Tag Archives: transparency

Article 29 Working Party (WP29)

Opinion of Article 29 WP29 on the EU – Privacy Shield draft adequacy decision

The Article 29 Data Protection Working Party (WP29) adopted its opinion on the EU-US Privacy Shield draft adequacy decision on April 13, 2016. The Privacy Shield saw the light after the invalidation by the Court of Justice of the European Union or CJEU (Schrems judgement) of the previous Safe Harbor agreement. The Opinion is complemented by a Working Document on the justification of interferences with the fundamental rights to privacy and data protection through surveillance when transferring personal data (European Essential Guarantees).

Months before, on October 2015, the WP29 stated that an assessment of the consequences of the Schrems decision with respect to all mechanism permitting data transfers to the US will be carried out. The WP29 proceed then to inventor and examine the jurisprudence of the CJEU as regards to Articles 7, 8 and 47 of the European Union Charter of Fundamental Rights and the Jurisprudence as well as the of the European Court of Human Rights related to Article 8 of the European Convention on Human Rights dealing with surveillance issues. The conclusions of this assessment led to the four European Essential Guarantees.

The Opinion of the WP29 includes an assessment of the Guarantees for data transfer to the US. According to it, the Privacy Shield includes significant improvements compared to the EU-US Safe Harbor framework. However, major points of concern remain and further clarification is needed in several aspects. The Working Party stressed the general complexity and lack of clarity regarding the Privacy Shield and expressed concerns with respect to both the commercial and national security aspects of the new framework.

 

Comissão Nacional de Proteção de Dados (CNPD)

The Portuguese Data Protection Authority launches its Activities Plan for 2016

On April 2016, the Portuguese Data Protection Authority (hereinafter, CNPD) published the “Plano de Atividades CNPD 2016”. This Plan provides a legal analysis which aims to address the transition to the new European legal framework for the current and following years.

More specifically, the subsequent actions has been defined:

1. The preparation for the implementation of the General Data Protection Regulation (GDPR);

2. New enforcement measures for data processing operations in the field of public sector and marketing communications.

This document also deals with handling of personal data in some specific areas such as; the identity theft, the personal data for administrative transparency reasons and the impact of Internet of Things on citizens’ privacy.

Besides, particular mention needs to be made to the Institutional Cooperation established in part E of the Plan more precisely, the establishment of new protocols with higher education institutions (first point), the implementation of the Center Safe Internet highlighting the area of ​​prevention in the field of data protection among young people using the Internet (fourth point), the Cooperation with the Cape Verdean counterpart authority, in exchange of information and experiences of the plan, technical training, integration in the various international data protection forums and support in the preparatory work for the recognition of the adequacy of data protection level (fifth point) and the consolidation of cooperation with the Personal Data Protection Office (OPPD) in the Region of Macao (sixth point).

Agencia Española de Protección de Datos (AEPD)

Final version of the Strategic Plan approved by the AEPD

On 20 November 2015, the Spanish Data Protection Agency (AEPD) approved its “Strategic Plan” for the period 2015-2019. The Plan is the result of the public consultation process from 15 to 31 October 2015.

A specific timetable to implement a wide range of actions has been created. In this sense, the AEPD has focused on the following areas.

Strategic axis n. 1: Prevention for a more effective protection (protection of citizens, protection of minors and education, actions in relation to public administrations, certification, accreditation and audit and other prevention measures).

Strategic axis n. 2: Innovation and data protection “Confidence factor and quality guarantee”

Strategic axis n. 3: A collaborative, transparent and participatory agency (the promotion of a culture of data protection, communication tools, website and dissemination)

Strategic axis n. 4: An agency closer to privacy authorities, officers and professionals (relationships with stakeholders, SMEs, privacy and IT professionals).

Strategic axis n. 5: A more agile and efficient agency (solution for international challenges, simplification and improvement in management, digital AEPD and definition of the AEPD status and competences).

This document is the result of a public consultation from 15 to 30 October. The final version includes the elaboration of an annual report with the level of compliance with the Strategic Plan, new proposals and any corrective measures to be taken in case of non-compliance.

The report will be sent to the Constitutional Committee of Congress and made public on the AEPD website.

European Data Protection Supervisor (EDPS)

Opinion 7/2015 – Meeting the challenges of big data. A call for transparency, user control, data protection by design and accountability

On 19 November 2015 the European Data Protection Supervisor issued Opinion 7/2015 entitled “Meeting the challenges of big data”. It deals with how big data can bring benefits and represent opportunities for the society as a whole if companies comply with data protection laws and find innovative ways to do so. The opinion outlines the strategy of the European Data Protection Supervisor to reach that goal, also in light of the ongoing data protection reform.