Joint Statement by Vice-President Jourová and Commissioner Reynders ahead of Data Protection Day
“This year's Data Protection Day on 28 January marks the 41th anniversary of the Council of Europe's 'Convention 108', the only international treaty on privacy. Today, the General Data Protection Regulation applies in the European Union and it has become the global benchmark for privacy regulation. 2021 saw the adoption of the mutual EU-UK adequacy decision and the mutual EU-Republic of Korea adequacy decision.
The GDPR has become a foundation of our digital policy on which we are building other initiatives under the European Digital Strategy. The processing of personal data should be designed to serve society and respect individuals' rights. Initiatives such as the forthcoming Data Act or the Data Governance Act contribute to setting up a framework for data access and use that is more clear and fair, giving European companies and individuals more control over their data and making more data available for use, including for the public good. At the same time, further initiatives under the European Digital Strategy, such as the Digital Services Act, the Digital Markets Act and the Artificial Intelligence Act will also contribute to these aims.
With the General Data Protection Regulation now well established in our Union, full implementation and enforcement of data protection rules remain a priority for the Commission. Robust enforcement by data protection authorities, cooperating in a truly European way in the European Data Protection Board (EDPB), is key for the success of the GDPR. The year 2021 has seen a ramping up of enforcement actions, with several high-profile cases resulting in significant fines. It is important that this approach is pursued and amplified in the coming months and years.”
In 2006, the Council of Europe launched a Data Protection Day to be celebrated each year on 28 January.
In January 2017, the Commission adopted a Communication on the international aspects of privacy, which set out the EU strategy in the field of international data flows and protection. The two adequacy decisions in 2021 for the United Kingdom - one under the General Data Protection Regulation (GDPR) and the other for the Law Enforcement Directive - have allowed for personal data to flow freely from the European Union to the United Kingdom where it benefits from an essentially equivalent level of protection to that guaranteed under EU law. The adequacy decision for the Republic of Korea allowed free and safe data flows as of today and confirms the shared commitment of the EU and the Republic of Korea to a high level of data protection. In addition, the Commission has so far recognised Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection. The Commission is actively exploring the possibility of adequacy with other important partners in particular in Asia and Latin America, building on the current trend towards upward global convergence in data protection standards.
For More Information