Chemin de navigation

Left navigation

Additional tools

Autres langues disponibles: FR DE

PRESS RELEASE

EDPS/12/8

Brussels, Wednesday 18 April 2012

EDPS calls for data protection safeguards before public sector information containing personal data can be re-used

Today, the European Data Protection Supervisor (EDPS) adopted his opinion on the Commission's Open Data Package, which includes a series of measures to facilitate a wider and innovative re-use of public sector information (PSI). The opinion highlights the need for specific safeguards for data protection whenever PSI contains personal data. It recommends that public sector bodies take a 'proactive approach' when making personal data available for re-use. This would make it possible to make data publicly available, on a case by case basis, subject to conditions and safeguards in compliance with data protection rules.

Peter Hustinx, EDPS, says: "The re-use of PSI containing personal data may bring significant benefits, but also entails great risks to the protection of personal data, due to the wide variety of data held by public sector bodies. The Commission proposal should therefore more clearly define in what situations and subject to what safeguards information containing personal data may be required to be made available for re-use."

In his opinion, the EDPS recommends, among others, that the proposal should:

  • require that a data protection assessment be carried out by the public sector body concerned before any PSI containing personal data may be made available;

  • require that the terms of the licence to re-use PSI include a data protection clause, whenever personal data are processed;

  • where necessary considering the risks to the protection of personal data, require applicants to demonstrate that any risks to the protection of personal data are adequately addressed and that the applicant will process data in compliance with applicable data protection law, and

  • where appropriate, require that data be fully or partially anonymised and license conditions specifically prohibit re-identification of individuals and re-use of personal data for purposes that may individually affect the data subjects.

In addition, the EDPS suggests that the Commission develop further guidance, focusing on anonymisation and licensing, and consult the Article 29 Data Protection Working Party, an advisory body consisting of data protection authorities in EU Member States.

Background information

On 12 December 2011, the Commission adopted a proposal for a Directive amending Directive 2003/98/EC on re-use of public sector information (the PSI Directive). The proposal is part of the 'Open-Data Package'. The PSI Directive aims at facilitating the re-use of public sector information throughout the European Union by harmonising the basic conditions for re-use and removing barriers to re-use in the internal market. The EDPS has previously also recommended a 'proactive approach' in his paper on 'Public access to documents containing personal data after the Bavarian Lager ruling', 24 March 2011 (see chapter III on pages 6-11).

The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:

  • monitoring the EU administration's processing of personal data;

  • advising on policies and legislation that affect privacy;

  • cooperating with similar authorities to ensure consistent data protection.

The opinion and the paper on public access are available on the EDPS website.
For more information:
press@edps.europa.eu

EDPS - The European guardian of data protection

www.edps.europa.eu


Side Bar

Mon compte

Gérez vos recherches et notifications par email


Aidez-nous à améliorer ce site