This guidance from the Article 29 Data Protection Working Party (WP29) provides practical guidance and assistance in interpreting the transparency obligation with respect to the processing of personal data under the AVG. Transparency is an overarching obligation under the AVG that applies to three core areas:
1) the provision of information to data subjects in connection with proper processing;
2) how controllers communicate with data subjects about their rights under the AVG;
3) how controllers assist data subjects in exercising their rights.
The purpose of this guidance is to assist data controllers in understanding at a high level the practical meaning to be given to the transparency obligations according to WP29's interpretation, and to indicate the approach that data controllers should take according to WP29 in order to be transparent and consider the principles of propriety and accountability in their transparency measures. You can find the guidance here.
The Article 29 Data Protection Working Party (WP29) is the independent European working group that until May 25, 2018) was responsible for dealing with personal data protection issues in line with the Data Protection Directive (1) (implemented in the Netherlands in the Personal Data Protection Act). After the entry into force of the AVG (2), instead of the WP29, the European Protection Board became responsible for compliance with personal data protection law in Europe. With the AVG being an adaptation and (especially an) extension of the aforementioned Directive, the documents published by the WP29 remain relevant even now.
(1) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
(2) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
