The European Data Protection Day is celebrated by all member states of the Council of Europe on the 28th January 2009, the anniversary of 28 years since the adoption in Strasbourg of the first legal instrument on data protection: Convention no. 108 on the protection of individuals with regard to the automated processing of personal data.
The protection of personal data has been regulated within the EU mainly by Directive 95/46/EC and Directive 2002/58/EC, which set out clear principles on the processing of personal data and establish specific rights for the individual:
- right of access,
- right of opposition,
- right of intervention,
- right not to be subjected to an individual decision,
- right to complain to the supervisory authority,
- right to refer to a court of law.
Independent national data protection authorities function currently in each of the 27 EU member states and play a key role in the supervision of the observance of the principles on processing personal data, as well as of the rights of data subjects.
The issues raised by the protection of private life grab attention within the EU, especially in times such as these when the fear of terrorist attacks and the technological developments have led to increased surveillance systems, the establishment of more and more complex databases, as well as an ever increasing use of biometric data.
A first warning signal on the necessity to strike a balance between the observance of the right to private life and anti-terrorist measures was raised by European Data Protection Authorities as early as 2006, on the occasion of the International Conference in London.
We believe that, in view of the rapid technological developments in today's society, all individuals must be aware that whenever they access the internet, make travel arrangements, receive medical treatment or use credit cards, they provide personal information which, if used incorrectly, may bring serious infringements to the right of private life.
It is within this context that the National Supervisory Authority highlights the importance of knowing and exercising by each individual the rights granted, in Romania, by Law no. 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
According to our national data protection act, the observance of the principles on the processing of personal data is a legal obligation of the data controllers within the public or private sector, which also entails taking the required adequate measures in order to prevent any unauthorised processing of personal data.
The European Data Protection Day constitutes an excellent opportunity to increase awareness on the individuals' rights with regard to the processing of their personal data.