Blog

The first rule in data protection is: if you do not need personal data, do not collect personal data.

I believe that the second rule in data protection is: if you really need personal data, then start by pseudonymising this personal data.

Pseudonymisation is a foundational technique to mitigate data protection risks. The EU’s personal data protection legislation defines pseudonymisation as the processing of personal data in such a way that this data can no longer be attributed to a specific individual, without the use of additional information.

Today, on what should have been the 50th EDPS-DPO meeting with the 69 data protection officers (DPO) of the EU institutions, bodies and agencies (EUIs), we decided to hold a second 49th EDPS-DPO meeting online, which focused on data protection and COVID-19 in the EUIs.

While we were very much looking forward to mark the 50th anniversary of this strong cooperation between our institution and the network of DPOs in person, the current circumstances do not allow us to do so. Nevertheless, we hope that such celebrations can be organised in 2022.

As part of our wider tasks aimed at technology monitoring, the European Data Protection Supervisor (EDPS) regularly publishes his TechDispatch reports with a view to explaining emerging developments in technology.

It is undeniable that - amongst a number of difficulties – the COVID-19 pandemic will leave us with many lessons learned. Above all, we have certainly learned that the world changes and will continue to change, sometimes quite unexpectedly. We have also realised that there is room for manoeuver whereby we can understand the changes, anticipate them, and direct them towards a more sustainable future.

It has become a tradition for the EDPS and EDPB trainees to organise a data protection conference at the end of their traineeship which summarises their experience at both institutions. The trainees are free to choose their own format, topic and speakers; in doing so, it is their chance to lead their own discussions on data protection.

IPEN workshops bring together privacy experts and engineers from public authorities, industry, academia and civil society to discuss relevant challenges and developments for the technological implementation of data protection and privacy in real life.

The 49th meeting of the EDPS and the European institutions, bodies and agencies’ network of data protection officers (DPO) took place on 4 June 2021.

I am proud that we managed to organise, with the precious help of a number of DPOs from a support group, two rounds of online workshops on different topics of interest for our DPO colleagues. With these online workshops, we try to recreate the interactive and dynamic environment akin to our traditional in-person meetings pre-COVID-19.

Three years ago today, the most fundamental piece of legislation for data protection in the European Union, the General Data Protection Regulation (GDPR), entered into application. Today, we take a moment to reflect on what the last three years have had to offer.

The outbreak of the COVID-19 pandemic has drastically changed the priorities of various actors around the world, both public and private. The health crisis has accelerated the pace of digital transformation and has triggered public debate on the legal measures and technical solutions adopted in response to the pandemic.

The debate has not been limited to traditional data protection and privacy concerns. More fundamental questions have emerged, concerning the rule of law, the legitimacy of ‘emergency measures’ and their practical effects on citizen’s everyday lives.

With their creativity, sense of innovation, teamwork and drive, the EDPS and EDPB trainees produced a podcast entitled “Democratic Societies in the Digital Age”, a three-part series in which they invited experts from wide-ranging professional backgrounds to cover a number of pertinent subjects related to data protection.  

This blogpost, written by EDPS and EDPB trainees, summarises what they have learned from these insightful discussions.