Andrea Jelinek, Chair of European Data Protection Board, spoke to Open Access Government about data protection rules throughout the European Union, including the use of personal data during election campaigns
The European Data Protection Board (EDPB) is an independent European body, which contributes to the consistent application of data protection rules throughout the European Union (EU) and promotes cooperation between the EU’s data protection authorities. Open Access Government enjoyed a conversation with Andrea Jelinek, Chair of the European Data Protection Board to find out more.
Data protection rules throughout the EU/EEA
To kick things off, we ask Andrea to share her thoughts on the importance of consistent application of data protection rules throughout the EU/EEA, as well as promoting cooperation between the EU/EEA’s data protection authorities. She underlines that one of the most important innovations of the General Data Protection Regulation (GDPR) is the new way in which the supervisory authorities of the European Economic Area (EEA) are closely cooperating to ensure the consistent application of data protection rules, as well as the consistent protection of individuals in the EEA. Andrea then develops this vital point in her own words.
“The consistent application of the GDPR ensures that all EEA data subjects can enjoy the same rights and can enjoy the same protection across the EEA. Liechtenstein, Iceland and Norway are also part of the EDPB and are members of the board but without voting rights, so there are 31 countries under the umbrella of the GDPR which include the current 28 EU Member States and the European Data Protection Supervisor (EDPS).
“In addition, harmonised data protection rules create a level playing field for businesses and organisations both inside and outside the EEA. The goal of the GDPR is to have one set of rules that can be applied in a uniform way throughout the continent. I think it is really important not to have any more patchwork legal issues but just the GDPR. This is very important, on the one hand for the companies and on the other hand, for individuals. International companies, in particular, have a business advantage because there is one set of rules to follow.”
Personal data and EU legislation
The conversation then turns to reveal EDPB’s recommendations for the European Commission when it comes to any issue related to the protection of personal data and new proposed legislation in the EU. Andrea explains that the EDPB can be requested to give advice to the European Commission and other EU institutions on data protection and stresses that all EU legislation should uphold the very highest of standards when it comes to data protection in line with the GDPR.
The use of personal data during election campaigns
Andrea then explains her thoughts on the use of personal data during election campaigns and why she thinks that data processing techniques for political purposes can pose serious risks, not just with regard to the rights to privacy and data protection but also to the integrity of the democratic process. Concerning the EDPB’s statement on the use of personal data in the course of political campaigns (1), Andrea says that political parties and candidates are increasingly relying on data and sophisticated phishing techniques to monitor and target voters and European leaders, a point she goes on to develop.
“Some predictive tools are increasingly being used to find people’s personality traits, including political views and other personal categories of data. I think that this can be really scary, but your clicks on social media can be used to profile you, which allows companies to target you specifically to influence voting behaviour. As such, I think it is really important to monitor closely how personal data is used during election campaigns.
“The GDPR illustrates this really well in that the right for the protection of personal data could affect other fundamental rights, such as freedom of expression and the ability to think freely. Social media is important in the election process, but compliance is subject to supervision by independent data protection authorities. I think it is really important to have independent authorities. When the government notices that there may be problems around the use of personal data in political campaigning, they may ask an independent supervisory authority to look into this.”
Data protection: A call for global alignment
In closing, Andrea says that following the implementation of the GDPR just over one year ago, it is really important to have a global alignment regarding data protection and no necessarily to make a copy of the GDPR, but to concentrate on the core principles: “that is to be on the safe side regarding data protection worldwide,” she concludes.