Brussels – Making personal data protection a concrete operational principle within European policy-making, not just a stated one. The European Data Protection Supervisor (EDPS) has published a new guidance for EU co-legislators – the Commission, Parliament, and Council – aiming to enhance the regulatory quality of privacy. The document guides how to design legislative acts involving personal data processing while fully respecting the fundamental rights guaranteed by the European legal system.
In the text, the Supervisor insists on the need for legislative measures to be clear, precise, and foreseeable, which are key elements to ensure effective data protection against abuse and misuse. In a press release this morning (May 13), Wojciech Wiewiórowski, European Data Protection Supervisor, underlined the value of the guidance as an operational tool for European institutions: “Data protection is a central part of the Union’s policy process, but it requires clear and concrete guidelines. We have identified several best practices that European institutions should take into account to both meet a given legislation’s objectives whilst maintaining a high standard of personal data protection for its citizens.”
The heart of the guidance lies in the call for greater rigor and transparency in outlining the purposes and limits of personal data processing: who collects data, for what purposes, on what legal basis, for how long, and with what safeguards for data subjects. These are not just indications of principle but binding criteria to ensure that any legislation is compatible with the EU Charter of Fundamental Rights. The EDPS also calls on lawmakers to justify in a documented manner the necessity and proportionality of any processing envisaged, even when it comes to restricting certain individual rights: no exception can be accepted without a clear justification demonstrating compliance with fundamental principles.
The publication of the guidance is part of the European authority’s 20th-anniversary initiatives. It aims to consolidate the role of the EDPS as an active player in the Union’s legislative processes, not only at the monitoring stage but as a technical and institutional interlocutor. “The EDPS will continue to provide timely recommendations every time European legislative activity will imply the processing of personal data,” Wiewiórowski reiterated.
At a time when Europe is being called upon to regulate increasingly complex sectors – from artificial intelligence to security, from digital health to cross-border data flows – the EDPS’s call for regulatory consistency and the centrality of the individual is a precise political message. It is not enough to legislate with good intentions; it must be done with method, legal expertise, and respect for the digital dignity of European citizens.
English version by the Translation Service of Withub
