European Data Protection Supervisor
European Data Protection Supervisor

EDPS applauds strengthening of the right to data protection in Europe, but still regrets the lack of comprehensiveness

EDPS applauds strengthening of the right to data protection in Europe, but still regrets the lack of comprehensiveness

07/03/2012
7
Mar
2012

EDPS applauds strengthening of the right to data protection in Europe, but still regrets the lack of comprehensiveness

Today, the European Data Protection Supervisor (EDPS) adopted his Opinion on the proposed package for a reform of the EU rules on data protection. This package was adopted by the Commission on 25 January 2012 and includes a Regulation with general rules on data protection and a Directive with specific data protection rules for the law enforcement sector.

On the package, Peter Hustinx, EDPS, says: "The proposed Regulation constitutes a huge step forward for the right to data protection in Europe. However, we are unfortunately still far from a comprehensive set of data protection rules on national and EU level in all areas of EU policy. The proposals are disappointing in the law enforcement area, and they leave many existing EU data protection instruments untouched, such as the data protection rules for the EU institutions and bodies and also all the specific law enforcement instruments."

The EDPS welcomes the Regulation as an instrument directly applicable in the Member States, because it will do away with many complexities and inconsistencies stemming from the current national implementing laws. The rules will strengthen the rights of individuals and make controllers more accountable for how they handle personal data. Furthermore, the role and powers of national supervisory authorities (alone and together) are effectively reinforced.

However, the EDPS has concerns as regards, among other things:

  • the possibilities for restricting basic principles and rights;
  • the possible derogation for transferring data to third countries;
  • the excessive powers granted to the Commission in the mechanism designed to ensure consistency among supervisory authorities;
  • the new ground for exceptions to the purpose limitation principle.

With regard to the proposed Directive, the EDPS takes the view that in many aspects the Proposal does not meet the requirement of a consistent and high level of data protection.

Peter Hustinx, EDPS, says: "The proposed rules for data protection in the law enforcement area are unacceptably weak. In many instances there is no justification whatsoever for departing from the rules provided in the proposed Regulation. The law enforcement area requires some specific rules, but not a general lowering of the level of data protection."

The EDPS is concerned in particular with regard to:

  • the lack of legal certainty about the further use of personal data by law enforcement authorities;
  • the lack of a general duty for law enforcement authorities to demonstrate compliance with data protection requirements;
  • the weak conditions for transfers to third countries;
  • the unduly limited powers of supervisory authorities.

 

Background information

The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:

  • monitoring the EU administration's processing of personal data;
  • advising on policies and legislation that affect privacy;
  • cooperating with similar authorities to ensure consistent data protection.