Guest Editorial eucrim 1/2013
If the protection of personal data was ever regarded as a some-what strange subject for specialists only, this is no longer the case for three main reasons. The growing impact of information technology in all fields of life has had the effect that not only citizens but also all kinds of professionals are confronted with issues of personal data protection, whether they like it or not. At the same time, these issues are becoming increasingly global, either linked to the growing use of services available on the Internet by individuals, companies, or governments and becoming increasingly personal, as mobile devices enable or sometimes even require us to always be online and connected, whether we like it or not. This explains why Art. 8 of the Charter of Fundamental Rights contains a separate provision on the protection of personal data. It is also the reason why the Lisbon Treaty not only made the Charter binding for EU institutions and bodies, and for the Member States acting within the scope of Union law, but also introduced a general provision in Art. 16 TFEU mandating the European Parliament and the Council to adopt rules on the protection of personal data. In this way, it was ensured that EU legal frameworks would be fully up to date and up to speed in order to face the challenges of our modern world. The impact of this new legal environment can now be seen on different levels. First, the European Parliament and the Council are in the midst of intense deliberations on the Commission proposals for a General Data Protection Regulation and a Directive on data protection in the area of criminal law enforcement. It is possible that − as intended − this will lead to a modernised legal framework by the spring of 2014, with legal effect from 2016. It is desirable that these rules are indeed adopted with the widest possible coverage and horizontal consistency in order to fully reflect the spirit of the Charter in all EU policy areas. At this stage, there is still some work ahead but a good result can be delivered in time if all stakeholders continue to work as hard as they are working now. However, another impact is also visible. Both in the supervisory tasks of the EDPS and in our consultation on new legislation in different policy areas, we see similar influences at work. The article in this issue on data protection at OLAF illustrates the considerable attention paid to data protection in the area of anti-fraud and anti-corruption, but also how this can be practiced as a strategic tool to ensure a fair and lawful process in an area where far-reaching consequences are at stake on both sides of the matter. In fact, although OLAF developed within the scope of Community law, it has also operated at an interface with criminal law and in cooperation with EU bodies active in this field. Both the need for and feasibility of horizontal consistency will therefore find useful evidence in OLAF’s handling of data protection. Since 2005, about 40 percent of Commission proposals analysed in EDPS opinions on new legislation were closely connected to the Area of freedom, security and justice. This continues to be an important source of input for our task of helping to ensure that the right to personal data protection is adequately reflected in all EU policies, but other areas are also becoming more prominent. One of them is the financial sector, where a series of reform proposals has highlighted issues of personal data protection, either for financial institutions from a “know your customer” perspective, or for regulators when ensuring compliance with stricter rules in a dynamic market-place increasingly built on sensitive data concerning clients and operators alike. This is the new reality and the context of the other articles in this issue. They all serve to underscore why the new legal framework for data protection is about ensuring greater effectiveness and more horizontal consistency.