Data protection: Art. 29 Working Party guidelines on consent – EBF co... 2018: If not now, when? Speech by Danièle Nouy
Data protection: Art. 29 Working Party guidelines on transparency
EBF advisor: Hélène BENOIST
Article 29 Data Protection Working Party:
EBF’s comments on guidelines on transparency
Publication date: 23 January 2018
- A technology-neutral and future-proof approach should be preferred. As tools, techniques and mechanisms constituting appropriate measures to provide information to data subjects are constantly evolving, it is imperative that the Guidelines are adjusted so that they take a technology-neutral and future-proof approach in order to allow controllers to assess the most efficient way to inform data subjects of their rights.
- To decrease information overflow, emphasis should be placed on the controller’s expertise to decide the most appropriate way to allow data subjects to exercise their rights. A multi-layered approach with referrals to extra information on “clickable” texts or referrals to the general privacy statement of the given institution should be recognized as best practice. This will not only provide controllers with the opportunity to determine the most appropriate way for data subjects to exercise their rights, but help data subjects understand more thoroughly and fully exercise their rights.
- Avoid confusion and misunderstanding by placing data subjects at the centre. As stated in Article 12 of the GDPR, the information provided to the data subjects needs to be concise, clear and intelligible. It is therefore essential to listen to the needs of consumers in a specific sector and to find the best way to empower citizens without overloading or burdening them with too much information.
- Article 29 Working Party Guidelines need to be aligned with the GDPR and recommendations should only be provided when a “new requirement” is clearly in line with the GDPR and in the clear interest of data subjects. Both smaller, medium and large international controller groups with sophisticated and diverse processing activities need to be able to adhere to these recommendations. In their present format the recommendations only cater to controllers of basic activities.