Europe’s data protection authorities have laid down their guiding principles for the use of European citizens’ personal data, in a joint statement that describes data protection as a fundamental right. EURACTIV France reports.
The Article29 working group, made up of the various European data protection authorities, unveiled a joint statement at the European Data Governance Forum, held in Paris on 8 December, in which they insisted that data protection was a “fundamental right”.
The subject of personal data protection has become a priority issue for European politicians, in the wake of Edward Snowden’s revelation of the mass espionage carried out by the American National Security Agency (NSA).
“How can a framework be built that enables private companies and other relevant bodies to innovate and offer goods and services that meet consumer demand or public needs, whilst allowing national intelligence services to perform their missions within the applicable law but avoiding a surveillance society?” the data protection authorities (DPAs) asked in the preamble to their statement.
The agencies assert the protection of personal data as a fundamental right throughout their declaration, but also specify “the need to ensure security in our society”. They call for improvements to “digital literacy, including privacy education, and […] facilitating the reporting of widespread data protection violations,” in order to better uphold this right.
The options for confronting espionage that are currently available to citizens are extremely limited.
The French MP and President of the Parliamentary Committee on Information, Jean-Jacques Urvoas, said “today, citizens do not have the right to bring a complaint to the data protection authorities”.
Another major point brought up by the Article29 group was the systematisation of cyber espionage services. Jean-Jacques Urvoas stressed the importance of keeping surveillance operations “within proportion”.
Pavel Mayer, a Pirate Party member of the Berlin Parliament and the Committee for the Supervision of Intelligence Agencies, said “nobody should be automatically placed under surveillance. A human being should always be behind the decision. That is an indispensable safeguard”.
“The EU draft data protection package should be adopted in 2015. Whilst contributing to the unification of the European digital market, it must ensure a high level of data protection to individuals, in accordance with European values and fundamental rights,” the “Article29” group wrote in their statement.
If the adoption of the new European rules for data protection is tentatively scheduled for 2015, “discussions are still under way,” according to Claude Moraes, the President of the European Parliament Committee on Civil Liberties, Justice and Home Affairs.
The Article 29 group is not alone in its concern over the adoption of new European legislation on data protection.
In September, the parliamentary representatives of 16 European countries added momentum to the debate, calling on the European Parliament to adopt the reform package for European personal data protection “by 2015”.
On taking office, Andrus Ansip, the new Commissioner for the Digital Single Market, also made data protection a top priority of his mandate, and emphasised the importance of the rapid implementation of the data protection directive.
The European DPAs showed their concern over the effects of a possible TTIP agreement on European data protection standards, writing that “the European level of protection of personal data should not be eroded, wholly or in part, by bilateral or international agreements, including agreements on trade in goods or services with third countries”.
The existing European rules on data protection were adopted in 1995, when the internet was still in its infancy.
In January 2012, the European Commission published a vast legislative package aimed at replacing the existing rules and giving greater protection to personal data across the EU.
The package includes two legislative proposals: one general regulation on data protection (directly applicable in all the member states) and one directive specifically aimed at data protection in the police and the justice systems (to be transposed into national law).
European citizens reacted angrily to the revelations that US authorities could access their personally sensitive information on internet servers.
They say that this kind of activity confirms their fears about the behaviour of American internet giants and demonstrates the need for stricter regulations. In the meantime the EU and the USA have entered into trade negotiations.