ETNO comments on the Article 29 Working Party Guidelines on Transparency under Regulation 2016/679 (WP260)

On 28 November 2017, the Article 29 Working Party (WP29) adopted a set of Guidelines on Transparency under Regulation 2016/67 and invited interested stakeholders to present comments.

ETNO welcomes this opportunity to comment on WP29’s guidelines and would like to stress the importance of the right to transparent information as the most significant right of the data subject. This right allows the data subject to be aware of a given processing, and thus to exercise all the other
rights provided for by the GDPR. We could comfortably argue that all the data subject rights granted by the GDPR (access, rectification, erasure, portability, etc.) spring from the right to transparency.

ETNO members stand fully behind the right to transparency and are committed to providing their data subjects with all the necessary information that allow them to fully understand the implications of the processing of their personal data. ETNO believes that the information given to the data subjects should be customer-friendly and efficient, rather than an exercise of mere compliance which the law which could well exacerbate into “over-information” that confuse the data subject. ETNO members aim at providing modern ways of fulfilling transparency obligations to give data subjects control of the data that is being processed.

ETNO members welcome the examples provided together with the explanations in the WP29 guidelines. We believe they could be complemented with further elaborations in some cases to help companies make proper adjustments in fulfilling the provisions of the GDPR.

GDPR is the adequate instrument that establishes the right principles and leaves the concrete application to the own assessment of data controllers and processors, and ultimately, leaves to Judges and competent Data Protection Agencies the role to ensure that the Law is correctly applied.

ETNO trust the capacity and ability of Judges and competent Data Protection Authorities to adapt general rules to concrete cases. This is how Law has always worked: general rules to be applied to specific cases and Judges and competent Authorities to be able to interpret the general law within a concrete case. Otherwise, the risk is high that overregulation would turn into a negative application of the rules for individuals.

ETNO is convinced that the legislator has provided a comprehensive set of rules to ensure full transparency on the processing of personal data to the data subject. It should be reconsidered if it is appropriate and necessary to complement transparency obligations set by the GDPR by further obligations derived from principles like fairness or best practice. ETNO questions whether these further obligations will improve transparency to the data subject. Under any circumstances the risk for the controllers to infringe the GDPR by breaking unwritten transparency obligations will increase.

The full version of the document is available at this link.