EU Policies, Reports, and Tools

This section contains relevant policy documents, reports, proposals, factsheets, public opinion surveys, and tools issued by the EU Institutions.

 

Policy Documents, Reports and Studies

 

Communications from the European Commission

European Commission, Communication for a stronger protection, new opportunities - Commission guidance on the direct application of the General Data Protection Regulation as of 25 May 2018, COM(2018) 43 final, Brussels, 24.1.2018

https://ec.europa.eu/commission/sites/beta-political/files/data-protection-communication-com.2018.43.3_en.pdf

European Commission, Report on the first annual review of the functioning of the EU–U.S. Privacy Shield, COM(2017) 611 final, Brussels, 18.10.2017

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52017DC0611&qid=1523984424800&from=EN

European Commission's Communication: Tackling Illegal Content Online Towards an enhanced responsibility of online platforms, COM(2017) 555 final, Brussels, 28.9.2017

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52017DC0555&qid=1523984424800&from=EN

European Commission, Exchanging and Protecting Personal Data in a Globalised World, Communication to the European Parliament and the Council,, COM(2017) 7 final, Brussels, 10.1.2017

http://ec.europa.eu/justice/data-protection/international-transfers/index_en.htm

European Commission, Building a European Data Economy, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2017) 9 final, 10.1.2017

https://ec.europa.eu/digital-single-market/en/news/communication-building-european-data-economy

+ Commission Staff, Working Document on the free flow of data and emerging issues of the European data economy Accompanying the document Communication Building a European data economy

https://ec.europa.eu/digital-single-market/en/news/staff-working-document-free-flow-data-and-emerging-issues-european-data-economy

+ Public consultation

https://ec.europa.eu/digital-single-market/en/news/public-consultation-building-european-data-economy

 

European Commission, Connectivity for a Competitive Digital Single Market-Towards a European Gigabit Society, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2016)587 final, Brussels, 14.9.2016

https://ec.europa.eu/transparency/regdoc/rep/1/2016/EN/1-2016-587-EN-F1-1.PDF

+ Staff Working Document SWD(2016)300

https://ec.europa.eu/digital-single-market/en/news/communication-connectivity-competitive-digital-single-market-towards-european-gigabit-society

+ related documents

https://ec.europa.eu/digital-single-market/en/connectivity-european-gigabit-society

 

European Commission, Online Platforms and the Digital Single Market Opportunities and Challenges for Europe, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2016) 288 final, Brussels, 25.5.2016

https://ec.europa.eu/transparency/regdoc/rep/1/2016/EN/1-2016-288-EN-F1-1.PDF

European Commission, Digitising European Industry Reaping the full benefits of a Digital Single Market, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2016) 180 final, Brussels, 19.4.2016

http://ec.europa.eu/transparency/regdoc/rep/1/2016/EN/1-2016-180-EN-F1-1.PDF

 

European Commission, The ICT Standardisation Priorities for the Digital Single Market, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, COM(2016) 176 final, Brussels, 19.4.2016

http://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2016/0176/COM_COM(2016)0176_EN.pdf

 

European Commission, A digital Single Market Strategy for Europe, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions,  COM(2015) 192 final, Brussels, 6.05.2015

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015DC0192&from=EN

+ Commission Staff Working Document, Digital Single Market:  Analysis and Evidence, SWD(2015) 100 final, Brussels, 6.05.2015

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52015SC0100&from=EN

 

European Commission, Towards a thriving data driven economy, Communication to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions, COM(2014) 442 final, Brussels, 2.7.2014

http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2016-0089

 

European Commission, Unleashing the Potential of Cloud Computing in Europe, Communication to the European Parliament, the Council, the economic and social Committee and the Committee of the Regions, Brussels, COM(2012) 529 final, 27.09.2012

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0529:FIN:EN:PDF

 

European Commission, Safeguarding Privacy in a Connected World - A European Data Protection Framework for the 21st Century, Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Brussels, COM(2012) 9 final, 25.01.2012

http://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A52012DC0009

 

European Commission, A comprehensive approach on personal data protection in the European Union, Communication to the European Parliament, the Council, the economic and social Committee and the Committee of the Regions, Brussels, COM(2010) 609 final, 4.11.2010

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52010DC0609&from=EN

European Parliament (EP), Resolution containing the European Parliament’s recommendations to the Commission on the negotiations for the Trade in Services Agreement (TiSA), (2015/2233(INI)), 3 February 2016 

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+TA+P8-TA-2016-0041+0+DOC+XML+V0//EN

 

