Today, the European Data Protection Supervisor (EDPS) adopted his Opinion on the proposed package for a reform of the EU rules on data protection. This package was adopted by the Commission on 25 January 2012 and includes a Regulation with general rules on data protection and a Directive with specific data protection rules for the law enforcement sector.
On the package, Peter Hustinx, EDPS, says: "The proposed Regulation constitutes a huge step forward for the right to data protection in Europe. However, we are unfortunately still far from a comprehensive set of data protection rules on national and EU level in all areas of EU policy. The proposals are disappointing in the law enforcement area, and they leave many existing EU data protection instruments untouched, such as the data protection rules for the EU institutions and bodies and also all the specific law enforcement instruments."
The EDPS welcomes the Regulation as an instrument directly applicable in the Member States, because it will do away with many complexities and inconsistencies stemming from the current national implementing laws. The rules will strengthen the rights of individuals and make controllers more accountable for how they handle personal data. Furthermore, the role and powers of national supervisory authorities (alone and together) are effectively reinforced.
However, the EDPS has concerns as regards, among other things:
With regard to the proposed Directive, the EDPS takes the view that in many aspects the Proposal does not meet the requirement of a consistent and high level of data protection.
Peter Hustinx, EDPS, says: "The proposed rules for data protection in the law enforcement area are unacceptably weak. In many instances there is no justification whatsoever for departing from the rules provided in the proposed Regulation. The law enforcement area requires some specific rules, but not a general lowering of the level of data protection."
The EDPS is concerned in particular with regard to:
The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by: