Upholding the fundamental right to data protection: a guide for EU co-legislators
The EDPS recently published its Guidance for co-legislators, on key elements to consider when drafting legislative proposals and other acts that imply the processing of individuals’ personal data.
With the Guidance, the EDPS provides practical guidance for the EU co-legislators to uphold the highest standard of the fundamental rights to privacy and data protection. The EDPS will continue to provide its recommendations to EU co-legislators where there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data.
Wojciech Wiewiórowski, EDPS, said: “Data protection is a key part of EU policymaking, but it requires clear and practical guidance. As advisor to the EU Institutions, the EDPS has identified many good practices on how to effectively integrate data protection while developing legislation. The Guidance published today includes a checklist of items that the European Commission, the European Parliament and the Council should take into account to both meet a given legislation’s objectives, whilst maintaining a high standard of personal data protection for its citizens.”
In its Guidance, the EDPS concentrates its advice to ensure that measures taken by the EU co-legislators are clear, precise and foreseeable, for the effective protection of individuals’ personal data against the risk of its misuse.
As such, the EDPS stresses the importance of carefully considering the following elements when drafting legislative and other acts entailing the processing of personal data:
- a clear specification of the objectives and purposes for which personal data is processed;
- clarity regarding the roles and responsibilities of those processing individuals’ personal data;
- a demonstration of the necessity and proportionality of the envisaged processing of personal data in light of the objectives of a draft legislative proposal;
- delineation of the categories of personal data that are to be processed and the individuals concerned;
- a clear indication of the length for which personal data may be processed;
- appropriate safeguards in cases where personal data is to be disclosed to public authorities or other third parties;
- whether any envisaged restrictions on individuals’ rights are legitimate and limited to what is strictly necessary in light of the objectives pursued.
The Guidance is part of the EDPS’ initiatives marking its 20th Anniversary and aims to offer practical advice to the European Commission, European Parliament and Council of the European Union
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
About the EDPS: The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.