The EU will seek a global voice in the burgeoning data privacy debate, the new European Data Protection Supervisor (EDPS), Giovanni Buttarelli, said yesterday (28 January) against a backdrop of mounting tension on data issues between the EU and the US.
“Europe needs to be at the forefront in shaping a global, digital standard for privacy and data protection which centres on the rights of the individual,” Buttarelli said on data privacy day, staking out the direction he intends to take the office of EDPS (see background).
Buttarelli and his assistant Wojciech Wiewiórowski – both appointed by the European Parliament and Council for a five-year term in December last year – said they would modify the office’s role to become advisory as well as a supervisory.
“The goal for my mandate is for the EU to speak with one voice on data protection, a voice which is credible, informed and relevant,” Buttarelli said.
The EDPS will cultivate relations with international interlocutors to create a “sustainable and coherent data protection culture to address the gaps in global digital needs,” he said adding that he wanted to help the EU become “a beacon of respect for data protection and privacy”.
The idea of evangelising a European approach to data protection comes against a tense backdrop with the US.
The EU’s data protection regulation, currently under discussion between the 28 EU member states in the Council of Ministers, contains a number of provisions worrying larger US internet concerns.
For example it would formalise the EU’s controversial “right to be forgotten” provision.
The European Court of Justice ruled last year (13 May) that Google could be forced to remove links to online content that breaches EU privacy laws.
The ECJ ruled that Google should, under certain circumstances, edit or remove its Internet search results, backing the EU’s drive to introduce a “right to be forgotten” on the Internet.
The ruling followed a complaint in Spain by a man whose house was auctioned off 16 years ago to pay for unpaid taxes.
Buttarelli said that he backed the honouring of the right to be forgotten, adding that the ECJ decision related to rights that preexisted the data protection regulation.
US internet companies are lobbying to include data issues within the proposed EU-US trade agreement, the Transatlantic Trade and Investment Partnership (TTIP). But, with US-based cloud computing service providers currently accounting for around 85% of global markets, the EU wants to keep the issue out of the talks.
“In the end, data flows will have to come onto the table. The TTIP cannot be agreed before that happens,” one senior negotiator close to the TTIP talks told EurActiv last November on condition of anonymity.
Buttarelli said that the EDPS would launch a new strategy document for the next five-year period in March. He acknowledged that the US relationship was important, the EDPS will follow its March strategy launch with an awareness-raising trip taking in Boston, New York and Washington. A follow up trip to Silicon Valley is also planned.
Data protection issues to the fore following terror attacks
Internal divisions within the EU will also prove testing for the EDPS, especially in the wake of the Charlie Hebdo attacks in France earlier this month.
The EDPS is wary of proposals for reinforced internet control and disclosure of the encryption keys used by web and telecommunication companies to be made at today’s (29 January) informal EU Council meeting of ministers for justice and home affairs in Riga, Latvia.
Also set to be discusssed today in Riga is a stalled controversial legislative proposal on European air passenger data (PNR). The parliament’s lead MEP on the report, Timothy Kirkhope (UK; European Conservatives and Reformists) yesterday asked other MEPs to work with him to find a way forward on the existing proposal.
Buttarelli said that where tighter controls over data were sought in new controls or PNR, evidence must be provided that such controls will strike at the intended harm.
“The attacks in Paris have again underlined that blanket mass data retention does not help catch terrorists: there was no shortage of data on the perpetrators,” the German Green home affairs spokesperson, MEP Jan Philipp Albrecht stated of the PNR proposals ahead of today’s meeting in Riga.
New advisory body for ethics and data
Buttarelli also said that he intends to form an advisory body to deal with ethical considerations relating to data protection that may arise in the future.
The body will be drawn from non-data specialists such as philosophers and anthropologists, who will be invited to offer unpaid input into debates.
He explained that issues such as data retention through big data – gigantic digital datasets held by corporations, governments and other large organisations, which are then extensively analysed using computer algorithms – will be considered by the new body.
The European Association for the Defence of Human Rights (AEDH), which represents EU member state-based human rights leagues and associations, said it “condemns the abuses stemming from data collection by businesses and the creation of records by law enforcement in the name of security and fighting terrorism, which has been denounced by whistle-blowers."
“Not only are such records proliferating, but they are increasingly being used for reasons other than originally intended without any need being proven. As such, AEDH renews its disapproval of the development of ‘an explicitly repressive system applied to all citizens rather than only to those suspected of being involved in illegal activities’,” the statement added.
"EU Data Protection reform also includes new rules for police and criminal justice authorities when they exchange data across the EU," according to a joint statement issued yesterday (28 January) by Commission Vice-President for the digital single market Andrus Ansip and Justice Commissioner V?ra Jourová. "This is very timely, not least in light of the recent terrorist attacks in Paris. There is need to continue and to intensify our law enforcement cooperation. Robust data protection rules will foster more effective cooperation based on mutual trust,”
“We must conclude the ongoing negotiations on the data protection reform before the end of this year. By the 10th European Data Protection Day, we are confident that we will be able to say that the EU remains the global gold standard in the protection of personal data," the statement added.
Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
The European Data Protection Supervisor (EDPS) advises the Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection.
EU institutions and bodies processing personal data presenting specific risks to the rights and freedoms of individuals ('data subjects') are subject to prior-checking by the EDPS.