The lobbying surrounding the current review of the EU data protection law by organisations both from Europe and elsewhere has been exceptional. Following the presentation of his Annual Report of activities for 2012 to the Committee on Civil Liberties, Justice and Home Affairs (LIBE) at the European Parliament today, the EDPS warned the EU legislator to guard against undue pressure from industry and third countries to lower the level of data protection that currently exists and instead seize the opportunity to ensure stronger and more effective protection to individuals across the EU.
The current legislation for data protection was adopted 18 years ago at a time when the internet barely existed. An update is long overdue and the EDPS is closely involved in the ongoing work on the reform. The review process has attracted enormous attention from industry alleging that data protection rules are a hindrance to innovation.
Peter Hustinx, EDPS, said: "The benefits for industry should not - and do not need to - be at the expense of our fundamental rights to privacy and data protection. The integration of data protection principles in technical innovation or in the transfer of our personal information to relevant bodies, in the interests of security for example, can add significant value, both in terms of efficiency and lower costs, if privacy is built into the design of processes from the outset."
Giovanni Buttarelli, Assistant Supervisor, added: "Data protection is entirely compatible with innovation and should not simply be ignored to make way for short term gains. Privacy principles mean that individuals should know and be able to control what their personal information will be used for and have the right to recourse if they are unfairly targeted or discriminated against."
In 2012, as outlined in our Annual Report, we made tangible progress in becoming more efficient and encouraging effective data protection in practice.
In our consultation work on new legislative measures proposed by the European Commission, we issued a record number of opinions on a range of subjects. This is a testimony to the growing relevance of data protection in all areas of EU policy. The pervasive use of information and communication technologies in virtually all fields of life and social activity means that our priorities for 2013, as laid out in our inventory, extend beyond the area of freedom, security and justice and the EU Digital Agenda and include the internal market and the health sector, to name but two.
Most prominent in 2012, however, was the Review of the EU legal framework for data protection, which will remain high on the EDPS agenda in 2013.
In our work in the supervision of EU institutions and bodies, we published policy papers offering guidance on specific issues, such as leave and flexitime, to EU institutions and bodies highlighting their accountability under the EU Data Protection Regulation. In addition, the online complaint form has helped to reduce the number of inadmissible complaints. The EDPS considers Data Protection Officers (DPOs) to be pivotal in ensuring compliance with the Data Protection Regulation. We therefore continued to support DPOs by organising workshops and trainings, and offering specific guidance as required. A dedicated section on the EDPS website was also created in 2012 to offer a special forum for DPOs.
Some EDPS key figures in 2012
Privacy and data protection are fundamental rights in the EU. Under the Data Protection Regulation (EC) No 45/2001, one of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS. If in the opinion of the EDPS, the notified processing may involve a breach of any provision of the Regulation, he shall make proposals to avoid such a breach.
EU Data Protection Reform package: on 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals: a general Regulation on data protection (directly applicable in all Member States) and a specific Directive (to be transposed into national laws) on data protection in the area of police and justice. In addition to his opinion of 7 March 2012 elaborating his position on both proposals, the EDPS sent further comments on 15 March 2013. The two proposals have been discussed extensively in the European Parliament and the Council and are due to be voted on by the LIBE committee in the near future.
Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, e-mail addresses and telephone numbers. Other details such as health data, data used for evaluation purposes and traffic data on the use of telephone, email or internet are also considered personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Privacy by design: to build privacy and data protection into the design and architecture of information and communication systems and technologies, in order to facilitate compliance with privacy and data protection principles.
DPO: Each institution or body is obliged to appoint a data protection officer. It is the DPO's duty to ensure in an independent manner the internal application of the Data Protection Regulation. This also involves other tasks such as ensuring that controllers and data subjects are informed of their rights and obligations, and cooperating with the EDPS at his request or at their own initiative. A list of data protection officers can be found on the EDPS website.
* Press release title refers to 'a smart, sustainable, inclusive Europe', one of the objectives of the EU2020 strategy.