Data is the new oil

Clive Humby

EDPB (ex Art. 29 WP) è l’EDPB (acronimo di European Data Protection Board), già conosciuto come art. 29 Working Party (organo creato dalla ormai dismessa dall’omonimo articolo della direttiva 95/46 EC) è un organo europeo indipendente che contribuisce all’applicazione coerente delle norme sulla protezione dei dati in tutta l’Unione europea e promuove la cooperazione tra le autorità di protezione dei dati dell’UE.

L’ EDPB emana diversi atti ufficiali utili ai professionisti in materia di Data Protection. Questa sezione raccoglie, tramite un metodo cronologico, tutti i provvedimenti e linee guida emanate dall’EDPB dal 1996 ad oggi.

I provvedimenti dell’EDPB

2018

EDPB Documents

Guidelines 2/2018 – on derogations of Article 49 under Regulation 2016/679

Guidelines 1/2018 – on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

 

Art. 29 WP GDPR Guidelines endorsed by the European Data Protection Board:

Endorsment of GDPR WP 29 guidelines

WP – 265 – Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data,

WP 264 – Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data.

WP 263 rev. 01 – Working Document Setting Forth a Co-Operation Procedure for the approval of “Binding Corporate Rules” for controllers and processors under the GDPR.

WP 260 rev. 01 – Guidelines on transparency under Regulation 2016/679.

WP 259 rev. 01 – Guidelines on consent under Regulation 2016/679.

WP 257 rev. 01 – Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules.

WP 256 rev. 01 – Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules.

WP 254 rev. 01 – Adequacy Referential.

WP 253 – Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679.

WP 251 rev. 01 – Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679.

WP 250 rev. 01 – Guidelines on Personal data breach notification under Regulation 2016/679.

WP248 rev. 01 – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.

WP 244 rev. 01 – Guidelines for identifying a controller or processor’s lead supervisory authority.

WP243 rev.01 – Guidelines on Data Protection Officers (‘DPO’)

WP 242 rev. 01 – Guidelines on the right to data portability under Regulation 2016/679.

Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

I provvedimenti dell’art. 29 WP (Archivio per anno)

2017

WP260 – Guidelines on transparency under Regulation 2016/679

WP259 – Guidelines on Consent under Regulation 2016/679

WP258 – Opinion on some key issues of the Law Enforcement Directive (EU 2016/680

WP257 – Working Document setting up a table with the elements and principles to be found in Processor Binding Corporate Rules

WP256 – Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules

WP255 – EU-U.S. Privacy Shield. First annual Joint Review

WP254 – Adequacy Referential (updated)

WP253 – Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679

WP252 – Opinion 03/2017 on Processing personal data in the contex

WP251 – Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679

WP250 – Guidelines on Personal Data Breach Notification under Regulation 2016/279

WP249 – Opinion 2/2017 on data processing at work

WP248, rev.01 – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

WP248 – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679.pdf

WP248ITALIANO Linee-guida concernenti la valutazione di impatto sulla protezione dei dati nonché i criteri per stabilire se un trattamento “possa presentare un rischio elevato” ai sensi del regolamento 201//679

WP247 – Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC)

WP246 – EU-US privacy shield F.A.Q. for European Individuals

WP245 – EU-US privacy shield F.A.Q. for European businesses

WP244, rev. 01 – Guidelines for identifying a controller or processor’s lead supervisory authority

WP244, annex II – Guidelines for identifying a controller or processor’s lead supervisory authority

WP244 – Guidelines for identifying a controller or processor’s lead supervisory authority

WP243, rev. 01 – Guidelines on Data Protection Officers (‘DPOs’)

WP243, annex – F.A.Q.

WP243ITALIANO Linee guida sui responsabili della protezione dei dati (RPD)

WP242, annex – F.A.Q.

WP242, allegato – ITALIANO F.A.Q.

WP242 – Guidelines on the right to data portability

WP241 – Opinion 04/2016 on European Commission amendments proposals related to the powers of Data Protection Authorities in Standard Contractual Clauses and adequacy decisions

WP241, rev.01 – Guidelines on the right to data portability

2016

WP240 – Opinion 03/2016 on the evaluation and review of the ePrivacy Directive (2002/58/EC)

WP239 – Opinion 02/2016 on the publication of Personal Data for Transparency purposes in the Public Sector

WP238 – Opinion 01/2016 on the EU – U.S. Privacy Shield draft adequacy decision

WP237 – Working Document 01/2016 on the justification of interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data (European Essential Guarantees)

WP-236 – Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR)

WP-235 – Work programme 2016 – 2018

2015

WP234 – Guidelines for Member States on the criteria to ensure compliance with data protection requirements in the context of the automatic exchange of personal data for tax purposes

WP233 – Opinion 03/2015 on the draft directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data

