Privacy and data protection in the European Union

Mr. Peter Hustinx was one of the high profile speakers at this week’s ENISA NIS ’09 Summer School. In January, he has been reappointed as European Data Protection Supervisor (EDPS) for a second term of office. His mission is to make sure that the fundamental right to protection of personal data is respected by the EU institutions and bodies.

With the evolution of communication networks, in the last ten years we have witnessed a number of information security risks, as well as those concerning the state of public security. “Real security does not exist without the privacy built in, and privacy in a networked world is not possible without security measures” – Hustinx noted.

Globalization allowed everyone to partake in activities that they couldn’t even imagine before, and therefore data privacy and protection must be of tremendous importance. Mr. Hustinx shared the latest Eurobarometer (a series of surveys regularly performed on behalf of the European Commission) findings that show that 2/3 of European Union citizens are very concerned about the security and privacy of their information. The figures are even higher in Austria and Germany, with over 90% respondents sharing their concerns on these important topics. Countries like the United Kingdom do this kind of research on a yearly basis and the results show the same trend in awareness of data security and privacy issues.

There is a clear distinction between privacy and data protection. Mr. Hustinx shared his point of view: the right to privacy in the human rights legislation is about not interfering in the private life. Data protection, on the other hand, is a positive concept that began to be used 25-30 years ago and deals with information society, processing of personal data, enforcing a system of checks, setting up rights and obligations and encompasses institution oversight. Data protection is much more complex than privacy, but both concepts should be jointly used.

Another topic discussed by Mr. Hustinx is the scope of data protection. It’s important to define what constitutes personal data – it is not just the sensitive personal data, but all information about the individual and the objects that can have the impact on the individual. New technology carries with it new consequences to think about, and the issue of privacy should be thought about and definitely incorporated into the design. “Don’t develop rules that are too close to technology. It is better to create general rules that can be easily incorporated into the ever changing technology landscape”, he noted.

Seeing that Mr. Hustinx has been closely involved in the development of data protection legislation from the start (both at the national and international level) he gave a very interesting speech on the existing data protection and privacy issues in the European Union and about what is being done for the protection of personal data and privacy, as well as for the promotion of good practices in EU bodies and institutions.

Mr. Hustinx’s closing remarks were on how the Treaty of Lisbon (currently on hold, as Irish voters rejected it in 2008) will impact data protection and privacy in European Union member states. “In Article 16 of the Treaty, there is a strong statement about data protection. There will be a provision saying that everyone has a right to protection of personal data. There won’t be any exceptions and it will apply to all fields of EU activity.” Besides, the insistence of the European Parliament on another Commissioner for data protection and privacy is, as he noted, a strong message indicating forward motion.

Berislav Kucan, reporting from ENISA NIS ’09 Summer School.

Don't miss