The European Data Protection Supervisor (EDPS) issued today an opinion on a Commission proposal to merge the driving licence of professional drivers with their driver card. The integration of two totally different functionalities in one single card, which would record a wide range of data about professional drivers including their activities and whereabouts, would have a significant impact on the fundamental right to the protection of personal data.
Giovanni Buttarelli, Assistant EDPS, states: “We seriously doubt about the necessity and the proportionality of such a measure, which has yet to be demonstrated. A consistent approach is needed from the legislator to ensure that the development of any measures concerning drivers’ data is done in full respect of data protection principles“.
The EDPS encourages the Commission to consider the risks associated with the processing of personal data in interconnected intelligent transport systems. He also particularly emphasises the need to conduct a privacy and security impact assessment before the merging of the driver cards with driving licences could take place. He further recommends to:
- evaluate the impact of the use of a microchip in the driving licences;
- ensure that the overall design of the processing is privacy friendly and proportionate to the purposes pursued;
- specify the data or categories of data to be stored in the microchip, in compliance with the principles of proportionality and data minimization;
- provide sufficient guarantees for the effective exercise of data subjects’ rights;
- ensure a strict limitation of access rights in view of the legitimate purposes for which relevant authorities and any other recipients would need to access the data.
The European Data Protection Supervisor (EDPS) is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
- monitoring the EU administration’s processing of personal data;
- advising on policies and legislation that affect privacy;
- cooperating with similar authorities to ensure consistent data protection.