Brussels – The European Data Protection Supervisor (EDPS) released new guidance to make personal data protection a concrete part of European policy-making. The guidance, aimed at the EU’s co-legislators—the Commission, Parliament, and Council—seeks to improve the regulatory framework for privacy laws. It ensures that legislative acts involving personal data processing align with the fundamental rights protected under European law.
Wojciech Wiewiórowski, the European Data Protection Supervisor, emphasized that the guidance serves as an operational tool for EU institutions. He stated, “Data protection is central to the Union’s policy process, but it requires clear and concrete guidelines.” He also highlighted that the new document outlines best practices for EU institutions to follow in order to align legislative objectives with high standards of personal data protection for citizens.
The guidance stresses the importance of improving clarity, precision, and foreseeability in legislative measures, which are essential for preventing personal data misuse. It outlines the need for transparency in processing personal data, including who collects the data, the purposes for collection, the legal basis, the retention period, and the safeguards in place for data subjects. These requirements are binding and must align with the EU Charter of Fundamental Rights.
Additionally, the EDPS calls for lawmakers to justify the necessity and proportionality of data processing. This includes justifying restrictions on certain individual rights. The EDPS insists that no exception should be allowed without clear justification demonstrating compliance with core data protection principles.
This guidance marks part of the EDPS’s 20th-anniversary initiatives, reinforcing its role as an active participant in the Union’s legislative processes. Wiewiórowski reaffirmed the EDPS’s commitment to offering timely recommendations whenever European legislative activity involves processing personal data.
As Europe grapples with regulating complex sectors such as artificial intelligence, security, digital health, and cross-border data flows, the EDPS’s call for regulatory consistency and the prioritization of individual rights sends a clear message. Indeed, legislating with good intentions isn’t enough; lawmakers must approach it methodically, with legal expertise, and, above all, with respect for the digital dignity of European citizens.
