The European Data Protection Supervisor (EDPS) has adopted an opinion on the European Commission's Communication of 10 June 2009 entitled “An area of freedom, security and justice serving the citizen”. The Communication is the Commission's contribution to the discussions on the new EU programme for the next five years in the area of justice and home affairs, the so called Stockholm programme, which is due to be adopted by the European Council in December 2009.
The EDPS supports the attention that has been devoted in the Communication to the protection of fundamental rights, and in particular the protection of personal data, as one of the key issues of the future framework for EU action on the questions of citizenship, justice, security, asylum and immigration. He fully endorses the Commission's view that more emphasis should be given to data protection in the areas concerned, and calls for the European Council to follow the same approach when adopting the Stockholm multi-annual programme.
Peter Hustinx, EDPS, says: "I am pleased to see that the Commission's Communication promotes a right balance between the need for appropriate instruments to guarantee the security of the citizens and the protection of their fundamental rights. Serving the citizens requires a European Union that safeguards this balance. This is all the more important since the policies in this area have great impact in the citizens' daily life and private space. I therefore expect the Council to go along the same path in the adoption of the Stockholm programme."
Taking the need for protection of fundamental rights as main angle of the analysis, the EDPS opinion focuses on the following issues:
(*) Data should be collected for specified, explicit and legitimate purposes, and not further processed for purposes incompatible with those purposes (Article 6(1)(b) of Directive 95/46/EC). Exceptions to this principle are only allowed under strict safeguards (Article 13 of Directive 95/46/EC).
(**) Data protection requirements should be applied and integrated as early as possible in the life cycle of new technological developments and of information systems.
(***) The most advanced stage in the development of particular techniques that is practically suitable and effective for providing the basis for complying with the EU data protection framework.