Commission report: EU data protection rules empower citizens and are fit for the digital age

digital 2020_

(Credit: Unsplash)

This article is brought to you in association with the European Parliament.


Today, just over two years after its entry into application, the European Commission published an evaluation report on the General Data Protection Regulation (GDPR). The report shows the GDPR has met most of its objectives, in particular by offering citizens a strong set of enforceable rights and by creating a new European system of governance and enforcement. The GDPR proved to be flexible to support digital solutions in unforeseen circumstances such as the Covid-19 crisis. The report also concludes that harmonisation across the Member States is increasing, although there is a certain level of fragmentation that must be continually monitored. It also finds that businesses are developing a compliance culture and increasingly use strong data protection as a competitive advantage. The report contains a list of actions to facilitate further the application of the GDPR for all stakeholders, especially for Small and Medium Sized companies, to promote and further develop a truly European data protection culture and vigorous enforcement.

Věra Jourová, Vice-President for Values and Transparency, said: “Europe’s data protection regime has become a compass to guide us through the human-centric digital transition and is an important pillar on which we are building other polices, such as data strategy or our approach to AI.The GDPR is the perfect example of how the European Union, based on a fundamental rights’ approach, empowers its citizens and gives businesses opportunities to make the most of the digital revolution. But we all must continue the work to make GDPR live up to its full potential.”

Didier Reynders, Commissioner for Justice, said: “The GDPR has successfully met its objectives and has become a reference point across the world for countries that want to grant to their citizens a high level of protection. We can do better though, as today’s report shows. For example, we need more uniformity in the application of the rules across the Union: this is important for citizens and for businesses, especially SMEs. We need also to ensure that citizens can make full use of their rights. The Commission will monitor progress, in close cooperation with the European Data Protection Board and in its regular exchanges with Member States, so that the GDPR can deliver its full potential.”

Key findings of the GDPR review

Citizens are more empowered and aware of their rights: The GDPR enhances transparency and givesindividuals enforceable rights, such as the right of access, rectification, erasure, the right to object and the right to data portability. Today, 69% of the population above the age of 16 in the EU have heard about the GDPR and 71% of people heard about their national data protection authority, according to results published last week in a survey from the EU Fundamental Rights Agency. However, more can be done to help citizens exercise their rights, notably the right to data portability.

  • Data protection rules are fit for the digital age: The GDPR has empowered individuals to play a more active role in relation to what is happening with their data in the digital transition. It is also contributing to fostering trustworthy innovation, notably through a risk-based approach and principles such as data protection by design and by default.
  • Data protection authorities are making use of their stronger corrective powers: From warnings and reprimands to administrative fines, the GDPR provides national data protection authorities with the right tools to enforce the rules. However, they need to be adequately supported with the necessary human, technical and financial resources. Many Member States are doing this, with notable increases in budgetary and staff allocations. Overall, there has been a 42% increase in staff and 49% in budget for all national data protection authorities taken together in the EU between 2016 and 2019. However, there are still stark differences between Member States.
  • Data protection authorities are working together in the context of the European Data Protection Board (EDPB), but there is room for improvement: The GDPR established an innovative governance system which is designed to ensure a consistent and effective application of the GDPR through the so called ‘one stop shop’, which provides that a company processing data cross-border has only one data protection authority as interlocutor, namely the authority of the Member State where its main establishment is located. Between 25 May 2018 and 31 December 2019, 141 draft decisions were submitted through the ‘one-stop-shop’, 79 of which resulted in final decisions. However, more can be done to develop a truly common data protection culture. In particular, the handling of cross-border cases calls for a more efficient and harmonised approach and an effective use of all tools provided in the GDPR for the data protection authorities to cooperate.
  • Advice and guidelines by data protection authorities: The EDPB is issuing guidelines covering key aspects of the Regulation and emerging topics. Several data protection authorities have created new tools, including helplines for individuals and businesses, and toolkits for small and micro-enterprises. It is essential to ensure that guidance provided at national level is fully consistent with guidelines adopted by the EDPB.
  • Harnessing the full potential of international data transfers: Over the past two years, the Commission’s international engagement on free and safe data transfers has yielded important results. This includes Japan, with which the EU now shares the world’s largest area of free and safe data flows. The Commission will continue its work on adequacy, with its partners around the world. In addition and in cooperation with the EDPB, the Commission is looking at modernising other mechanisms for data transfers, including Standard Contractual Clauses, the most widely used data transfer tool. The EDPB is working on specific guidance on the use of certification and codes of conduct for transferring data outside of the EU, which need to be finalised as soon as possible. Given the European Court of Justice may provide clarifications in a judgment to be delivered on 16 July that could be relevant for certain elements of the adequacy standard, the Commission will report separately on the existing adequacy decisions after the Court of Justice has handed down its judgment.
  • Promoting international cooperation: Over the last two years, the Commission has stepped up bilateral, regional and multilateral dialogue, fostering a global culture of respect for privacy and convergence between different privacy systems to the benefit of citizens and businesses alike. The Commission is committed to continuing this work as part of its broader external action, for example, in the context of the Africa-EU Partnership and in its support for international initiatives, such as ‘Data Free Flow with Trust’. At a time when violations of privacy rules may affect large numbers of individuals simultaneously in several parts of the world, it is time to step up international cooperation between data protection enforcers. This is why the Commission will seek authorisation from the Council to open negotiations for the conclusion of mutual assistance and enforcement cooperation agreements with relevant third countries.

