DIGITALEUROPE’s response to public consultation on Article 29 Working Party draft guidelines on transparency under Regulation 2016-679

INTRODUCTION

DIGITALEUROPE, the voice of the digital technology industry in Europe, welcomes the opportunity to provide comments on the draft guidelines on transparency under Regulation 2016/679 (wp260) published by Article 29 Working Party (WP29). We were closely engaged in the legislative debate and worked closely with policy makers in shaping the text, giving us insight into the intentions behind specific provisions.

Our members are currently undertaking extensive efforts in order to implement the GDPR’s requirements. This includes reviewing the information they make available about their data processing practices, and of the mechanisms they use to communicate that information to data subjects. In light of these efforts, we appreciate the WP29 recommendations for how to put the GDPR’s transparency requirements into practice.

DIGITALEUROPE is concerned, however, that some aspects of the WP29 guidelines are overly prescriptive and unduly infringe on the discretion that the GDPR affords controllers to make their own judgments about how to deliver transparency (controllers are accountable, of course, for these decisions). We are also concerned that aspects of the guidelines appear to go beyond the obligations imposed under the GDPR.

Accordingly, and to address these concerns, we provide an analysis on some of the key aspect, which we believe should be considered in the final guidelines.