Article 29 Data Protection Working Party

Last updated

The Article 29 Working Party (Art. 29 WP), in full the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, [1] was an independent European Union advisory body on data protection and privacy. It was made up of a representative from the data protection authority of each EU Member State, the European Data Protection Supervisor and the European Commission.

Contents

The composition and purpose of Art. 29 WP was set out in Article 29 of the Data Protection Directive (Directive 95/46/EC), and it was launched in 1996. It was replaced by the European Data Protection Board (EDPB) on 25 May 2018 in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). [2]

Its main stated missions were to:

The Working Party elected a chairman and two vice-chairmen, each with a two-year term of office. Their term of office was renewable only once. [4] The Working Party's secretariat was provided by the European Commission.

See also

Related Research Articles

The Office of the Data Protection Commissioner (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to data privacy through the enforcement and monitoring of compliance with data protection legislation in Ireland. It was established in 1989.

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection.

<span class="mw-page-title-main">Data Protection Directive</span> EU directive on the processing of personal data

The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive was an important component of EU privacy and human rights law.

<span class="mw-page-title-main">Data Protection Act 1998</span> United Kingdom legislation

The Data Protection Act 1998 (DPA) was an Act of Parliament of the United Kingdom designed to protect personal data stored on computers or in an organised paper filing system. It enacted provisions from the European Union (EU) Data Protection Directive 1995 on the protection, processing, and movement of data.

Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.

The International Safe Harbor Privacy Principles or Safe Harbour Privacy Principles were principles developed between 1998 and 2000 in order to prevent private organizations within the European Union or United States which store customer data from accidentally disclosing or losing personal information. They were overturned on October 6, 2015, by the European Court of Justice (ECJ), which enabled some US companies to comply with privacy laws protecting European Union and Swiss citizens. US companies storing customer data could self-certify that they adhered to 7 principles, to comply with the EU Data Protection Directive and with Swiss requirements. The US Department of Commerce developed privacy frameworks in conjunction with both the European Union and the Federal Data Protection and Information Commissioner of Switzerland.

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handling sensitive information.

Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms. A single pseudonym for each replaced field or collection of replaced fields makes the data record less identifiable while remaining suitable for data analysis and data processing.

<span class="mw-page-title-main">European Data Protection Supervisor</span> Independent supervisory authority

The European Data Protection Supervisor (EDPS) is an independent supervisory authority whose primary objective is to monitor and ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

ePrivacy Directive

Privacy and Electronic Communications Directive2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD), is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.

Binding Corporate Rules (BCRs) were developed by the European Union Article 29 Working Party to allow multinational corporations, international organizations, and groups of companies to make intra-organizational transfers of personal data across borders in compliance with EU Data Protection Law. BCRs are a framework for having different elements that allow for compliance with EU data protection regulations and privacy protection. The BCRs were developed as an alternative to the "standard contractual clauses" (SCCs) and the now defunct U.S. Department of Commerce EU Safe Harbor.

The German Bundesdatenschutzgesetz (BDSG) is a federal data protection act, that together with the data protection acts of the German federated states and other area-specific regulations, governs the exposure of personal data, which are manually processed or stored in IT systems.

The Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security is an international agreement between the United States of America and the European Union that was signed on 14 December 2011 for the purpose of providing passenger name records (PNR) from air carriers operating passenger flights to the United States Department of Homeland Security to "ensure security and to protect the life and safety of the public".

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) is a decision by the Court of Justice of the European Union (CJEU). It held that an Internet search engine operator is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.

<span class="mw-page-title-main">NOYB</span> European data protection advocacy group

NOYB – European Center for Digital Rights is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist Max Schrems, NOYB aims to launch strategic court cases and media initiatives in support of the General Data Protection Regulation (GDPR), the proposed ePrivacy Regulation, and information privacy in general. The organisation was established after a funding period during which it has raised annual donations of €250,000 by supporting members. Currently, NOYB is financed by more than 4,400 supporting members.

<span class="mw-page-title-main">European Data Protection Board</span> EU body for implementing the GDPR

The European Data Protection Board (EDPB) is a European Union independent body with juridical personality whose purpose is to ensure consistent application of the General Data Protection Regulation (GDPR) and to promote cooperation among the EU’s data protection authorities. On 25 May 2018, the EDPB replaced the Article 29 Working Party.

The right of access, also referred to as right to access and (data) subject access, is one of the most fundamental rights in data protection laws around the world. For instance, the United States, Singapore, Brazil, and countries in Europe have all developed laws that regulate access to personal data as privacy protection. The European Union states that: "The right of access occupies a central role in EU data protection law's arsenal of data subject empowerment measures." This right is often implemented as a Subject Access Request (SAR) or Data Subject Access Request (DSAR).


The EU Cloud Code of Conduct is a transnational Code of Conduct pursuant Article 40 of the European General Data Protection Regulation (GDPR).

References

  1. "Future work on codes of conduct: Working Document on the procedure for the consideration by the Working Party of Community codes of conduct" (PDF). European Commission. 10 September 1998. Archived (PDF) from the original on 2 June 2021. Retrieved 22 August 2020.
  2. "Europe's new data protection rules and the EDPB: giving individuals greater control" (Press release). Brussels: European Data Protection Board. 25 May 2018. Archived from the original on 14 June 2018. Retrieved 1 June 2018.
  3. "Article 29 Working Party". European Commission. Archived from the original on 16 September 2013. Retrieved 21 January 2016.
  4. "Rules of Procedure of the Working Party on the Protection of Individuals with regard to the Processing of Personal Data" (PDF). Brussels: Article 29 Working Party. 15 February 2010. Article 3.3. Archived from the original (PDF) on 30 December 2011.