European Data Protection Supervisor Reports on Compliance
May 30, 2008 // Published as a news service by IHS
| |
| Electronics & Telecom Tools |
IHS sells flexible standards collections and software to maximize your workflow.
To learn more, and for a free quote, please complete the form below. |
|
| |
The European Data Protection Supervisor (EDPS) recently released two reports assessing compliance with data protection and privacy requirements.
On May 14, Peter Hustinx presented the EDPS general report, which measured the implementation of regulation (EC) 45/2001 on the protection of individuals with regard to the processing of personal data by the European Community.
This reporting operation was launched in March 2007 as part of an effort to monitor and ensure the implementation of the regulation in the various European Union (EU) institutions and agencies.
On May 15, Hustinx presented the EDPS fourth annual report, highlighting EDPS activities in 2007, notably with regard to supervisory and consultative tasks. The report emphasises the impact of the Lisbon Treaty, which provides for enhanced protection of personal data.
The EDPS believes that the new treaty should be seen as an opportunity for EU administration to demonstrate that effective protection of personal data is a basic value underlying EU policies.
"The signing of the Lisbon Treaty is an important benchmark in the history of the European Union, but it should also be understood as a challenge," said Hustinx.
"The fundamental safeguards that are highlighted in the treaty have to be delivered in practice. This applies where EU institutions and bodies are processing personal data, but also where they develop rules and policies that may have an impact on the rights and freedoms of European citizens," Hustinx added.
General report results
The EDPS general report shows that agency efforts have helped boost compliance with the regulation, if only because it has encouraged the appointment of a data protection officer (DPO) in every EU institution and operational agency.
In addition, it has prompted most institutions and agencies to draft an inventory of processing operations involving personal data, which allowed a more systematic approach to implementation.
From a more general perspective, EU institutions and bodies have also devoted more efforts in raising awareness among EU staff on data protection issues.
The reporting exercise also highlighted the following results:
- Notification of processing operations from data controllers to the DPO - Progress made in this area by the EU institutions is generally satisfactory, although the EDPS considers that full compliance should have been achieved at this point. However, a fairly low level of notifications has been observed in most of the agencies.
- Notification of processing operations to the EDPS for prior checking - Only four institutions have managed to notify all existing processing operations to the EDPS for prior checking. With regard to the other institutions, an average of 50% of processing operations subject to prior checking has been submitted to the EDPS. However, the level of notifications received from agencies is generally rather low.
The EDPS will encourage and closely monitor further progress in those fields with a view to reaching full compliance as early as possible. In some cases where the level of compliance is inadequate, specific targets have already been set. In addition, the need for support for DPOs in order to obtain notifications from data controllers will be pointed out to the management of the institutions and bodies.
The EDPS also intends to proceed with on-the-spot inspections in several institutions or bodies. Further activities to measure compliance with the regulation will be undertaken at a later stage in order to assess and, where necessary, ensure adequate progress.
Fourth annual report results
Regarding the EDPS supervisory role, the fourth annual report report shows that there has been substantial progress in this field in 2007. The report highlighted the following:
- A significant increase in the number of prior checks relating to processing operations of personal data in EU institutions and bodies in a variety of fields, such as medical data, recruitment of staff and selection of candidates, staff evaluation, OLAF procedures, social services files and e-monitoring.
- The results of the spring 2007 exercise to measure compliance in all institutions and bodies. Although there is reason for some satisfaction, continued efforts are still needed on the part of the EU administration to reach full compliance with data protection requirements.
Regarding the EDPS advisory role on new EU legislative proposals having an impact on data protection with the publication of 12 legislative opinions, special emphasis was put on:
- The need for a consistent and effective framework for data protection, both in the first and third pillars, although the results did not always live up to expectations.
- The possible future need for a specific legal framework for data protection in the area of radio frequency identification device (RFID) technology.
- Other policy issues, such as the European passenger name record system, cross-border cooperation (PrĂ¼m Treaty), road transport, and community statistics on health data and social security systems.
More information
For further information, see the EDPS Spring 2007 report, the EDPS Fourth Annual Report and the EDPS web site.
Source: European Commission.