In our digitally advanced world, the need for robust personal data protection is growing. The European Union has always been at the forefront of developing legislation and policies to protect personal data. Data protection is a fundamental right enshrined in the EU Charter of Fundamental Rights. Furthermore, in 2016, the European Union adopted the General Data Protection Regulation – Regulation (EU) 2016/679 (GDPR), which constitutes a major milestone in the protection of personal data. The GDPR sought to strike a balance between the rights of individuals and the functioning of the digital single market. The GDPR harmonises data protection laws across the EU and provides citizens with a clear set of rights, which will improve individuals’ control over their personal data. In addition to the GDPR, the EU protects its citizens’ personal data when it is used by law enforcement authorities for law enforcement purposes (Law Enforcement Directive – Directive (EU) 2016/680). It strikes a balance between the fundamental rights of individuals and the cross-border fight against crime and terrorism. In addition, Regulation (EU) 2018/1725 lays down the rules applicable to the processing of personal data by the institutions, bodies, offices and agencies of the European Union.
Over the years, Milieu has provided numerous services to the EU institutions, bodies and agencies, ranging from the preparation of handbooks and training on data protection topics, to legal studies analysing specific aspects of the processing of personal data, to compliance assessments of EU legislation in this field.
The Law Enforcement Directive (LED) entered into force on 5 May 2016, repealing Framework Decision 2008/977/JHA. It deals with the processing of personal data by national competent authorities for law enforcement purposes, which falls outside the scope of the GDPR.
The focus of this project was to provide DG JUST with a compliance assessment study on the transposition of the LED in the national measures of Germany, Slovenia and Spain. These Member States failed to transpose the LED by 6 May 2018, resulting in infringement proceedings.
The European Social Fund Plus (ESF+) is a publicly funded programme, the oldest and one of the largest European Structural and Investment Funds. Monitoring and evaluation are key elements in ensuring accountability and performance.
The aim of this Study was to assess the practical and legal challenges associated with accessing and re-using administrative data for the purposes of monitoring and evaluation of ESF and ESF+ programmes. The study, commissioned by DG EMPL, also examined how administrative data can be made more accessible to support ESF+ monitoring and evaluation, with the aim of advising managing and other relevant authorities on how to process personal data, including administrative data, while complying with the data protection rules of the GDPR.
The report is available here.
The European Data Protection Board (EDPB) is an independent European body tasked with ensuring the consistent application of data protection rules across the EU. It was established by the GDPR and is composed of representatives of the national data protection authorities (DPAs) of the EU/EEA countries and the European Data Protection Supervisor (EDPS).
Under a framework contract with the EDPB/EDPS, Milieu, together with academic partners, provided more than 15 studies on the implication of data protection rules. The studies that were commissioned under this framework contract covered a variety of topics related to data protection and the digital economy, such as the re-use of public sector data, the processing of data in different professional contexts, such as law enforcement or scientific research, the enforcement of the GDPR against third country importers, data localisation requirements, data brokers, data stored in apps, and the interaction of data protection with other areas of law such as AML.
The projects also included studies on government access to data in third countries, which aimed to provide DPAs with objective, reliable and up-to-date background information on the legislation and practice in a selected number of third countries, namely China, India and Russia, Türkiye and Mexico and Brazil.