Privacy & Information Security Law Blog

On December 15, 2016, the Article 29 Working Party (“Working Party”) issued a press release announcing its December 13, 2016, adoption and release of three sets of guidelines and FAQs on key implementation issues under the EU General Data Protection Regulation (“GDPR”):

• Guidelines and FAQs on the Right to Data Portability;
• Guidelines and FAQs on Data Protection Officers (DPO); and
• Guidelines and FAQs on the Lead Supervisory Authority.

The Working Party noted that the guidelines were developed with input by different stakeholders, including at the July 2016 FabLab organized by the Working Party and various national consultations by data protection authorities.

The Working Party noted that it will accept comments on these guidelines until the end of January 2017, and will issue two additional sets of GDPR guidelines on Data Protection Impact Assessments and Certification in 2017.

The Working Party further announced that it has finalized its “understanding of the modalities” of the future DPA cooperation system under the GDPR and that position papers on mutual assistance, the one-stop-shop and joint operations have been agreed upon and will be tested in 2017. The Working Party is also working on the administrative and procedural aspects of the European Data Protection Board.

In connection with its 2017 Action Plan, the Working Party will hold another FabLab in April 2017, in which it will invite stakeholders to present their views on various GDPR topics. In May 2017, there will be a meeting in Paris where the Working Party’s international counterparts will have the opportunity to discuss GDPR implementation issues.

The Working Party also announced developments at its December plenary with respect to the EU-U.S. Privacy Shield, including that it adopted specific communication tools for individuals and companies which will be published on the Working Party’s website as a resource for DPAs. Also, the plenary involved the “auditioning” of U.S. government representatives relating to the U.S. Privacy Shield Ombudsperson. The Working Party also confirmed that it will take on the role of the “EU centralized body” – the EU complaint-handling body set up under the Privacy Shield – and that it will continue its consideration of the “joint annual review” of the Privacy Shield to be conducted by the European Commission and the DPAs in 2017.