(via www.iapp.org) By Jedidiah Bracy, CIPP/E, CIPP/US The Article 29 Working Party has elected Andrea Jelinek, head of Austria’s data protection authority, as its new chairwoman. Jelinek will replace the CNIL’s Isabelle Falque-Pierrotin as head of Europe’s collective group of data protection authorities, following her four years as chairwoman. 

The news was announced Wednesday during a WP29 press conferencelead by Falque-Pierrotin, together with Jelinek. “We had an election this morning,” Falque-Pierrotin said, “and our Austrian colleague has been elected. I’m very happy for that and will be passing all of these legacies and work to her. I’m sure she’ll make the most of it.” 

Though Jelinek kept her comments brief throughout the press conference, she thanked Falque-Pierrotin for all of her work during her tenure. In comments about working with the EU’s data protection authorities moving forward, Jelinek said, “We will try to work together in the sense you showed us. Thanks for all of your work.” 

Jelinek has been Austria’s DPA since January 2014, and Austria has a track record of being a proponent of strong data protection efforts. Austria and Germany were the first two countries in the EU to update their national data protection laws to align with the EU General Data Protection Regulation. 

In comments provided to The Privacy Advisor, Hogan Lovells Partner Eduardo Ustaran, CIPP/E, said, “The chair of the Working Party has increasingly become a position of great responsibility and influence for global privacy. Assuming that the outcome is repeated in the context of the European Data Protection Board, this position will be crucial for the success and effectiveness of the GDPR. Andrea Jelinek has a hard act to follow.” 

Though Jelinek will lead the efforts of the WP29 during the next few months, it’s not yet clear what will happen this May when the GDPR goes into effect and the WP29 becomes the EDPB, though it is assumed by some that Jelinek will be elected once again. 

Jelinek was tight-lipped about what her core message was during her campaign for WP29 chairwoman, but she did make a couple of references to the fundamental rights in EU law. “My colleagues have had the opportunity to get to know me during the past four years,” she said. “We’ve worked together closely.” She cited recitals one and four of the GDPR as guiding principles. “Our program is to be defenders for data protection and to raise awareness regarding [data protection as a fundamental right] and to support data subjects to fight for their rights.” 

European Data Protection Supervisor Giovanni Buttarelli congratulated the Jelinek in a series of tweets. 


Congratulations to Andrea Jelinek from AT DPA, elected new Chairwoman of @EU_WP29. We open a new Chapter in the network of EU DPAs and in the implementation.



View image on TwitterView image on Twitter

.@Buttarelli_G with Andrea Jelinek, Data Protection Commissioner of Austria and newly elected Chair of the at their first preparatory meeting in Brussels for the launch of the new EU body on 25 May 2018 in Brussels



Outgoing WP29 Chairwoman Isabelle Falque-Pierrotin has clearly left behind a robust legacy. The CNIL, France’s data protection authority where she serves as president, released a report Wednesday documenting her term and the WP29’s activities since she took over in 2014. It’s clear the WP29 did not sit idle in recent years. In less than five years, the WP29 held 20 plenary meetings, 165 subgroup meetings, offered 22 opinions, 12 GDPR guidelines were adopted, and six joint investigations took place. Perhaps most significantly, Falque-Pierrotin was at the helm as the GDPR was finalized and stakeholders ramped up efforts to interpret, operationalize, and implement GDPR-compliance efforts. 

“The Working Party has worked incredibly hard during the last four years,” Falque-Pierrotin said. “GDPR has been the key subject these last four years, and the Working Party has been very active in the preparation and implementation phases” of the GDPR. 

What remains to be seen is whether Jelinek will be elected once the EDPB goes into effect in May, though it is assumed the WP29 took this into consideration when it elected her. It’s also not yet clear if all of the EU member states will have passed national laws to align with the GDPR before the May deadline. The role of the U.K. Information Commissioner’s Office in the EDPB is also not clear, but Falque-Pierrotin said the ICO will be part of the EDPB until the U.K. officially leaves the EU. 

Top image of Austrian flag courtesy of Wikipedia