The European Data Protection Board has released for consultation a new set of guidelines on the topic of the processing of personal data in the context of online services. In particular, the guidelines focus on the circumstances in which it is appropriate to use performance of a contract (Article 6(1)(b)) as the lawful basis for processing personal data, and those in which other bases, such as consent (Article 6(1)(a)) or legitimate interests (Article 6(1)(f)) are preferable. The guidelines attempt to correct perceived "bad practice" resulting from an overly broad application of the performance of a contract basis.
EU: New Guidelines on Online Services and 'Performance of a Contract' basic for processing
Related Stories
European Data Protection Supervisor - Annual Reports (2004-2019)
The European Data Protection Supervisor's 2019 Annual Report provides insight into all EDPS activities in 2019, including efforts to start defining priorities for the future. Below you can also access all EDPS Annual Reports since 2004.
Click to View 2019 EDPS Annual Report (PDF)
Previous EDPS An...
EU Member State DPIA Whitelists, Blacklists and Guidance
Data protection authorities of many EU member states have published draft lists of data processing activities that would trigger the need for a data protection impact assessment in that country.
The European Data Protection Board weighed in on the drafts, you can find its opinions here. And IAPP We...
European Data Protection, Second Edition
Purchase eBook Purchase Print edition
While the General Data Protection Regulation (GDPR) promises to unify the approaches of the EU member states, it brings forth challenges as organisations work toward compliance with this robust and comprehensive regulation. Based on the body of knowledge fo...
Do I need to use standard contractual clauses (SCCs) for transfers from the EEA to the UK (if we leave the EU with no deal)?
This tool, provided by the ICO, is for small and medium-sized businesses and organisations based in the UK who need to maintain the free flow of personal data into the UK from Europe, in the event the UK exits the EU without a deal.
Click to View...
DPO Contract Provisions
The following are a minimum set of provisions an outsourced DPO contract should have. It must be emphasized that no contract should be drafted without undergoing legal review, especially as it relates to provisions impacted by local laws. There will also be a set of legal provisions common to any co...