European Data Protection Supervisor Data Protection in EU

European Data Protection Supervisor Data Protection in EU Institutions “… What about Spring 2007? ” Peter Hustinx 10 May 2007 Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor EU Institutional Landscape • Community Institutions » EP, CONS, COM, ECJ, ECA, EO, EDPS • Community bodies » ECB, EIB, EESC, Co. R, OPOCE, EPSO, EAS • Community agencies » OHIM, ENISA, EFSA, EMSA etc • Executive Agencies • Second Pillar agencies • Third Pillar agencies » Europol, Eurojust, Cepol Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor EC Data Protection • • Co. E Convention 108 EC Directives 95/46 and 97/66 (2002/58) Article 286 EC Treaty Regulation (EC) 45/2001 » Community institutions and bodies » Scope of Community law • Österreichischer Rundfunk > PNR Cases • EU Charter > Constitutional Treaty Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Role of EDPS • Article 286 EC Treaty • Regulation (EC) 45/2001 • Independent authority – Supervision – Consultation – Cooperation » Intervention ECJ • CMLR October 2006 Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Monitoring Compliance • Data Protection Officers – Position Paper on “Role of DPO in ensuring effective compliance” (2005) • Prior Checks – Processing operations with specific risks: medical data, offences, staff evaluation, exclusion of rights, etc • “Spring 2007” – Taking stock of progress in implementation of Regulation 45/2001 by EC institutions and bodies, with appropriate feedback Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Consultation • Consultation Policy – Article 28. 2 of Regulation 45/2001 – Inventory for 2007: relevant initiatives (16 > 36) • First Pillar – Better implementation of Directive 95/46/EC – Communications on RFID and PET – Revision of E-Privacy Directive 2002/58/EC • Third Pillar – Data Protection Framework – Europol Decision – Implementation of Prüm Treaty Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Opinions on Third Pillar • Data Protection Framework (I-II) – Common standards of wide scope – Consistency with Directive 95/46/EC • Implementation of Prüm Treaty – Cautious approach of availability – Relies on existing national DP laws – Need for minimum harmonisation • Data Protection Framework (III) – Condition for effective law enforcement – Substantial improvement needed Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Cooperation • Article 29 Working Party – National DPA, EDPS, Commission • Joint authorities in Third Pillar – Schengen, Europol, Customs, Eurojust • EU Large Scale IT Systems – Eurodac, SIS II, VIS (“coordinated supervision”) • “Consistency in data protection” • International organisations Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor Court Interventions • PNR cases – Joint cases C-317/04 and C-318/04 before ECJ • Public access to documents – Cases T-170/03 (British American Tobacco), T-161/04 (Valero Jordano) and T-194/04 (Bavarian Lager) at CFI • Data retention directive 2006/24/EC – Case C-301/06 (Ireland vs Council and EP) at ECJ » Scope of legal basis in first pillar? Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07

European Data Protection Supervisor More information: www. edps. europa. eu edps@edps. europa. eu Postal address: Rue Wiertz 60 - MO 63 B-1047 Brussels Conference of European Data Protection Authorities, Larnaka, 10 -11/05/07