European Data Protection Supervisor
Let's imagine a six-year old child that has crossed the Mediterranean Sea in an inflatable boat, fleeing the horrors of war, and safely arriving on the coasts of the EU. It's hard to tell what will await her here. We don't know whether she will be allowed to stay, and if she stays where she will go or whether she will escape xenophobia. But one thing is certain. Irrespective of whether she will be allowed to stay or not, it seems that the child will have to give her fingerprints to be registered as an asylum seeker as soon as she arrives.
The new EU General Data Protection Regulation that was adopted earlier this year is a landmark in human rights law. Designed to grapple with the realities of global, ubiquitous data in the internet era, it should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.
Privacy and data protection matter more than ever to people. For this reason, the General Data Protection Regulation (GDPR) is one of the EU's greatest achievements in recent years since it seeks to ensure effective data protection in the digital age.
Privacy is dead they say.
But of course it isn’t. It is well and truly alive. Regardless of how much we share on social media, in reality we are still selective about what we do share. Even online, we find ways to secure, conceal or protect ourselves whether through ad blockers, security settings, the dark web or other ways. That is privacy.
Today and tomorrow Wojciech and I are attending the Annual Conference of European Data Protection Authorities, what insiders call the ‘Spring Conference’, which this year is hosted in Budapest by the Hungarian National Authority for Data Protection and Freedom of Information.
As you know, the General Data Protection Regulation was finally adopted two weeks ago after lengthy negotiations - a victory for the protection of fundamental rights in Europe. The Regulation requires public authorities - and, in some cases, private companies - to appoint a data protection officer, DPO. The DPO's job will be to watch over in an independent manner how data is stored, used and shared and to advise their organisation on data protection issues.
So a bit of history was made yesterday. The adoption by the European Parliament of the General Data Protection Regulation, following the decision by the Council last week, is quite simply a landmark in human rights law. It is the biggest attempt so far by a legislator to grapple with the realities of global, ubiquitous data in the internet era.
The General Data Protection Regulation (or GDPR) is going to raise the bar for data protection laws around the world. Like other data protection authorities, we were closely involved in the policy discussions, though not in the negotiations. Political agreement was reached in December 2015, and the text is expected to become law before the summer.