Print

Necessity & Proportionality

Necessity is a fundamental principle when assessing the restriction of fundamental rights, such as the right to the protection of personal data. According to case-law, because of the role the processing of personal data entails for a series of fundamental rights, the limiting of the fundamental right to the protection of personal data must be strictly necessary.

Necessity shall be justified on the basis of objective evidence and is the first step before assessing the proportionality of the limitation.  Necessity is also fundamental when assessing the lawfulness of the processing of personal data. The processing operations, the categories of data processed and the duration the data are kept shall be necessary for the purpose of the processing.

 

Proportionality is a general principle of EU law. It restricts authorities in the exercise of their powers by requiring them to strike a balance between the means used and the intended aim. In the context of fundamental rights, such as the right to the protection of personal data, proportionality is key for any limitation on these rights.

More specifically, proportionality requires that advantages due to limiting the right are not outweighed by the disadvantages to exercise the right.  In other words, the limitation on the right must be justified. Safeguards accompanying a measure can support the justification of a measure.  A pre-condition is that the measure is adequate to achieve the envisaged objective. In addition, when assessing the processing of personal data, proportionality requires that only that personal data which is adequate and relevant for the purposes of the processing is collected and processed.

Filters

19
Apr
2021

Annual Report 2020

The year 2020 was unique for the world and, by extension, for the European Data Protection Supervisor (EDPS). Like many other organisations, the EDPS had to adapt its working methods as an employer, but also its work since the COVID-19 health crisis strengthened the call for the protection of individuals' privacy. 

This Annual Report provides an insight into all EDPS activities in 2020. 

The Executive Summary of the EDPS Annual Report 2020 will be made available in all official languages of the EU in due course. 

Full text of Annual Report (PDF)
Available languages: English
Summary (PDF)
Available languages: English
31
Jul
2020

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017

EDPS formal comments on the draft Commission Delegated Regulation amending Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office as regards setting out categories of operational personal data and categories of data subjects for the purpose of data processing in the index

18
Mar
2020

2019 Annual Report - a year of transition

2019 could be described as a year of transition, across Europe and the world.  With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.

This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.

HTML version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF):
Available languages: English
Summary (PDF):
Available languages: Bulgarian, Czech, Danish, German, Estonian, Greek, English, Spanish, French, Irish, Croatian, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
28
Jan
2020

The EDPS quick-guide to necessity and proportionality

Processing of personal data - be it collection, storage, use or disclosure - constitutes a limitation on the right to the protection of personal data and must comply with EU law. This requires ensuring that it is both necessary and proportional.

The 8 steps outlined in "The EDPS quick-guide to necessity and proportionality" will help you assess the compatibility of measures impacting the  fundamental rights to privacy and to the protection of personal data with the EU Charter of Fundamental Rights.

Available languages: English
19
Dec
2019

Assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data.

These EDPS Guidelines explore in greater depth, and provide relevant examples of, issues relating to the impact on the fundamental rights to privacy and the protection of personal data, focusing on and complementing in particular Tool#28 of the Commission Better Regulation Toolbox and the Operational Guidance on taking account of Fundamental Rights in Commission Impact Assessments. The Guidelines also complement the EDPS Necessity Toolkit.

Available languages: German, English, French