European Data Protection Supervisor
European Data Protection Supervisor

EU Data Protection Reform: the EDPS meets international civil liberties groups

EU Data Protection Reform: the EDPS meets international civil liberties groups


EU Data Protection Reform: the EDPS meets international civil liberties groups

On Wednesday 27 May 2015, the European Data Protection Supervisor (EDPS) and international citizens groups discussed the ongoing reform of EU data protection rules. As the EDPS prepares a fresh contribution to assist the EU co-legislator in their trilogue meetings on the reform, the meeting was a valuable occasion to better understand the concerns of citizens.

Video of the meeting

Giovanni Buttarelli, EDPS, said: “The EU Data Protection Reform is long overdue and continues to have my active support. My colleagues and I are committed to guiding the legislator to find the right solutions and ensure that key safeguards are not weakened in the search for political compromise. It is imperative that the reform increases and modernises standards of protection and makes existing and future safeguards more effective in the world of big data. Like civil liberties organisations, we believe that the reform must centre on the rights of the individual. We also believe that involving the general public in a text which is future-oriented, easy to understand, scalable, flexible and simple to implement is the only way forward."

The office of EDPS maintains regular contact with the three main EU institutions involved in the reform process and recognises the size of their task. On the invitation of the legislator, the EDPS is making sincere efforts to find a comprehensive but effective and workable text that will offer legal certainty for both businesses and individuals in the years to come. Building on our experience and expertise, the EDPS will assist the institutions in finalising a text that is not too prescriptive and has confidence in independent data protection authorities and the future European Data Protection Board to interpret and implement the rules.

Representatives from Privacy International, Code Red, BEUC, EDRI, Bits of Freedom and Access attended the meeting which, in the interests of transparency, was filmed and is available to view on the EDPS website. The many topics discussed included purpose limitation, the rights of individuals and profiling, collective redress, privacy seals, sanctions and the ePrivacy Directive.

Background information

Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.

More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.

EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years; three strategic objectives and 10 accompanying actions for meeting those challenges; how to deliver the strategy through effective resource management, clear communication and evaluation of our performance. The meeting with these citizen's groups was important in the context of several elements of our strategy including action 7: adapting and implementing up to date data protection rules and in the context of our core values of understanding our stakeholders’ needs and seeking solutions that work in practice: 'We will invest in dialogue with IT experts, with industry and civil society to explore how to improve international cooperation, including arrangements for existing and future data-flows, in the interests of the individual.

Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.

Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.

EU Data Protection Reform package: on 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals: a general Regulation on data protection (directly applicable in all Member States) and a specific Directive (to be transposed into national laws) on data protection in the area of police and justice. The two proposals have been discussed extensively in the European Parliament (EP) and the Council. The EDPS continues to have regular contact with the relevant services of the three main institutions throughout the process, either following our comments or Opinions to the European Commission or in discussions and negotiations in the European Parliament and Council. For more information on the reform, see the dedicated section on the EDPS website.