Privacy & Information Security Law Blog

On May 3, 2012, Viviane Reding, Justice Commissioner and European Commission Vice-President, delivered a speech during the European data protection authorities’ (“DPAs’”) Spring Conference, which was held in closed sessions in Luxembourg. In her speech, Commissioner Reding discussed how the proposed EU Data Protection Regulation aimed to empower the DPAs and addressed some of the DPAs’ primary concerns with the reform.

Commissioner Reding referred to the DPAs as the “eyes and ears on the ground” and the daily enforcers of European data protection rules. Commissioner Reding indicated that the proposed Regulation would result in greater responsibilities for companies (e.g., accountability, privacy by design, privacy impact assessment), improvements for individuals (e.g., clarification and reinforcement of citizens’ rights), and the empowerment of DPAs through better enforcement tools, including the authority to impose fines that give DPAs “the teeth they need.”

Commissioner Reding acknowledged that “delegated acts are the source of some questions and even controversy.” She reassured the audience that delegated acts were created and included in the proposed Regulation to allow the rules to be adapted to future technological developments and were not “an undemocratic procedure that would allow for a power grab by the Commission.” Commissioner Reding assured the DPAs that the European Commission was not seeking to become a “super-data protection authority,” and indicated that if the opinions of the European Data Protection Board (i.e., the former Article 29 Working Party) were made binding through delegated acts, the DPAs’ opinions would carry more weight.

Commissioner Reding also addressed the DPAs’ concerns with their own funding and staffing, and announced her intention to develop “objective guidelines for an ideal, effective, financially independent national data protection authority” by summer 2013. Commissioner Reding mentioned that a “one-stop-shop approach” would benefit DPAs by saving their resources through increased coordination and information sharing. She emphasized her goal of working towards greater interoperability in international data transfers and applauded the positive developments in the U.S., citing the need for regulatory action in areas such as “mobile data protection, privacy rules for children, profiling [and] consent.”

Commissioner Reding concluded her speech by calling the proposed Directive, which also appears in the data protection reform package, a significant improvement over the present Framework Decision of 2008. The Commissioner asked for support from the DPAs to help maneuver the complete data protection reform package through the EU legislative process with the ultimate goal of passing the data protection reform by summer 2013.