“Today it is too easy to simply collect and abuse the personal data of Europe’s citizens. This infringement of rights can have a profound effect on the victims of data protection violations,” says FRA Director Morten Kjaerum. “It is now time to give power to the data protection authorities to help counter these violations so victims can receive adequate redress.”
“In the European Union data protection is a fundamental right. We must make sure that this right is protected and that citizens can enforce it,” said European Commission Vice-President Viviane Reding, the EU’s Justice Commissioner. “As the report from the EU Fundamental Rights Agency shows, today, many citizens don't know where to go to if their data has been misused. This is not good enough. The Commission’s data protection reform proposals will make life easier: there will be a one stop shop for citizens meaning you can always address your local data protection supervisor. Citizens will no longer need to take a plane to complain – no matter where the company that is processing their data is based in the European Union. I call on ministers to follow the European Parliament's lead to swiftly enact the data protection reform that will improve citizens' rights.”
Interviews with victims have shown that most victims of violations turn to data protection authorities. They often do this to ensure similar violations do not reoccur rather than to seek financial compensation. Only in exceptional cases do they go through courts. Court procedures were viewed as being too complicated, costly and time consuming. The lack of legal assistance and of data protection specialists as well as under resourced data protection authorities and intermediary organisations were also identified as concerns. In addition, information about data protection procedures and remedies was found to be lacking.
The report shows that across EU Member States data protection authorities can issue orders to rectify violations and impose sanctions ranging from warnings and fines to the revocation of licenses. However, the size and duration of these sanctions can vary significantly from country to country. In almost all Member States, criminal sanctions can also be imposed, in the form of a fine or imprisonment but again there are large national differences in the duration of sentence and size of the fine.
Web-based activities, direct marketing, or video surveillance with closed-circuit television cameras accounted for most data protection violations. Government bodies, law enforcement, and financial and health institutions are most often responsible for these violations. As a result victims most frequently experience, insecurity, damage to reputations or emotional distress.
The proposed reform of EU data protection rules should help to alleviate such problems. Based on the report findings FRA suggests:
The report contains an overview of the legal framework and the procedures people can use in cases of data protection violations. It also gives examples of actual experiences of victims and those dealing with data protection violations in order to identify areas for improvement in accessing data protection remedies.
In order to help better explain data protection issues, FRA will publish tomorrow a handbook on European data protection case law. The handbook, developed together with the Council of Europe, is aimed at legal professionals and non-governmental organisations who are not specialists in data protection.
To read the report, see:
For further information please contact: firstname.lastname@example.org / Tel.: +43 1 580 30 642