A welcome step towards the reform of Data Protection rules in Europe
Today, as the European Data Protection Supervisor (EDPS) published his recommendations for the recitals of the general Data Protection Regulation (GDPR), he noted that the Council of the European Union had reached a general agreement on the proposed reform of the EU Data Protection Directive, dealing with police and criminal proceedings.
Giovanni Buttarelli, EDPS, said: “I welcome the consensus reached by the EU countries represented by the Council and urge the co-legislators to urgently press ahead with their negotiations to achieve a consistently high level of protection across all sectors. I encourage them to retain the individual and human dignity at the heart of the EU data protection reform, shielding individuals from harm and empowering them to take control over their personal information in cyberspace. Trust is a necessary precondition for innovative products and services that rely on the processing of personal data and the GDPR needs to be a blueprint for an ethical approach."
On 27 July 2015, the EDPS published his recommendations for the operational clauses of the GDPR. Having reflected on the underlying rationale behind the articles in the three versions of text proposed by the Commission, European Parliament and Council, the EDPS' recommendations for the recitals offer a further contribution to the ongoing trilogue negotiations on the reform package.
At that time, the EDPS also launched a mobile app to compare the texts from the Commission, the Parliament and the Council, as well as the EDPS recommendations, more easily on tablets and smartphones. This app has now been updated to include the EDPS recommendations on the recitals.
The recitals in the preamble to an EU legal instrument are important because they explain the reasons for each provision. Though they have no independent legal value, recitals can be used when interpreting the scope of the substantive provisions in the text. The Court of Justice of the European Union has stated on several occasions that valid recitals are necessary for the court to perform its function of interpreting the law. In providing the underlying rationale to the legal act, they merit careful consideration.
The Council agreement on the Data Protection Directive is important for the progress of the trilogue since it is an essential part of the reform package. The draft directive addresses cross-border data processing in police and judicial cooperation. It is intended to protect both domestic and cross-border transfers of data.
Background information
Privacy and data protection are fundamental rights in the EU. Data protection is a fundamental right, protected by European law and enshrined in Article 8 of the Charter of Fundamental Rights of the European Union.
More specifically, the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor (EDPS) - are set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
EDPS Strategy 2015-2019: Unveiled on 2 March 2015, the 2015-2019 plan summarises the major data protection and privacy challenges over the coming years and the EDPS' three strategic objectives and 10 accompanying actions for meeting them. The objectives are (1) Data protection goes Digital (2) Forging Global Partnerships and (3) Opening a New Chapter for EU Data Protection.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 2(b) of Regulation (EC) No 45/2001, processing of personal data refers to "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction." See the glossary on the EDPS website.
EU Data Protection Reform package: On 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals: a general Regulation on data protection (directly applicable in all Member States) and a specific Directive (to be transposed into national laws) on data protection in the area of police and justice.
The position on the proposed Regulation of the European Parliament in first reading was adopted on 12 March 2014; the Council position was adopted on 15 June 2015. Now in their trilogue meetings, the European Parliament, Council of the European Union and European Commission are working to finalise the wording of the Regulation. Now that the Council has adopted its position on it, the trilogue can include the proposed Directive. For more information on the reform, see the dedicated section on the EDPS website.
EU Data Protection is a free app for mobile devices from the EDPS. It allows those who are interested to compare the latest proposed texts for the forthcoming General Data Protection Regulation from the European Commission, the European Parliament and the Council of the European Union. The app also includes the latest recommendations from the EDPS to the co-legislators. All the texts can be loaded in any given combination to compare them side-by-side (maximum two texts on smartphones due to the limitation of screen size).
Trilogue/Trialogue: Commission proposals, Parliament's amendments and the Council's common position are considered in trilogue meetings with representatives from the three institutions seeking to negotiate an agreement or a compromise.