On 14 January 2011, the European Data Protection Supervisor (EDPS) issued an opinion on the Commission's Communication on the review of the EU legal framework for data protection (*). The Communication is an essential landmark on the way towards a new legal framework that will represent the most important development in the area of EU data protection since the adoption of the EU Data Protection Directive 16 years ago.
The EDPS welcomes the Commission's intention to reform the legal framework, as he is convinced that the current legislative arrangements for data protection will not provide for sufficient effective protection in the longer term in a further developing information society and globalised world. He shares the Commission's view that in the future a strong system of data protection is absolutely necessary, based on the notion that the existing general principles of privacy and data protection still remain valid (**). The perspective of a future without effective privacy and data protection can not be accepted.
The opinion sets out the EDPS vision for the future framework and proposes a set of recommendations. The EDPS supports the main issues and challenges identified by the Commission, but asks for more ambitious solutions to make the system more effective and give citizens better control over their personal data.
Peter Hustinx, EDPS, says: "In an information society where huge amounts of personal information are constantly being processed, citizens need and expect to stay in control of their personal data. If we want to strengthen citizens' rights over their personal data, we need to ensure that individuals remain in control and that data controllers pro-actively include data protection in their business processes. There is also a crucial need for a comprehensive framework that includes the area of police and justice."
In the EDPS' view, the major driving forces of the review process should be as follows:
(*) Communication from the Commission of 4 November 2010, on "A comprehensive approach on personal data protection in the European Union (COM(2010) 609 final)
(**) These principles are laid down in Council of Europe Convention 108 and Article 8 of the Charter of the Fundamental rights of the Union.
(***) The right to be forgotten refers to the right to have one's data deleted or not further disseminated after a fixed period of time. Data portability is the ability to shift data from one place to another and not be tied to a particular system.