European Parliament think tank, EU PNR briefing, 30 April 2015 http://www.statewatch.org/news/2015/apr/ep-eu-pnr-briefing.pdf

 

European Parliament, Civil liberties committee Inquiry on electronic mass surveillance of EU citizens – Protecting fundamental rights in a digital age – Proceedings, Outcome and Background Documents, 2013-2014

http://www.europarl.europa.eu/document/activities/cont/201410/20141016ATT91322/20141016ATT91322EN.pdf

 

European Parliament Committee, Report on Civil Liberties, Justice and Home Affairs (LIBE) on a comprehensive approach on personal data protection in the European Union, (2011/2025(INI)), A7-0244/2011 of 22 June 2011

http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A7-2011-0244+0+DOC+PDF+V0//EN

 

European Commission, Communication to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive, (COM) 2007/87 final, 7 March 2007

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:52007DC0087:en:HTML

 

Documents from the European Data Protection Supervisor (EDPS)

 

EDPS, Opinion on the Proposal for a Regulation on Privacy and Online Electronic Communications (ePrivacy Regulation), Opinion 6/2017, 24 April 2017

https://edps.europa.eu/sites/edp/files/publication/17-04-24_eprivacy_en.pdf

 

EDPS, Opinion on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content, Opinion 4/2017, 14 March 2017

https://edps.europa.eu/sites/edp/files/publication/17-03-14_opinion_digital_content_en_0.pdf

 

EDPS, Opinion on coherent enforcement of fundamental rights in the age of Big Data, Opinion 8/2016, 23 September 2016

https://edps.europa.eu/sites/edp/files/publication/16-09-23_bigdata_opinion_en.pdf

a Directive on certain aspects concerning contracts for the supply of digital content, Opinion 4/2017, 14 March 2017, Opinion on coherent enforcement of fundamental rights in the age of Big Data, Opinion 8/2016, 23 September 2016.

EDPS, The EDPS Strategy 2015-2019, Leading by example, 2 Marzo 2015

https://edps.europa.eu/sites/edp/files/publication/15-07-30_strategy_2015_2019_update_en.pdf

 

EDPS, Europe’s big opportunity EDPS recommendations on the EU’s options for data protection reform, Opinion 3/2015 with addendum, 9 October 2015

https://edps.europa.eu/sites/edp/files/publication/15-10-09_gdpr_with_addendum_en.pdf

 

 

EDPS, The transfer of personal data to third countries and international organisations by EU institutions and bodies, Brussels,14 July 2014

https://edps.europa.eu/sites/edp/files/publication/14-07-14_transfer_third_countries_en.pdf

 

EDPS Opinion on the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions — ‘A comprehensive approach on personal data protection in the European Union, OJ C 181/01, Brussels, 22.6.2011

http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52011XX0622(01)&from=EN

 

Documents from the Article 29 Data Protection Working Party

 

Article 29 Working Party, Guidelines on the right to data portability, 16/EN WP 242 rev.01, last revised and adopted on 5 April 2017 ec.europa.eu/newsroom/document.cfm?doc_id=44099

 

Article 29 Working Party, Guidelines on Data Protection Officers (‘DPOs’), 16/EN WP 243 rev.01, last revised and adopted on 5 April 2017

ec.europa.eu/newsroom/document.cfm?doc_id=44100

 

Article 29 Working Party, Guidelines for identifying a controller or processor’s lead supervisory authority, 16/EN WP 244 rev.01, last revised and adopted on 5 April 2017

 ec.europa.eu/newsroom/document.cfm?doc_id=44102

 

Article 29 Working Party, Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC), 17/EN WP 247, adopted on 4 April 2017

ec.europa.eu/newsroom/document.cfm?doc_id=44103

 

Article 29 Working Party, Opinion 04/2016 on European Commission amendments proposals related to the powers of Data Protection Authorities in Standard Contractual Clauses and adequacy decisions, 3284/16/EN WP 241, adopted on 31 October 2016

ec.europa.eu/newsroom/document.cfm?doc_id=40820

processor’s lead supervisory authority, 16/EN WP 244 rev.01, last revised and adopted on 5 April 2017, Opinion 01/2017 on the Proposed Regulation for the ePrivacy Regulation (2002/58/EC), 17/EN WP 247,4 April 2017, Opinion 04/2016 on European Commission amendments proposals related to the powers of Data Protection Authorities in Standard Contractual Clauses and adequacy decisions, 3284/16/EN WP 241, 31 October 2016.

