Principle intended to ensure that controllers are more generally in control and in the position to ensure and demonstrate compliance with data protection principles in practice. Accountability requires that controllers put in place internal mechanisms and control systems that ensure compliance and provide evidence – such as audit reports – to demonstrate compliance to external stakeholders, including supervisory authorities.
The Anti-Counterfeiting Trade Agreement (ACTA) is a proposed multilateral trade agreement for establishing international standards on intellectual-property-rights enforcement throughout the participating countries. Its proponents describe it as a response "to the increase in global trade of counterfeit goods and pirated copyright-protected works." The scope of ACTA is broad, including counterfeit goods, generic medicines, and "piracy over the Internet".
In February 2010, the EDPS issued an opinion on the negotiations aimed at adopting the new agreement in which he warned against its potential incompatibility with the EU data protection regime.
An “adequacy decision” is a decision adopted by the European Commission on the basis of Article 25(6) of Directive 95/46/EC, which establishes that a third country ensures an adequate level of protection of personal data by reason of its domestic law or the international commitments it has entered into.
The effect of such a decision is that personal data can flow from the 27 EU Member States and the three European Economic Area member countries (Norway, Liechtenstein and Iceland) to that third country, without any further safeguards.
The Commission has so far issued seven adequacy decisions recognizing Switzerland, Canada, Argentina, Guernsey, Isle of Man, the US Department of Commerce's Safe Harbor Privacy Principles, and the transfer of Air Passenger Name Record (PNR) data to the United States' Bureau of Customs and Border Protection as providing adequate protection.
Adequacy decisions are adopted pursuant to the so-called "comitology procedure", which involves the following steps:
The "Article 29 Working Party" is the short name of the Data Protection Working Party established by Article 29 of Directive 95/46/EC. It provides the European Commission with independent advice on data protection matters and helps in the development of harmonised policies for data protection in the EU Member States.
The Working Party is composed of:
The Article 31 Committee was established by Article 31 of Directive 95/46/EC.
It is comprised of representatives of the Member States who cooperate in taking decisions whenever Member States' approval is required under the Directive. By way of example, the Committee cooperates in the procedure for the adoption of Adequacy decisions.
An “automated individual decision” is a decision which significantly affects a person and which is based solely on automated processing of personal data in order to evaluate this person. Such an evaluation may relate to different personal aspects, such as performance at work, creditworthiness, reliability, conduct, etc.
Article 15 of Directive 95/46/EC and Article 19 of Regulation (EC) No 45/2001 lay down the right for individuals to object to decisions about them and solely based on automated means, unless certain conditions are fulfilled or appropriate safeguards are put in place.
Time for Europe's data protection authorities to raise their game. Read the new blog post by Giovanni Buttarelli.
To celebrate Europe Day, the EU institutions will hold the annual EU Open Day on 28 May 2016. The EDPS stand will be located on the first floor of the European Parliament, so make sure you pass by and check out our fun and interactive activities! More information about EU Open Day and the EDPS stand can be found on the EDPS Events page.
Key Challenges for Privacy in the Digital Age. Read the speech by Giovanni Buttarelli given at Europol - EIPA conference on Privacy in the Digital Age of Encryption and Anonymity Online.
New Regulation boosts the roles of EDPS and Europol. Read the press release.
Spring Conference, Participation and keynote speech by Giovanni Buttarelli, Budapest, Hungary
Spring Conference, Participation and speech by Wojciech Wiewiórowski on GDPR – what next? Practical implications for national legislators, DPAs, data controllers, Budapest, Hungary
Wojciech Wiewiórowski visits the European Institute of Innovation and Technology, Budapest, Hungary
General Data Protection Regulation and Startups, Speech by Giovanni Buttarelli, European Parliament, Brussels, Belgium
AmCham EU’s Plenary Meeting, Keynote speech by Giovanni Buttarelli, Brussels, Belgium
Giovanni Buttarelli presents the EDPS Annual Report 2015 to the LIBE Committee, European Parliament, Brussels, Belgium
Association of Corporate Counsel Annual Conference, Giovanni Buttarelli gives a keynote speech on EU Data Protection Regulation, Rome, Italy
Cyber 2016: Evolving Threats, Security Developments and Improving Cooperation, Chatham House Cyber Conference, Speech and panel discussion by Wojciech Wiewiórowski on Data Protection, Privacy and National Security, London, UK