Direito e Informação na Sociedade em Rede: atas Direito e Informação na Sociedade em Rede: atas | Page 61

Thus, it is not hard to infer that the increasing amount of sophisticated content and services that emerged throughout the years have rendered this inability more obvious. Even so, one had to wait for 2010 to see the EC recognise the impact of the Internet on this matter. In its Communication on a comprehensive approach to the protection of personal data in the EU, the EC acknowledged the problems raised by the current easiness with which personal data are shared and publicised in social networks together with the increasing capacities for information retrieval in remote servers in the “cloud”7. Yet, the atmosphere surrounding the launching of the EC’s proposal for a GDPR, in January 2012, looked rather optimistic. The European Data Protection Supervisor (EDPS) welcomed the proposal as a huge step forward for data protection in Europe, robust enough to face future information technology-driven challenges8. Likewise, for the Article 29 Data Protection Working Party9, the proposed regulation fulfilled the ambition to produce a text that reflected the increased importance of data protection in the EU legal order. It retained and strengthened the core principles of data protection, reinforced the position of the data subjects, enhanced the responsibility of data controllers and strengthened the position of supervisory authorities, both nationally and internationally10. The suitability of the proposals to “address the new challenges resulting from the pervasive collection and use of personal data in a connected and globalized world” was recognised by the European Data Protection Commissioners in their Resolution on the EU data protection reform adopted at the Spring Conference 201211. Several commentators also saluted the draft regulation for allegedly providing the data subjects with stronger rights, including giving more power to customers of online services and stronger safeguards for EU citizens’ data that get transmitted abroad (De Hert, Papakonstantinou, 2012, p. 135; Tene, Polonetsky, 2012, p. 63 ff). One might, however, doubt whether these beliefs are fully justified since they seem to reveal a somehow perplexing neglect of the challenges arising for data protection principles and rights from the growing availability of large datasets and sophisticated tools in data mining and data analytics, together with the access by surveillance authorities to personal data collected by service providers on the base of their privacy policies for their specific purposes, something that the Snowden affair rendered widely notorious (Mantelero, Vaciago, 2013, p. 161-162). European Commission, Communication of the Commission to the European Parliament, The Council, The Economics and Social Committee and the Committee of the Regions, A comprehensive approach on personal data protection in the European Union, COM (2010) 609 final, Brussels, 4.11.2010. Available at (last accessed 18.03.2016). 8 European Data Protection Supervisor, 2012 Annual Report: Smart, sustainable, inclusive Europe: only with stronger and more effective data protection, Publications Office of the European Union, 2013, p. 50. 9 The Article 29 Data Protection Working Party is an independent committee created by Article 29 of the data protection directive (hence its designation), with advisory functions to the European Commission. 10 Article 29 Data Protection Working Party, Opinion 01/2012 on the Data Protection Reform Proposals, 23 March 2012, p. 4-5. Available at: (last accessed 18.03.2016). 11 Resolution on the EU data protection reform adopted at the Spring Conference 2012, https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Cooperation/Confere nce_EU/12-05-04_Spring_conference_Resolution_EN.pdf. 7 49