Having marked Europe day a few days earlier at EU Open Day in Brussels, I attended the 2022 edition of the International Organisations workshop, co-organised this year by the EDPS and the World Food Programme at their premises in Rome on 12-13 May.
I can still remember how the internet was once presented to me. A space where everyone could express themselves freely, find and share information, a global force for democracy. But the dream of that great agora was never fully realised.
What was once the promise of a free and open environment was gradually replaced by walled gardens. The place for human flourishing became a space of advertising-driven business models and continuous surveillance. Digital services designed to maximise engagement, to track, to target.
Each year on 28 January, we celebrate Data Protection Day. It is a chance for all of us to reflect on what this day represents, on how far we have come in the field of data protection, on the challenges that lie ahead for data protection in Europe’s digital future.
The increased digitalisation of our societies has made individuals realise over the years that data protection concerns all of us. Individuals have become more aware of the different ways and circumstances in which their personal data may be processed.
The first rule in data protection is: if you do not need personal data, do not collect personal data.
I believe that the second rule in data protection is: if you really need personal data, then start by pseudonymising this personal data.
Pseudonymisation is a foundational technique to mitigate data protection risks. The EU’s personal data protection legislation defines pseudonymisation as the processing of personal data in such a way that this data can no longer be attributed to a specific individual, without the use of additional information.
Today, on what should have been the 50th EDPS-DPO meeting with the 69 data protection officers (DPO) of the EU institutions, bodies and agencies (EUIs), we decided to hold a second 49th EDPS-DPO meeting online, which focused on data protection and COVID-19 in the EUIs.
While we were very much looking forward to mark the 50th anniversary of this strong cooperation between our institution and the network of DPOs in person, the current circumstances do not allow us to do so. Nevertheless, we hope that such celebrations can be organised in 2022.
As part of our wider tasks aimed at technology monitoring, the European Data Protection Supervisor (EDPS) regularly publishes his TechDispatch reports with a view to explaining emerging developments in technology.
It is undeniable that - amongst a number of difficulties – the COVID-19 pandemic will leave us with many lessons learned. Above all, we have certainly learned that the world changes and will continue to change, sometimes quite unexpectedly. We have also realised that there is room for manoeuver whereby we can understand the changes, anticipate them, and direct them towards a more sustainable future.
It has become a tradition for the EDPS and EDPB trainees to organise a data protection conference at the end of their traineeship which summarises their experience at both institutions. The trainees are free to choose their own format, topic and speakers; in doing so, it is their chance to lead their own discussions on data protection.
IPEN workshops bring together privacy experts and engineers from public authorities, industry, academia and civil society to discuss relevant challenges and developments for the technological implementation of data protection and privacy in real life.