_Article 29 Working Party
09/04/2020
“PUBLIC HEALTH AND PRIVACY” AND NOT “PUBLIC HEALTH OR PRIVACY”: Surveillance in the fight against COVID-19
“Hopefully COVID-19 will be gone at some point, but tracking technologies may stay for longer and permanently hamper the rights and freedoms of individuals” As part of my blog series on #PublicHealthANDprivacy in light of the COVID-19 pandemic, this short reflection will focus on digital surveillance. There is no doubt that data and technology have […]
24/07/2018
The importance of the Records of processing activities (Art. 30 GDPR)
A number of Supervisory Authorities have already mentioned that their investigations on GDPR compliance will start from the analysis of the Records of processing activities (Art. 30 GDPR). By having accurate and complete Records, organisations will be able to prove that they are taking the GDPR seriously by applying a systematic approach to mapping and […]
25/05/2018
Happy GDPR Day: The start of a new era with the General Data Protection Regulation
Topics:
AI Article 29 Working Party Big Data Cloud Computing Corporate Social Responsibility CSR Data Retention DPA DPO European Commission Garante Privacy GDPR International Data Transfers Italian Data Protection Law Law Enforcement Access Privacy Privacy and data protection Security measures Uncategorized
Happy May 25th to everyone. Today represents the start of a new era for data protection, privacy and digital rights.
22/04/2018
#Art29WP Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR
In its Position Paper the Article 29 WP provides us with clarification with respect to the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR. The Article 29 WP’s position on the derogation from this obligation, specifying that the derogation provided by Article 30(5) is not absolute and that in fact, the […]
21/04/2018
#Art29WP publishes Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR
On 11 April 2018, the Article 29 Working Party published its Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR. The document updates the WP 107 and outlines cooperation procedures in line with the GDPR. Some important points to consider: binding corporate rules are […]
16/04/2018
Article 29 WP announces new Social Media Working Group
In light of the recent Cambridge Analytica scandal, the Article 29 WP has announced that it fully supports investigations by national DPAs concerning the collection and use of personal data through our omnipresent use of social media, declaring that it will create a Social Media Working Group to work on the matter. Read the official press […]
28/11/2017
Article 29 Working Party Guidelines on Personal data breach notification under GDPR
On 18 October, the Article 29 Working Party published its Guidelines on Personal data breach notification under Regulation 2016/679. The Guidelines are not, however, final as stakeholders have until 28 November 2017 to provide their comments and feedback. The EU General Data Protection Regulation (hereinafter, “GDPR”) introduces the requirement for a personal data breach to be notified to […]
28/09/2017
Council proposes new rules for analytics
In early September the Council reviewed the draft of the new e-Privacy Regulation (“EPR”) – previously published by the European Commission on 10 January 2017 – which allows the use of first-party and third-party analytic cookies without express consent of the end-user. Among other changes to the new EPR, the Council has proposed amendments to Article 8, […]
24/06/2017
New Article 29 Working Party Opinion Published: Opinion 2/2017 on data processing at work
The Article 29 Working Party adopted Opinion 2/2017 on data processing at work on 8 June 2017. The Opinion builds on Opinion 8/2001 and its 2002 Working Document on the surveillance of electronic communications in the workplace, adapting to the context of present technologies that have changed the field of employee data processing and therefore impacting […]
02/03/2017
Article 29 Working Party publishes Privacy Shield enforcement documents
The Article 29 Working Party is preparing for enforcement as the nine-month grace period for US Companies that self-certified before 30 September 2016 comes to an end on 30 June 2017. As of today there are a total of 1,750 organizations signed up to the EU-US Privacy Shield List, which applies to the transfer of […]