Guidelines on Consent under the General Data Protection Regulation (GDPR). The guidelines expand on the WP29’s ‘Opinion on the definition of consent’ (July 2011), addressing the concept of consent in the context of the enhanced regulatory regime under the GDPR. The Guidelines apply a strict interpretation of the principles that underpin valid consent in the GDPR.  In the UK, they may be read alongside the separate draft GDPR consent guidance issued by the UK Information Commissioner’s Office (ICO) in March 2017. Elements of Valid Consent The Guidelines...

Read More

WP29: (draft) GUIDANCE ON BCR’s and ANNUAL REVIEW OF PRIVACY SHIELD

This week, the Article 29 Working Party (“WP29”) published their joint annual review of Privacy Shield and their long awaited (draft) guidance on Binding Corporate Rules (“BCR’s”). Privacy Shield: The WP29 have identified a number of important unresolved issues and warn that if no remedy is brought within the next year, they will bring the Privacy Shield adequacy decision to the national courts for them to refer it to the ECJ for a preliminary ruling. The Opion can be foud here. Binding Corporate Rules: The WP29 has amended their previous working documents, providing a table with the elements and...

Read More

UK: The rise of privacy group action risk

Two recent developments in the United Kingdom highlight the growing risk of privacy litigation and “group actions” which is likely to further increase following the enactment of the General Data Protection Regulation (“GDPR“) in May 2018.  The focus to date on GDPR has largely been on the revenue based fines that can be imposed for non-compliance.  However litigation risk, particularly group action litigation risk, is potentially an equally significant hazard for organisations which should not be overlooked in GDPR readiness programmes. Article 82 of the GDPR provides a legislative basis for the right to compensation for both “material” and...

Read More

ITALY: WHAT WILL DATA PROTECTION OFFICERS BE LIABLE FOR?

Under the General Data Protection Regulation (GDPR), companies that process large amounts of sensitive personal data or consistently monitor data subjects on a large scale will be required to appoint a data protection officer (DPO). As discussed in our previous posts, the DPO will have significant responsibilities, including reporting on data to the highest management level. While the DPO debate has so far been focussed on where to place the DPO within company structures, confusion remains over the DPO’s actual responsibilities. Firstly, the GDPR does not provide for any specific liability for the DPO. However, the Art. 29 Working...

Read More

CYBERSECURITY AND GDPR: WHERE WE ARE HEADING

The European General Data Protection Regulation (“GDPR”) is leading to a change culture, which will increase not only data protection but also security awareness. Below you will find the main takeaways of the data protection and cybersecurity seminar held with the GIOIN Open Innovation Network in Turin. Cyberattacks (and more broadly IT security threats) are inevitable. It is a matter of assessing how such attacks are monitored and confronted. IoT brings increasing concerns, from data sharing with unreliable third parties to unsecure data transfer and usage of vulnerable web applications.  Connected devices have substantially widened the perimeter of potential attacks...

Read More

The new Belgian Data Protection Authority: leaner and (probably) meaner

Patrick Van Eecke and Peter Craddock On 25 May 2018, the Belgian Privacy Commission will be renamed “Belgian Data Protection Authority” (BDPA) and will gain the power to impose fines. This is part of a comprehensive reform approved by the Belgian Parliament on Thursday 16 November 2017. Among the changes, the BDPA will be headed by 5 full-time commissioners, compared to 16 part-time commissioners currently, and still presided for the time being by Willem De Beuckelaer (the current President). Its team of 60 people will be downsized and reorganised, with the aim of making more resources available to build...

Read More