On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the WP29 continues to
Continue Reading Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

 On April 13, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued its opinion on the new EU-U.S. Privacy Shield. The WP29 acknowledged that progress has been made with the


Continue Reading WSGR Alert: Article 29 Working Party Calls for Improvements to the EU-U.S. Privacy Shield

 On February 3, 2016, the body of European data protection regulators—the Article 29 Working Party (WP29)—issued a statement following the announcement of a political agreement regarding a new transatlantic data transfer scheme, the EU-U.S. Privacy
Continue Reading WSGR Alert: EU Data Protection Authorities Issue Statement Following Agreement on EU-U.S. Privacy Shield

ThinkstockPhotos-488982577-webOn June 16, 2015, the body of European data protection regulators known as the Article 29 Working Party (WP29) issued an opinion1 that clarifies EU data protection rules in the context of civil drones. The opinion explains how the principles of EU data protection law apply to drones, and provides a list of recommendations for drone manufacturers and operators, regulators and policymakers, and other stakeholders. This article highlights the key takeaways of the WP29 opinion.
Continue Reading EU Data Protection Regulators Issue Guidance on Drones

De-identification techniques are often at the forefront of companies’ concerns when it comes to the processing of big data. In addition, anonymization and pseudonymization techniques have been a heavily debated topic in the ongoing reform of EU data protection law. This makes last year’s Article 29 Working Party (WP29) Opinion on Anonymization Techniques1 even more important, as it examines the effectiveness and limits of anonymization techniques and places them in the context of data protection law. This article details the WP29 Opinion on Anonymization Techniques and considers the opinion in relation to the upcoming EU General Data Protection Regulation.
Continue Reading Personal Data, Anonymization, and Pseudonymization in the EU

ThinkstockPhotos-149480786-webThe European data protection regulators, the Article 29 Working Party (WP29), recently issued two guidance papers which clarify the data protection legal framework applicable to the Internet of Things (IoT) and to the use of device fingerprinting. Both opinions underline WP29’s current focus on data-driven innovations. This article highlights the key takeaways from these two opinions.
Continue Reading EU Data Protection Regulators Issue Guidance on the Internet of Things and Device Fingerprinting

On April 2, 2013, the European data protection regulators (the “Article 29 Working Party” or the “WP29”) issued a 70-page opinion providing guidance on how to comply with the core EU data protection principle of “purpose limitation.”1 This opinion gives a good indication of how EU regulators would apply their national data protection law to specific processing activities such as email marketing, behavioral advertising, profiling, and tracking of user behavior and big data. It is relevant for companies of all sizes, including non-EU-based companies, offering online services to users in the EU, since the EU regulators tend to take a broad approach regarding the applicability of EU data protection law.2 This article addresses certain aspects of the opinion.3
Continue Reading European Regulators Opine on “Purpose Limitation” Principle – What Constitutes “Compatible Use” in the Context of Big Data?