Privacy & Information Security Law Blog

On September 19, 2017, the French Data Protection Authority (“CNIL”) launched an online public consultation on two topics identified by the Article 29 Working Party (“Working Party”) in its 2017 action plan for the implementation of the EU General Data Protection Regulation (“GDPR”). These two topics are transparency and international data transfers.

This is the third online public consultation that the CNIL has launched on the GDPR. In June 2016, the CNIL launched a first public consultation on the right to data portability, the data protection officer, data protection impact assessments (“DPIAs”) and certification. In February 2017, the CNIL launched a second public consultation on the topics of consent, profiling and data breach notification.

The CNIL’s purpose for launching these consultations is to collect concrete questions regarding the GDPR, potential difficulties in interpreting the GDPR and examples of best practices. The responses are intended to inform the Working Party’s discussion regarding various GDPR topics. The Working Party will finalize its guidelines on DPIAs and issue new guidelines on the topics of certification, data breach notification, consent and profiling.

The new consultation will be open through October 19, 2017. On September 6, 2017, the Irish Data Protection Commission also launched a public consultation on the topics of transparency and international data transfers that will be running until October 13, 2017. These public consultations will be followed by a third “FabLab” organized by the Working Party in Brussels on October 18, 2017, in which relevant stakeholders will be invited to present their views on these two topics.