The European Data Protection Supervisor (EDPS) has adopted an opinion on the European Commission's Communication of 10 June 2009 entitled “An area of freedom, security and justice serving the citizen”. The Communication is the Commission's contribution to the discussions on the new EU programme for the next five years in the area of justice and home affairs, the so called Stockholm programme, which is due to be adopted by the European Council in December 2009.
The EDPS supports the attention that has been devoted in the Communication to the protection of fundamental rights, and in particular the protection of personal data, as one of the key issues of the future framework for EU action on the questions of citizenship, justice, security, asylum and immigration. He fully endorses the Commission's view that more emphasis should be given to data protection in the areas concerned, and calls for the European Council to follow the same approach when adopting the Stockholm multi-annual programme.
Peter Hustinx, EDPS, says: "I am pleased to see that the Commission's Communication promotes a right balance between the need for appropriate instruments to guarantee the security of the citizens and the protection of their fundamental rights. Serving the citizens requires a European Union that safeguards this balance. This is all the more important since the policies in this area have great impact in the citizens' daily life and private space. I therefore expect the Council to go along the same path in the adoption of the Stockholm programme."
Taking the need for protection of fundamental rights as main angle of the analysis, the EDPS opinion focuses on the following issues:
- need for a comprehensive data protection scheme: the EDPS fully supports the call for a comprehensive data protection scheme covering all areas of EU competence, regardless of the entry into force of the Lisbon Treaty;
- data protection principles: the EDPS welcomes the intention of the Commission to reaffirm a number of basic principles of data protection. He emphasises the importance of the purpose limitation principle (*) as a cornerstone of data protection law. Focus should also be given to the possibilities for improving the effectiveness of the application of data protection principles, in particular through instruments than can reinforce the responsibilities of the data controllers;
- European information model: the EDPS notes the developments towards a European information model and an EU Information Management Strategy with great interest and underlines the attention that should be given in these projects to data protection elements, to be further elaborated in the Stockholm programme. The architecture for information exchange should be based on "privacy by design" (**) and "Best Available Techniques" (***).
(*) Data should be collected for specified, explicit and legitimate purposes, and not further processed for purposes incompatible with those purposes (Article 6(1)(b) of Directive 95/46/EC). Exceptions to this principle are only allowed under strict safeguards (Article 13 of Directive 95/46/EC).
(**) Data protection requirements should be applied and integrated as early as possible in the life cycle of new technological developments and of information systems.
(***) The most advanced stage in the development of particular techniques that is practically suitable and effective for providing the basis for complying with the EU data protection framework.