Personal data protection: EU Member States lagging behind?

This post is also available in: frFrançais (French)

25 May 2018, the deadline for the implementation of the GDPR, General Data Protection Regulation, in all EU countries, is getting closer, yet one cannot but notice that only Germany and Austria comply with the text. The European Association for the Defence of Human Rights (AEDH) is surprised that the Member States have not anticipated the implementation of a text of direct application while they had two years to do so.

Today 28 January, on the International Data Protection Day, AEDH urges the Member States to finally accelerate their march towards the confirmation of new rights for the EU citizens.

The European Commissioner for Justice, Věra Jourová sent a warning at a press conference in Brussels: “we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day.”

AEDH believes that the Member States demonstrated a singular flimsiness while considering the GDPR as a mere additional constraint which application should be postponed as long as possible instead of taking it as an opportunity to promote the defense of privacy as a fundamental right to be built.

AEDH wonders why the Member States were so unresponsive during the two years that they were offered in order to organise the respect of those new rights. Is this attitude the result of an outdated vision of the companies’ right to make profit whatever the degree of privacy disrespect? Or the result of a narrow security orientation regardless of the price to pay for civil liberties? Do some Member States feel obliged to check how they could divert the GDPR by making its Article 23 the instrument of its deep questioning?

However, the presentation of the content of the RGPD is very important. The consent of individuals for the collection of their personal data will have to be free, explicit, informed and unambiguous. The right to be forgotten, the data portability (i.e. the possibility for the user to transfer his/her data from a service provider to another), the companies accountability in terms of security and inclusion of private life as early as possible in the design of data processing, the fines up to 4% of their global turnover that corporate criminals could face, are some of the guarantees that will allow all EU residents to better control the use that is made of their personal data.


Data protection is one of AEDH’s priority for the defense and promotion of rights. It invites the European institutions to act towards the Member States so that they refrain from always lagging behind when it comes to the promotion of rights while they are always ahead when it comes to their restriction. AEDH calls on the citizens to make of the integrity of their privacy an essential element of the defense of all rights.