The International Working Group on Data Protection in Telecommunications (IWGDPT) was established in 1983 on the initiative of a number of national data protection authorities in the world. The secretariat has since then been provided by the data protection authority of Berlin (Berliner Datenschutz-beauftragter). Membership in the Group is not limited to national data protection authorities, but extends also to representatives from the private and NGO sectors.
Over the last years, the Group has focused on data protection and privacy related issues of information technology in the wide sense, with a special focus on Internet-related developments.
Best Available Techniques refer to the most effective and advanced stage in the development of activities and their methods of operation, which indicate the practical suitability of particular techniques for providing in principle the basis for complying with the EU data protection framework. They are designed to prevent or mitigate risks on privacy and security.
Council Directive 96/61/EC of 24 September 1996 concerning integrated pollution prevention and control provides for the following definitions, which could be applied by analogy:
- "techniques" shall include both the technology used and the way in which the system is designed, built, maintained, operated and replaced;
- "available" techniques shall mean those developed on a scale which allows implementation in the relevant sector, under economically and technically viable conditions, taking into consideration the costs and advantages, whether or not the techniques are used or produced inside the Member State in question, as long as they are reasonably accessible to the operator;
- "best" shall mean most effective in achieving a high general level of protection.
Binding corporate rules (BCRs) are a legal tool that can be used by multinational companies to ensure an adequate level of protection for the intra-group transfers of personal data from a country in the EU or the European Economic Area (EEA) to a third country.
The use of BCRs requires, in principle, the approval of each of the EU or EEA data protection authorities from whose country the data are to be transferred.
The Article 29 Working Party has adopted a number of documents to guide companies willing to use this tool:
- WP 107: Working Document Setting Forth a Co-Operation Procedure for Issuing Common Opinions on Adequate Safeguards Resulting From “Binding Corporate Rules” (pdf);
- WP 108: Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules (pdf);
- WP 133: Recommendation 1/2007 on the Standard Application for Approval of Binding Corporate Rules for the Transfer of Personal Data;
- WP 153: Working Document setting a table with the elements and principles to be found in Binding Corporate Rules (pdf);
- WP 154: Working Document Setting up a framework for the structure of Binding Corporate Rules (pdf);
- WP 155: Working Document on Frequently Asked Questions (FAQs) related to Binding Corporate Rules (pdf)
Biometrics or biometric systems are methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioural traits.
Such methods have already been used for a long time. However, the new element which triggers data protection considerations is that a machine can now automatically conduct these methods and possibly recognise humans with measurable accuracy.