• Keine Ergebnisse gefunden

Europe must strengthen Data Protection

N/A
N/A
Info
Herunterladen
Protected

Academic year: 2022

Aktie "Europe must strengthen Data Protection"

Copied!
2
0
0

Wird geladen.... (Jetzt Volltext ansehen)

Jetzt herunterladen ( 2 Seite )

Volltext

(1)

Resolution

of the Conference of the Data Protection Commissioners of the Federation and of the Länder of 13 March 2013

__________________________________________________________________________

Europe must strengthen Data Protection

The European Parliament and the Council of the European Union are currently preparing their amendments to the Draft General Data Protection Regulation for Europe which was submitted by the European Commission one year ago. Current discussions and statements of the European Parliament and the Council give rise to fears that the present level of data protection of the European Data Protection Directive of 1995 could be lowered.

The Conference of the Data Protection Commissioners of the Federation and of the Länder reminds all parties involved in the legislative procedure that the European Parliament in its resolution of 6th July 2011 on the comprehensive approach on personal data protection in the European Union (2011/2025 (INI)), by referring to the EU Charter of Fundamental Rights, and in particular to Articles 7 and 8 thereof, has unanimously called for developing,

expanding and strengthening the principles and standards of Directive 95/46/EC in order to achieve a modern data protection law. The European Parliament requested full

harmonization of data protection law at the highest level.

The Data Protection Commissioners of the Federation and of the Länder call for maintaining and further developing the basic pillars of data protection. They resolutely oppose efforts to weaken data protection. In particular, they call for the following:

All personally-identifiable data must be protected: The European data protection law must equally cover all data that can be assigned to a natural person. This also includes

pseudonymised data or identifiers, such as IP addresses.

Gaps in the protection of fundamental rights shall be avoided: The general exclusion of certain categories of data and of professional and business groups should therefore be rejected.

Consent must be given explicitly: Consent for the processing of personal data shall only be legally effective if it is based on the data subjects’ unambiguous, freely given and informed indication of his or her wishes. Also for this reason it is necessary to create a legal obligation to promote the competence of self data protection.

Data controllers must not change their objectives arbitrarily: Purpose limitation as a central component to guarantee transparency and predictability of data processing must

(2)

be maintained without compromise.

Limitation of profiling: Strict limits must apply to the linkage and analysis of numerous data about a person.

Strengthening of the data controllers’ responsibility by data protection officers:

Throughout Europe in-house data protection officers should be introduced, appointed mandatorily and strengthened in their position. They are an essential part of the overall structure of an effective control of data protection.

Data controllers must not be allowed to choose their supervisory authority: It must be excluded that data controllers choose their supervisory authority by means of determining their main establishment. In addition to the lead supervisory authority of the Member State in which the main establishment is located, the supervisory authorities from other Member States which are also locally competent have to be involved in proceedings..

Complete independence of the supervisory authority also from the Commission: The data protection supervisory authorities shall take independent and binding decisions on the compliance with data protection law. A Commission’s right of a final decision violates the independence of the supervisory authorities and of the future European Data Protection Board.

The protection of fundamental rights requires effective supervision: In order to strengthen the supervision of compliance with data protection law in Europe, the supervisory

authorities must be provided with effective and flexible enforcement powers. Sanctions must be effective and appropriate in order to ensure that controllers comply with data protection rules sustainably. Without any substantial threats of fines for companies the control of data protection remains toothless.

High data protection standard for Europe: As regards, for example, the sensitivity of the data or other circumstances, a higher level of protection at national level as foreseen by the General Data Protection Regulation must remain possible. In any event, Member States must remain competent to impose stricter rules and a higher standard of data protection with respect to data processing by the public administration.

Referenzen

Jetzt herunterladen ( PDF - 2 Seite - 15.91 KB )

ÄHNLICHE DOKUMENTE

The draft EU data protection framework

2 5833/12, Proposal for a directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by

Data protection at the cost of economic growth?

One of the most controversial principles of the proposal from the perspective of financial service providers is the ‘Data Minimisation’ principle introduced in Article 5, which

Template protection for biometric gait data

Although the research on accelerometer based biometric gait recognition shows that it of- fers a promising way to provide a more convenient method for authentication on mobile

A note on the protection level of biometric data in electronic passports

Our gist is to point to the low protection level of the facial image on the one hand and the high protection level of fingerprints on the other hand although both

The revised Data Protection Act – recommendations for implementation 146

In contrast to the GDPR, the revised Data Protection Act (revDPA) applies to all compa- nies that have a registered office in Switzerland or whose processing has an impact here

Data Protection & Cybersecurity

With respect to the right to be forgotten, the FDPA requires any person processing personal data to erase the data when keeping the data is no longer required for the processing

European Privacy and Data Protection Commissioners' Conference Edinburgh, 23-24 April 2009 Declaration on leadership and the future of data protection in Europe

With this declaration, the conference acknowledges the evolving landscape of data protection and privacy both in Europe and beyond, and the need to continue our work to promote

Data Protection: International Trends and the Austrian Example

In addition to the obligation to respect the basic principles of data protection and to cooperate between national administrations it is stated that