In the May 2019 edition of the EDPS Newsletter we cover data protection in the European Parliament elections, discuss the latest EDPS-DPO meeting in Frankfurt and ask for your views on the EDPS Newsletter in our Newsletter survey.
In this issue
Have your say: EDPS Newsletter Survey 2019
Every month the EDPS publishes our Newsletter, covering important issues relating to data protection in the EU institutions and beyond. This month however, we would like to hear from you! Whatever your background and reasons for reading, we want your views on our Newsletter.
Filling out this short survey will take just a few minutes, but will give us invaluable information to make the EDPS Newsletter more engaging and relevant for you. All answers will, of course, be anonymous. We would like to thank you in advance for giving us your opinion; the survey will be remain open until 11 June 2019.
Europe Votes 2019
The European parliamentary elections are currently in the spotlight. In the face of ongoing political turbulence, it is important that the EU continue to lead the way in promoting a healthy civic society through a robust election process.
Data protection is essential for a resilient democracy, more than ever in this digital age; it underpins the democratic process and trust in our institutions by ensuring safe and secure voting and respect for individual rights. Whether in safeguarding the privacy of our voting choices or defending public discourse from online manipulation, strong data protection rules protect our citizens and our system of governance in a society predicated on the freedom of action and participation of its members.
Giovanni Buttarelli, EDPS, said: “The task of ensuring safe and secure elections is complex and cannot be tackled by one arm of regulation alone. This must be a concerted effort. With all EU citizens this May having the chance to vote in the European Parliament elections, the EDPS is playing its part along with other EU bodies to ensure personal information is used responsibly and that individuals are respected.”
EDPS-DPO meeting takes place in Frankfurt
The last time the network of data protection officers (DPOs) from the EU institutions and bodies met, on 12 December 2018, the GDPR for EU institutions was only one day old. The new Regulation is still in its infancy, but it is growing up fast, and at the EDPS we are determined to ensure that this process occurs with as few teething problems as possible.
With the Regulation now five months old, it was a perfect time to come together and take stock of the challenges faced by DPOs in applying the new rules, and how to overcome them. The network gathered at the European Insurance and Occupational Pensions Authority (EIOPA) in Frankfurt for the 45th EDPS-DPO meeting, which took place on 16 May 2019.
The EDPS led the day’s activities, presenting a new strategy for monitoring the application of the GDPR for EU institutions, introducing the new Head of the IT Policy Unit at the EDPS, and discussing a range of topics aimed at helping DPOs ensure effective data protection in line with the new rules.
Strong cooperation between the EDPS and the DPOs of all 67 EU institutions and bodies is essential and will continue in advance of our next meeting, in the autumn.
Managing risks in data processing: a new approach to children’s data
We can all agree that children’s best interests should be a core priority for public authorities and private institutions, and that is why a wide range of EU and international agreements reinforce the concept of specific protection for the data protection rights of children. The EU Charter for Fundamental Rights, for example, recognises children as holding defined personal rights.
This is why the protection of children receives specific attention in the EU’s new framework of data protection laws. These rules highlight the vulnerability of children and provide enhanced protection. Importantly, the new data protection rules for the EU institutions (the GDPR for EUI) entrust the EDPS with the task of promoting public awareness and understanding of the risks, rules, safeguards and rights surrounding the processing of children’s data. Processing children’s personal data outs their rights and freedoms at risk, which means that data controllers need to pay special attention when processing any data relating to a child.
This is something new for the EU data protection framework. In the past, only data considered sensitive benefitted from reinforced safeguards, as the processing of sensitive data involves increased risks for individuals’ rights and freedoms. In the new rules, the need for enhanced protection comes specifically from the risks to individuals by the processing, which can be caused by the vulnerable nature of the individuals concerned themselves.
Because of this vulnerability, and the fact that they may be less aware of both the risks and their rights regarding the processing of personal data, both the General Data Protection Regulation (GDPR) and the GDPR for EUI have specific provisions for children. In the case of the GDPR for EUI specifically, these provisions apply to a range of operations:
- the creation of personality profiles
- the prohibition of automated decision making
- the collection of personal data when services are offered directly to a child on EU institution websites
- exercising their rights
- consent-based processing of personal data
While the Law Enforcement Directive that makes up part of the new data protection framework does not refer explicitly to children’s data, the Europol Regulation does. Specifically, it views children as a defined category of data subjects, whose data can only be processed if it is strictly necessary and proportionate for combatting crime within Europol’s objectives. Likewise in border management, the European Travel and Information and Authorisation System Regulation requires that data controllers pay specific attention to children and that the interests of the child are the primary consideration during processing.
In line with our responsibilities under the new rules, the EDPS has put a particular focus on the processing of children’s data by EU institutions, with a range of initiatives aimed at ensuring that data protection standards are adhered to as a priority. The EU aims to lead by example in this area; putting children first when safeguarding privacy and educating about data subjects' rights provides a solid base for future improvement, leading to better data protection and robust fundamental rights for everyone.
#DebatingEthics continues: how data-intensive technologies impact the environment
The upcoming third instalment of our #DebatingEthics Conversations will turn towards a lesser-known area of digital ethics. In the debate around digitalisation and the economy, the environmental impact of the technology involved is rarely discussed. We think of digital as being virtual and non-physical. However, there are severe environmental implications throughout the life cycle of digital technologies, from their production and shipping, through to their use and disposal.
New forms of exploitation include the large-scale mining of cobalt and lithium, air and water pollution around production sites, high CO2 emissions caused by long distance shipping, escalating energy consumption from the use of digital devices and the related growth in data processing and hazardous release of pollutants during e-waste recycling.
As Jaron Lanier explained at the 2018 International Conference of Data Protection and Privacy Commissioners (ICDPPC), greater awareness is urgently needed about the carbon footprint of digital technologies. Aside from the immediate health consequences for those directly affected by these processes, there are wide-ranging ethical questions. How do we handle our responsibilities towards future generations and other species if we harm the delicate balance of our ecosystem? What role does corporate and consumer responsibility play in this context? How do we improve global social and environmental justice in a world economy that burdens the Global South with absorbing the majority of the natural and economic costs that economy is based on?
These are just a few of the potential issues to be covered on such a wide-ranging topic. Follow our updates about the live recording of this next podcast episode on the EDPS Ethics webpage and on Twitter.
Digitalisation of Work: the second #DebatingEthics Conversation is online
On 30 April, we hosted our second #DebatingEthics Conversation, addressing several controversial aspects about the digitalisation of work. Assistant Supervisor Wojciech Wiewiórowski moderated a lively debate between our expert speakers Ursula Huws, Aiha Nguyen and Barbara Prainsack. A central topic of discussion was increasing employee surveillance through digital means for so-called optimisation purposes. Our experts stressed that work should not only be measured in productivity, but also in personal fulfilment and social value. Take a listen to our latest podcast episode.
Speeches and Publications
Technology between opportunity and privacy, interview with Giovanni Buttarelli by RSIonline (IT) (17 May 2019).
Dark patterns in data protection: law, nudging, design and the role of technology, speech by Giovanni Buttarelli at Legal Design Roundtable, Brussels, Belgium (27 April 2019).