Article 29 Working Party, Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR), 442/16/EN WP 236, 2 February 2016

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2016/wp236_en.pdf

+ Work programme 2016 – 2018, 417/16/EN WP235, 2 February 2016

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2016/wp235_en.pdf

 

Article 29 Working Party, STATEMENT on the implementation of the judgement of the Court of Justice of the European Union of 6 October 2015 in the Maximilian Schrems v Data Protection Commissioner case (C-362-14), Brussels, 16 October 2015

https://www.cnil.fr/sites/default/files/typo/document/20151016_wp29_statement_on_schrems_judgement.pdf

 

Article 29 Working Party, Cookie sweep combined analysis – Report, 14/EN WP 229, 3 February 2015

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2015/wp229_en.pdf

 

Article 29 Working Party, Working Document on surveillance of electronic communications for intelligence and national security purposes, 14/EN WP 228, 5 December 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp228_en.pdf

 

Article 29 Working Party, Joint statement of the European Data Protection Authorities assembled in the Article 29 Working Party, 14/EN WP227, 26 November 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp227_en.pdf

 

Article 29 Working Party, Working Document Setting Forth a Co-Operation Procedure for Issuing Common Opinions on “Contractual clauses” Considered as compliant with the EC Model Clauses, 14/EN WP 226, 26 November 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp226_en.pdf

 

Article 29 Working Party, Guidelines on the implementation of the Court of Justice of the European Union judgment on “Google Spain and inc v. Agencia Española de Protección de Datos (AEPD) and Mario Costeja González” c-131/121, 14/EN WP 225, 26 November 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp225_en.pdf

Article 29 Working Party, Opinion 9/2014 on the application of Directive 2002/58/EC to device fingerprinting, 14/EN WP224, 25 November 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf

 

Article 29 Working Party, Opinion 8/2014 on the Recent Developments on the Internet of Things, 14/EN WP 223, 16 September 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp223_en.pdf

 

Article 29 Working Party, Opinion 05/2014 on “Anonymisation Techniques onto the web”, 0829/14/EN WP216, 10 April 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp216_en.pdf

 

Article 29 Working Party, Opinion 04/2014 on “Surveillance of electronic communications for intelligence and national security purposes”, 819/14/EN WP215, 10 April 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp215_en.pdf

 

Article 29 Working Party, Opinion 06/2014 on the “Notion of legitimate interests of the data controller under Article 7 of Directive 95/46/EC”, 844/14/EN WP217, 9 April 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp217_en.pdf

 

Article 29 Working Party, Opinion 03/2014 on “Personal Data Breach Notification”, 693/14/EN WP 213, 25 March 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp213_en.pdf

 

Article 29 Working Party, Working document 01/2014 on “Draft ad hoc contractual clauses “EU data processor to nonEU sub-processor”, 757/14/EN WP 214, 21 March 2014

http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp214_en.pdf

 

Article 29 Working Party, Opinion 02/2014 on a “Referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents”, 538/14/EN WP 212, 27 February 2014, http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp212_en.pdf

Article 29 Working Party, Opinion 01/2014 on the “Application of necessity and proportionality concepts and data protection within the law enforcement sector”, 536/14/EN WP 211, 27 February 2014 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp211_en.pdf

 

Article 29 Working Party, Working Document 02/2013 providing guidance on obtaining consent for cookies, 1676/13/EN WP208, 2 October 2013 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp208_en.pdf

 

Article 29 Working Party, Explanatory Document on the Processor Binding Corporate Rules, 00658/13/EN WP 204, 19 April 2013  http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp204_en.pdf

 

Documents from the European Union Agency for Fundamental Rights

 

European Union Agency for Fundamental Rights, Surveillance by intelligence services: fundamental rights safeguards and remedies in the EU, November 2015

http://fra.europa.eu/en/publication/2015/surveillance-intelligence-services

 

European Union Agency for Fundamental Rights, Council of Europe: Handbook on European data protection law, June 2014

http://www.echr.coe.int/Documents/Handbook_data_protection_ENG.pdf

 

European Union Agency for Fundamental Rights, Access to data protection remedies in EU Member States, January 2014

http://fra.europa.eu/en/publication/2014/access-data-protection-remedies-eu-member-states

 

Documents from the Phaedra project, Improving Practical and Helpful cooperation between Data Protection Authorities

 

Phaedra, Deliverable 2.2 – Legal reflections for further improving cooperation between data protection authorities, JUST/2012/FRAC/AG/2761, Brussels, May 2014

http://www.phaedra-project.eu/wp-content/uploads/PHAEDRADeliverable2.2_FINAL.pdf

 

