European Data Protection Supervisor
European Data Protection Supervisor

Necessity & Proportionality

Necessity & Proportionality

Necessity is a fundamental principle when assessing the restriction of fundamental rights, such as the right to the protection of personal data. According to case-law, because of the role the processing of personal data entails for a series of fundamental rights, the limiting of the fundamental right to the protection of personal data must be strictly necessary.

Necessity shall be justified on the basis of objective evidence and is the first step before assessing the proportionality of the limitation.  Necessity is also fundamental when assessing the lawfulness of the processing of personal data. The processing operations, the categories of data processed and the duration the data are kept shall be necessary for the purpose of the processing.

 

Proportionality is a general principle of EU law. It restricts authorities in the exercise of their powers by requiring them to strike a balance between the means used and the intended aim. In the context of fundamental rights, such as the right to the protection of personal data, proportionality is key for any limitation on these rights.

More specifically, proportionality requires that advantages due to limiting the right are not outweighed by the disadvantages to exercise the right.  In other words, the limitation on the right must be justified. Safeguards accompanying a measure can support the justification of a measure.  A pre-condition is that the measure is adequate to achieve the envisaged objective. In addition, when assessing the processing of personal data, proportionality requires that only that personal data which is adequate and relevant for the purposes of the processing is collected and processed.

Filters

Pages

31/07/2020
31
Jul
2020

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office as regards setting out categories of operational personal data and categories of data subjects for the purpose of data processing in the index

18/03/2020
18
Mar
2020

2019 Annual Report - a year of transition

2019 could be described as a year of transition, across Europe and the world.  With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.

This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.

HTML version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF):PDF icon
28/01/2020
28
Jan
2020

The EDPS quick-guide to necessity and proportionality

Processing of personal data - be it collection, storage, use or disclosure - constitutes a limitation on the right to the protection of personal data and must comply with EU law. This requires ensuring that it is both necessary and proportional.

The 8 steps outlined in "The EDPS quick-guide to necessity and proportionality" will help you assess the compatibility of measures impacting the  fundamental rights to privacy and to the protection of personal data with the EU Charter of Fundamental Rights.

19/12/2019
19
Dec
2019

EDPS publishes new Proportionality Guidelines aimed at making privacy-friendly policymaking easier

New European Data Protection Supervisor (EDPS) Guidelines on assessing proportionality aim to provide policymakers with practical tools to help assess the compliance of proposed EU measures that would impact the fundamental rights to privacy and the protection of personal data with the Charter of Fundamental Rights, the European Data Protection Supervisor said today, as he published the Guidelines.

19/12/2019
19
Dec
2019

Assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data.

These EDPS Guidelines explore in greater depth, and provide relevant examples of, issues relating to the impact on the fundamental rights to privacy and the protection of personal data, focusing on and complementing in particular Tool#28 of the Commission Better Regulation Toolbox and the Operational Guidance on taking account of Fundamental Rights in Commission Impact Assessments. The Guidelines also complement the EDPS Necessity Toolkit.

16/07/2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon
25/02/2019
25
Feb
2019

EDPS Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data

As the independent advisor to the EU institutions and bodies under Regulation (EU) 1725/2018 on all matters concerning processing of personal data, the European Data Protection Supervisor (hereinafter, ‘the EDPS’) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data (hereinafter, ‘the Guidelines’).

The Guidelines complement the EDPS Necessity Toolkit  and specify, having regard to the fundamental right to the protection of personal data enshrined under Article 8 of the Charter, the more wide-ranging guidance by the Commission and the Council to check compatibility of legislative measures with the Charter of Fundamental Rights of the European Union.

Through this exercise, the EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.

Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines, which you can find hereunder.

The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu

26/09/2018
26
Sep
2018

Updated notifications for staff appraisal and reclassification at CdT

Prior-checking Opinion regarding the updated notifications for staff appraisal and reclassification at CdT (EDPS cases 2016-0011 and 2016-0292)

10/08/2018
10
Aug
2018

Security of identity cards of Union citizens

EDPS Opinion on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

Tuesday, 20 June, 2017
20
Jun
2017

Newsletter (N°
52
)

In the June 2017 edition of the EDPS Newsletter we introduce you to our new-look Newsletter and cover the EDPS Opinion on ePrivacy, our continuing work on data ethics and the launch of our 2016 Annual Report, as well as many other EDPS activities.
12/04/2017
12
Apr
2017

Privacy-friendly policymaking made easier: EDPS issues the necessity toolkit

As part of our commitment to facilitating responsible and informed policymaking, the EDPS has published a necessity toolkit. The toolkit is designed to help policymakers identify the impact of new laws on the fundamental right to data protection and determine the cases in which the limitation of this right is truly necessary.

11/04/2017
11
Apr
2017

Necessity Toolkit

Necessity toolkit on assessing the necessity of measures that limit the fundamental right to the protection of personal data

21/02/2017
21
Feb
2017

Controls on cash entering or leaving the union

EDPS Comments on the Proposed Regulation on controls on cash entering or leaving the union

15/02/2017
15
Feb
2017

Ex-ante product quality audits - EUIPO

Prior checking Opinion concerning ex-ante product quality audits (Case 2016-0477)

12/12/2016
12
Dec
2016

Passenger ship safety regulatory framework

EDPS formal comments on the revision of passenger ship safety regulatory framework with regard to the registration of passengers and crew on board

21/09/2016
21
Sep
2016

Common European Asylum System

EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

21/09/2016
21
Sep
2016

EU Smart Borders Package

EDPS Opinion on the Second EU Smart Borders Package, Recommendations on the revised Proposal to establish an Entry/Exit System

16/06/2016
16
Jun
2016

Necessity

Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights

Pages