Sunday, 11 March 2012

Critical look at the new data protection rules

Last Wednesday the European Data Protection Supervisor (EDPS) issued an opinion (EPDS applauds strengthening of the right to data protection in Europe, but still regrets the lack of comprehensiveness) regarding, among others, the proposed changes to the Data Protection Directive (we mentioned earlier that the European Commission plans to adopt a new directive and regulation in this area - see: EU data protection reform announced). 

The EDPS positively assessed certain aspects of the to-be-adopted regulation. For example, due to its direct applicability it should harmonise the national laws in Europe to a higher extent than they are now. Moreover, its rules aim at strengthening the rights of individuals and making data controllers more accountable for how they handle personal data. Additionally, it should enhance the role and powers of national supervisory authorities. However, the current draft raises also certain concerns, as to the following issues: possibilities for restricting basic principles and rights; possible derogation for transferring data to third countries; excessive powers granted to the Commission; new ground for exceptions to the purpose limitation principle. 

The EDPS also considers the drafted directive to be below the requirements of a consistent and high level data protection, with main concerns being directed as to the rules set for data protection in the law enforcement.

"The proposed rules for data protection in the law enforcement area are unacceptably weak. In many instances there is no justification whatsoever for departing from the rules provided in the proposed Regulation. The law enforcement area requires some specific rules, but not a general lowering of the level of data protection." said Peter Hustinx, the EDPS.

In his opinion he referred to the lack of legal certainty about the further use of personal data by law enforcement authorities; the lack of a general duty for law enforcement authorities to demonstrate compliance with data protection requirements; the weak conditions for transfers to third countries; as well as the unduly limited powers of supervisory authorities.

No comments:

Post a Comment