Neelie KROES
Vice-President of the European Commission

Navigation path

Data Protection Day


Today, 28 January, is Data Protection Day. Commemorating the signing of a Convention 33 years ago today, the day aims to promote awareness and education of privacy issues.

Protecting personal data remains an important principle and right – but in a fast-changing technological reality. Back in 1980 when the OECD first attempted Guidelines in this area, typewriters were still in common use; a "storage facility" probably meant a filing cabinet.

When the EU agreed its current Data Protection Directive in 1995, the internet was just coming onto the horizon, and Mark Zuckerberg was just 11.

Since then, the world has changed. Social networks and mobile apps are commonplace; innovations like cloud computing and smart cities potentially about to become so. Hundreds of millions of Europeans use and enjoy new technologies to entertain, connect and share: but those technologies are only in practice so freely available because of data. Meanwhile, data mining and analysis can help scientific researchers in all kinds of fields, potentially helping develop new drugs or save lives. In smart cities, it can manage better urban transport so you don't get caught in so many traffic jams. And so on. Yet – as the above video shows – you reveal more online than you think. Never have the opportunities of data been so apparent – nor the importance of protecting against its misuse.

As my colleague Viviane Reding has many times underlined, data protection is a fundamental right; agreeing on the data protection reform proposed by the Commission in 2012 is vital to boost confidence and protection, and make the rules relevant in a modern, technological era.  That remains a priority.

And the proposal contains many important ideas to support privacy in the digital era: like "privacy by design", anonymisation, company accountability and privacy "Impact Assessments". Important standards and requirements in themselves – and also ideas that will be pivotal for additional privacy-related legislation. As I recently set out, the right approach can strengthen people's rights practically and concretely, without cutting them off from new economic and social benefits.

When people think of privacy they – rightly – think of the recent revelations of the scale of online spying. That reminds us all how serious this issue is, and how important it is to get our response right. Robust and fit-for-purpose data protection rules are part of that – but of course only one part; let's not be naïve and think they alone would make spying stop. As I set out recently, we shouldn't just be sitting there shocked like a rabbit in the headlights - there are also a host of other measures we need to take, technology developments to support and privacy-friendly products to push for.  Not to mention agreeing new legislation to enhance the security of our networks and systems. Only in this way can we all engage with and trust the connected, data-rich services of the future: and reap the benefits of big data, cloud computing and the internet of things.

So this Data Protection Day reminds us: while the importance of this fundamental right has not changed, the environment in which it operates has, and our approach needs to adapt accordingly. I hope that happens sooner rather than later.


  • It's all good sentiment, but my experience has been that data protection legislation looks good, but means nothing. I'm an EU citizen, and my data can slosh around the EU without restraint. Yet when I recently tried to access my data held by a company within the EU, my experience was the following: (1) No EU-wide register of data protection officers. I have to check multiple registers to find the contact for a company. (2) The company concerned refused to give me access to the last 7 months of my data. (3) The Irish ODPC agreed with the company, because Irish law says it's at *the company's* discretion. What kind of a law is that? (4) The company breaches the length of time allowed to reply to my request, but there is no sanction. So, the NSA and GCHQ are entitled to access my data, but I'm not allowed to. When I read the data protection laws, it looks like they say the opposite, but apparently not. How can reform produce something more effective that engenders confidence?