Print

Opinions

globe

Our Opinions relate primarily to proposals for legislation and are addressed to the EU legislator (the European Parliament, the Council and the European Commission), with the aim of flagging main data protection concerns together with our recommendations.

These Opinions are issued in response to requests by the Commission, which is legally obliged to seek our guidance on any legislative proposal, or draft implementing or delegated acts, as well as recommendations and proposals to the Council in the context of international agreements according to Article 42(1) of Regulation (EU) 2018/1725 where there is an impact on the protection of personal data. We also issue own-initiative opinions as part of our role as advisor on all matters relating to the processing of personal data.

Filters

7
Dec
2009

Agency for large-scale IT systems

Opinion on the proposal for a Regulation establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, and on the proposal for a Council Decision conferring upon the Agency tasks regarding the operational management of SIS II and VIS in application of Title VI of the EU Treaty, OJ C 70, 19.03.2010, p.13

30
Oct
2009

Combating fraud in the field of value added tax

Opinion on the proposal for a Council Regulation on administrative cooperation and combating fraud in the field of value added tax (recast), OJ C 66, 17.03.2010, p.1

Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
7
Oct
2009

Law enforcement access to EURODAC

Opinion on the proposals regarding law enforcement access to EURODAC

Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
28
Jul
2009

Restrictive measures in respect of Al Qaida and the Taliban

Opinion on the proposal for a Council Regulation amending Regulation (EC) No 881/2002 imposing certain specific restrictive measures directed against certain persons and entities associated with Usama bin Laden, the Al-Qaida network and the Taliban, OJ C 276, 17.11.2009, p. 1

Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
22
Jul
2009

Intelligent Transport Systems

Opinion on the Communication from the Commission on an Action Plan for the Deployment of Intelligent Transport Systems in Europe and the accompanying Proposal for a Directive of the European Parliament and of the Council laying down the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other transport modes, OJ C 47, 25.02.2010, p. 6

The EDPS has adopted an opinion on the European Commission's proposed deployment plan for intelligent transport systems (ITS) in Europe that was adopted in December 2008 to accelerate and coordinate their deployment in road transport and their connection with other modes of transport. The deployment of ITS  has considerable privacy implications, for instance because these systems make it possible to track a vehicle and to collect a wide variety of data relating to European road users' driving habits.

The EDPS notes that data protection has been taken into consideration in the proposed legal framework and that it is also put forward as a general condition for the proper deployment of ITS. He however underlines that the Commission's proposal is too broad and too general to adequately address the privacy and data protection concerns raised by ITS deployment in the Member States. In particular, it is not clear when the performance of ITS services will lead to the collection and processing of personal data, what are the purposes and modalities for which data processing may take place, or who will be responsible for compliance with data protection obligations.

The EDPS opinion includes the following main recommendations:

  • clarification of responsibilities: it is crucial to clarify the roles of the different actors involved in ITS in order to identify who will bear the responsibility of ensuring that systems work properly from a data protection perspective (who is the data controller?);
  • safeguards for the use of location technologies: appropriate safeguards should be implemented by data controllers providing ITS services so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose, and ensuring  that location data are not disclosed to unauthorized recipients;
  • "privacy by design" approach: the EDPS recommends to consider privacy and data protection from an early stage of the design of ITS to define the architecture, operation and management of the systems. Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems.

Background information
ITS apply information and communication technologies (satellite, computer, telephone, etc.) to transport infrastructure and vehicles with the intention to make transport safer and cleaner and to reduce traffic congestion. ITS applications and services are based on the collection, processing and exchange of a wide variety of data, both from public and private sources, including information on traffic and accidents but also personal data, such as the driving habits and journey patterns of citizens. Their deployment will also rely to a large extent on the use of geolocalisation technologies, such as satellite-positioning and RFID tags. As such, ITS constitute a "data-intensive area" and raise a number of privacy and data protection issues that should be carefully addressed in order to ensure the workability of ITS across Europe.