European Data Protection Supervisor
Last week, in partnership with our co-hosts, the European Consumer Organisation, BEUC, we brought together high-level experts from across a spectrum of policy areas to talk about the future of our freedom and privacy online. It was a full house of regulators, legal counsel, technologists and non-government organisations, and a full day of intense debate ranging between subjects as diverse as merger control, indigestible privacy policies and encryption.
From the very beginning, data protection has been about the processing of personal data by means of technology. When the first data protection laws were adopted in the 1970s, computers were just starting to become standard tools in business and public administration. The Internet had just been invented and was only accessible to a few researchers and computer specialists
Let's imagine a six-year old child that has crossed the Mediterranean Sea in an inflatable boat, fleeing the horrors of war, and safely arriving on the coasts of the EU. It's hard to tell what will await her here. We don't know whether she will be allowed to stay, and if she stays where she will go or whether she will escape xenophobia. But one thing is certain. Irrespective of whether she will be allowed to stay or not, it seems that the child will have to give her fingerprints to be registered as an asylum seeker as soon as she arrives.
The new EU General Data Protection Regulation that was adopted earlier this year is a landmark in human rights law. Designed to grapple with the realities of global, ubiquitous data in the internet era, it should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.
Privacy and data protection matter more than ever to people. For this reason, the General Data Protection Regulation (GDPR) is one of the EU's greatest achievements in recent years since it seeks to ensure effective data protection in the digital age.
Privacy is dead they say.
But of course it isn’t. It is well and truly alive. Regardless of how much we share on social media, in reality we are still selective about what we do share. Even online, we find ways to secure, conceal or protect ourselves whether through ad blockers, security settings, the dark web or other ways. That is privacy.
Today and tomorrow Wojciech and I are attending the Annual Conference of European Data Protection Authorities, what insiders call the ‘Spring Conference’, which this year is hosted in Budapest by the Hungarian National Authority for Data Protection and Freedom of Information.
As you know, the General Data Protection Regulation was finally adopted two weeks ago after lengthy negotiations - a victory for the protection of fundamental rights in Europe. The Regulation requires public authorities - and, in some cases, private companies - to appoint a data protection officer, DPO. The DPO's job will be to watch over in an independent manner how data is stored, used and shared and to advise their organisation on data protection issues.
So a bit of history was made yesterday. The adoption by the European Parliament of the General Data Protection Regulation, following the decision by the Council last week, is quite simply a landmark in human rights law. It is the biggest attempt so far by a legislator to grapple with the realities of global, ubiquitous data in the internet era.
The General Data Protection Regulation (or GDPR) is going to raise the bar for data protection laws around the world. Like other data protection authorities, we were closely involved in the policy discussions, though not in the negotiations. Political agreement was reached in December 2015, and the text is expected to become law before the summer.