Aligning EU law with the Law Enforcement Directive

In addition, the Commission has today also published a Communication that identifies ten legal acts regulating processing of personal data by competent authorities for the prevention, investigation, detection or prosecution of criminal offences which should be aligned with the Data Protection Law Enforcement Directive. The alignment will bring legal certainty and will clarify issues such as the purposes of the personal data processing by the competent authorities and what types of data may be subject to such processing.

Background

The GDPR foresees that the Commission reports on the evaluation and review of that Regulation, starting with a first report after two years of application and every four years thereafter.

The General Data Protection Regulation is a single set of rules of EU law on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It strengthens data protection safeguards, provides additional and stronger rights to individuals, increases transparency, and makes all those that handle personal data more accountable and responsible. It has equipped national data protection authorities with stronger and harmonised enforcement powers, and has established a new governance system among the data protection authorities. It also creates a level playing field for all companies operating in the EU market, regardless of where they are establish, ensures the free flow of data within the EU, facilitates safe international data transfers and has become a reference point at global level

As stipulated in Article 97(2) of the GDPR, the report published today covers in particular international transfers and ‘cooperation and consistency mechanism’, although the Commission has taken a broader approach in its review, in order to address issues raised by various actors during the last two years. These include contributions from the Council, the European Parliament, the EDPB, national data protection authorities and stakeholders.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Commission Vice-President Rehn exaggerates Eurozone’s growth prospects

Industrial policy: recommendations to support Europe’s leadership in six strategic business areas

Number of MEPs to be reduced after EU elections in 2019

5 ways to break down the barriers for women to access leadership roles

A Sting Exclusive: “On the road to Japan-EU Economic Partnership Agreement”, by Ambassador Katakami of the Japanese Mission to the European Union

AI can help us unlock the world’s most complex operating system – the human body

5 amazing schools that will make you wish you were young again

Healthcare guidance apps to professional’s continued education?

The world needs a circular economy. Help us make it happen

Victims of terrorism remembered

Banks cannot die but can be fined

The next generation is key for a European renaissance

UN appeals for international support as flood waters rise in wake of second Mozambique cyclone

UN expert calls for international investigation into ‘evident murder’ of Jamal Khashoggi

‘The clock is ticking’ on meeting the Sustainable Development Goals, says UN deputy chief

A Monday to watch the final act of a Greek tragedy; will there be catharsis or more fear?

Syrian Constitutional Committee a ‘sign of hope’: UN envoy tells Security Council

Coronavirus: Commission stands ready to continue supporting EU’s agri-food sector

Norway is returning Easter Island artefacts to Chile (Will Britain ever return the marbles to Greece?)

MWC 2016 Live: Mobile ad industry still waiting for “revolution”

Brexit casts a shadow over the LSE – Deutsche Börse merger: a tracer of how or if brexit is to be implemented

MWC 2016 Live: Roshan CEO opens up on Afghanistan challenges

EU Commission announces Safe Harbour 2.0 and a wider Data protection reform

Commission sets moderate greenhouse gas reduction targets for 2030

From Russia with love: Brussels and Moscow close to an agreement on Ukraine’s gas supplies

Sudan Prime Minister survives attempted assassination

Monday’s Daily Brief: WFP mulls ‘last resort’ Yemen aid suspension, top peacekeeping awardee announced, abuzz over Bee Day, Ebola threat ‘very high’

EU-U.S. Privacy Shield: Second review shows improvements but a permanent Ombudsperson should be nominated by 28 February 2019

Why helping cross-border commuters is key to fighting COVID-19

Future EU-UK Partnership: European Commission takes first step to launch negotiations with the United Kingdom

Emotional control and introspectivity in times of pandemic

Why economic growth depends on closing the interview gap

The Khashoggi affair: A global complot staged behind closed doors

THE ROAD TO GANESHA

EU-Turkey relations: EU considers imposing sanctions while Turkey keeps violating Cyprus’ sovereignty

What if Trump wins the November election and Renzi loses the December referendum?

Nicaragua crisis: One year in, more than 60,000 have fled, seeking refuge

Trump after marginalizing G20 attacks Europe and China where it hurts, brandishes currency war

EU-Ukraine Summit: moving forward together in solidarity

MEPs to prioritise environment and climate action in next long-term budget

In Libya, Guterres ‘deeply concerned’ by risk of fresh military confrontation, urges restraint

UN forum to bring ‘big space data’ benefits to disaster response in Africa

The 5 lessons from New York Climate Week to help us combat deforestation

More than four in 10 women, live in fear of refusing partner’s sexual demands, new UN global study finds

Poverty and social exclusion skyrocket with austerity

3 ways to use digital identity systems in global supply chains

EU leads the torn away South Sudan to a new bloody civil war

Gender parity can boost economic growth. Here’s how

Technology can help solve the climate crisis – but it will need our help

An open letter from business to world leaders: “Be ambitious, and together we can address climate change”

Cyclone Idai: UNICEF warns of ‘race against time’ to protect children, prevent spread of disease in flood-ravaged Mozambique

EU-US trade war? EU calls for logic while Trump’s administration is a loose cannon in a dangerous lose-lose situation for global prosperity

This AI outperformed 20 corporate lawyers at legal work

We spend half our time at work in meetings – and that’s not necessarily a bad thing

Is history a new NATO weapons against Russia?

How three US cities are using data to end homelessness

2013, a Political Odyssey: What future for Italy?

The jobs forecast is unsettled. It’s time for a reskilling revolution

The European Parliament fails to really restrict the rating agencies

UPDATED: Thousands flee fighting around Libyan capital as Guterres condemns escalation, urges ‘immediate halt’ to all military operations

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s