European Data Protection Supervisor
European Data Protection Supervisor

A single set of rules for all: EU Data Protection Reform can support businesses and protect citizens

A single set of rules for all: EU Data Protection Reform can support businesses and protect citizens


A single set of rules for all: EU Data Protection Reform can support businesses and protect citizens

The reform of the EU rules on data protection will support the recovering but still fragile European economy, said the European Data Protection Supervisor following the presentation of his Annual Report of activities for 2013 to the Committee on Civil Liberties, Justice and Home Affairs (LIBE) at the European Parliament. The reformed rules should provide for clarity and consistency throughout Europe: the same rules will apply to all firms who do business in the EU, regardless of where they are based, and citizens will be more confident of how their personal information is treated.

Peter Hustinx, EDPS, said: "The European Parliament has voted resoundingly in favour of the reform package which will offer a uniform set of rules that will make it simpler - and more economical - for online and traditional businesses to follow. The onus is now on the Council to support the package, guaranteeing citizens the right to control what their personal information is used for and the right to recourse if they are unfairly targeted or discriminated against."

Giovanni Buttarelli, Assistant Supervisor, added: "The reformed EU rules on data protection should provide for clarity and consistency, such as in the conditions for data transfers, processing personal information for law enforcement purposes and conflicts in international law. The value of personal information has increased in line with the growth of the digital economy. The swift adoption of this package will go some way to restoring confidence in a digital environment that has been seriously undermined by various surveillance scandals."

In 2013, in the context of his consultation work advising on new legislative measures, the review of the EU legal framework for data protection continued to be at the top of the EDPS agenda and will remain a priority in 2014. The Digital Agenda and the privacy risks of new technologies were also significant features of 2013.

As outlined in his Annual Report for 2013, however, the implementation of the Stockholm programme in the area of freedom, security and justice and issues in the internal market, such as financial sector reform, and in public health and consumer affairs, also had an impact on data protection. The EDPS also increased his cooperation with other supervisory authorities, particularly with regard to large-scale IT systems.

In the supervision of EU institutions and bodies, when processing personal data, the EDPS interacted with more data protection officers in more institutions and bodies in 2013 than ever before. In addition, a number of EDPS surveys revealed that most EU institutions and bodies, including many agencies, have made good progress in complying with the data protection Regulation, although there are still some which should increase their efforts.

The main challenge for the EDPS in 2013 was that the organisation's activities continued to grow both in scale and scope while budget restraints due to the financial crisis were still in place. Nevertheless, as they reflect on the final year of their shared mandate, Peter Hustinx and Giovanni Buttarelli note that the EDPS has developed into a mature organisation, able to address the many challenges of a data protection authority in a highly dynamic environment.

Some EDPS key figures in 2013

  • C 91 prior-check Opinions adopted, 21 non-prior check Opinions
  • C 78 complaints received, 30 admissible
  • C 37 consultations received on administrative measures
  • C 8 on-the-spot inspections (including 2 fact finding visits) and 3 visits carried out
  • C 1 set of Guidelines published on processing of personal information in the area of procurement
  • C 20 legislative Opinions issued
  • C 13 sets of formal comments issued
  • C 33 sets of informal comments issued

Background information

Privacy and data protection are fundamental rights in the EU. Under the Data Protection Regulation (EC) No 45/2001, one of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS. If in the opinion of the EDPS, the notified processing may involve a breach of any provision of the Regulation, he shall make proposals to avoid such a breach.

EU Data Protection Reform package: on 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals: a general Regulation on data protection (directly applicable in all Member States) and a specific Directive (to be transposed into national laws) on data protection in the area of police and justice. In addition to his opinion of 7 March 2012, the EDPS sent further comments on 15 March 2013. The two proposals have been discussed extensively in the European Parliament (EP) and the Council. The EP voted on the package on 12 March 2014. The outcome of Council discussions will determine the next steps. For more information on the reform, we refer you to a dedicated section on the EDPS website.

Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, e-mail addresses and telephone numbers. Other details such as health data, data used for evaluation purposes and traffic data on the use of telephone, email or internet are also considered personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).