EU Article 29 Working Party consults on draft guidance on automated decision-making and profiling

Posted on November 10, 2017 by Alison Knight • Leave a comment

“Computer says ‘No’”? …So, what exactly do the regulators think that the GDPR says in response? Last month, the Article 29 Working Party (Art.29 WP) announced that it is seeking feedback on draft Guidelines on automated individual decision-making including profiling (WP251) under the General Data Protection Regulation ((EU) 2016/679) (GDPR) in advance of its arrival … Continue reading →

big data / Data protection / data protection agencies / General Data Protection Regulation / Privacy impact assessment / Risk-based approach / sensitive data

New EU Guidelines on Data Protection Impact Assessments

Posted on April 18, 2017 by Alison Knight • Leave a comment

Assessing the likelihood of a ‘deep impact’ – but how ‘deep’ is ‘deep enough’ and by whose standards? In other words, how exactly do you develop a methodology for determining whether processing is “likely to result in a high risk” to data subjects under the GDPR? Draft guidelines on conducting data protection impact assessments (DPIAs) … Continue reading →

anonymisation / big data / Data protection / General Data Protection Regulation / Geo-location data / Personal data / Privacy / Privacy impact assessment / pseudonymisation

Location Data and Making Sense of the Goldilocks Paradox of Legal Anonymisation (too much, too little or just right…?)

Posted on May 24, 2016 by Alison Knight • Leave a comment

Collect, delete, repeat …. From ‘Where I am’ to ‘Who I am’, and back again? To pick up the thread from my previous posts on the topic of location data here and here, this final piece in the set returns to the first theme I discussed. This relates to the legal debate over when location … Continue reading →

Access to data / Breach notification / Data protection / Data retention / General Data Protection Regulation / Law enforcement / Personal data / Privacy / Privacy impact assessment / Surveillance

Article 29 WP and the draft directive on the processing of personal data by law enforcement agencies: has Article 29 WP been heard?

Posted on January 14, 2016 by Sophie Stalla-Bourdillon • 3 Comments

Last month, the Permanent Representatives Committee (Coreper) of the Council of the EU the compromise texts agreed with the European Parliament on data protection reform. As a reminder, the reform is a legislative package concerning two legislative instruments: the second of which discussed here (and far less catching the press headlines than the General Data … Continue reading →

Data protection / drones / Privacy / Privacy impact assessment

Opinion on drones released by EU Data Protection Working Party

Posted on July 15, 2015 by Alison Knight • Leave a comment

“Technology is neither good nor bad; nor is it neutral” – How far might future usage of drone technology affect the very fabric of the societies in which we live? The Article 29 EU Working Party (WP) has issued an Opinion about the data protection and privacy implications of utilising unmanned aerial systems (“drones”). This … Continue reading →

Breach notification / Data protection / Privacy / Privacy impact assessment / Security

‘Nothing is agreed until everything is agreed’… but still a new version of Chapter IV of the proposed General Data Protection Regulation has been released!

Posted on November 10, 2014 by Sophie Stalla-Bourdillon • Leave a comment

The Council of the European Union has agreed on a “partial general approach” when reviewing specific aspects of the proposed General Data Protection Regulation (GDPR) in a note issued on the 3rd of October 2014 for publication in the Council Register. In particular, the note contains a revised version of the draft text of Chapter … Continue reading →