Enshrined in the Charter of Fundamental Rights, which became binding with the entry into force of the Lisbon Treaty, the principle of data protection is meant to be a central point of the Stockholm programme. Nevertheless, ensuring a balance between, on the one hand, security objectives, which involve the increased exchange of data and, on the other, the respect of this fundamental right is not obvious.

Magnus G. Graner, the Swedish secretary of state responsible for negotiations on the Stockholm programme, believes that “it is possible to do both”. However, faced with new and increasingly efficient information technologies, “proactive data protection is a challenge,” he added, on the occasion of a conference organised at the European Parliament by the Robert Schuman Foundation, on 12 November.

Because, while the programme reasserts the principles of “finality, proportionality and legitimacy of treatment, limited duration of preservation, security and confidentiality, respect of the rights of persons and supervision by an independent authority,” the matter becomes more complicated when it concerns integrating them into the information management strategy. This strategy aims to ensure greater coherence as well as a consolidation of the exchange of data carried out by Europol, Eurojust and other operational levels. Furthermore, the Stockholm programme mentions that this management will be based on the interoperability of the various information systems in accordance with the principle of data protection.

“While there is no doubt that a data protection scheme will be integrated into the information management strategy in the Stockholm programme, will it now be implemented? Will it be strong enough?” asked Peter Hustinx, the European data protection supervisor (EDPS). According to him, the EU strategy for information management must be based on the principle of respect of privacy as well as on “the best possible techniques” as of its conception. Furthermore, the supervisor reasserted the principle of the limitation of purposes (Directive 95/46/EC on the protection of personal data) as the cornerstone of the scheme. Hustinx added: “A good balance must be found. And this does not mean that data protection will prevent the use of security data [...] but it may limit the gathering of information”.

On a more general level, the ESDP strongly recommends having a complete data protection scheme covering all the areas of competence of the European Union. This requirement is also supported by a source close to the Commission - wishing to remain anonymous - who maintains that an in-depth reform of the basis of data protection is fundamental.

“Proactive data protection is a challenge”