Fundamental Rights Agency Report on Data Protection in the European Union: the role of National Data Protection Authorities

The data protection study presents a comparative overview and analysis of the national data protection authorities. This comparative report was developed on the basis of the 27 national studies produced by the FRALEX research network of legal experts. In the section on rights awareness, results from the Eurobarometer and other studies/surveys carried out in the Member States are presented to provide an overview of rights awareness among the public with regard to data protection.

Key findings

Rights Awareness
7 in every 10 respondents to a recent Eurobarometer survey were not aware that there was a data protection authority in their country.

Limited powers
Data protection authorities are often not equipped with full powers of investigation and intervention or the capacity to give legal advice or engage in legal proceedings.

Lack of compliance
In many Member States there is a widespread disregard for the basic duty to register with the data protection authority prior to engaging in data processing operations.

Lack of independence
The lack of independence from the government of several of the data protection authorities in the EU presents a major problem for their credibility. Legislative reform modifying the nomination/appointment procedure of the data protection officers could rectify the problem of lack of independence.

Lack of financial resources and staff
In Austria, Bulgaria, Romania, Cyprus, France, Greece, Italy, Latvia, the Netherlands, Portugal, and Slovakia, data protection authorities are unable to carry out the entirety of their tasks because of the limited economic and human resources available to them. Lack of sanctions and compensation. Increased financial and human resources for the data protection authorities is required.

Lack of sanctions and compensation
Legislative reform is needed to give data protection authorities an active role in procedures which lead to sanctions and compensation. Where data protection authorities have the relevant powers, they need the resources to effectively use them. The system of compensation also needs to be simplified to facilitate litigation, by measures such as lump sum compensation (where a litigant does not need to prove the nature and extent of the damage, just the violation of the law)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: