Papers

This background paper explores the requirement of respecting the ‘essence’ of the rights to respect for private life and of right to the protection of personal data whenever these rights are limited under European Union (EU) law.

The requirement is explicitly established in Article 52(1) of the Charter of Fundamental Rights of the EU, and currently also mentioned in EU secondary law. With the aim of facilitating further reflection and discussion on the requirement’s application notably when limitations of the right to personal data protection are at stake, the paper reviews current knowledge on the subject and illustrates the significant limitations of existing knowledge.

Taking stock of the relevant literature and case law, mainly of the Court of Justice of the EU and of the European Court of Human Rights (ECHR), it also identifies a few key issues deserving further analysis and discussion. The paper concludes by suggesting it can be useful to focus not on speculating about what would be the essence of the rights at stake, but rather on when must a limitation of a right be regarded as a breach of the essence requirement.

The EU has identified artificial intelligence (AI) as one of the most relevant technologies of the 21st century and highlighted 1 its importance on the strategy for EU’s digital transformation. Having a wide range of applications, AI can contribute in areas as disparate as helping in the treatment of chronic diseases, fighting climate change or anticipating cybersecurity threats.

The revelations made about the Pegasus spyware raised very serious questions about the possible impact of modern spyware tools on fundamental rights, and particularly on the rights to privacy and data protection. This paper aims to contribute to the ongoing assessment in the EU and globally of the unprecedented risks posed by this type of surveillance technology. It comes from the EDPS’ conviction that the use of Pegasus might lead to an unprecedented level of intrusiveness, which threatens the essence of the right to privacy, as the spyware is able to interfere with the most intimate aspects of our daily lives.

Technological developments in recent years have steadily increased the demand for quality data. In this context, both public and private entities are considering anonymization as a means to share data without harming the fundamental rights of individuals. However, along with its growing popularity, some misconceptions related to anonymization have become widespread. 

The objective of this document is to raise awareness about some misunderstandings about anonymisation, and to motivate its readers to check assertions about the technology, rather than accepting them without verification.