Work programme 2016 2018

Similar documents
Working Document 02/2013 providing guidance on obtaining consent for cookies

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Important aspects of the new Regulation third country data transfers

ARTICLE 29 DATA PROTECTION WORKING PARTY

Council of the European Union Brussels, 26 June 2015 (OR. en)

European Privacy Reporter

How To Regulate Data Protection In European Union

PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

ARTICLE 29 DATA PROTECTION WORKING PARTY

Data transfers in the Cloud

ARTICLE 29 DATA PROTECTION WORKING PARTY

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data

Version 56 (29/11/2011)

BRING YOUR OWN DEVICE

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL

Application of Data Protection Concepts to Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Prof. Udo Helmbrecht

COMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

COMMISSION OF THE EUROPEAN COMMUNITIES GREEN PAPER

Overview. Data protection in a swirl of change Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

COMMISSION OF THE EUROPEAN COMMUNITIES REPORT FROM THE COMMISSION ON MONITORING THE APPLICATION OF COMMUNITY LAW (2003) OVERALL POSITION

All rights reserved. 2011, EuroPriSe/ULD

EUROPEAN DATA PROTECTION SUPERVISOR. Inventory A strategic approach to legislative consultation

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

Lots of clouds: a stormy weather for information privacy?

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

RESTREINT UE/EU RESTRICTED

COMMISSION RECOMMENDATION. of on a European resettlement scheme

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

EU- US NGO Letter on 1 To Secretary Pritzker

THE LATVIAN PRESIDENCY UNLOCKING EUROPEAN DIGITAL POTENTIAL FOR FASTER AND WIDER INNOVATION THROUGH OPEN AND DATA-INTENSIVE RESEARCH

ARTICLE 29 DATA PROTECTION WORKING PARTY

8674/15 MC/pf 1 DGD 1B

Council of the European Union Brussels, 30 June 2016 (OR. en) Mr Jeppe TRANHOLM-MIKKELSEN, Secretary-General of the Council of the European Union

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL. Rebuilding Trust in EU-US Data Flows

Data Protection and Cloud Computing: an Overview of the Legal Issues

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

Accountability: Data Governance for the Evolving Digital Marketplace 1

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

J O I N T D E C L A R A T I O N

New EU Data Protection legislation comes into force today. What does this mean for your business?

LIMITE EN. Background

The eighth data protection principle and international data transfers

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

South East Asia: Data Protection Update

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

Opinion 03/2013 on purpose limitation

Buckinghamshire County Council Transport for Buckinghamshire ANPR Code of Practice

DATA PROTECTION POLICY

Resolution on the EU Customs Action Plan to combat intellectual property rights infringements (2013 to 2017)

The Council is invited to approve the draft Conclusions on Counter-Terrorism, as set out in the annex.

DATE: 1 APRIL Introduction

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

Legal English terminology in a National and European context 8-11 December Programme

Agreement on a European Works Council. within the Scandic Hotels Holding AB group

Data protection legislation influence on cloud computing from local as well as EU perspective

Mr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today.

Context. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world

Opinion 04/2012 on Cookie Consent Exemption

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 February /05 LIMITE COPEN 35 TELECOM 10

Legal English terminology in a national and European context 8-11 December Programme

LIABILITY FOR NON-COMPLIANCE WITH DATA PROTECTION OBLIGATIONS

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November /06 DATAPROTECT 45 EDPS 3

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan

Healthcare Professionals Crossing Borders Agreement

ARTICLE 29 Data Protection Working Party

OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)

Smart Borders and Law Enforcement Access: Legitimacy, Effectiveness, and Proportionality

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

slaughter and may The new EU Data Protection Regulation revolution or evolution?

