Delivering his office’s seventh annual report to the Parliament's civil liberties, justice and home affairs committee on Wednesday (20 June), Peter Hustinx said the body had been closely following the European Commission’s plans for a comprehensive approach on data protection, and the Data Retention Directive.
On the data protection proposals, Hustinx said there was a debate among member state representatives in the EU Council of Ministers over the extent to which rules should cover the private and public sectors, with the focus being on business.
“We strongly advise against any suggestion that there should be splitting of the new legislation,” he said.
He also advised against caving in to industry concerns that the new rules will be too “prescriptive” for business. Some fine tuning of the proposal would be fine, he said, “but on the whole the current approach is good”.
On the Data Retention Directive, Hustinx said the concept of “necessity” – which enables ordinary protections to be overcome in certain circumstances where required for legal reasons – must remain a strict definition.
“We have received indications that several member states are unhappy with the idea of the law enforcement scope being considered beyond their national authorities,” he said. “Some argue it goes too far, but it is one of the few positive elements of the directive.”
In his submission to the Parliamentary committee, the data protection supervisor said he had stressed that the issue was not the sole prerogative of the Council but subject to co-decision: “We emphasised the Parliamentary role as a countervailing power.”
Inspections of OLAF, ECB
The annual report also unveiled that a number of inspections had been carried out at some of the EU’s most sensitive bodies during the period covered by the report.
In July 2011, there was an on-site inspection of the anti-fraud office, OLAF, focusing on the identification of data subjects. In December another visit was carried out at OLAF in connection with a complaint against the body by an external company.
An inspection was also carried out at the European Central Bank in October 2011 relating to internal inquiries in which the European Central Bank (ECB) accessed electronic files.
Giovanni Butarelli, the EDPS’s assistant supervisor, said that inspections were followed up with feedback, and none had raised any ongoing issues of concern.
Buttarelli said that frequent visits to EU agencies were a significant part of the body’s ongoing compliance role.