The reform of the EU data protection rules is more urgent than ever, said the European Data Protection Supervisor (EDPS), following the publication today of his Opinion on the proposed Directive for data protection in the police and justice sectors.
The EDPS recalls that data protection in the police and justice sectors should be fully consistent with the general rules contained in the General Data Protection Regulation (GDPR) and should only contain specifications and adjustments where necessary in view of the specific nature of these sectors. The scope of the Directive should be limited to the areas where specific rules are really necessary, namely the activities of criminal law enforcement by police and judicial authorities, as was the case in the original proposal of the Commission. Moreover, the performance of law enforcement tasks by non-public entities and organisations should be subject to the GDPR.
The EDPS calls on the legislators to ensure that none of the provisions of the Directive decrease the level of protection that is currently offered by EU law and by the instruments of the Council of Europe. The essential components of data protection, laid down in Article 8 of the Charter of the Fundamental Rights of the Union, must be respected and exceptions must remain limited and fulfil the strict test of proportionality, as recently specified in rulings by the Court of Justice of the EU (CJEU). This must be ensured particularly as regards the principle of purpose limitation, the right to access of individuals to their personal data and control by independent data protection authorities.
Careful attention should be given to the modalities for international transfers of personal data to bring them in line with the recent CJEU ruling in the Schrems case. This ruling will have an impact on new legal instruments and agreements to be concluded by the EU with non-EU countries in the field of law enforcement (including, for instance, the EU-US Umbrella Agreement) so that they pass the strict test established by the Court. Where necessary, existing agreements concluded by the EU and/or Member States involving the transfer of personal data should be amended within a fixed time limit, to bring them in line with the new Directive.
The EDPS will release an update of his EU Data Protection app in the coming weeks, including specific recommendations from the EDPS on the proposed Directive.
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS' three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
The June 2015 Eurobarometer survey on Data Protection found that data protection, particularly the processing of the personal data in the digital sphere, remains an important concern to individuals in the EU.
EU Data Protection Reform package: On 25 January 2012, the European Commission adopted its legislative proposal for the General Data Protection Regulation, which will be directly applicable in all EU countries. The position of the European Parliament in first reading was adopted on 12 March 2014; the Council position was adopted on 15 June 2015. Now in their trilogue meetings, the European Parliament, Council of the European Union and European Commission are working to finalise the wording of the Regulation. For more information on the reform, see the dedicated section on the EDPS website.
EU Data Protection is a free app for mobile devices from the EDPS. It allows those who are interested to compare the latest proposed texts for the forthcoming General Data Protection Regulation from the European Commission, the European Parliament and the Council of the European Union. The app also includes the latest recommendations from the EDPS to the co-legislators. All the texts can be loaded in any given combination to compare them side-by-side (maximum two texts on smartphones due to the limitation of screen size).