New EU data protection rules which aim to give citizens back control of their personal data and create a high, uniform level of data protection across the EU fit for the digital era was given their final approval by MEPs on Thursday. The reform also sets minimum standards on use of data for policing and judicial purposes. Parliament's vote ends more than four years of work on a complete overhaul of EU data protection rules. The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years after this date. Member states will have two years to transpose the provisions of the directive into national law.
Overall, the Working Party welcomes the significant improvements brought by the Privacy Shield compared to the Safe Harbour decision. In particular, the insertion of key definitions, the mechanisms set up to ensure the oversight of the Privacy Shield list and the now mandatory external and internal reviews of compliance are a positive step forward. However, the Working Party has strong concerns on both the commercial aspects and the access by public authorities to data transferred under the Privacy Shield.
On 2-3 February 2016, the Article 29 Working Party (WP29) met to discuss the consequences of the CJEU judgment in the Schrems case for international transfers. The WP29 welcomes the fact of the conclusion of the negotiations between the EU and the U.S. on the introduction of a "EU-U.S. Privacy Shield", which meets the deadline set by the WP29 in its statement of 16 October. It looks forward to receive the relevant documents in order to know precisely the content and the legal bindingness of the arrangement and to assess whether it can answer the wider concerns raised by Schrems judgment as regards international transfers of personal data.
To celebrate Data Protection Day, the Article 29 Working Party created an infographic presenting the new general data protection regulation. After 4 years of discussions at the European Union level, a final draft of the regulation has been released. It is expected to help Europe face the challenges of the digital age. The regulation will strengthen the citizens' rights to provide them with real control over their personal data. It will offer an unified framework for companies and simplify the prior notification. The regulation will be formally ratified in early 2016 and will come into force in 2018 in all EU countries.
The National Commission for Data Protection wishes you a Merry Christmas and a Happy New Year.
Following the landmark ruling of the Court of Justice of the European Union (CJEU) of 6 October 2015 in the Maximilian Schrems v Data Protection Commissioner case (C-362-14), the EU data protection authorities assembled in the Article 29 Working Party have discussed the first consequences to be drawn at European and national level. EU data protection authorities consider that it is absolutely essential to have a robust, collective and common position on the implementation of the judgment. Moreover, the Working Party will observe closely the developments of the pending procedures before the Irish High Court.
National Commission for Data Protection
1, avenue du Rock’n’Roll
Tel.: (+352) 26 10 60-1
Fax: (+352) 26 10 60-29