In June 2017, the Article 29 Working Party – the gathering the all Member States’ Data Protection Authorities (DPAs) – announced that the five last guidelines to be adopted as companion pieces to the General Data Protection Regulation (“GDPR”) would be published in December 2017. Further to this announcement, the French DPA, the CNIL, is now seeking the contributions of the relevant stakeholders impacted by two out of five topics, whether they be sole or joint “data controllers”, “data processors” or “data subjects”.
The expected European Guidelines will address the notions of (i) consent, (ii) profiling, (iii) data breaches, (iv) transparency and (v) international data transfers are expected. However, only the last two topics are currently – and until October 19th – subject to the CNIL’s scrutiny, as the earlier have been previously addressed this year.
Firstly, Transparency, laid down in Chapter 3, Section 1 of GDPR, refers to the disclosure of clear, intelligible and easily accessible information concerning the processing of personal data, as well as the facilitation of the exercise of data subjects’ rights.
Secondly, international transfers of personal data towards countries not offering an “adequate level of protection” of personal data should be subjected to specific arrangements in order to preserve data subjects’ rights.
Although these two topics had been previously addressed in Directive 95/46, the implementation of the GDPR is a good opportunity for stakeholders to provide practical questions about the interpretation and enforcement of the GDPR provisions.