EDPS Strategy 2013-2014 for excellence in data protection by the EU institutions
European Data Protection Supervisor - EDPS/13/2 23/01/2013
Brussels, Wednesday 23 January 2013
Yesterday evening, the EDPS presented a report outlining his Strategy for 2013-2014 to senior representatives of the EU institutions. The EDPS outlined the process, aims and results of an extensive analysis, including the main lines of the 2013-2014 Strategy. This was followed by remarks by Commission Vice-President Viviane Reding, Commissioner Cecilia Malmström, Parliament Vice-Chair of the LIBE Committee Sophie in 't Veld and the Council Anti-Terrorism Coordinator, Gilles de Kerchove.
The Strategy is based on a Strategic Review launched by the EDPS in July 2011. The aim of the Review was to identify priorities and respond to the increasing workload and broader scope of activities that the EDPS will face in the coming years.
The EDPS noted that increasing exchanges of personal information and ever-evolving technologies mean that data protection’s visibility and relevance are now greater than ever. At the same time, the Lisbon Treaty has considerably strengthened the rights to data protection and privacy in EU law. To improve the effectiveness of these rights, the European Commission proposed a new data protection legal framework in January 2012. This will have direct consequences for the EDPS.
Peter Hustinx, EDPS, says: "Through an extensive process of consultation with our various stakeholders we have developed a strategy which will enable us to fulfil our commitments towards citizens and the EU institutions in a continuously evolving environment."
The EDPS' Report explains the strategy as the organisation enters a new phase marked by challenges, in particular an increase in EDPS activities at a time of budget restraint. The valuable input of stakeholders has helped the institution to develop its guiding principles and to set a detailed action plan for achieving its strategic objectives. These actions will maximise the impact of the EDPS' work on data protection at EU level and increase efficiency by making the best use of resources.
Using his expertise, authority and formal powers, the EDPS aims to build awareness of data protection as a fundamental right and as a vital part of good public policy and administration for EU institutions. Acting selectively and proportionately, he wants to ensure that data protection will be an integral part of policy-making and legislation, in all areas where the EU has competence.
In particular, he has identified activities that emphasise the accountability of policy makers and data controllers and activities that build on the crucial role of Data Protection Officers (DPOs). These activities are key parts of the proposed legislative reforms and will show how levels of compliance can be raised in a period of budget restraint.
Giovanni Buttarelli, Assistant EDPS, says: "Our aim is to give a proactive, consistent and reliable support to all EU institutions and bodies in implementing data protection principles."
The EDPS will continue to develop and build on his strategy to respond effectively to the challenge of achieving excellence in data protection at European level beyond 2014.
Article 41(2) of the EU Data Protection Regulation made the EDPS responsible for monitoring and ensuring the application of the Regulation and other relevant Union law with regard to the processing of personal data by EU institutions and for advising EU institutions on all matters concerning the processing of personal data. The EDPS has a number of specific powers to ensure that EU institutions comply with the Regulation. One of the EDPS' duties is to advise the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues that have an impact on data protection.
Personal data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, e-mail addresses and telephone numbers. Other details such as health data, data used for evaluation purposes and traffic data on the use of telephone, email or internet are also considered personal data.
EU institutions: all institutions, bodies, offices or agencies operating for the European Union (e.g. European Commission, European Parliament, Council of the European Union, European Central Bank, specialised and decentralised EU agencies).
DPO: Each institution or body has a data protection officer. It is the DPO's duty to ensure in an independent manner the internal application of the Regulation. This also involves other tasks such as ensuring that controllers and data subjects are informed of their rights and obligations, and cooperating with the EDPS at his request or at their own initiative. A list of data protection officers can be found on the EDPS website.
EDPS - The European guardian of data protection