Opinion of the European Data Protection Supervisor on the Commission Package on free and fair European elections.
In the context of the 2018 State of the Union speech, the Commission presented a security package focusing on Free and fair European elections. This package is composed of: (i) a Communication, (ii) a Guidance document on the application of Union data protection law in the electoral context, (iii) a Recommendation and (iv) a proposal for a Regulation as regards a verification procedure related to infringements of rules on the protection of personal data in the context of elections to the European Parliament.
Main observations and recommendations
The EDPS recognises political communication as essential to the participation of citizens, political forces and candidates in democratic life and to the fundamental right to freedom of expression, and that these rights and freedoms are interdependent with the right under Article 7 of the Charter to respect for private and family life, home and communications, and the right under Article 8 of the Charter to the protection of personal data.
The EDPS recognises the role of social media platforms and on how this initiative would be coherent with the Code of Practice on online disinformation. In light of the upcoming European Parliament elections in May next year, and the numerous other national elections scheduled for 2019, the EDPS also recognises the recommendations for the setting up of national election networks and a European coordination network.
The EDPS also recognises the recommendation to Member States to perform a comprehensive assessment of risks associated with the elections to the European Parliament with a view to identifying potential cyber incidents that could affect the integrity of the electoral process and underlines the urgency of this matter.
In general, the EDPS considers that, for further clarity, a reference could have been included to the processing of personal data by the European Parliament, the Authority and the Committee, as being within the scope of Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data.
With regard to the proposed Regulation, the EDPS recommends:
- clarifying the scope of the measures and the complementary aims of such sanctions;
- including EDPS decisions finding an infringement to Regulation (EU) 2018/1725;
- including a reference to the current data protection legal framework for cooperation between national data protection supervisory authorities and the EDPS;
- ensuring the confidentiality of the exchange of information in the context of the cooperation between data protection supervisory authorities and the Committee of independent persons.