17.02.2017

Art. 29 WP: Press release on next GDPR Guidelines, Privacy Shield, E-Privacy, Windows 10 etc.

During the February plenary meeting, the Article 29 Working Party (WP29) discussed certain critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and of the Privacy Shield as well as the handling of enforcement measures on cases having a cross-border effect (press release, pdf)
1. IMPLEMENTATION OF THE GDPR
The deadline for the submission of comments on the pre-adopted DPO, lead authority and data portability guidelines has been extended until February 15, 2017. Accordingly, it has been agreed that the rapporteurs will review such comments and submit the amended guidelines for adoption at the next plenary session in April at the latest.
The WP29 has also continued its work on the 2016 ongoing topics of Data Protection Impact Assessments (DPIAs), certification and other internal topics (e.g. administrative fines, EDPB internal rules).
On DPIAs, the work is almost finalized and the final version of the guidelines should be proposed for pre-adoption in April. Regarding certification, the European Commission announced that it will launch a study that could provide added-value to the work done by the WP29 until now. In addition, a one day workshop shall be organized between DPAs in April to finalize the drafting of the guidelines. Their pre-adoption is expected for June. [emphasis added]
Following the publication of the 2017 GDPR Action Plan, the WP29 has established, the delegation of tasks within its working groups and the working calendar for the adoption of all relevant guidelines and other documents.
The WP29 has also confirmed the dates for its second Fablab on April 5 and 6, 2017 in Brussels. This interactive workshop will concentrate on the topics of consent, profiling and notification of data breaches. [...]
2. PRIVACY SHIELD
[...] Finally, the WP29 shall send a letter to the US authorities (i) pointing out concerns and asking clarifications on the possible impact of the Executive Order 'Enhancing Public Safety in the Interior of the United States' on the Privacy Shield and the Umbrella agreement, (ii) requesting assurances on the way personal data will be dealt with by US authorities regarding complaints under the Privacy Shield and (iii) providing answers to questions from the US authorities on the functioning of the centralized body. [...]
3. ENFORCEMENT SUBGROUP
The WP29 has initiated detailed inquiries into the processing of personal data processed via Windows 10 by Microsoft[...]
Also, the topics of WhatsApp and Yahoo were briefly discussed at the meeting and a contact group has been created for the follow-up of privacy related issues with regards to connected toys.
4. OTHER
Two opinions will be prepared by the WP29 on (i) the e-privacy regulation proposed by the European Commission on January 10, 2017 and (ii) the revised EU regulation 45/2001 on the processing of personal data by European institutions and bodies. Both opinions should likely be submitted for adoption in April 2017. [emphasis added]
Finally, the WP29 shall send very shortly a formal letter to the European Council on the necessity for national governments to provide increased resources to Data Protection Authorities in view of the application of the GDPR. The letter will then be circulated to Member State governments. [emphasis added]
Source: Article 29 Working Party