On 14 January 2011, the European Data Protection Supervisor (EDPS) issued an opinion on the Commission’s Communication on the review of the EU legal framework for data protection. In the EDPS’ view, the major driving forces of the review process should be as follows:
- The EDPS suggests introducing a mandatory security breach notification covering all relevant sectors, as well as new rights, especially in the online environment, such as the right to be forgotten and data portability .
- The responsibility of organisations needs to be reinforced: the new framework must contain incentives for data controllers in the public or private sector to pro-actively include new tools in their business processes to ensure compliance with data protection (accountability principle). The EDPS proposes the introduction of general provisions on accountability and “privacy by design”;
- Further harmonisation should be one of the key objectives of the review. The Data Protection Directive should be replaced by a directly applicable regulation;
- The new legal framework must be formulated in a technologically neutral way and must have the ambition to create legal certainty for a longer period;he enforcement powers of data protection authorities should be strengthened and their independence should be better guaranteed across the EU.