Phaedra, Deliverable 1 – Coordination and co-operation between Data Protection Authorities,  JUST/2012/FRAC/AG/2761, April 2014

http://www.phaedra-project.eu/wp-content/uploads/PHAEDRA-D1-30-Dec-2014.pdf

 

Phaedra, Deliverable 2.1: A compass towards best elements for cooperation between data protection authorities, JUST/2012/FRAC/AG/2761, February 2014

http://www.phaedra-project.eu/wp-content/uploads/PHAEDRADeliverable2.1_FINAL.pdf

Documents from the Committee of Ministers of the Council of Europe

 

Committee of Ministers, Recommendation CM/Rec(2015)5 to member States on the processing of personal data in the context of employment, 1 April 2015 https://wcd.coe.int/ViewDoc.jsp?p=&Ref=CM/Rec(2015)5&Language=lanEnglish&Ver=original&Site=CM&BackColorInternet=DBDCF2&BackColorIntranet=FDC864&BackColorLogged=FDC864&direct=true

 

Committee of Ministers, Recommendation CM/Rec(2014)6 to member States on a guide to human rights for Internet users Explanatory Memorandum, April 2014

https://rm.coe.int/16804d5b31

 

Documents from the European Commission

 

European Commission, EU Data Protection Code of Conduct for Cloud Service Providers, D.G Connect and D.G. Justice, v. 1.7, May 2017,

https://eucoc.cloud/fileadmin/cloud-coc/files/European_Cloud_Code_of_Conduct.pdf

 

European Commission, Facilitating cross border data flow in the Digital Single Market, London Economics’ study, 2016 https://ec.europa.eu/digital-single-market/en/news/facilitating-cross-border-data-flow-digital-single-market

 

European Commission, Measuring the economic impact of cloud computing in Europe, Deloitte’s study, 2016 https://ec.europa.eu/digital-single-market/en/news/measuring-economic-impact-cloud-computing-europe

 

Documents from the Parliamentary Assembly

 

Parliamentary Assembly, Resolution 2045 (2015) on mass surveillance, 21 April 2015

http://semantic-pace.net/tools/pdf.aspx?doc=aHR0cDovL2Fzc2VtYmx5LmNvZS5pbnQvbncveG1sL1hSZWYvWDJILURXLWV4dHIuYXNwP2ZpbGVpZD0yMTY5MiZsYW5nPUVO&xsl=aHR0cDovL3NlbWFudGljcGFjZS5uZXQvWHNsdC9QZGYvWFJlZi1XRC1BVC1YTUwyUERGLnhzbA==&xsltparams=ZmlsZWlkPTIxNjky

 

Parliamentary Assembly, Recommendation 2067 (2015) on mass surveillance, 21 April 2015

http://semantic-pace.net/tools/pdf.aspx?doc=aHR0cDovL2Fzc2VtYmx5LmNvZS5pbnQvbncveG1sL1hSZWYvWDJILURXLWV4dHIuYXNwP2ZpbGVpZD0yMTY5NCZsYW5nPUVO&xsl=aHR0cDovL3NlbWFudGljcGFjZS5uZXQvWHNsdC9QZGYvWFJlZi1XRC1BVC1YTUwyUERGLnhzbA==&xsltparams=ZmlsZWlkPTIxNjk0

Documents from other Institutions

 

Civil liberties MEPs make case for data protection during Washington visit, 24 March 2015

http://www.europarl.europa.eu/document/activities/cont/201410/20141016ATT91322/20141016ATT91322EN.pdf

 

Committee on Legal Affairs and Human Rights, Report on mass surveillance, Doc. 13734, 18 March 2015 https://rm.coe.int/168048776e

 

Council of Europe, Issue Paper on the rule of law on the Internet and in the wider digital world, Commissioner for Human Rights, December 2014

https://wcd.coe.int/com.instranet.InstraServlet?command=com.instranet.CmdBlobGet&InstranetImage=2933488&SecMode=1&DocId=2262340&Usage=2

 

Information Commissioner’s Office (ICO-UK), Preparing for the General Data Protection Regulation-12 steps to take now, 14 March 2016

https://dpreformdotorgdotuk.files.wordpress.com/2016/03/preparing-for-the-gdpr-12-steps.pdf

 

Commission nationale de l'informatique et des libertés (CNIL), Privacy Impact Assessment (2015 Edition) Manual 1 + Manual 2

https://www.cnil.fr/sites/default/files/typo/document/CNIL-PIA-2-Tools.pdf

 

ICO, Conducting privacy impact assessments code of practice, February 2014

https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf