EU Counter-Terrorism policy: EDPS calls for a systematic and consistent approach to avoid unnecessary restrictions to privacy

Today, the European Data Protection Supervisor (EDPS) issued an opinion on the European Commission's Communication on the EU Counter-Terrorism Policy which outlines the main achievements and future challenges and prepares the way for a broader Internal Security Strategy (*).The Communication is one of a number of documents in which the Commission outlines its future policies in this area. For example, on Monday the Commission issued another Communication on the EU Internal Security Strategy in Action.

The EDPS stresses the need to ensure consistency and clear relations between all the policies and initiatives in the area of home affairs and internal security. The Communication has strong links with earlier initiatives such as restrictive measures and asset freezing, data retention, biometrics, Passengers Name Records and the TFTP/SWIFT agreement on the exchange of financial data. The EDPS underlines that many of these measures have been taken as a fast response to terrorist incidents, without a thorough consideration of possible overlaps with existing instruments.  

The EDPS welcomes the attention given to fundamental rights and data protection in the Communication. He also agrees that a systematic approach in this area should be preferred to incident-driven policy-making, especially when incidents lead to the creation of new systems of data storage, collection and exchange without a proper assessment of existing alternatives.

Peter Hustinx, EDPS, says: "The right to the protection of personal data is a necessary ally to promote legal certainty, trust and cooperation in the fight against terrorism, as well as an essential legal condition for the development of new data collection systems. When considering new measures, unnecessary restrictions to citizens' privacy must be avoided. This should be done both by assessing possible overlaps with already existing instruments and by limiting the collection and exchange of personal data to what is really necessary for the purposes pursued".

The EDPS also recommends further concrete improvements in the area, such as:

• asset-freezing measures: a comprehensive and global approach to the use of restrictive measures towards specific countries and suspected terrorists should be proposed with a view to ensuring both the effectiveness of law enforcement action and respect for fundamental rights;
• international cooperation: the EDPS emphasises the need to ensure adequate safeguards when personal data are processed in the context of international cooperation, while promoting the development and implementation of data protection principles by third countries and international organisations;
• privacy by design: the EU legislator should make sure that data protection expertise is fed into the security research at a very early stage, so as to guide policy options and to ensure that privacy is embedded to the fullest possible extent in new security-oriented technologies.

In a broader perspective, the EDPS urges the Commission to present a proposal for the establishment of a data protection framework in the area of Common Foreign and Security Policy.

(*) Communication from 20 July 2010 from the Commission to the European Parliament and the Council on "The EU Counter-Terrorism Policy: main achievements and future challenges" (COM(2010)386 final)