EDPS Offers Privacy Guidance for EU Institutions When Drafting Legislation
The European Data Protection Supervisor Tuesday announced a practical checklist of key factors the European Commission, Parliament and Council should consider when they propose legislation and perform other acts that involve processing people's personal data.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The guidance focuses on how the EU co-legislative bodies can ensure their actions are clear, precise and foreseeable in order to protect personal data against the risk of misuse, the EDPS said.
When considering legislation, the document said, drafters should consider the objectives and purposes for which personal data is processed, and the roles and responsibilities of those processing that information.
Drafters should show the necessity and proportionality of personal data processing in light of the goals of the proposed measure, and set out the categories of personal data to be processed and the individuals concerned.
Drafters should also indicate, among other things, what safeguards will be in place in cases where personal data will be disclosed to public authorities or other third parties; and whether any proposed restrictions on individuals' rights are legitimate and limited to what's strictly necessary, the EDPS said.