Chapter News

Opening a new Chapter for Data Protection

Today, as the European Data Protection Supervisor sent his recommendations to the EU co-legislators negotiating the final text of the General Data Protection Regulation (GDPR), he launched a mobile app to compare the latest texts from the Commission, the Parliament and the Council more easily on tablets and smartphones.

Giovanni Buttarelli, EDPS, said: “Privacy and data protection matter more than ever to people. For the first time in a generation the EU has an opportunity to modernise, harmonise and simplify the rules on how personal information is handled. These rules must be relevant for the next generation of technologies. As part of my remit to be proactive and constructive, my recommendations aim to support the co-legislators to get a better deal for the individual, to make safeguards more effective in practice and enable them to benefit from technological innovation. The GPDR is not the reform of my dreams but I firmly support the institutions in the last mile to achieve the best possible outcome: improvements are still feasible.

The EDPS recommendations are necessarily phrased within the constraints of the negotiations involving the three main EU institutions (trilogue) and therefore strictly based on their texts. However, the EDPS has been innovative in encouraging pragmatic solutions that leverage on more than a decade of experience in supervision, policy advice and global partnership. The EDPS recommendations have been made public in the interests of transparency and accountability.

The proposed new rules will potentially affect all individuals in the EU, all organisations in the EU who process personal data and organisations outside the EU who process the personal data of individuals in the EU. As a result, the rest of the world is watching closely. The quality of the new EU law, its future oriented approach and how it interacts with global legal systems and trends is paramount. Europe can lead by example internationally.

The EDPS considers that the EU needs a new deal on data protection, a fresh chapter, focusing less on excessive formalities or prescriptive detail and investing more on dynamic safeguards to allow the individual to be in control of their data in the big data world we inhabit. Guidelines and best practices from reinforced and truly independent data protection authorities should help to deal with the rapid evolution of technology.

The EDPS encourages the co-legislators to retain the individual and human dignity at the heart of the final agreed text: natural persons must be protected not only because they are users, subscribers or consumers. We should not allow technology to dictate or diminish our rights and freedoms.

Wojciech Wiewiórowski, Assistant Supervisor, said: “Privacy and data protection are not barriers to economic growth and international trade, rather they enhance them. Trust is a necessary precondition for innovative products and services that rely on the processing of personal data. The EU’s aim to grow the digital single market will be successful but only if the interests of the individual are protected. A new deal for citizens´ rights can galvanise responsible businesses and public authorities.”

Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.

More specifically, the rules for data protection in the EU institutions – as well as the duties of the European Data Protection Supervisor (EDPS) – are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.

EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS’ three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.

Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content – related to or provided by end-users of communications services – are also considered as personal data.

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).

Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to “any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.” See the glossary on the EDPS website.

Big data: Gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms. See also Article 29 Working Party Opinion 03/2013 on purpose limitation p.35.

The June 2015 Eurobarometer survey on Data Protection found that data protection, particularly the processing of the personal data in the digital sphere, remains an important concern to individuals in the EU.

EU Data Protection Reform package: On 25 January 2012, the European Commission adopted its legislative proposal for the General Data Protection Regulation, which will be directly applicable in all EU countries. The position of the European Parliament in first reading was adopted on 12 March 2014; the Council position was adopted on 15 June 2015. Now in their trilogue meetings, the European Parliament, Council of the European Union and European Commission are working to finalise the wording of the Regulation. For more information on the reform, see the dedicated section on the EDPS website.

EU Data Protection is a free app for mobile devices from the EDPS. It allows those who are interested to compare the latest proposed texts for the forthcoming General Data Protection Regulation from the European Commission, the European Parliament and the Council of the European Union. The app also includes the latest recommendations from the EDPS to the co-legislators. All the texts can be loaded in any given combination to compare them side-by-side (maximum two texts on smartphones due to the limitation of screen size).

The EDPS recommendations are available on the EDPS website. For more information:
EDPS – The European guardian of data protection | | Follow us on Twitter: @EU_EDPS

The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
• monitoring the EU administration’s processing of personal data;
• advising on policies and legislation that affect privacy;
• cooperating with similar authorities to ensure consistent data protection.

Compliments of EU Data Protection Supervisor