EU DPAs will issue GDPR draft guidance soon and analysis of EU-US Privacy Shield in November

The first joint annual review of the Privacy Shield is underway and the European Commission is preparing its report to be issued later this month. Separately, the EU DPAs are also conducting an assessment on how the arrangement is working.

Eight representatives of the EU Art. 29 Data Protection Working Party (WP29 Review Team) took part in the Joint Review meetings in the US last month. ‘The WP29 Review Team has collected information on the concrete operation and enforcement of the Privacy Shield, as well as on the evolution of the relevant legislation and case-law in the US’ the group says. The Working Party, through its competent subgroups, will now analyse this information in order to assess the robustness of the Privacy Shield.

The EU DPAs say that they have been consulted by the EU Commission on the Shield, but will provide only general and fact-based feedbacks, as the members of the WP29 Review Team cannot comment on the analysis and suggestions of the Commission before the Working Party 29 conducts its own analysis. The EU DPAs expect to make their assessment public at the November plenary.

In its October plenary, the WP29 adopted the final version of the Data Protection Impact Assessment guidelines; guidelines on GDPR data breach notifications; and profiling. The draft guidelines (not yet available on the WP29 website) will be open for public consultation for 6 weeks before their final adoption. The DPAs plan to propose guidelines on certification at their February 2018 WP29 plenary.

The WP29 has also adopted guidelines on fines dealing with the application and the setting of GDPR administrative fines. The guidelines will be published on the WP29 website soon.

See information from WP29 on
Read an analysis of the current status of the Privacy Shield in the next issue of Privacy Laws & Business International Report,