The EU as a beacon of respect for data protection and privacy
Europe needs to be at the forefront in shaping a global, digital standard for privacy and data protection which centres on the rights of the individual, said the new European Data Protection Supervisor (EDPS) today. Speaking on the occasion of Data Protection Day, Mr. Giovanni Buttarelli encouraged the European Union (EU) to lead by example as a beacon of respect for digital rights.
Giovanni Buttarelli, EDPS, said, "It is high time that we in Europe think about our response to rapid change and challenges, including threats to our security. That response will have ramifications for us and for the next generation that is growing up online today. We must not forget that we cannot have security without privacy so that we preserve the rights and freedoms that Europe holds dear. Our solutions for security must also treat individuals with dignity and respect - and not suspicion or surveillance. The goal for my mandate is for the EU to speak with one voice on data protection, a voice which is credible, informed and relevant."
A clear, modern, future-oriented set of rules remains key to solving Europe’s digital challenge. But the EU has been talking about the reform of the existing rules on data protection for over three years. Society and technology will not wait for Europe to agree on its approach. The ongoing legal uncertainty is damaging for citizens and businesses.
The reform will support the recovering but still fragile European economy by offering clarity and consistency, such as in the conditions for data transfers, processing personal information for law enforcement purposes. The EDPS' aim, at the express invitations of the EU legislator, is to help push through the reform quickly and adopt a rulebook robust enough to last two decades.
The EDPS will enforce and reinforce EU privacy and data protection standards both in practice and in law. The EDPS will actively promote a culture of data protection in the EU institutions and provide toolkits to policymakers for developing innovative legal and technical solutions.
Wojciech Wiewiórowski, Assistant EDPS, said, "The EU is at its best when it leads by example: when the actions of the EU are consistent with what Europe professes to be its values. The EU institutions themselves must be beyond reproach in how they handle personal information and in how they devise policies and laws which involve personal data."
With big data analytics and the internet of things, among others, personal information crosses borders and travels far and wide in the digital world. With a uniquely EU perspective, the EDPS is the natural facilitator for European and global cooperation on such issues. The EDPS will cultivate relations with international interlocutors to create a sustainable and coherent data protection culture to address the gaps in global digital needs. Data protection laws have jurisdictions but personal data does not. Data protection needs to go beyond the EU.
The values that the EU represents are under threat like never before. The aim of the EDPS over the next five years is to help the EU to become a beacon of respect for data protection and privacy. The EDPS is uniquely placed with its legal and technological expertise to assist the EU to find proportionate, practical and innovative solutions that also safeguard our rights. By doing so, the EU can continue to be an area of freedom, security and justice with the rights of individuals at its core.
Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU - as well as the duties of the EDPS - are set out in Regulation (EC) No 45/2001. One of the duties of the EDPS is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection. Furthermore, EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.
EU Data Protection Reform package: on 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals: a general Regulation on data protection (directly applicable in all Member States) and a specific Directive (to be transposed into national laws) on data protection in the area of police and justice. In addition to his Opinion of 7 March 2012 elaborating his position on both proposals, the EDPS sent further comments on 15 March 2013. The two proposals have been discussed extensively in the European Parliament and the Council. The EDPS has continued to have regular contact with the relevant services of the three main institutions throughout this process, either following our comments or Opinions to the European Commission or in discussions and negotiations in the European Parliament and Council.
Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.