Print

Necessity & Proportionality

Necessity is a fundamental principle when assessing the restriction of fundamental rights, such as the right to the protection of personal data. According to case-law, because of the role the processing of personal data entails for a series of fundamental rights, the limiting of the fundamental right to the protection of personal data must be strictly necessary.

Necessity shall be justified on the basis of objective evidence and is the first step before assessing the proportionality of the limitation.  Necessity is also fundamental when assessing the lawfulness of the processing of personal data. The processing operations, the categories of data processed and the duration the data are kept shall be necessary for the purpose of the processing.

 

Proportionality is a general principle of EU law. It restricts authorities in the exercise of their powers by requiring them to strike a balance between the means used and the intended aim. In the context of fundamental rights, such as the right to the protection of personal data, proportionality is key for any limitation on these rights.

More specifically, proportionality requires that advantages due to limiting the right are not outweighed by the disadvantages to exercise the right.  In other words, the limitation on the right must be justified. Safeguards accompanying a measure can support the justification of a measure.  A pre-condition is that the measure is adequate to achieve the envisaged objective. In addition, when assessing the processing of personal data, proportionality requires that only that personal data which is adequate and relevant for the purposes of the processing is collected and processed.

Filters

8
Mar
2024

EDPS decision on the investigation into the European Commission's use of Microsoft 365

On 8 March 2024, the EDPS adopted a decision following its investigation into the European Commission's use of Microsoft 365. In the decision, the EDPS focused on compliance with provisions of Regulation (EU) 2018/1725 related to purpose limitation and international transfers and unauthorised disclosures of personal data (see also press release).

Available languages: English
22
Jan
2024

Supervisory Opinion on the revised Guidelines on Investigation Procedure (GIPs) of the European Anti-Fraud Office (OLAF)

EDPS Supervisory Opinion on the revised Guidelines on Investigation Procedure (GIPs) of the European Anti-Fraud Office (OLAF) (case 2024-0003)

Available languages: English
9
Jan
2024

Supervisory Opinion relating to a consultation submitted by an Agency in relation to a request received from national intelligence and security services for the transmission of personal data

This Supervisory Opinion relates to a consultation submitted by an Agency in relation to a request received from national intelligence and security services for the transmission of personal data

Available languages: English
19
Apr
2021

Annual Report 2020

The year 2020 was unique for the world and, by extension, for the European Data Protection Supervisor (EDPS). Like many other organisations, the EDPS had to adapt its working methods as an employer, but also its work since the COVID-19 health crisis strengthened the call for the protection of individuals' privacy. 

This Annual Report provides an insight into all EDPS activities in 2020. 

HTML Version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF)
Available languages: English
Summary (PDF)
Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Irish, Croatian, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
31
Jul
2020

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office as regards setting out categories of operational personal data and categories of data subjects for the purpose of data processing in the index