Peter Hustinx, the European data protection supervisor, has warned the EU institutions that as of 2007 he will start clamping down on cases of non-compliance with privacy standards.
“This is not just a legal obligation, this is a critical asset for bringing value to EU institutions,” Hustinx told Journalists in Brussels on 19 April 2006, adding that the establishment of a network of data protection officers in all EU institutions was going to be a target that he will be monitoring.
Looking back at the year 2005, Hustinx said “much has been accomplished” during that year in terms of data protection in the EU, but “even more remains to be done”. With a staff of just 20 people, the Supervisor’s office is the smallest of the independent EU institutions.
In 2005, a big proportion of its activities consisted of what Hustinx called “ex-post prior checking” – working off the backlog of EU data processing operations started between the introduction of the institution of the EDPS with Regulation (EC) 45/2001 and the actual appointment of a Supervisor, which took place at the end of 2003.
“A sad moment was last December, when the Council and the Parliament agreed on data retention,” Hustinx said, adding: “It is the rules upside down. Until now it was ‘Thou shalt not store more data than necessary’, now there is an obligation to do just that. I still have doubts about the necessity of these measures, but now that the decision has been taken, they need very substantial safeguards. The directive is a bit weak on that side,” Hustinx said.