Accessibility Tools

One giant leap for digital rights


One giant leap for digital rights

15 April 2016, By Giovanni Buttarelli

 

So a bit of history was made yesterday. The adoption by the European Parliament of the General Data Protection Regulation, following the decision by the Council last week, is quite simply a landmark in human rights law. It is the biggest attempt so far by a legislator to grapple with the realities of global, ubiquitous data in the internet era.
 
'The processing of personal data,' according to Recital 4 of the Regulation, 'should be designed to serve mankind'.  The GDPR is very long and very detailed, but at its core is the individual - and the preservation of her dignity in the digital society.  The regulation renews safeguards and reinforces individual's rights as well as adding new ones, and it increases transparency of processing. Any controller who targets services at people in Europe or monitors their activities will be clearly liable under EU law for how they process this data. Companies and public authorities will from now on be accountable for their data practices: they will be treated like adults, no longer required to notify every single processing operation. They will be assumed to have in place appropriate measures for complying with the new rules, and they must be able to demonstrate their compliance. Failure to respect the rights of individuals may now result in rigorous administrative and financial sanctions. The right to data portability should help empower individuals to choose to whom they entrust their information, and to change their minds and move the data to another service provider.

As for independent data authorities, as I argued in my previous post, they will also become more accountable for making new rules flexible and future-proof, with timely, relevant and user-friendly guidance, with greater alignment and coherence in how enforce, raise awareness and handle complaints. They will be obliged to cooperate and to share information, and to stay up-to-date with technological developments.

Adopted alongside the GDPR, the directive on data protection rules for the police and criminal justice sector will provides a modern platform for data sharing by crime fighting across the EU. 

Europe has faced enormous, even existential, difficulties in recent years. Brussels itself suffered last month the sort of mindless violence to which other countries and regions of the world have become sadly accustomed. But in these modernised, trailblazing new rules on personal data processing, the EU has achieved something of which it can be justly proud. 

And yet this week has also exposed the scale of the challenge which remains, six years after the entry into force of the Lisbon Treaty and the incorporation of the Charter of Fundamental Rights into primary EU law. The Article 29 Working Party has registered its serious concerns with the sustainability of the EU-US Privacy Shield agreement. Last week I, along with several other data protection commissioners from around the world, had a series of discussions with our interlocutors in Washington, D.C.  The clear message was that the US Administration had made great efforts in the negotiations and that this was borne out of sincere respect for Europe as a strategic partner with shared democratic values. I will shortly provide my advice to the institutions on how we can ensure that we set a lasting international precedent for data flows which respect the rights and freedoms of the individual.

Also this week has seen the adoption of an EU directive requiring airline passenger name records to be handed over to Member State law enforcement bodies. The EDPS has repeatedly questioned the justification for this measure in the light of the case law of the Court of Justice of the EU. EU PNR was passed two days after a hearing in the CJEU in which national data retention laws under the EU ePrivacy Directive (Directive 2002/58/EC) were subjected to tough scrutiny. More than ever, as noted in the EDPS Strategy for 2015-2019, there is a pressing need for a mature and informed conversation on security and privacy. 

The struggle continues. But for now let’s celebrate Thursday 14 April 2016 as truly historic day for fundamental rights in Europe. 


All blogposts

  • 25 March 2017

    60th anniversary of the Rome Treaties. Giovanni Buttarelli to participate in the meeting of the 27 EU heads of state and heads of European Union institutions in Rome, Italy.

  • 15 March 2017

    Data Protection and the EU institutions. Read the latest blogpost by Giovanni Buttarelli and the EDPS Opinion.

  • 15 March 2017

    EDPS sees opportunity for stronger consumer and data protection. Read the EDPS Opinion and the press release.

  • 13 March 2017

    2018 International Conference of Data Protection and Privacy Commissioners to be hosted in Brussels. Read the press statement.

  • 07 March 2017

    EDPS calls for consistent improvements in the approach to EU border policy. Read the EDPS Opinion and the press release.

  • 28 March 2017

    Giovanni Buttarelli meeting with Greg Nojeim, Senior Counsel and Director, Freedom, Security and Technology Project, Center for Democracy & Technology (CDT), Brussels, Belgium

  • 28 March 2017

    Giovanni Buttarelli meeting with Cornelia Ernst, MEP, Brussels, Belgium

  • 27 March 2017

    Processing of personal data  by the Union institutions, bodies, offices and agencies, Study group meeting, EESC, Participation of Giovanni Buttarelli, Brussels Belgium

  • 25 March 2017

    60th anniversary of the Rome Treaties, Participation of Giovanni Buttarelli in the meeting of the 27 EU heads of state and heads of European Union institutions, Rome, Italy

  • 23 March 2017

    Forum on International Privacy Law, Participation of Wojciech Wiewiórowski, Königstein, Germany

  • 23 March 2017

    Participation of Giovanni Buttarelli in DAPIX, Brussels, Belgium

  • 23 March 2017

    Concurrences Review, Law & Economics Workshop: Big Data, Speech by Giovanni Buttarelli, Brussels, Belgium

  • 13 March 2017

    Regulating Privacy through Ethical Standards and Accountability Principles in the era of Big Data, Keynote speech of Wojciech Wiewiórowski: Towards a new digital ethics – data, dignity and technology: How to ensure accountability in personal data management?, Brussels, Belgium