The European Data Protection Supervisor (EDPS) has adopted an
opinion on the European Commission’s Communication of 10 June 2009
entitled “An area of freedom, security and justice serving the
citizen”. The Communication is the Commission’s contribution to the
discussions on the new EU programme for the next five years in the area
of justice and home affairs, the so called Stockholm programme, which
is due to be adopted by the European Council in December 2009.
The EDPS supports the attention that has been devoted in the
Communication to the protection of fundamental rights, and in
particular the protection of personal data, as one of the key issues of
the future framework for EU action on the questions of citizenship,
justice, security, asylum and immigration. He fully endorses the
Commission’s view that more emphasis should be given to data protection
in the areas concerned, and calls for the European Council to follow
the same approach when adopting the Stockholm multi-annual programme.
Peter Hustinx, EDPS, says: " I am pleased to see that the
Commission’s Communication promotes a right balance between the need
for appropriate instruments to guarantee the security of the citizens
and the protection of their fundamental rights. Serving the citizens
requires a European Union that safeguards this balance. This is all the
more important since the policies in this area have great impact in the
citizens‘ daily life and private space. I therefore expect the Council
to go along the same path in the adoption of the Stockholm programme. "
Taking the need for protection of fundamental rights as main angle
of the analysis, the EDPS opinion focuses on the following issues:
need for a comprehensive data protection scheme : the EDPS fully
supports the call for a comprehensive data protection scheme covering
all areas of EU competence, regardless of the entry into force of the
Lisbon Treaty;
data protection principles : the EDPS welcomes the intention of the
Commission to reaffirm a number of basic principles of data protection.
He emphasises the importance of the purpose limitation principle (*) as
a cornerstone of data protection law. Focus should also be given to the
possibilities for improving the effectiveness of the application of
data protection principles, in particular through instruments than can
reinforce the responsibilities of the data controllers;
European information model : the EDPS notes the developments
towards a European information model and an EU Information Management
Strategy with great interest and underlines the attention that should
be given in these projects to data protection elements, to be further
elaborated in the Stockholm programme. The architecture for information
exchange should be based on "privacy by design" (**) and "Best
Available Techniques" (***) .
(*) Data should be collected for specified, explicit and legitimate
purposes, and not further processed for purposes incompatible with
those purposes (Article 6(1)(b) of Directive 95/46/EC). Exceptions to
this principle are only allowed under strict safeguards (Article 13 of
Directive 95/46/EC).
(**) Data protection requirements should be applied and integrated
as early as possible in the life cycle of new technological
developments and of information systems.
(***) The most advanced stage in the development of particular
techniques that is practically suitable and effective for providing the
basis for complying with the EU data protection framework.
The opinion is available on our website.
For more information, please contact the EDPS Press Service at: +32 2 283 19 00
EDPS – The European guardian of personal data protection
www.edps.europa.eu