La nécessité est un principe fondamental lors de l’évaluation de la restriction des droits fondamentaux, tels que le droit à la protection des données à caractère personnel. Conformément à la jurisprudence, en raison du rôle qu’implique le traitement des données à caractère personnel pour une série de droits fondamentaux, la limitation du droit fondamental à la protection des données à caractère personnel doit être strictement nécessaire.
La proportionalité est un principe général du droit de l’Union. Elle limite les autorités dans l’exercice de leurs pouvoirs en exigeant d’elles qu’elles parviennent à un équilibre entre les moyens utilisés et l’objectif visé. Dans le cadre des droits fondamentaux, tels que le droit à la protection des données à caractère personnel, la proportionnalité est essentielle pour toute limitation de ces droits.
Plus spécifiquement, la proportionnalité exige que les avantages résultant de la limitation du droit ne soient pas dépassés par les inconvénients de l’exercice du droit. En d’autres termes, la limitation du droit doit être justifiée. Les garanties associées à une mesure peuvent étayer la justification d'une mesure. Une condition préalable est que la mesure soit adéquate pour atteindre l’objectif envisagé. En outre, lors de l’évaluation du traitement des données à caractère personnel, la proportionnalité exige que seules les données à caractère personnel qui sont adéquates et pertinentes aux fins du traitement soient collectées et traitées.
Avis sur les négociations en cours au sein de l’Union européenne pour un accord commercial anti-contrefaçon (ACAC)
The EDPS has adopted an opinion on current negotiations by the European Union of a multilateral Anti-Counterfeiting Trade Agreement (ACTA) aimed at strengthening the enforcement of intellectual property rights and to combat counterfeiting and piracy.
In the light of the information reported about ACTA, the EDPS has concerns about the potential incompatibility between envisaged measures and data protection requirements.
The EDPS makes a number of recommendations in view of providing guidance to the European Commission on the privacy and data protection related aspects that should be considered in the ACTA negotiations. He stresses in particular that:
the fight against piracy on the Internet should not include large scale monitoring of Internet users through the use of "three strikes Internet disconnection policies" or "graduated response" schemes;
other less intrusive means to fight piracy on the Internet must be investigated or, at least, envisaged policies should be performed at a more limited scope, notably through targeted ad hoc monitoring;
appropriate safeguards must be applied to all international data transfers in the context of ACTA, which should take the form of binding agreements between EU senders and third country recipients;
a public and transparent dialogue must be established on ACTA.
Avis sur différentes propositions législatives instituant certaines mesures restrictives spécifiques à l'encontre de la Somalie, du Zimbabwe, de la Corée du Nord et de la Guinée, JO C 73, 23.03.2010, p.1
Avis sur la proposition de règlement du Conseil concernant la coopération administrative et la lutte contre la fraude dans le domaine de la taxe sur la valeur ajoutée (refonte), JO C 66, 17.03.2010, p.1
Avis concernant le rapport final du Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations et la protection de la vie privée et des données à caractère personnel, JO C 128, 06.06.2009, p. 1
The opinion relates to the Final Report by the EU-US High Level Contact Group on information sharing and privacy and personal data protection, which was presented by the EU Presidency in June 2008. The Report defines common principles on privacy and data protection as a first step towards the exchange of information between the EU and the US to fight terrorism and serious transnational crime. It also identifies options for a possible instrument that would apply the agreed common principles to data transfers.
The EDPS welcomes the progress achieved by the EU and US authorities to ensure an effective regime for privacy and personal data protection in the exchange of law enforcement information. He however emphasises the need for a careful analysis of the considered ways forward and recommends the development of a road map towards a possible agreement. Such a road map would involve all stakeholders at the different stages of the procedure and contain guidance for the continuation of the work, a timeline, as well as a further elaboration of the data protection principles on the basis of a common understanding on essential issues, such as the scope and nature of an agreement.
The EDPS calls for clarification and concrete provisions regarding the main following aspects:
nature and scope of an instrument on information sharing: for the sake of legal certainty, the EDPS shares the report's preferred option for the adoption of a legally binding instrument. This general instrument would need to be combined with specific agreements on a case by case basis to reflect the many specificities of data processing in the field of security and justice. The scope of application should also be clearly circumscribed and provide for a clear and common definition of law enforcement purposes at stake;
redress mechanisms: as one of the most prominent outstanding issues of the report, the availability of adequate means for redress needs to be properly addressed. Strong redress mechanisms, including administrative and judicial remedies, should be available to all individuals, irrespective of their nationality;
measuresguaranteeing the effective exercise of individuals' rights: further work is needed not only with regard to redress and oversight mechanisms, but also concerning the transparency of data processing and the conditions of access and rectification to personal data.
The EDPS emphasizes that the conclusion of an agreement between the EU and the US should take place under the Lisbon Treaty - depending on its entry into force – to guarantee better legal certainty, full involvement of the European Parliament and judicial control of the European Court of Justice.