Yesterday, the European Data Protection Supervisor (EDPS) adopted an opinion on the European Commission's proposal to recast the WEEE Directive (Directive on waste electrical and electronic equipment). This proposal is currently discussed in the European Parliament and Council.
According to this press release of the European Commission, the EDPS supports the proposal's objective to improve environmental-friendly policies in the area of e-waste, but does point out that the initiative only focuses on the environmental risks related to the disposal of WEEE and does not take into account the data protection risks that may arise from their inappropriate disposal, reuse or recycling.
According to the EDPS, these risks exist in particular when personal data relating to the users of the devices and/or third parties remain stored in IT and telecommunications equipments (e.g. personal computers, laptops) at the time of disposal.
In view of such risks, the EDPS emphasizes the importance of adopting appropriate security measures at every stage of the processing of personal data, including during the phase of disposal of devices containing personal data. The principle of "privacy by design" or, in this area, "security by design" should also be included in the proposal to ensure that privacy and security safeguards are integrated by default into the design of electrical and electronic equipment.
The EDPS recommends that the legislators:
Text of opinion (pdf) of the EDPS