WP232 – Opinion 02/2015 on C-SIG Code of Conduct on Cloud Computing

WP231 – Opinion 01/2015 on Privacy and Data Protection Issues relating to the Utilisation of Drones

WP230 – Statement of the WP29 on automatic inter-state exchanges of personal data for tax purposes

WP229 – Cookie sweep combined analysis – REPORT

WP204 – Explanatory Document on the Processor Binding Corporate Rules

WP179 update – Update of Opinion 8/2010 on applicable law in light of the CJEU judgement in Google Spain

2014

WP 288 – Working Document on surveillance of electronic communications for intelligence and national security purposes

WP227 – Joint statement of the European Data Protection Authorities assembled in the Article 29 Working Party

WP226 – Working Document Setting Forth a Co-Operation Procedure for Issuing Common Opinions on “Contractual clauses” Considered as compliant with the EC Model Clauses

WP 225 – Guidelines on the implementation of the Court of Justice of the European Union judgment on “Google Spain and inc v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” c-131/121

WP224 – Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting

WP223 – Opinion 8/2014 on the Recent Developments on the Internet of Things

WP222 – Statement on the results of the last JHS meeting

WP 221 – Statement on Statement of the WP29 on the impact of the development of big data on the protection of individuals with regard to the processing of their personal data in the EU

WP220 – Statement on the ruling of the Court of Justice of the European Union which invalidates the Data Retention Directive

WP219 – Opinion 7/2014 on the protection of personal data in Quebec

WP218 – Statement on the role of a risk-based approach in data protection legal frameworks

WP 217 – Opinion 06/2014 on the “Notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC”

WP216 – Opinion 05/2014 on “Anonymisation Techniques

WP215 – Opinion 04/2014 on “Surveillance of electronic communications for intelligence and national security purposes.

WP214 – Working document 01/2014 on “Draft ad hoc contractual clauses “EU data processor to non-EU sub-processor”

WP213 – Opinion 03/2014 on “Personal Data Breach Notification

WP212 – Opinion 02/2014 on a “Referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents

WP 211 – Opinion 01/2014 on the “Application of necessity and proportionality concepts and data protection within the law enforcement sector”

2009

WP168 – The Future of Privacy: Joint contribution to the Consultation of the European Commission on the legal framework for the fundamental right to protection of personal data

WP167 – Opinion 8/2009 on the protection of passenger data collected and processed by duty-free shops at airports and ports

WP166 – Opinion 7/2009 on the level of protection of personal data in the Principality of Andorra

WP165 – Opinion 6/2009 on the level of protection of personal data in Israel

WP164 – Contribution of the Article 29 Working Party to the public consultation of DG MARKT on the report of the Expert Group on Credit Histories

WP163 – Opinion 5/2009 on online social networking

WP162 – Second opinion 4/2009 on the World Anti-Doping Agency (WADA) International Standard for the Protection of Privacy and Personal Information, on related provisions of the WADA Code and on other privacy issues in the context of the fight against doping in sport by WADA and (national) anti-doping organizations

WP161 – Opinion 3/2009 on the Draft Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (data controller to data processor)

WP160 – Opinion 2/2009 on the protection of children’s personal data (General Guidelines and the special case of schools)

WP159 – Opinion 1/2009 on the proposals amending Directive 2002/58/EC on privacy and electronic communications (e-Privacy Directive)

WP158 – Working Document 1/2009 on pre-trial discovery for cross border civil litigation

2008

WP 156 – Opinion 3/2008 of the Article 29 Working Party on the World Anti-Doping Code draft International Standard for the Protection of Privacy

WP155 rev.04 – Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules

WP154 – Working Document setting up a framework for the structure of Binding Corporate Rules

WP153 – Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules

WP152 – Mandate to the Enforcement Subgroup to proceed to the 2nd joint investigation action

WP151 – Opinion 2/2007 on information to passengers about the transfer of PNR data to US authorities, Adopted on 15 February 2007 and revised and updated on 24 June 2008

WP150 – Opinion 2/2008 on the review of the Directive 2002/58/EC on privacy and electronic communications (ePrivacy Directive)

WP149 – Letter to Commission Barrotpdf(824 kB) Choose translations of the previous link [804 KB] enclosing the joint comments of the Article 29 Working Party and the Working Party on Police and Justice on the Communications from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions, namely: “Preparing the next steps in border management in the European Union”, COM (2008) 69 final, “Examining the creation of a European Border Surveillance System (EUROSUR)” COM (2008) 68 final, and “Report on the evaluation and future development of the Frontex Agency” COM (2008) 67 final.

WP148 – Opinion 1/2008 on data protection issues related to search enginespdf(147 kB)

WP147 – Working Document 1/2008 on the protection of Children’s Personal Data

WP146 – Work Programme 2008-2009, Article 29 Working Party