|Printable version||E-mail this to a friend|
EDPS calls for data protection safeguards before public sector information containing personal data can be re-used
Recently, the European Data Protection Supervisor (EDPS) adopted his opinion on the Commission's Open Data Package, which includes a series of measures to facilitate a wider and innovative re-use of public sector information (PSI). The opinion highlights the need for specific safeguards for data protection whenever PSI contains personal data. It recommends that public sector bodies take a 'proactive approach' when making personal data available for re-use. This would make it possible to make data publicly available, on a case by case basis, subject to conditions and safeguards in compliance with data protection rules.
Peter Hustinx, EDPS, says: "The re-use of PSI containing personal data may bring significant benefits, but also entails great risks to the protection of personal data, due to the wide variety of data held by public sector bodies. The Commission proposal should therefore more clearly define in what situations and subject to what safeguards information containing personal data may be required to be made available for re-use."
In his opinion, the EDPS recommends, among others, that the proposal should:
require that a data protection assessment be carried out by the public sector body concerned before any PSI containing personal data may be made available;
require that the terms of the licence to re-use PSI include a data protection clause, whenever personal data are processed;
where necessary considering the risks to the protection of personal data, require applicants to demonstrate that any risks to the protection of personal data are adequately addressed and that the applicant will process data in compliance with applicable data protection law, and
where appropriate, require that data be fully or partially anonymised and license conditions specifically prohibit re-identification of individuals and re-use of personal data for purposes that may individually affect the data subjects.
In addition, the EDPS suggests that the Commission develop further guidance, focusing on anonymisation and licensing, and consult the Article 29 Data Protection Working Party, an advisory body consisting of data protection authorities in EU Member States.
The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
monitoring the EU administration's processing of personal data;
advising on policies and legislation that affect privacy;
cooperating with similar authorities to ensure consistent data protection.