Accessibility Tools

- A -


Accountability

Principle intended to ensure that controllers are more generally in control and in the position to ensure and demonstrate compliance with data protection principles in practice. Accountability requires that controllers put in place internal mechanisms and control systems that ensure compliance and provide evidence – such as audit reports – to demonstrate compliance to external stakeholders, including supervisory authorities.

ACTA

The Anti-Counterfeiting Trade Agreement (ACTA) is a proposed multilateral trade agreement for establishing international standards on intellectual-property-rights enforcement throughout the participating countries. Its proponents describe it as a response "to the increase in global trade of counterfeit goods and pirated copyright-protected works." The scope of ACTA is broad, including counterfeit goods, generic medicines, and "piracy over the Internet".

In February 2010, the EDPS issued an opinion on the negotiations aimed at adopting the new agreement in which he warned against its potential incompatibility with the EU data protection regime.

Adequacy decision 

An “adequacy decision” is a decision adopted by the European Commission on the basis of Article 25(6) of Directive 95/46/EC, which establishes that a third country ensures an adequate level of protection of personal data by reason of its domestic law or the international commitments it has entered into.

The effect of such a decision is that personal data can flow from the 27 EU Member States and the three European Economic Area member countries (Norway, Liechtenstein and Iceland) to that third country, without any further safeguards.

The Commission has so far issued seven adequacy decisions recognizing Switzerland, Canada, Argentina, Guernsey, Isle of Man, the US Department of Commerce's Safe Harbor Privacy Principles, and the transfer of Air Passenger Name Record (PNR) data to the United States' Bureau of Customs and Border Protection as providing adequate protection.

Adequacy decisions are adopted pursuant to the so-called "comitology procedure", which involves the following steps:

  • a proposal from the Commission;
  • an opinion of the Article 29 Working Party;
  • an opinion of the Article 31 Committee delivered by a qualified majority of Member States;
  • at any time, the European Parliament and the Council may request the Commission to maintain, amend or withdraw the adequacy decision on the grounds that its act exceeds the implementing powers provided for in the Directive; and
  • the adoption of the decision by the College of Commissioners.

► Commission Adequacy Decision

Article 29 Working Party 

The "Article 29 Working Party" is the short name of the Data Protection Working Party established by Article 29 of Directive 95/46/EC. It provides the European Commission with independent advice on data protection matters and helps in the development of harmonised policies for data protection in the EU Member States.

The Working Party is composed of:

  • representatives of the national supervisory authorities in the Member States;
  • a representative of the European Data Protection Supervisor (EDPS);
  • a representative of the European Commission (the latter also provides the secretariat for the Working Party).

More information on Article 29 Working Party

Article 31 Committee 

The Article 31 Committee was established by Article 31 of Directive 95/46/EC.

It is comprised of representatives of the Member States who cooperate in taking decisions whenever Member States' approval is required under the Directive. By way of example, the Committee cooperates in the procedure for the adoption of Adequacy decisions.

 

Automated individual decision 

An “automated individual decision” is a decision which significantly affects a person and which is based solely on automated processing of personal data in order to evaluate this person. Such an evaluation may relate to different personal aspects, such as performance at work, creditworthiness, reliability, conduct, etc.

Article 15 of Directive 95/46/EC and Article 19 of Regulation (EC) No 45/2001 lay down the right for individuals to object to decisions about them and solely based on automated means, unless certain conditions are fulfilled or appropriate safeguards are put in place.

  • 17 August 2016

    The EDPS, in collaboration with European consumer organisation BEUC, is hosting a joint conference on Big Data: individual rights and smart enforcement. The conference will take place in Brussels on 29 September 2016. For more information on the conference and how to register, visit the EDPS Events page.

  • 05 August 2016

    Our IT services are undergoing scheduled maintenance from 12 to 15 August. Please note that, for technical reasons, we cannot guarantee that the complaints and annexed files submitted during this period will reach us - despite a possible acknowledgement of receipt. Should you not receive any acknowledgement of receipt within 10 working days from submitting your complaint, please do let us know.

  • 25 July 2016

    ePrivacy rules should be smarter, clearer, stronger. Read the EDPS opinion and the press release.

  • 18 July 2016

    Data protection and Whistleblowing in the EU Institutions. Please read the EDPS guidelines and the press release.

  • 15 July 2016

    The EDPS’ free app, EU Data Protection, has been updated! You can now consult the texts of General Data Protection Regulation (REG) 2016/679 and the Directive 2016/680 for the police and criminal justice sector alongside the texts they replace.

  • 26 July 2016

    Fablab on GDPR, Participation of Wojciech Wiewiórowski and Giovanni Buttarelli, Brussels, Belgium

  • 25 July 2016

    Extraordinary Plenary Session of the Article 29 Working Party, Participation of Giovanni Buttarelli, Brussels, Belgium

  • 21 July 2016

    45th Asia Pacific Privacy Authorities Forum, Participation and speeches of Giovanni Buttarelli on Update on EU GDPR and Calibrating Privacy Principles to a Big Data and Digital Society, Singapore

  • 14 July 2016

    Launch of EU Data Protection Whitepaper, British Chamber of Commerce in Denmark, Keynote speech by Giovanni Buttarelli, Brussels, Belgium

  • 07 July 2016

    Marketing and profiling in the European Union, participation and speeches by Giovanni Buttarelli and Wojciech Wiewiórowski, Brussels, Belgium

  • 06 July 2016

    Privacy Laws & Business Annual International Conference, Wojciech Wiewiórowski in panels on Privacy terms and conditions and How data protection rules should be enforced in tandem with competition and consumer policy, Cambridge, UK

  • 06 July 2016

    Confindustria Radio Televisioni General Assembly 2016, Giovanni Buttarelli in a panel on Authority, Markets and Rights, Rome, Italy

  • 30 June 2016

    Reframing Data Transparency, Wojciech Wiewiórowski in a Roundtable Discussion organised by the Centre for Information Policy Leadership and Telefónica, London, UK