Priorities for 2016: The EDPS as an advisor to the EU Institutions
As 2015 drew to a close, the European Data Protection Supervisor (EDPS) published his Priorities for the policy and consultation activities of the organisation for 2016.
Giovanni Buttarelli, EDPS, said: "In 2016, we will continue to work closely with the European Commission, the Council and the European Parliament in order to ensure that our advice is as timely and relevant as possible. By making our Priorities public, we hope to help the relevant Commission services to better identify those initiatives on which the EDPS recommends an informal consultation at an early stage, as per our long-standing agreement."
This work programme (a cover note and a colour-coded table) lists those European Commission proposals most likely to have implications for the fundamental rights to privacy and to the protection of personal data and for which the EDPS plans to issue a formal Opinion or Comments.
The areas of strategic importance that the EDPS will focus on are:
- Completion of the data protection framework, including the review of Regulation 45/2001 on data protection rules for EU institutions and bodies which governs the functioning, duties and powers of the EDPS;
- Adequate protection in international data transfers;
- Security and anti-terrorism measures;
- Digital Single Market initiatives.
Privacy and data protection are significant issues across the spectrum of EU policies. There is a need for early assessment and independent advice on how to include them in those policies.
The EDPS' work programme lists key actions that will maximise the impact of the EDPS' work on privacy and data protection at EU level. These priorities include legislative, policy-related, (such as communications) as well as draft international agreements.
Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS' three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.