EU Internal Security Strategy: "Security and privacy concerns should be equally taken serious" says EDPS

Dec

2010

EU Internal Security Strategy: "Security and privacy concerns should be equally taken serious" says EDPS

On 17 December 2010, the European Data Protection Supervisor (EDPS) issued an opinion on the Commission's communication on the EU's Internal Security Strategy which aims at targeting the most urgent security threats facing Europe, such as organised crime, terrorism, cybercrime, the management of EU external borders and civil disasters ^(*).

The opinion emphasizes that, in view of the potentially privacy intrusive nature of measures to be taken under the Strategy, a right balance needs to be ensured between the objective of ensuring citizens' safety and the effective protection of their privacy and personal data. The EDPS regrets that, although the communication refers to privacy and data protection as fundamental rights, the Commission does not explain how this will be ensured in practice.

The EDPS also emphasizes that, from a data protection perspective, the Internal Security Strategy presents obvious policy links with other EU strategies currently being developed at EU level, such as the Information Management Strategy and the review of the data protection legal framework. He therefore calls for a more comprehensive and integrated approach providing for explicit links and interactions between those different initiatives.

Peter Hustinx, EDPS, says: "Internal security is an area where there are clear risks of intrusions into the citizens' privacy. This is why security and privacy concerns should be equally taken serious. I am convinced that an effective Internal Security Strategy can not be put in place without the support of a solid data protection scheme complementing it. In other words: no zero sums of privacy and security, we need them both!"

As to the design and implementation of the strategy, the EDPS insists in particular on the following points:

data subjects' rights: the EDPS notes that the Communication does not specifically address the issue of the data subjects' rights which constitute a vital element of data protection. He calls on the Commission to look more carefully into the issue of better alignment of data subjects' rights at EU level in the context of the implementation of the Strategy;
"privacy by design": the EDPS stresses the importance of the concept of 'privacy by design' which is currently developed for both private and public sectors, and must also play an essential role in the context of EU internal security and in the area of police and justice;
privacy and data protection impact assessment: the EDPS recommends that in the implementation of future instruments an in-depth impact assessment on privacy and data protection is conducted, either as a separate assessment or as part of the general fundamental rights’ impact assessment carried out by the Commission.

The EDPS also recalls the need for a real assessment of all existing instruments to be used in the framework of the Strategy before proposing new ones.

(*) Communication from the Commission of 22 November 2010 to the European Parliament and the Council:
"The EU Internal Security Strategy in Action: Five steps towards a more secure Europe" COM(2010) 673 final

Available languages: German, English, French

Topics

General Data Protection Regulation

Privacy by Design

Security

EU Internal Security Strategy: "Security and privacy concerns should be equally taken serious" says EDPS

EU Internal Security Strategy: "Security and privacy concerns should be equally taken serious" says EDPS

20 Talks - Amandeep Singh Gill, UN Secretary General's Envoy on Technology

EDPS Annual Report: adaptability in a changing world

Register now for the European Data Protection Summit