Road Safety and Privacy
The EDPS issued on 25 April 2023 three Opinions on three Proposals of the European Commission that are part of the “Road Safety package”. This includes a Proposal on cross-border exchange of information concerning road-safety-related traffic offenses; one on driving licences; and one on a new proposed Directive on the EU-wide effect of certain driving disqualifications concerning major offenses related to road safety.
Wojciech Wiewiórowski, EDPS, said: “I welcome this set of Directives as a way to promote further road safety and facilitate the free movement of individuals across the EU. Handling personal information for these purposes must be done in compliance with EU data protection law, especially in the context of cross-border investigations of road-safety-related traffic offences. Access to driving licence data by public authorities should be properly defined and limited to what is strictly necessary and proportionate. The proposals need to be amended to ensure that this is the case. ”
The Proposal for a revised CBE Directive aims to extend its scope and refine mutual assistance procedures between EU Member States in cross-border investigations of road safety-related traffic offences, with the view of facilitating cross-border enforcement of sanctions and to protect road users. Exchanging information on driving, traffic or other road-safety offenses implies the processing of personal data, the EDPS makes recommendations on the length for which personal data may be stored. The EDPS also advises to limit the exchange of personal data between EU Member States to what is necessary to carry out investigations on road-safety offenses and for the enforcement of sanctions. In particular, conditions of access to national databases other than national vehicle registers, which may be accessed in the context of the CBE Directive, as well as the conditions of use of the CBE portal must be clarified. The EDPS also recommends reviewing the modalities of information provided to individuals about data protection rules.
The Proposal on driving licences would replace the current Directive dating from 2006 and update EU rules on driving licences, including the introduction of a digital driving licence valid throughout the EU. In its Opinion, the EDPS recommends limiting the use of the network for the exchange of information related to driving licences between national authorities (RESPER) to prevent, detect and investigate road traffic-related criminal offences. In addition, the EDPS underlines the need to ensure that no personal data other than the information that is necessary to verify the driving rights of an individual holding a mobile driving license should be processed. Finally, the use of the EU Digital ID Wallet for mobile driving licences should be optional, not compulsory.
Concerning the Proposal for a Directive on EU-wide effect of certain driving disqualifications concerning major offenses related to road safety, the EDPS reminds that he should be consulted on future implementing or delegated acts to be adopted on the basis of the Directive.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.
The European Data Protection Supervisor (EDPS) is the independent supervisory authority for the protection of personal data and privacy and promoting good practice in the EU institutions and bodies.
He does so by:
- monitoring the EU administration’s processing of personal data;
- monitoring and advising technological developments on policies and legislation that affect privacy and personal data protection;
- carrying out investigations in the form of data protection audits/inspections;
- cooperating with other supervisory authorities to ensure consistency in the protection of personal
EDPS - The EU’s Independent Data Protection Authority