Institute for Judicial and Legal Studies

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

Built Environment Accessibility: The Irish Experience

The European Union as a Constitutional Guardian of Internet Privacy and Data Protection: the Story of Article 16 TFEU

The transfer of personal data to third countries and international organisations by EU institutions and bodies. Position paper

EUROPEAN REGULATORS GROUP ANNUAL REPORT Published February 2006

The HR Skinny: Effectively managing international employee data flows

I. Introduction to Privacy: Common Principles and Approaches

Giuseppe Busia Segretario generale Garante per la protezione dei dati personali

Statement on the general concept of the European Union towards Data Protection by Aktion Freiheit statt Angst e.v.; EU Register ID

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

ANNEX. to the COMMISSION IMPLEMENTING DECISION

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Opinion of the European Data Protection Supervisor

Brief Summary on the Philippine B bilateral Air Services Agreement

TRIO PRESIDENCY OF BULGARIA, CROATIA AND THE CZECH REPUBLIC 18-MONTH WORK PROGRAMME. 1 July December 2016

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Summary of replies to the public consultation on crossborder inheritance tax obstacles within the EU and possible solutions

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL AND THE PARLIAMENT. Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach EN 1 EN

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

How To Understand The Privacy Shield

Transcription:

ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC. The secretariat is provided by Directorate C (Fundamental Rights and Union Citizenship) of the European Commission, Directorate General Justice and Consumers, B-1049 Brussels, Belgium, Office No MO-59 02/013. Website: http://ec.europa.eu/justice/data-protection/index_en.htm

Work programme 2016 2018 Tasks The Working Party was set up under Article 29 of Directive 95/46/EC and its tasks are to (Art. 30.1): (a) examine any question covering the application of the national measures adopted under this Directive in order to contribute to the uniform application of such measures; (b) give the Commission an opinion on the level of protection in the Community and in third countries; (c) advise the Commission on any proposed amendment of this Directive, on any additional or specific measures to safeguard the rights and freedoms of natural persons with regard to the processing of personal data and on any other proposed Community measures affecting such rights and freedoms; and (d) give an opinion on codes of conduct drawn up at Community level. These tasks also apply with regard to the electronic communications sector (Art. 15.3 of Directive 2002/58/EC). Activities for 2016-2018 The General Data Protection Regulation (hereafter the Regulation ) and the Directive on Police and Justice will significantly change the structure and the way the WP29 works today. Upon the adoption of this package, the WP29 will have two years to be ready to become and act as the European Data Protection Board (hereafter EDPB ). The work programme takes into account this transitional period which will require from all subgroups the issuance of guidelines, tools and procedures to organize the future cooperation between data protection authorities guide the relevant stakeholders in the application of the new framework (e.g. controllers, processors, data subjects) and ensure consistency in its implementation. A yearly action plan translates operationally the work to be done and will be revised regularly. The Working Party will continue to analyze and provide its opinion on relevant subject matters under the current Directive 95/46/EC which either have already been on the previous work programme and should be maintained or are new topics to be dealt with in the two upcoming years. Furthermore, the Working Party will work on increasing its interaction with international data protection authorities and other organisations and stakeholders, both within the European Union and outside. The Working Party will regularly monitor the implementation of its work programme which should be periodically revised and updated as necessary. 2

Subgroups The activities of all subgroups of the WP29 will take into account the transitional period between the adoption of the Data Protection package and its entry into force. Given the large amount of work needed, this special period requires an important involvement of all subgroups and an efficient coordination between them. Future of Privacy subgroup Before the entry into force of Regulation, the WP29 will continue to work on the basis of the current framework. However, during this transitional phase, the WP29 will anticipate the application of the new legal framework and should prepare its new governance model. The WP29 has elaborated an action plan to do so which will be regularly revised. The Future of Privacy subgroup will be primarily in charge of piloting, managing and monitoring this action plan by developing the new governance model, organizing issuance of appropriate tools and guidelines and proposing key decisions to the WP29 in relation with the action plan. To fulfill these tasks that will be transversal and implicate other subgroups, the Future of Privacy subgroup will ensure coordination tasks and consistency checks for a coherent implementation of the WP29 strategy regarding the new framework. Key Provisions subgroup In light of the Regulation, the subgroup will examine the need to update previous opinions ( e.g.the opinions on personal data, consent, controller/processor, applicable law, purpose limitation or legitimate interests). The Key Provisions subgroup will in addition be dealing with the interpretation of key concepts of the new legal framework (e.g. scope, definitions, general provisions, rights of the data subject, obligations of data controllers and processors, specific data processing situations). Technology subgroup The subgroup will continue its works together with other subgroup(s) when appropriate on the following topics: Do not Track standard, data portability, Wi-Fi location analytics and bluetooth beacons, minimum technical specifications, e-voting, electronic monitoring of employees, user friendly and privacy-compliant ways of informing and expressing consent by way of smart devices, the e-privacy Directive, Digital Single Market, smart meters and smart grids, data protection impact assessments and data breach impact assessment. The subgroup will consider whether previous opinions need to be updated in light of the Regulation and also deal with the new topics (e.g. certification). International Transfers subgroup The CJEU ruling on the Schrems vs. Facebook case has become a crucial point on the WP29 and on the International Transfers subgroup s agenda. In coordination with other subgroups, the International Transfers subgroup has been tasked to analyze the consequences of the ruling on transfers tools (e.g. Standard Contractual Clauses, BCR, ad-hoc clauses, other adequacy decisions) and on derogations for transfers. 3

