The European Data Protection Supervisor (EDPS) has said that he wants his office to have a role in EU-funded research because the technologies that it invents could impact EU citizens' rights to privacy.
"The EDPS has a general mission of promoting a data protection culture and respect for data protection principles in all Community policies," said an EDPS document outlining how it would like to be involved.
"Privacy and data protection requirements need to be highlighted and applied as soon as possible in the life cycle of new technological developments in order to contribute to a better implementation of the data protection legal framework," it said. "The [EU reserch] efforts constitute a very good opportunity to accomplish these goals and the EDPS considers that the principle of ‘privacy by design’ should represent an inherent part of these … initiatives."
The EDPS is an independent body which advises EU bodies such as the European Commission on privacy and data protection and also produces opinions which sometimes criticise institutions for their privacy policies or practices.
Though the EDPS Peter Hustinx currently sits on some advisory boards to European Commission research steering bodies, he has suggested that he could be more directly involved with more of the advisory boards which govern research conducted under the EU Framework Programme for research and technological development.
The office of the EDPS also said that it would like to get involved in individual projects, and it might simply choose some projects to investigate because of their potential impact on people's privacy.
"The EDPS can also decide at his own initiative to look into an RTD [research and technological development] project, but only in special cases raising important data protection issues not yet addressed in other ways," said the EDPS.
The office will also contribute opinions on the privacy or data protection aspects of individual projects on request, it said.
"The criteria for the EDPS contribution will be based mainly on the relevance of the project to ‘data protection issues’," said the EDPS. "This relevance can be due to the development of new capabilities or technologies which might have a critical impact – either positive or negative – on the protection of personal data. The project can also be relevant from the EDPS' point of view because sensitive processing of personal data might take place within the research activities themselves."
The EDPS said that it would not contribute privacy assessments for proposals for projects, only for projects which had won funding and approval from the research Framework Programme.
