The Article 29 Working Party is an independent advisory body on data protection and privacy, which was launched with the predecessor of the GDPR, the Data Protection Directive or Directive 95/46/EC.
The reason why we talk so much about the WP29 is because it has done a lot of work in publishing GDPR guidelines on myriad topics, although it has far more tasks. These guidelines are in first instance meant to ensure a good implementation and enforcement of the GDPR by the regulatory authorities or DPAs.
Although often followed they do not change the GDPR: they provide more details, offer examples and tell how to interpret things. The real binding interpretations in case of doubts is a matter of jurisprudence once the first GDPR cases come to court, as tends to be the case with all legal frameworks.
Still, it is essential to study the WP29 guidelines. Several have been published in the last 3 months of 2017. When looking at GDPR and explicit consent in a recent text, for instance, we pointed to the overall GDPR consent guidelines the WP29 published in December 2017.
In other words (there are more WP29) guidelines: a whole body of work across several GDPR-related topics as the WP29 is also ‘becoming’ the EDPB. One of the many tasks of the European Data Protection Board is to examine (on its own initiative or upon request) questions concerning the application of the GDPR. And that’s where those guidelines come in as the EDPB, within this context, also issues guidelines, recommendations and best practices for a consistent application of the GDPR (and later the ePrivacy Regulation) as is stipulated in Article 70 of the GDPR.
The European Data Protection Board shall act independently when performing its tasks or exercising its powers (GDPR).