The European Data Protection Supervisor (EDPS) was established by the European Parliament in 2004 as an independent authority intended to ensure the regional institutions respect evolving data privacy expectations. Following the release of the supervisory body's 2011 annual review, officials are calling for greater consistency in abiding by best practice protocols to help build upon several important successes achieved in recent months.
Approaching enforcement from all angles
Although the EDPS operates as an independent body, officials understand that collaboration is key when identifying and staying ahead of data security threats. Prior checking, or early intervention, became a central tenet of EDPS enforcement strategy for the first time in 2011.
Officials received 164 prior check requests last year from consumers and business professionals concerned with potentially risky data handling processes. Ultimately, the EDPS issued 71 opinions on these matters to address mounting issues with everything from Internet harassment to staff evaluation methods. The conclusions were then posted on the EDPS website to inform data protection officers (DPOs) and prescribe advice on best practice implementation strategies.
Of course, even the best early intervention efforts of data security stakeholders cannot entirely eliminate threats. As such, the EDPS received 107 official claims in 2011, with 26 deemed to be admissible. Of the cases heard by supervisors last year, only two ultimately involved non-compliance with existing data protection statutes.
In the interim, the EDPS was also proactively monitoring industry compliance on its own accord. Following a comprehensive study conducted in April, the agency was able to move forward with the establishment of a variety of benchmarks that help clarify industry-specific and universal data protection expectations and identify areas in need of improvement. As a result, officials are hoping the promotion of clear accountability will make up for the logical limitations of their on-site checks and visits.
"2011 was a very productive year, in line with our efforts to ensure consistent and effective protection of privacy and personal data in a fast-changing, interconnected world," explained Supervisory Peter Hustinx. "In its support of technological advances and economic development, particularly in an age of austerity, it is important that the EU administration does not lose sight of the right of the European citizen to privacy and data protection."
Raising awareness to reduce threats
Going along with its proactive enforcement efforts, the EDPS is committed having a broader impact by raising awareness at all levels. In 2011, this came in the form of a record number of opinions released to the public. Instead of waiting for prior check requests or formal complaints to fill up a queue, the office was consistently monitoring emerging threats and issuing expert guidance to specific corners of the business community, such as the financial services sector, as well as common consumers.
This diligence is expected to continue into 2012 with the rollout of thematic guidelines, training sessions and industry workshops. It remains to be seen exactly where the greatest demand for advisory services will come from, but most expected insights directed at health information management and online behavioral advertising.
At a higher level, the EDPS will be working to understand and potentially redefine the current EU data protection legislative framework. This process began last year as officials were able to identify the Stockholm Program and Digital Agenda, two Europe 2020 goals, as potential complementary pieces of the privacy puzzle.
In 2012, the EDPS is planning to sort through the legislation once again to more closely define both the role and expectations of DPOs in both public and private organizations. Officials will even be developing a new section of the EDPS website dedicated exclusively for this purpose.
Data Security News from SimplySecurity.com by Trend Micro