EDPS Annual report 2007: enhanced data protection needs to be delivered in practice

Today, Peter Hustinx, Supervisor, and Joaquín Bayo Delgado, Assistant Supervisor, presented their fourth Annual Report to the press. The report runs through the main features of the EDPS activities in 2007, notably with regard to supervisory and consultative tasks. It also emphasises the impact of the Lisbon Treaty that provides for an enhanced protection of personal data. The EDPS believes that the new Treaty should be seen as an opportunity for the EU administration to demonstrate that effective protection of personal data is a basic value underlying EU policies.

Peter Hustinx, Supervisor, says: "The signing of the Lisbon Treaty is an important benchmark in the history of the European Union, but it should also be understood as a challenge. The fundamental safeguards that are highlighted in the Treaty have to be delivered in practice. This applies where EU institutions and bodies are processing personal data, but also where they develop rules and policies that may have an impact on the rights and freedoms of European citizens."

As regards the EDPS supervisory role, the report shows that there has been substantial progress in this field in 2007. The report highlights the following:

• a significant increase in the number of prior-checks relating to processing operations of personal data in EU institutions and bodies in a variety of fields, such as medical data, recruitment of staff and selection of candidates, staff evaluation, OLAF procedures, social services files and e-monitoring;
• the results of the "Spring 2007" exercise to measure compliance in all institutions and bodies. Although there is reason for some satisfaction, continued efforts are still needed on the part of the EU administration to reach full compliance with data protection requirements.

The EDPS also gave further effect to his advisory role on new EU legislative proposals having an impact on data protection with the publication of 12 legislative opinions. Special emphasis was put on:

• the need for a consistent and effective framework for data protection, both in the first and third pillars although, in the latter case, the results did not live up to expectations;
• the possible need in the future for a specific legal framework for data protection in the area of Radio Frequency Identification (RFID) technology;
• other policy issues such as the European passenger name record system, cross-border cooperation (Prüm Treaty), road transport, community statistics on health data and social security systems.