The European parliamentary elections are increasingly in the spotlight as the polls of 23-26 May approach. In the face of ongoing political turbulence, it is important that the EU continue to lead the way in promoting a healthy civic society through a robust election process.
Data protection is essential for a resilient democracy, more than ever in this digital age; it underpins the democratic process and trust in our institutions by ensuring safe and secure voting and respect for individual rights. Whether in safeguarding the privacy of our voting choices or defending public discourse from online manipulation, strong data protection rules protect our citizens and our system of governance in a society predicated on the freedom of action and participation of its members.
Giovanni Buttarelli, EDPS, said: “The task of ensuring safe and secure elections is complex and cannot be tackled by one arm of regulation alone. This must be a concerted effort. With all EU citizens this May having the chance to vote in the European Parliament elections, the EDPS is playing its part along with other EU bodies to ensure personal information is used responsibly and that individuals are respected.”
As the supervisory authority responsible for monitoring compliance with data protection rules by EU institutions and bodies, the EDPS has launched a number of initiatives with a view to the European and national-level elections this year. In line with its duties under the new Regulation 2018/1725, the EDPS works alongside other EU institutions to reinforce the success that Europe has achieved in strengthening voter rights. The EDPS has called for regular dialogues between data protection authorities, electoral regulators, media and platforms as a contribution to efforts to protect election integrity, organising a well-attended conference in Brussels in February 2019.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in the new Regulation (EU) 2018/1725. These rules replace those set out in Regulation (EC) No 45/2001. The EDPS is a relatively new but increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli (EDPS) and Wojciech Wiewiórowski (Assistant EDPS) are the members of the institution, appointed by a joint decision of the European Parliament and the Council. Assigned for a five year term, they took office on 4 December 2014.
Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 4(1) of Regulation (EU) No 679/2016, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." See the glossary on the EDPS website.
EU Data Protection Reform package: On 25 January 2012, the European Commission adopted its reform package, comprising two legislative proposals:
- a general Regulation on data protection, which was adopted on 24 May 2016, applicable as of 25 May 2018; and
- a specific Directive on data protection in the area of police and justice, adopted on 5 May 2016, applicable as of 6 May 2018.
The official texts of the Regulation and the Directive are now recognised as law across the European Union (EU) and are fully applicable across the EU.
Regulation 45/2001, which addresses data protection in the EU institutions and bodies, was replaced by Regulation (EU) 2018/1725 on 11 December 2018, while new rules on ePrivacy are also planned.