Brussels, Wednesday 20 June 2012
Today Peter Hustinx, European Data Protection Supervisor (EDPS) and Giovanni Buttarelli, Assistant Supervisor, presented their Annual Report of activities for 2011 to the Committee on Civil Liberties, Justice and Home Affairs (LIBE) of the European Parliament. This Report covers the seventh full year of activity of the EDPS as an independent supervisory body.
In 2011, the EDPS made significant efforts to push the effective protection of personal data. In the supervision of EU institutions and bodies, a benchmarking exercise was carried out to gather indicators of compliance with the Data Protection Regulation. As a consequence, targeted visits to selected institutions and agencies below the benchmark or because of a lack of cooperation are now taking place throughout 2012. Overall, the effects of the new EDPS enforcement policy showed that most EU institutions and bodies are making good progress in complying with the Regulation, while others should increase their efforts.
In the consultation on new legislative measures, the EDPS issued a record number of opinions on a range of relevant subjects. Most prominent was the Review of the EU legal framework for data protection, which will remain high on the EDPS agenda in 2012. However, the implementation of the Stockholm programme in the area of freedom, security and justice and the Digital Agenda, as the cornerstone for the Europe 2020 strategy, also had an impact on data protection. This can also be said of new EU law as a consequence of the financial crisis, and a wide variety of other policy areas.
Peter Hustinx, the EDPS, says: "2011 was a very productive year, in line with our efforts to ensure consistent and effective protection of privacy and personal data in a fast-changing, interconnected world. In its support of technological advances and economic development, particularly in an age of austerity, it is important that the EU administration does not lose sight of the right of the European citizen to privacy and data protection. Only a joint effort to apply a consistent and effective approach will maintain this fundamental right."
The main priorities for the EDPS in 2012 include:
Raising awareness: The EDPS will invest time and resources in providing guidance to EU institutions and agencies in the form of thematic guidelines, training and workshops and the development of a dedicated section on the EDPS website for Data Protection Officers (DPOs).
Defining procedures for handling notifications related to standard administrative procedures or to processing operations already in operation.
An exercise to determine the state of play for DPOs in EU institutions and bodies in order to provide support for the DPO function in line with the accountability principle.
Visits and inspections to institutions and agencies, not only for enforcement, but also as a tool to raise awareness of data protection issues and the role of the EDPS.
In his capacity as advisor, the EDPS will give priority in 2012 to the on-going work on the legal framework for data protection in the EU.
Technological developments, especially those connected to the Internet and associated policies, will be another area of focus. This involves plans for a Pan-European framework for electronic identification, authentication and signature; the issue of Internet monitoring (e.g. enforcement of IP rights, takedown procedures), cloud computing services and eHealth. The EDPS will also strengthen his technological expertise and engage in research on privacy-enhancing technologies.
Further developing the Area of Freedom, Security and Justice (e.g. EU-TFTS, Smart borders) and financial sector reform insofar as they affect the right to privacy and data protection will continue to be followed and scrutinised by the EDPS.
The EDPS will also continue to fulfil his responsibilities in the field of coordinated supervision and reach out to national data protection authorities as well as to international organisations in order to raise awareness and share good practices.
EDPS key figures in 2011
71 prior-check opinions adopted, 6 non prior check opinions
107 complaints received, 26 admissible
Main types of violations alleged: violation of confidentiality of data, excessive collection of data or illegal use of data by the controller
34 consultations on administrative measures. Advice was given on a wide range of legal aspects related to the processing of personal data conducted by the EU institutions and bodies
4 on-the-spot inspections carried out
2 guidelines published on anti-harassment procedures and evaluation of staff
24 legislative opinions issued on, among others, initiatives relating to the Area of Freedom, Security and Justice, technological developments, international cooperation, data transfers, or internal market.
12 sets of formal comments issued on, among others, intellectual property rights, civil aviation security, EU criminal policy, the Terrorist Finance Tracking System, energy efficiency, or the Rights and Citizenship Programme.
41 sets of informal comments
14 new colleagues recruited
EDPS - The European guardian of data protection
Follow us on Twitter: @EU_EDPS