From the press release:
Yesterday, the European Data Protection Supervisor (EDPS) adopted an opinion on the European Commission’s proposal to recast the Directive on waste electrical and electronic equipment (WEEE, also referred to as “e-waste”), a proposal that is intensively discussed in the European Parliament and Council, but without consideration of the data protection implications.
While supporting the proposal’s objective to improve environmental-friendly policies in the area of e-waste, the EDPS points out that the initiative only focuses on the environmental risks related to the disposal of WEEE and does not take into account the data protection risks that may arise from their inappropriate disposal, reuse or recycling. These risks exist in particular when personal data relating to the users of the devices and/or third parties remain stored in IT and telecommunications equipments (e.g. personal computers, laptops) at the time of disposal.
In view of such risks, the EDPS emphasizes the importance of adopting appropriate security measures at every stage of the processing of personal data, including during the phase of disposal of devices containing personal data. The principle of “privacy by design” or, in this area, “security by design” should also be included in the proposal to ensure that privacy and security safeguards are integrated by default into the design of electrical and electronic equipment.