Data privacy tsar warns EU countries not to dilute rules

Germany's incoming cyber agency is based on the US Department of Defense's DARPA research agency, which has existed since the 1950s.

EU member states are trying to water down proposals for new data protection rules, says the European Data Protection Supervisor (EDPS) Peter Hustinx, calling on the European Parliament to defend the proposals.

Delivering his office’s seventh annual report to the Parliament's civil liberties, justice and home affairs committee on Wednesday (20 June), Peter Hustinx said the body had been closely following the European Commission’s plans for a comprehensive approach on data protection, and the Data Retention Directive.

On the data protection proposals, Hustinx said there was a debate among member state representatives in the EU Council of Ministers over the extent to which rules should cover the private and public sectors, with the focus being on business.

“We strongly advise against any suggestion that there should be splitting of the new legislation,” he said.

'Good' approach

He also advised against caving in to industry concerns that the new rules will be too “prescriptive” for business. Some fine tuning of the proposal would be fine, he said, “but on the whole the current approach is good”.

On the Data Retention Directive, Hustinx said the concept of “necessity” – which enables ordinary protections to be overcome in certain circumstances where required for legal reasons – must remain a strict definition.

“We have received indications that several member states are unhappy with the idea of the law enforcement scope being considered beyond their national authorities,” he said. “Some argue it goes too far, but it is one of the few positive elements of the directive.”

In his submission to the Parliamentary committee, the data protection supervisor said he had stressed that the issue was not the sole prerogative of the Council but subject to co-decision: “We emphasised the Parliamentary role as a countervailing power.”

Inspections of OLAF, ECB

The annual report also unveiled that a number of inspections had been carried out at some of the EU’s most sensitive bodies during the period covered by the report.

In July 2011, there was an on-site inspection of the anti-fraud office, OLAF, focusing on the identification of data subjects. In December another visit was carried out at OLAF in connection with a complaint against the body by an external company.

An inspection was also carried out at the European Central Bank in October 2011 relating to internal inquiries in which the European Central Bank (ECB) accessed electronic files.

Giovanni Butarelli, the EDPS’s assistant supervisor, said that inspections were followed up with feedback, and none had raised any ongoing issues of concern.

Buttarelli said that frequent visits to EU agencies were a significant part of the body’s ongoing compliance role.

“2011 was a very productive year, in line with our efforts to ensure consistent and effective protection of privacy and personal data in a fast-changing, interconnected world,” said Peter Hustinx, the European Data Protection Supervisor.

“In its support of technological advances and economic development, particularly in an age of austerity, it is important that the EU administration does not lose sight of the right of the European citizen to privacy and data protection. Only a joint effort to apply a consistent and effective approach will maintain this fundamental right.”

Existing European Union rules on data protection were adopted in 1995, when the internet was still in its early days.

Today, while rising numbers of tailored online products and services offer benefits for consumers, they also rely enormously on the use of personal data.

Private information can range from financial data, such as credit card numbers or bank account deposit details, to sensitive information concerning health conditions or sexual and political orientation. Many consider also location data or online identifiers, such as cookies, as personal data.

After much internal strife, the European Commission published in January 2012 a broad legislative package aimed at safeguarding personal data across the EU. The proposal, if approved, is expected to strengthen citizens’ rights and could have a far-reaching impact on the way online data are collected and processed.

  • 2014: Target-year to have new data protection legislation adopted

EU official documents

European agencies

  • The European Data Protection Supervisor Website

Subscribe to our newsletters