Tag Archives: The european data protection supervisor

The EDPS considers that the EU Data Protection reform is… weak

The European Data Protection Supervisor issued today its Opinion on the data protection reform package proposed by the European Commission on January 25.

You can read it HERE.

The EDPS “welcomes the proposed Regulation as it constitutes a huge step forward for data protection in Europe” and “is particularly pleased to see that the instrument of a regulation is proposed for the general rules on data protection”.

However The EDPS is “seriously disappointed with the proposed Directive for data protection in the law enforcement area. The EDPS regrets that the Commission has chosen to regulate this matter in a self-standing legal instrument which provides for an inadequate level of protection, which is greatly inferior to the proposed Regulation”. That is an interesting point of view.

The greatest weakness is considered to be the perpetuation of “the lack of comprehensiveness of the EU data protection rules”. The EDPS considers the reform package “leaves many EU data protection instruments unaffected such as the data protection rules for the EU institutions and bodies, but also all specific instruments adopted in the area of police and judicial cooperation in criminal matters such as the Prüm Decision and the rules on Europol and Eurojust.

Furthermore, the proposed instruments taken together do not fully address factual situations which fall under both policy areas, such as the use of PNR or telecommunication data for law enforcement purposes”.

Goals of the EU data protection reform: stronger, more effective and more consistent protection

2012 is an important year for data protection, as EU, the global leader in data protection policies, is going to reform the system centered around Directive 95/46. The measures are expected to be launched for debate early this year, so they could enter into force in 2014.

In a recent article published on http://www.neurope.eu, Peter Hustinx, the European Data Protection Supervisor, provides some insights about the shape of the data protection reform, such as:

  • It should be clear that this is not the time to reinvent data protection. It has been invented and is now recognised as a fundamental right in the Lisbon Treaty. Instead, much attention should be given to making data protection more effective in practice.
  • Another point in this context is the need for greater harmonisation of rules across the EU. The present diversity of national rules is not helpful for effective data protection, and even counterproductive.
  • More effective data protection also requires that data subjects should be enabled to exercise their present rights more easily and should be given a few additional rights to protect their interests where needed. An interesting example is the right to require that personal data are deleted or transferred to another provider – the “right to be forgotten” or the “right to data portability” – which might be particularly useful in the context of social networks or other online services.
  • Strengthening the rights of data subjects would also require a clarification of the situations where consent is required and the conditions that have to be met for valid consent. A lack of clarity about this often leads to a weaker position of data subjects, particularly in the online environment.
  • Data controllers are now responsible for compliance with data protection rules, but in practice this often only leads to formal arrangements and responsibility “at the end” if something goes wrong. Instead, they should be mandated to be more active and to take all those measures which are necessary to ensure that data protection rules are complied with.
  • At this stage, it is also important to clearly define the external scope of EU data protection law. The concept that EU law should not only apply when the responsible data controller is established in Europe, but also when EU consumers are “targeted” – regardless from where over the Internet – seems to attract more and more support.

Opinion of the European Data Protection Supervisor on the Proposal for a Directive of Credit Agreements Relating to Residential Property

On 31 March 2011, the Commission adopted a proposal for a Directive of the European Parliament and of the Council on credit agreements relating to residential property.

The proposal involves a limited number of activities which have relevance under the EU data protection regime. These are mainly related to the consultation by creditors and credit intermediaries of the so-called “credit database” with the purpose of assessing the creditworthiness of consumers and to the release of information by the consumers to the creditors or credit intermediaries.

The European Data Protection Supervisor provided at the end of July an official opinion regarding this directive proposal. EDPS suggests some modifications in the original text, in the following directions:

1. The introduction of a new article which will reflect that national laws implementing directive 95/46/EC are the appropriate references and emphasize that any data processing operation must be carried out in accordance with those implementing laws.

2. The text of the proposal could specify in a more detailed way the sources from which information on the creditors’ creditworthiness can be obtained.

3. The text of the proposal should include the definition of criteria for the possibility to consult the database and the obligations to communicate the data subjects’ rights before any access to the database, thereby ensuring concrete and effective possibilities for data subjects to exercise their rights.

Those interested can find the EDPS opinion HERE.