October 2017 has been a busy month for the Article 29 Working Party (the “WP29”), a group that consists of EU data protection authorities. The WP29 has recently published three new guidelines and revised some earlier guidelines on the implementation of the General Data Protection Regulation (the “GDPR”). The recent guidance includes proposed guidelines on […]

Legality of the Standard Contractual Clauses Referred to the CJEU The Standard Contractual Clauses (the “SCCs” or the “EU Model Clauses”) have provided a mechanism for transferring personal data outside the EEA when incorporated into a contract between controllers or a controller and a processor. These model clauses have been adopted by the European Commission […]

The Consumer Ombudsmen of Finland, Sweden, Denmark and Norway met in Helsinki in the beginning of May to discuss several consumer protection issues relating to the digital society. The topics discussed varied from consumer legislation in the digital economy to consumer protection issues in connection with the Internet of Things. One of the discussed themes […]

The Article 29 Working Party (the WP29), which is an independent advisory board on data protection and privacy, has adopted Guidelines (in English) on Data Protection Impact Assessment (DPIA) on 4 April 2017. The guidelines define when and how an impact assessment should be carried out pursuant to the EU General Data Protection Regulation 2016/679 […]

The Cloud Infrastructure Services Providers in Europe (the “CISPE”), a coalition of technology companies focused on the provision of cloud computing infrastructure services across Europe (such as cloud tech giant Amazon Web Services), has established a new voluntary Data Protection Code of Conduct (the “Code”) to help cloud customers ensure that their cloud infrastructure provider […]

On 24 January 2017, the Office of the Data Protection Ombudsman published guidance (in Finnish) for companies on how to prepare for the upcoming EU General Data Protection Regulation (“GDPR”).  Although the guidance serves as a high-level introduction to the GDPR, it unfortunately does not go into specific details of the GDPR. Thus, it does […]

The EU Commission’s proposal for a new Regulation on e-privacy leaked before the holidays. The draft text of the Commission’s proposal for a Regulation repealing the Directive on Privacy and Electronic Communications (2002/58/EC) was not intended to be published until 2017, but the draft text of the proposal leaked. The official version of the proposal […]

On Tuesday 13 December, the Article 29 Working Party (an independent European advisory body on data protection and privacy, comprising of representatives of national data protection authorities) published its first set of guidelines on the General Data Protection Regulation (the “GDPR”). The guidelines and associated FAQ cover the following areas: Right to data portability (Guidance […]