European Data Protection Supervisor: Annual Report 2015

With new data protection rules now recognised as law, the EU must turn its attention to ensuring that they are successfully implemented, the European Data Protection Supervisor said to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), as he presented his 2015 Annual Report. Giovanni Buttarelli, EDPS, said: “The GDPR is one of the EU’s greatest achievements in recent years and a document of which it should be proud. However, our job is not yet complete. We must ensure that the GDPR is fully and effectively implemented and that we close the package with equally effective agreements on Regulation 45/2001 and the ePrivacy Directive. Only then will we be able to ensure that the EU upholds its promise of effective data protection for the digital age”. The EDPS focused considerable efforts in 2015 on ensuring the successful adoption of new and effective data protection rules, providing legislators with detailed recommendations in the form of an app. He now turns his attention to the successful implementation of these rules and the reform of the current Regulation, which will apply to the work of the EDPS and the other EU institutions and bodies. Wojciech Wiewiórowski, Assistant EDPS, said: “The EU institutions must lead by example. Over the next two years, the EDPS will continue to cooperate closely with data protection officers from all EU institutions and bodies and to provide them with support and advice, as they prepare for the changes that will come into force in May 2018”. Our work on this has already started. For example, the EDPS plans to produce a toolkit on necessity, which is a key concept in the new reform. The toolkit aims to better equip EU legislators responsible for preparing and scrutinising measures which involve the processing of personal data and which might interfere with the rights to privacy, data protection and other rights and freedoms laid down in the Charter of Fundamental Rights of the EU. The EDPS will also continue his work with fellow EU data protection authorities in the Article 29 Working Party (WP29) to prepare for the European Data Protection Board (EDPB). The Board, which will replace the WP29, is a vital element of the reform and must be fully functional from day one. The EDPS launched several new initiatives in 2015, such as those on data ethics and big data. He also worked closely with the WP29 to analyse the consequences of the Court of Justice of the European Union’s ruling on Safe Harbour and advise the Commission on alternative solutions. These and other initiatives will continue into 2016 and beyond to ensure that the EU remains at the forefront of data protection and privacy policy in the years to come. 26 maggio 2016