EDPS – Data Protection Directive should be fully implemented

By EDRi · August 1, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The EDPS (European Data Protection Supervisor), Peter Hustinx, issued on 25
July 2007 an opinion on the European Commission communication regarding the
improved implementation of the EC Data protection directive (95/46),
considering that the Directive should not be amended and asking for its full
implementation before applying any changes.

The EDPS’ opinion is that specific actions are needed in the short term to
ensure the full implementation of the Directive pending the Reform Treaty
that will make the Charter of Fundamental Rights legally binding, “thus
offering the citizens better data protection”.

“In the longer term, changes of the Directive seem unavoidable, while
keeping its core principles” and “A clear date for a review to prepare
proposals leading to such changes should already be set now. Such a date
would give a clear incentive to start the thinking about future changes
already now.”

Hustinx reminds the dynamic context within which the Directive operates with
the constantly changes in EU, as well as in the information society.”[…]
the free flow of information between the Member States – and between the
Member States and third countries – has become more important and will
become an even more important reality. […] The information society is
evolving and has more and more characteristics of a surveillance society.
This implies an increasing need for effective protection of personal data to
deal with these new realities in a fully satisfactory way.”

Some of the short-term actions that the EDPS considers necessary for a full
implementation of the Directive are an efficient use of infringement
procedures, the promotion of best practices, self-regulation, “privacy by
design” and privacy seals type of non-binding measures.

He sees long-term measures will also be needed in order to address issues
such as interoperability or the wider use of biometric data.

EDPS also considers the number of stored data should also be limited to the
needs of law enforcement and that access to content data should not be made
possible. Specific proper safeguards should be ensured to avoid access of
non-authorised people to the stored data as well as adequate technical
measures for the security of the data. In his opinion, the subjects of the
stored data should be able to exercise their rights and data protection
authorities should be enabled to supervise effectively.

Press release – Data protection directive: EDPS wants full implementation
before considering changes to the framework (25.07.2007)

Opinion of the European Data Protection Supervisor on the Communication from
the Commission to the European Parliament and the Council on the follow-up
of the Work Programme for better implementation of the Data Protection
Directive (25.07.2007)