European Data Protection Supervisor
European Data Protection Supervisor

Necessity & Proportionality

Necessity & Proportionality

Necessity is a fundamental principle when assessing the restriction of fundamental rights, such as the right to the protection of personal data. According to case-law, because of the role the processing of personal data entails for a series of fundamental rights, the limiting of the fundamental right to the protection of personal data must be strictly necessary.

Necessity shall be justified on the basis of objective evidence and is the first step before assessing the proportionality of the limitation.  Necessity is also fundamental when assessing the lawfulness of the processing of personal data. The processing operations, the categories of data processed and the duration the data are kept shall be necessary for the purpose of the processing.

 

Proportionality is a general principle of EU law. It restricts authorities in the exercise of their powers by requiring them to strike a balance between the means used and the intended aim. In the context of fundamental rights, such as the right to the protection of personal data, proportionality is key for any limitation on these rights.

More specifically, proportionality requires that advantages due to limiting the right are not outweighed by the disadvantages to exercise the right.  In other words, the limitation on the right must be justified. Safeguards accompanying a measure can support the justification of a measure.  A pre-condition is that the measure is adequate to achieve the envisaged objective. In addition, when assessing the processing of personal data, proportionality requires that only that personal data which is adequate and relevant for the purposes of the processing is collected and processed.

Filters

Pages

16/07/2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon
25/02/2019
25
Feb
2019

EDPS Guidelines on assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data

As the independent advisor to the EU institutions and bodies under Regulation (EU) 1725/2018 on all matters concerning processing of personal data, the European Data Protection Supervisor (hereinafter, ‘the EDPS’) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data (hereinafter, ‘the Guidelines’).

26/09/2018
26
Sep
2018

Updated notifications for staff appraisal and reclassification at CdT

Prior-checking Opinion regarding the updated notifications for staff appraisal and reclassification at CdT (EDPS cases 2016-0011 and 2016-0292)

10/08/2018
10
Aug
2018

Security of identity cards of Union citizens

EDPS Opinion on the Proposal for a Regulation strengthening the security of identity cards of Union citizens and other documents

Tuesday, 20 June, 2017
20
Jun
2017

Newsletter (N°
52
)

In the June 2017 edition of the EDPS Newsletter we introduce you to our new-look Newsletter and cover the EDPS Opinion on ePrivacy, our continuing work on data ethics and the launch of our 2016 Annual Report, as well as many other EDPS activities.
12/04/2017
12
Apr
2017

Privacy-friendly policymaking made easier: EDPS issues the necessity toolkit

As part of our commitment to facilitating responsible and informed policymaking, the EDPS has published a necessity toolkit. The toolkit is designed to help policymakers identify the impact of new laws on the fundamental right to data protection and determine the cases in which the limitation of this right is truly necessary.

11/04/2017
11
Apr
2017

Necessity Toolkit

Necessity toolkit on assessing the necessity of measures that limit the fundamental right to the protection of personal data

21/02/2017
21
Feb
2017

Controls on cash entering or leaving the union

EDPS Comments on the Proposed Regulation on controls on cash entering or leaving the union

15/02/2017
15
Feb
2017

Ex-ante product quality audits - EUIPO

Prior checking Opinion concerning ex-ante product quality audits (Case 2016-0477)

12/12/2016
12
Dec
2016

Passenger ship safety regulatory framework

EDPS formal comments on the revision of passenger ship safety regulatory framework with regard to the registration of passengers and crew on board

21/09/2016
21
Sep
2016

Common European Asylum System

EDPS Opinion on the First reform package on the Common European Asylum System (Eurodac, EASO and Dublin regulations)

21/09/2016
21
Sep
2016

EU Smart Borders Package

EDPS Opinion on the Second EU Smart Borders Package, Recommendations on the revised Proposal to establish an Entry/Exit System

16/06/2016
16
Jun
2016

Necessity

Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights

24/09/2015
24
Sep
2015

Passenger Name Record

Second Opinion on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime

03/07/2015
3
Jul
2015

Risk Analysis - Frontex

Opinion on a notification for prior checking received from the Data Protection Officer of Frontex concerning the Processing of Personal Data for Risk Analysis (PeDRA) (Case 2015-0346)

Update of the notification for prior checking opinion received from the Data Protection Office of Frontex PDF icon
23/07/2014
23
Jul
2014

Single-member private limited liability companies

Opinion on the Commission Proposal for a Directive of the European Parliament and of the Council on single-member private limited liability companies

22/07/2014
22
Jul
2014

Early Warning System (EWS) - REA

Opinion on a notification for Prior Checking received from the Data Protection Officer of the Research Executive Agency regarding the processing operation on personal data concerning the "Early Warning System (EWS) at the Research Executive Agency" (Case 2012-0981)

17/04/2014
17
Apr
2014

European Terrorist Finance Tracking System (TFTS)

EDPS comments on the Communication from the Commission to the European Parliament and the Council on a European Terrorist Finance Tracking System (TFTS) and on the Commission Staff Working Document - Impact Assessment accompanying the Communication from the Commission to the European Parliament and the Council on a European Terrorist Finance Tracking System (TFTS)

Pages