The European Data Protection Supervisor (EDPS) has released a report on the European Union’s data protection strategy for the next four years, covering General Data Protection Regulation (GDPR) and potential digital challenges ahead.
“Every day, people generate ever-increasing amounts of data through their digital activities. Its collection and reuse need to respect, first and foremost, the rights and interests of individuals, in line with European values and rules. With the GDPR, the EU has laid down a solid basis for a human-centric data economy by ensuring that individuals remain in control of their data. This has made the EU a source of inspiration for the protection of privacy in many countries worldwide.”
The strategy is underpinned by three pillars, reflecting the EDPS values, to allow statutory functions and resources to be deployed.

“The next 5 years could prove to be a global turning point for privacy and personal data protection. Most of the world will have a general data protection law, including the largest countries currently without one – India, Indonesia and, quite possibly, the United States. Most policy interventions addressing social, environmental and public health issues, will involve technology and data usage. Data protection will become relevant in almost every context. The Covid-19 crisis, which, initially, seemed to be a danger to such an evolution, has, instead, strengthened the call for the protection of individuals’ privacy. This is especially the case when governments take measures to defend society and the economy against such an extraordinary threat.”
The first review of the GDPR is taking place in 2020, with a particular focus on the rules for transfers of data outside the EU and the cooperation between DPAs.
The report can be found here.