INTERNATIONAL DATA PROTECTION

WP29’s plenary meeting: final guidelines on DPIA and opening for comments on data breach notification and profiling

Date 10/20/2017.

At its plenary meeting held in October 2017, Working Party 29 (WP29) examined certain critical matters regarding the implementation of Regulation 2016/679, the so called General Data Protection Regulation (GDPR). WP29 approved the final version of the DPIA guidelines Guidelines on Data Protection Impact Assessment after having examined the comments received during the public consultation which ended […]

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

Date 10/20/2017.

The Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679, wp248rev.01, are available at here.   The GDPR requires controllers to implement appropriate measures to be able to demonstrate compliance with the GDPR itself, taking into account among others […]

Spanish DPA issues Eur 1.2 million fine to Facebook

Date 10/08/2017.

On September 11, 2017, the Spanish Data Protection Agency (AEPD) issued a closing resolution against Facebook deeming that the company doesn’t process data in accordance with EU data protection law. According to the AEPD, Facebook “collects data on ideology, sex, religious beliefs, personal preferences or browsing activity without clearly informing about how and for what purpose it will use […]

Belgian DPA publishes template to record processing activities

Date 10/02/2017.

On August 30, 2017, the Belgian Data Protection Authority, Commissie voor de bescherming van de persoonlijke levenssfeer (CBPL) published a template to help organizations to meet their duty to record processing activities under Article 30, GDPR. The template is available in Dutch and French and can be downloaded here. In June 2017, the Belgian DPA had published a a recommendation […]

New York City Bar Opinion 2017-5 on lawyer’s duty of confidentiality when crossing borders

Date 08/23/2017.

On July 25, 2017, the New York City Bar issued Formal Opinion 2017- 5, which concludes that lawyers have a duty to protect clients’ confidential information from disclosure. This duty stretches to U.S. border agents searching electronic devices. Lawyers shall take “reasonable precautions” to avoid disclosure of clients’ confidential information. Such precautions will vary based […]

Implementation of the data protection impact assessment according to the GDPR

Date 07/27/2017.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR). Regulation (EU) 2016/679, repeals Directive 95/46/EC and expands on […]

Conseil d’Etat requests preliminary ruling from CJEU on Right to be Forgotten

Date 07/25/2017.

The right to be forgotten has been judicially recognized by the CJEU with the Google Spain judgment  (Case C-131/12). According to the judgement, Europeans have the right to disappear from search engine’s results under certain conditions. The National Commission of Information Technologies and Liberties (CNIL), Commission nationale de l’informatique et des libertés, rejected some complaints […]

WP29 issues Opinion to balance employers’ legitimate interests and employees’ reasonable privacy expectations

Date 07/13/2017.

On June 8, 2017, Working Party 29 (WP29) issued Opinion 2/2017 on data processing at work, which makes a “new assessment of the balance between legitimate interests of employers and the reasonable privacy expectations of employees” also considering the new challenges to data protection created by new technologies. Opinion 2/2017 updates previousOpinion 08/2001 on the processing […]