Tag Archives: EU Privacy

Working Party welcomes the draft ePrivacy Regulation, yet expresses grave concerns

Written by
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims to modernize the existing ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) which concerns the protection of personal data in the context of electronic communication services. In its Opinion, the Working Party overall welcomed the proposed regulation, yet expressed several points of concern and suggested amendments. The congratulations… In welcoming the regulation, [...] Read more

UK Launches Public Consultation on GDPR Consent Guidance

Written by
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing UK’s Data Protection Act 1998 (DPA). It is yet unclear how Brexit will play out, yet in the meantime the United Kingdom is moving to adopt the GDPR principles so that it adequately protects the personal data transferred within the EU. The GDPR sets a high standard for consent and compliance, which means that companies must start preparing for this transition. The Information Commissioner’s Office (ICO) issued a guidance on GDPR consent on 2 March, explaining its recommended approach to compliance and [...] Read more

CNIL Launches Second Round of Public Consultation on GDPR

Written by
Last week, the French Data Protection Authority ("CNIL") launched the second round of a public consultation on the General Data Protection Regulation (“GDPR”).  The first public consultation was launched in June 2016 and addressed the requirements in the GDPR relating to data protection officers, data portability and privacy seals and certifications.  The outcome of the June 2016 consultation was integrated by the Consortium of the European data protection authorities (“WP29”) into WP29’s recent guidance. Similarly, the new public consultation launched by the CNIL is aligned with [...] Read more

Spanish Ministry of Justice Launches Public Consultation on GDPR

Written by and
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”).  The press release clarifies that although the GDPR has direct effect in the European Member States, its implementation into Spanish law is not a straightforward exercise because (i) the obligations in existing data protection legislation need to be maintained or amended (as the case may be), and (ii) other sector specific laws containing provisions on data protection need to be updated.  A [...] Read more

Spanish DPA Issues GDPR Guidelines

Written by
On January 26, 2017, the Spanish data protection authority (“AEPD”) published three guidance papers on the implementation of the general data protection regulation (“GDPR”). Although the guidance is primarily directed at small and medium-sized companies, it gives a snapshot on how the AEPD reads the GDPR and is thus relevant for all companies having operations in Spain. GDPR Guide for Controllers: the guide summarizes the requirements of the GDPR while providing practical recommendations on how to implement them. The guide also contains a questionnaire to help controllers make a [...] Read more

Article 29 Working Party Identifies GDPR Implementation Priorities for 2017

Written by
In a press release published on January 16, 2017, the Article 29 Working Party (“WP 29”) has outlined its strategy for 2017 on implementation of the General Data Protection Regulation (“GDPR”). WP29’s “2017 GDPR Action Plan” identifies the following priorities, objectives, deliverables and activities for the coming year: 2016 Follow-Up.  WP29 will finalize work commenced in 2016 on: (i) data protection certification mechanisms; (ii) processing activities likely to result in “high risk” processing and Data Protection Impact  Assessments; (iii) administrative fines; (iv) [...] Read more

WP29 Issues Guidance on the Right to Data Portability under the GDPR

Written by
Late last week, the Article 29 Working Party (“WP29”) issued detailed guidance on companies’ obligations under three key provisions of the General Data Protection Regulation ("GDPR").  This is part two of a three-part Alston & Bird series evaluating WP29's positions, and relates to the Right of Data Portability for data subjects and its obligations for data controllers.  Part 1 deals with Data Protection Officer obligations, under the GDPR, while part 3 analyzes guidance on the Lead Supervisory Authority mechanism. Article 20 of the GDPR creates a new right to data portability [...] Read more

France adopts new regime for privacy class actions

Written by
A few weeks ago, France passed the Digital Republic Act which significantly enhances French citizens’ rights to privacy by offering new avenues to exercise rights and granting new powers to the French data protection authority. A recent amendment to the Data Protection Act, adopted November 18, 2016, goes a mile farther and introduces a new type of class action for privacy-related matters. Class actions were introduced into the French Consumer Code quite recently, in 2014. Although largely inspired by the U.S.-style class action, class actions in France have a slightly different scope: [...] Read more

EU-U.S. Privacy Shield Faces Judicial Attack

Written by
The EU-U.S. Privacy Shield (“Privacy Shield”) is already under challenge before the European courts, after having been approved only some months ago by the European Commission (“EU Commission”). The European courts’ website records that an action for annulment has been brought by Digital Rights Ireland, the privacy and digital rights advocacy organization, before the General Court of the European Union.  A spokesperson for the court has confirmed that Digital Rights Ireland’s application seeks annulment of the EU Commission’s July 12, 2016 Privacy Shield decision, which found [...] Read more

EU-US Privacy Shield – FAQs

Written by , and
Today, the European Commission (“EU Commission”) formally approved a new transatlantic framework for the transfer of personal data from Europe to the United States (“U.S.”) (the “Privacy Shield”). Under the EU Commission’s decision approving the new framework ( the “Adequacy Decision”), U.S. organizations participating in the Privacy Shield will be deemed to ensure an “adequate level of protection” for the transfers of personal data from Europe to the U.S.. The Privacy Shield is the result of extensive negotiations between the EU Commission and the U.S. Department of Commerce [...] Read more