European Data Protection Supervisor
All EU staff are obliged to abide by their Staff Regulations, which outline the rules, principles and working conditions expected from them. But what happens if an EU staff member breaks these rules?
The ancient city of Marrakech was founded by the Almoravid dynasty at the beginning of the 11th century, as a centre for trade and craftsmanship. One century later, another mythical city, Timbuktu, was founded for similar reasons, in what is now known as the sub-Saharan state of Mali. As the location of the 38th International Privacy Conference, Marrakech aimed to set a precedent once again, this time through opening up the doors to privacy beyond the western world. The Conference took place from 17-20 October this year and the EDPS once again played an active part.
Despite its name, artificial intelligence (A.I.) is a reality and though much hyped, has woven its way into everyday life: navigation systems, spam filters, weather forecasts to name but a few. Such is the potential influence of A.I. that it can be found on the political agenda and both the White House and the House of Commons have published reports on the subject.
In October, the European Court of Justice ruled that, in many cases, the data collected by web servers, such as the IP addresses of users, is personal data. The decision underlined the need to put in place adequate safeguards to protect personal data when operating websites and other online services.
Yesterday, the 40th meeting between the EDPS and the DPOs from the EU institutions and bodies took place at the European Union Intellectual Property Office (EUIPO) in Alicante. I congratulate EUIPO for hosting a very successful meeting, I truly valued the opportunity to interact with our data protection partners and reinforce our collaboration.
Last week, in partnership with our co-hosts, the European Consumer Organisation, BEUC, we brought together high-level experts from across a spectrum of policy areas to talk about the future of our freedom and privacy online. It was a full house of regulators, legal counsel, technologists and non-government organisations, and a full day of intense debate ranging between subjects as diverse as merger control, indigestible privacy policies and encryption.
From the very beginning, data protection has been about the processing of personal data by means of technology. When the first data protection laws were adopted in the 1970s, computers were just starting to become standard tools in business and public administration. The Internet had just been invented and was only accessible to a few researchers and computer specialists
Let's imagine a six-year old child that has crossed the Mediterranean Sea in an inflatable boat, fleeing the horrors of war, and safely arriving on the coasts of the EU. It's hard to tell what will await her here. We don't know whether she will be allowed to stay, and if she stays where she will go or whether she will escape xenophobia. But one thing is certain. Irrespective of whether she will be allowed to stay or not, it seems that the child will have to give her fingerprints to be registered as an asylum seeker as soon as she arrives.
The new EU General Data Protection Regulation that was adopted earlier this year is a landmark in human rights law. Designed to grapple with the realities of global, ubiquitous data in the internet era, it should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.
Privacy and data protection matter more than ever to people. For this reason, the General Data Protection Regulation (GDPR) is one of the EU's greatest achievements in recent years since it seeks to ensure effective data protection in the digital age.