For the GDPR-curious: WTF is the Article 29 Working Party?
While the digital media industry is no stranger to jargon, the arrival of the General Data Protection Regulation is unearthing a whole new world of legal mumbo jumbo.
With maximum fines of €20 million ($25 million) or 4 percent of annual sales on the cards for companies found seriously in breach of compliance, the stakes are high. So, it’s worth studying up on some of these terms.
Here’s one that often emerges in GDPR discussions: the Article 29 Working Party.
WTF is the Article 29 Working Party?
It’s a group made up of all the national regulators from each country in the European Union, which has 28 members including the U.K. until Brexit kicks in.
Why does it matter?
These are the regulators that will be in charge of dishing out the much-feared fines to businesses that breach the terms of the GDPR — so those that haven’t gained the appropriate level of consumer consent for data use. So, it’s quite a big deal.
Who is in this party?
The regulator from each of the EU member states; one representative from the European Commission, which has compiled the GDPR; and a representative from the European Data Protection Supervisor. They meet every month or so to discuss developments.
What do they do?
The group provides independent advice to the European Commission on all things related to data protection. Data protection laws are complex, and each market within the EU has different dynamics, so the group aims to harmonize and streamline the implementation of the law. The goal is to ensure that businesses in, say, France, won’t be dealt with more strictly than businesses in Greece if they have similar GDPR compliance issues. The group has also helped write guidance around the GDPR for their respective countries. The U.K. regulator, the Information Commissioner’s Office, has helped draft all the compliance guidelines for British businesses, for example.
Why is it called Article 29?
Articles are like clauses. This group is called Article 29 because it is named after the Article 29 section in the EU Data Protection Directive (which the GDPR will replace on May 25).
Will this group change after GDPR enforcement?
Yes. In fact, it will become the European Data Protection Board on May 25, the day of GDPR enforcement. The members of the group will remain the same, but they’ll get more legal weight than they have now to push through decisions.
“They [Article 29 Working Party] issue nonbinding opinions, which provide guidance and therefore carry weight and credibility,” said Yves Schwarzbart, head of policy and regulatory affairs at the U.K. Internet Advertising Bureau. “Their opinions are also taken into consideration by EU courts if necessary, but that doesn’t mean courts always follow their opinions.” But the new board will have the legal power to make final decisions on issues such as disputes within the group, should regulators from different countries disagree with each other, according to Nick Stringer, co-founder of consultancy Entropy and former head of regulatory affairs at the U.K. IAB.
There will also be different levels of fining power. For example, given Facebook’s European hub is in Ireland, it will be the Irish regulator within the group that is in charge of all Facebook’s data protection activities across Europe, according to Stringer. If Facebook was found to violate the GDPR, for example, the Irish regulator would issue any fines, rather than the ICO.
Will the new Data Protection Board include the UK?
That’s not yet clear, thanks to Brexit. For now, the ICO will be part of the board, given Brexit has not yet been executed. Whether it will remain so depends on Britain’s relationship with the EU after Brexit talks.
The GDPR will have long-lasting effects on how all companies collect and use data to sell products or services in Europe or use it for advertising and analytics purposes. Download our guide to the GDPR here.
‘Culture change takes years’: Facing ongoing calls for DE&I gains, publishers set new standards for hiring practices
The media industry is trying to solve a long-standing challenge: it is mostly white and male. Here's how some publishers are doing it.
Meet the ‘absolutist’ with the Section 230 tattoo on Google’s new misinformation policy team
Part of a nascent government affairs and public policy team at Google, Jess Miers is a die-hard fan of the 26-word law that gives legal cover to big tech platforms.
‘A perfect time for someone like me to be in this role’: Maria Reeve is breaking barriers at the Houston Chronicle
Maria Reeve didn’t set out to become the first person of color to oversee the Houston Chronicle’s newsroom. But now that she is, she’s making it count.
SponsoredHow retailers can be ready for holiday shoppers this year
Suchi Sastri, managing director and partner, Boston Consulting Group As the holiday season approaches and the pandemic continues to evolve, retailers want to know what to expect. Will e-commerce continue to grow at the rate it did last year? How big of a role will in-store shopping play in holiday shopping? While it’s still early, […]
Maven rebrands to The Arena Group and reorganizes around sports and finance
The Arena Group owns and hosts the domains of over 200 sites and generated $143 million in revenue for the year ending June 30, 2021.
‘Quit your f – king job’: How the pandemic has pushed journalists to exit the industry
The pandemic seems to be pushing journalists who were already on the verge of leaving the media industry to the brink, and those that have left are not looking back.