European Data Protection Supervisor
European Data Protection Supervisor

EDPS advocates an extension of the scope of protection afforded to individuals’ interests in the digital society

EDPS advocates an extension of the scope of protection afforded to individuals’ interests in the digital society


EDPS advocates an extension of the scope of protection afforded to individuals’ interests in the digital society

The ever-increasing pervasiveness of big data analytics and artificial intelligence in our daily lives has a varied impact on civic engagement in decision-making and on the barriers to public involvement in democratic processes, the European Data Protection Supervisor (EDPS) says today as he publishes his Opinion. The ease of gathering and storing large volumes of data generates massive amounts of digital advertising revenue, the vast majority of which, and the resulting power, is vested in a small number of companies which dominate the digital field.

Over the last two years, it is noted by the EDPS that initial optimism surrounding the potential for civic engagement stemming from a digitally connected world, has subsided to concern that people’s minds are being manipulated. With devices designed to draw in the user and to maximise their attention, the possibilities for exploitation are vast. The feeding of large quantities of misleading, false or scurrilous information to people frequently with the aim of influencing political discourse and elections has been coined ‘fake news’ or ‘online disinformation’.
Difficulty in discerning the true from the ‘fake’ has resulted in what the EDPS refers to as a ‘crisis of confidence’ in the digital ecosystem, something which embodies the mutual dependency of privacy and freedom of expression. With the persistent and relentless invasion into our personal lives and the harnassing of intimate data which is sometimes stored indefinitely, people’s willingness to freey and honestly express themselves has been eroded with grave consequences to democracy.

Giovanni Buttarelli, EDPS, said:The solution is to be found beyond content management and transparency, though they may  help where appropriate. What we also need is better enforcement of the rules on data processing, especially sensitive information like on health, political and religious views, and accountability. Antitrust and merger control – with the support of DPAs -  has a central role in addressing structural issues of concentrated markets. But with the threat posed to social norms and democracy we now need to expand collaboration to include electoral regulators and audio visial media regulators. We also have to change the incentives in the market. That is why new ePrivacy rules are essential.”

The micro-targeting of individuals and groups with specific content which is based on an analysis of the persons’ data is a focus of the EDPS, which has for several years argued for greater collaboration between data protection authorities and other regulators in order to safeguard the rights and interests of individuals in a digital society. The nature of this debate is becoming increasingly compelling given the fears that political campaigns may be capitalising on centralised digital spaces and widely available data with the goal of circumventing existing laws. The EDPS therefore believes that now is the time for collaboration between data protection authorities and regulators to extend to electoral and audio-visual regulators.

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are the members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.

Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8)

Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.