Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

Article 29 Working Party adopts Guidelines on the “lead supervisory authority”

Peter van Dyck

One of the key innovations of the upcoming General Data Protection Regulation (GDPR) is the so-called one stop shop principle.  This principle aims to avoid companies that undertake cross-border processing of personal data finding themselves subject to a plurality of competent data protection authorities. Concretely, the GDPR provides that the data protection authority in the Read More

DPOs and the GDPR: Part 2 – Appointing a DPO

Ondrej Kramolis

In its newly published opinion, the Article 29 Working Party (WP29) provides some useful input into discussion on the nature of the role of data protection officers (DPOs) under the GDPR. This is a question which many organisations have been grappling with, as they assess who should take on this role. The WP29 considers the qualifications Read More

DPOs and the GDPR: Part 1 – When is a DPO needed?

Catherine di Lorenzo

On 16 December 2016, the Article 29 Working Party (WP29) released highly anticipated guidelines on some of the most critical matters in the implementation of the General Data Protection Regulation (GDPR). These guidelines are not legally binding, but local data protection authorities are likely to follow them.  The WP29 does invite comment on the guidelines Read More

ePrivacy laws – draft Regulation leaked

Charlotte Mullarkey

As anticipated, a draft of the proposed replacement EU ePrivacy law has been leaked. While this draft still appears to be under review, it does provide an interesting indication of what we are likely to see in the proposed legislation next month. Given the extent of discussion around this revision, and the attention given to Read More

Article 29 Working Party opinion on proposed amendments to adequacy decisions

Charlotte Mullarkey

The Article 29 Working Party (WP29) has published Opinion 04/2016 (the Opinion) on two European Commission draft Decisions aimed at curing the defects in the Commission determinations of the adequacy of protection (Adequacy Decisions) identified by the CJEU in Schrems.  Although dated 31st October 2016, it appears to have been only published on Friday and the Read More

Payment service providers face even tougher DP requirements than those under the GDPR

Jane Finlayson-Brown

Application Programming Interfaces (APIs) are bringing new open banking initiatives to the forefront of online payment services, with huge potential for innovation.  Although access to data is essential in the rise of APIs, processing personal data for open banking initiatives covered by Payment Services Directives or the Open Banking Standard will always require explicit consent. Read More