The European Data Protection Committee (EDPS) recently unveiled its roadmap for the next two years.
The measures announced reflect a desire to strengthen compliance and bring greater clarity to the implementation of the General Data Protection Regulation (GDPR). Between contractual obligations, international data transfers and clarification of legitimate interest, the EDPS wishes to harmonize practices and give digital players a more secure and coherent framework. The EDPS’s new work program for 2024-2025 includes several strong axes, all aimed at solidifying personal data protection in the European Union.
Reinforced contractual obligations
The focus is on the relationship between data controllers and processors. The EDPS plans to specify and tighten the obligations incumbent on each party, in order to guarantee effective compliance with the RGPD. More detailed contracts, better traceability and continuous monitoring of services could thus see the light of day.
Secure data transfers
Transfers of personal data abroad remain a sensitive subject. The EDPS calls for ever stronger guarantees, both technical and legal, to ensure the reliability and security of such transfers. Transfer instruments (standard contractual clauses, binding corporate rules) will probably be revised to provide a better framework for data flows outside the EU.
Clarification of legitimate interest
The use of legitimate interest as a legal basis for data processing continues to raise questions among many data controllers. The EDPS intends to reiterate the strict conditions to be met: the legitimacy of the purpose, the necessity of the processing and the preservation of the rights and freedoms of the data subjects. A public consultation is currently underway, inviting stakeholders to share their observations and expectations on this point.
Harmonization and collaboration between member states
The EDPS stresses the need for enhanced cooperation to avoid disparities between Member States. Common guidelines and increased mutual assistance between data protection authorities should help consolidate the application of the RGPD, while facilitating the work of businesses.
A constantly changing digital context
Finally, the EDPS highlights the need to better integrate the emergence of new technologies (artificial intelligence, the Internet of Things, biometric processing, etc.). The aim is to maintain a high level of protection for individuals, while supporting innovation and the EU’s competitiveness on the international stage.
Overall, this work program reflects a clear ambition: to strengthen data protection within the European Union, while taking into account the digital transformation. Companies, administrations and other stakeholders are invited to follow these developments closely, and to take an active part in the public consultation currently underway, in order to contribute to the reflection on legitimate interest.
The EDPS thus calls for the mobilization of all stakeholders to build a European digital environment that is even more secure, transparent and respectful of fundamental rights. The year 2024-2025 therefore promises to be crucial for consolidating the achievements of the RGPD and meeting the challenges posed by the data economy.