The International Transfers subgroup will also analyze and deliver an opinion on the new Safe Harbor arrangement once released. In addition, the subgroup will examine the impact of the Regulation on existing transfers tools and the current cooperation procedure. More generally, the subgroup will consider whether previous opinions need to be updated in light of the Regulation. The International Transfers subgroup will continue its work on the possible «interoperability» with Convention 108 and the OECD Guidelines and on the BCR-CBPR project with APEC. Borders, Travel and Law Enforcement subgroup The subgroup will continue its work on the following topics: the Directive Police and Justice, PNR Terrorist Finance Tracking Program, Data retention, Transatlantic Cable Interception (together with the international transfers subgroup), the Cybercrime Convention, the proposals following the European Commission s European Agenda on Security and the consequences of the CJEU judgement Schrems vs. Facebook, including the analysis of relevant EU and US surveillance law. The subgroup will also analyse the following legislative proposals: the revised Smart Borders package, the proposal to adopt the EU-US Umbrella Agreement, the proposal for a European Police Record Index System, the new counter-terrorism proposals and the European agenda on migration and the Electronic Criminal Record Information System (ECRIS) for third country nationals and stateless people (TCN). The subgroup will consider whether previous opinions need to be updated in light of the Regulation. E-government subgroup The subgroup will continue its work on the following topics: the implementing acts for the Regulation on electronic identification and trust services for electronic transactions in the internal market (EIDAS), Mobile Apps used in the public sector, the cloud services for e-government services, the Research and Education network Code of conduct, the online publication of personal data of government officials, the E-Voting and the Digital Single Market Strategy for Europe. The subgroup will work on the topic linked to E-health network. It will also consider whether previous opinions need to be updated in light of the Regulation. Financial matters subgroup The subgroup will continue its work on the following topics: automatic exchange of data for tax purposes, OECD Common Reporting Standards, FATCA, the implications on data protection of International Organisation of Securities Commissions and Multilateral Memorandum of Understanding concerning consultation and cooperation and the exchange of Information, and the implications on data protection of Directive 2014/65/EU (so-called "MIFID 2") and Regulation (EU) 600/2014 (so-called "MAR"). The subgroup will also analyse the following topics: Account aggregators, the vast use by banks of data related to their clients for commercial profiling and the draft Regulation of the European Central Bank concerning the collection of granular credit and credit risk. The subgroup will consider whether previous opinions need to be updated in light of the Regulation. 4

Cooperation subgroup The subgroup will organize workshops on practical issues and tools of common interest, continue its work on the improvement of the WP29 website, on the follow up of the preparations of the International Conference and of the Spring Conference (focus on the question of enforcement cooperation). It will elaborate a data protection vocabulary, examine the list of activities of the DPAs. The subgroup will also be involved in the analysis of the consequences of the CJEU judgement Schrems vs. Facebook, including on coordinated actions to handle complaints and to organise enforcement operations if needed. Finally, the subgroup will work on common tools and standard forms to implement the Regulation in a consistent manner (e.g. templates for designating a lead DPA, complaints forms). 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information