Print

A

Accountability

Principle intended to ensure that controllers are more generally in control and in the position to ensure and demonstrate compliance with data protection principles in practice. Accountability requires that controllers put in place internal mechanisms and control systems that ensure compliance and provide evidence – such as audit reports – to demonstrate compliance to external stakeholders, including supervisory authorities.

ACTA

The Anti-Counterfeiting Trade Agreement (ACTA) is a proposed multilateral trade agreement for establishing international standards on intellectual-property-rights enforcement throughout the participating countries. Its proponents describe it as a response "to the increase in global trade of counterfeit goods and pirated copyright-protected works." The scope of ACTA is broad, including counterfeit goods, generic medicines, and "piracy over the Internet".

In February 2010, the EDPS issued an opinion on the negotiations aimed at adopting the new agreement in which he warned against its potential incompatibility with the EU data protection regime.

Adequacy decision 

An “adequacy decision” is a decision adopted by the European Commission on the basis of Article 45 of the GDPR, which establishes that a third country (i.e. a country not bound by the GDPR) or international organisation ensures an adequate level of protection of personal data. Such a decision takes into account the country's domestic law, its supervisory authorities, and international commitments it has entered into.

The effect of such a decision is that personal data can flow from the EU Member States and the European Economic Area member countries to that third country, without any further requirements. The European Commission publishes a list of its adequacy decisions on its website.

Article 29 Working Party (predecessor of the EDPB)

The "Article 29 Working Party" is the short name of the Data Protection Working Party established by Article 29 of Directive 95/46/EC. It provided the European Commission with independent advice on data protection matters and helped in the development of a harmonised implementation of data protection rules in the EU Member States.

As of 25 May 2018 the Article 29 Working Party ceased to exist, and has been replaced by the European Data Protection Board (EDPB). The website of the EDPB can be consulted under the following address: https://edpb.europa.eu/

Article 93 Committee Procedure

Article 93 of the GDPR calls for the Commission to be assisted by a committee when adopting implementing measures. 

This is a committee within the meaning of Regulation EU No 182/2011. It is comprised of representatives from Member States and chaired by the Commission. By way of example, the Committee cooperates in the procedure for the adoption of Adequacy decisions

Automated individual decision

An “automated individual decision” is a decision which significantly affects a person and which is based solely on automated processing of personal data in order to evaluate this person. Such an evaluation may relate to different personal aspects, such as performance at work, creditworthiness, reliability, conduct, etc.

Article 22 of Regulation (EU) 2016/679 and Article 24 of Regulation (EU) 2018/1725 lay down the right for individuals to object to decisions about them and solely based on automated means, unless certain conditions are fulfilled or appropriate safeguards are put in place.