Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data processing

Posted in International/EU Privacy

Article 29 Working Party Issues Guidance on Data Protection Impact Assessments

The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has published draft guidance on data protection impact assessments, the full text of which is available on the Working Party website. Comments can be submitted to the Working Party by 23 May 2017, after which the guidance will be finalised.

Posted in International/EU Privacy

UK ICO Publishes Guidance on Consent Under GDPR

The UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year, but reading the guidance makes it clear why the ICO decided to prioritise it: many of the practices which it identifies as unacceptable are fairly common in the UK, meaning many companies are going to have to re-think their approach to legitimising their data processing.

Posted in International/EU Privacy

EU-U.S. Umbrella Agreement Gets ‘Amber Light’ from Article 29 Working Party

The Article 29 Working Party has issued a revealing statement about the so-called EU-U.S. Umbrella Agreement, which is aimed at creating a high-level data protection framework in the context of transatlantic cooperation on criminal law enforcement. As a sign of support for the deal, the Working Party welcomes the initiative to set up a general data protection framework in relation to law enforcement cooperation. In a fairly positive tone, the Working Party states that the Umbrella Agreement “considerably strengthens the safeguards in existing law enforcement bilateral treaties with the US, some of which were concluded before the development of the EU data protection framework.” This statement by the Working Party follows its recent announcement that it had created a working group for enforcement actions on organisations targeting several member states, which is yet another sign of the growing international ambitions of the EU data protection authorities.

Posted in International/EU Privacy

Part 4: Justifying Data Uses – From Consent to Legitimate Interests

Under the Data Protection Directive, each instance of data processing requires a legal justification – a “ground for processing”. This fundamental feature of EU data protection law remains unchanged under the draft Regulation. However, the bar for showing the existence of certain grounds for processing will be set higher, particularly in relation to consent. This entry is an excerpt from Hogan Lovells’ “Future-proofing privacy: A guide to preparing for the EU Data Protection Regulation.”