EU Data Protection Reform: a historic opportunity for Europe
The reform of EU data protection rules is a historic opportunity to adopt future-oriented standards that can inspire countries all around the world, said the European Data Protection Supervisor (EDPS) to the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE) on the presentation of his Annual Report 2014.
Giovanni Buttarelli, EDPS, said: “Europe has long been the flag bearer with its data protection law and there are great expectations for this to continue with the reformed rules. As the European Union grapples with a range of economic difficulties facing its member countries, the EU Data Protection Reform is an opportunity for hope. Europe must seize the opportunity to be at the forefront in shaping a global standard for privacy and data protection, a standard centred on the rights and the dignity of the individual."
For a well-functioning internal market for goods and services, personal information needs to be able to flow freely across national boundaries. The EDPS highlights that data protection is not a barrier to innovation or development; it's about finding practical solutions which both protect our privacy and enable us to benefit from technological innovation.
Wojciech Wiewiórowski, Assistant EDPS, said: "The big data world we live in has engineering, technological, philosophical, legal, and moral implications. The data protection reform will have equally wide-spread repercussions for at least a generation to come: for individuals in the EU, some of whom will only ever have known the internet age; for businesses around the world and for the next generation of data protection laws in other regions and countries."
As the EDPS prepares a fresh contribution to assist the EU co-legislators in their trilogue meetings on the reform, he invites them to borrow from the practical expertise accumulated by the office of his supervisory authority both at national and European level, to find workable solutions.
The EDPS reiterates his commitment to be constructive and proactive and will assist the institutions in finalising a text that is not too prescriptive and has confidence in independent data protection authorities and the future European Data Protection Board to interpret and implement the rules.
The recital at the start of the current Data Protection Directive, 95/46/EC, states that technology serves man, not the other way around. This is the EU's reminder to itself that computers and filing systems are meant to work for us, not the other way around. Europe must not lose sight of this balance whether it's for the sake of research, crime fighting or doing business.
2014 was a year of transition for the EDPS, marked by the delayed selection and appointment of a new Supervisor and Assistant Supervisor. Despite the resulting uncertainty, the EDPS under the calm authority and tireless efforts of Peter Hustinx, whose 10-year tenure as EDPS drew to a close in 2014, continued to make significant progress in mainstreaming data protection in EU policymaking.
Building on this legacy, the EDPS' priorities for 2015, as part of the five year strategy of the dynamic team of new Supervisors, is to help the EU to speak with one voice on data protection to uphold the rights and interests of the individual in our digitalised society. To this end, the adoption of the data protection reform will be a significant milestone for Europe and an important message to the rest of the world.
Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years; three strategic objectives and 10 accompanying actions for meeting those challenges; how to deliver the strategy through effective resource management, clear communication and evaluation of our performance.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.
Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.
EU Data Protection Reform package: On 25 January 2012, the European Commission adopted its legislative proposal for the General Data Protection Regulation, which will be directly applicable in all EU countries. The position of the European Parliament in first reading was adopted on 12 March 2014; the Council position was adopted on 15 June 2015. The European Parliament, Council of Ministers and European Commission have now begun their trilogue meetings to work on finalising the wording of the Regulation. The EDPS will shortly send his latest recommendations to the co-legislators with a view to assisting them in achieving the best possible outcome in the interests of the individual, fully respecting the legislators' competence under the EU Treaties. For more information on the reform, see the dedicated section on the EDPS website.
The EDPS Annual Report 2014 is available on the EDPS website.