Article 29 Working Party press release
Letter to yahoo on the 2014 data breach and on the scanning of customer emails for intelligence purposes
The WP29 expressed its preoccupations with regards to the admitted 2014 data breach, whereby personal data related to at least 500 million Yahoo! Inc. users, including a great number of EU accounts, were stolen. Therefore, the WP29 requested the company to understand and communicate all aspects of the data breach to the WP29, to notify the concerned users of the adverse effects and to cooperate with all upcoming national data protection authority’s enquiries and/or investigations.
The WP29 was also concerned about the alleged scanning of Yahoo’s customer incoming emails for US intelligence purposes at the request of US intelligence agencies. Therefore, Yahoo was invited to provide information on the legal basis and the compatibility with EU law of any such activity.
WP29 enforcement subgroup
Due to the increasing number of incidences having cross-border effects and affecting European citizens, the WP29 decided, during the September plenary, to create an enforcement subgroup. The enforcement subgroup, a “talent pool” of national experts, will facilitate the exchange of views on enforcement strategies and actions on cross-border cases. The enforcement group will help the European data protection authorities to get prepared for the EU General Data Protection Regulation and therewith to a reinforced protection of European citizen’s data. The EU GDPR was adopted April 27th, 2016 and will take effect by May 2018.