The EU has been through a period of reflection on how people should be treated with respect in the new digital reality, with the conclusion that data protection and privacy laws needed updating. We are now entering the home straight for the implementation of the General Data Protection Regulation (GDPR) and for the finalisation of outstanding related reforms, moving in the direction of more sustainable solutions for international personal data flows.

Over the next 12 months, the EDPS has three major priorities. The first priority is working with national data protection authorities to ensure the European Data Protection Board (EDPB) hits the ground running on 25 May 2018, with the support of a professional secretariat, which the EDPS will provide in accordance with the GDPR.

The second is to continue to ensure that the EU institutions and bodies we supervise are fully invested in the notion of accountability at the highest level, when it comes to how people’s personal information is handled.

The third is the delivery of the 2018 International Conference of Data Protection and Privacy Commissioners, which should be an event unlike any other before in Brussels, with a new, broad and inclusive community of forward-thinking experts able to engage with urgent questions of technology and respect for humans in the age of Artificial Intelligence and potentially ubiquitous surveillance.

The EDPB offers a fantastic chance to make this happen.

EDPS Blogpost

On 5 October 2017, EDPS Giovanni Buttarelli was invited to speak at a training session in Luxembourg on the transition to the new General Data Protection Regulation (GDPR). Organised by the Luxembourg state administration, the session was aimed at lawyers, IT experts, archivists and other public servants who work there. The Prime Minister of Luxembourg, Xavier Bettel, gave the opening address.

The aim of the training was to encourage participants to shift their approach from mere compliance with data protection rules to accountability, the ability to demonstrate compliance with these rules. In particular, Mr. Buttarelli underlined the importance of ensuring that the public service leads by example in its implementation of data protection rules.

EDPS staff were also present to explain the vital role played by the Data Protection Officer (DPO) in the EU institutions and bodies, as well as new concepts and requirements under the GDPR, including data protection impact assessments (DPIAs).

The impact of technology on the fundamental rights to privacy and data protection continues to be a subject of interest, having been discussed at the International Conference of Data Protection and Privacy Commissioners, which took place in Hong Kong in September. We must pay more attention to the rights of individuals in the development of technological solutions and ensure that technology serves humankind.

With the new General Data Protection Regulation (GDPR), data protection by design will become a legal obligation. Those who process the personal data of individuals will have to take data protection into account both at the time of the determination of the means for processing and at the time of the processing itself, as is stated in Article 25 of the GDPR.

The current review of the ePrivacy legislation will modernise existing principles, clarify technological requirements and ensure effective enforcement. The Commission’s proposal for the new ePrivacy Regulation is a step in the right direction, but still requires improvements, as both the EDPS and the Article 29 Working Party have suggested. The review of ePrivacy rules is an opportunity to create a new field for competitive and privacy friendly services on the Internet and the World Wide Web, giving back control to individuals.

EDPS Blogpost