Data protection

In our digitally advanced world, the demand for robust personal data protection is increasing. The European Union has always been at the forefront of developing legislation and policies for the protection of personal data. Data protection is a fundamental right enshrined in the EU Charter of Fundamental Rights. Moreover, in 2016 the European Union adopted the General Data Protection Regulation (GDPR), which constitutes a major milestone in the protection of personal data. With the GDPR a balance was sought between the rights of natural persons and the functioning of the digital single market. The GDPR harmonises data protection law across the EU and provides citizens with a clear catalogue of rights, which will improve individuals’ control over their personal data. Besides the GDPR, the EU protects its citizens’ personal data when it is used by criminal law enforcement authorities for law enforcement purposes (Data Protection Law Enforcement Directive – Directive (EU) 2016/680). Thereby, providing a balance between persons’ fundamental rights and the cross-border fight against crime and terrorism.

Over the years Milieu has delivered numerous services to the EU institutions and agencies on the topic:


Global digitalisation and the constant emergence of new technologies have led to an unprecedented collection, use and transfer of personal data. The European Union has worked to find the balance between the rights to privacy and personal data protection and the benefits that the use of personal data can bring. Recently, new legislative changes have attempted to address new challenges technologies bring with respect to data protection.

This project supported the EU and specifically the European Union Agency for Fundamental Rights (FRA) in cooperation with the Council of Europe, to update and further develop the 2014 edition of the Handbook on European data protection law. Milieu provided updates on EU data protection reform and developments from the point of case-law and international agreements. In addition, Milieu identified new principles, rules and issues, further developing relevant themes in light of emerging developments.

Managing border and internal security for the EU is a large task requiring seamless operation between all EU countries. This is largely accomplished through large-scale IT systems, run through the EU agency eu-LISA. These systems track and store important information such as visa applications, biometric data, and asylum applications to control fraud, identity theft, illegal entry to the EU, and to eliminate the need for internal borders between EU Member States.

Milieu provided the European Union Agency for Fundamental Rights (FRA) with information on the positive and negative fundamental rights’ implications of storing biometric data in large-scale IT systems, particularly from a borders, visas and asylum perspective. The IT systems covered were the Schengen Information System (SIS II), the Visa Information System (VIS) and Eurodac.

The right to the protection of personal data and the right to an effective remedy are both fundamental rights enshrined in the Charter of Fundamental Rights of the European Union. Noticing a bottleneck in the use of redress mechanisms though, the European Union Agency for Fundamental Rights (FRA) commissioned a study to better understand why available redress mechanisms were not being used to their full extent in the area of data protection.

Milieu thus researched and mapped legal provisions on redress mechanisms and data protection law in Belgium and Ireland, including any legal consequences concerning data protection violations in these Member States. The report published by FRA from this work offers suggestions to the EU and Member States on how to make justice in the area of data protection more accessible across the EU, and contributed to the EU-wide data protection reform process.