The European Data Protection Supervisor (“EDPS) has issued its 2016 priorities. While the primary responsibility of the EDPS is to monitor the processing of personal data by EU institutions and bodies, he also has responsibility for advising on policies and legislation that affect privacy. In this advisory role, the EDPS has identified the following four key priorities for 2016:
1. Completing The New European Legal Framework For Data Protection
Having weighed in a number of times on the GDPR proposals and negotiations last year, in 2016, the EDPS will focus on two related pieces of EU legislation.
Firstly, he will advise the European Commission in relation to the revision of Regulation (EC) No 45/2001 which governs the processing of personal data by EU institutions and bodies. Particularly, the EDPS will ensure that the principles enshrined in the GDPR will also be applicable to the EU institutions and bodies.
Secondly, the EDPS will assist with the review of the ePrivacy Directive 2001/58/EC. It will focus specifically on “the need to adequately translate into secondary EU law the principle of confidentiality of electronic communications enshrined in Article 7 of the Charter of Fundamental Rights of the EU and Article 8 of the European Convention on Human Rights”. No doubt, the EDPS will seek to ensure that the rules for surveillance of communications and related traffic data will not excessively interfere with the rights to privacy and data protection.
2. Ensuring Adequate Protection In International Data Transfers
Following the CJEU judgment in Schrems, cross-border data transfers will continue to top the regulator priority list this year and be subject to intense debate at various levels. The EDPS has foreshadowed to:
- provide comments on any new arrangement for transatlantic data transfers;
- take position on proposals to be tabled by the Commission to amend existing adequacy decisions in so far as they limit supervisory authorities’ powers to suspend data flows to recipients in the relevant third country with adequacy status; and
- closely follow, and likely provide comments in relation to, the process for adopting an EU/U.S. Umbrella Agreement intended to protect personal data when transferred and processed for purposes of preventing, investigating, detecting or prosecuting criminal offences.
3. Safeguarding Privacy In Light Of Proposed Security And Anti-terrorism Measures
The EDPS will closely monitor several security and anti-terrorism initiatives announced by various EU institutions and Member States, such as the proposed upgrade of the Schengen Member States’ border control systems and increased information sharing for law enforcement purposes. The EDPS emphasises the need for anti-terrorism measures to respect and not disproportionately restrict fundamental rights to privacy and personal data protection and is likely to interfere where this is not the case.
4. Digital Single Market (“DSM”) Initiatives
Finally, the EDPS will pay close attention to the implementation of the DSM Strategy, and in particular proposals related to:
- cross-border portability of online content services;
- review of the Audiovisual Media Services Directive;
- proposal to establish free flow of data within the DSM;
- modernisation of the EU copyright framework;
- proposals on digital contracts; and
- review of the Consumer Protection Cooperation Regulation.
5. Concluding remarks
These priorities are not set in stone and are likely to be adjusted throughout the year. While it is likely that the EDPS will expand its priorities to other issues as they emerge, it is unlikely that the EDPS will drop any of the above priorities from its list. All of the above are interesting developments to monitor and we are likely to see the EDPS weighing in on all of them as a keen advocate for privacy and data protection.