The European Data Protection Supervisor (EDPS) published an opinion which highlights the need for specific safeguards for data protection whenever public sector information contains personal data. The Commission proposal should more clearly define in what situations and subject to what safeguards information containing personal data may be required to be made available for re-use, according to Peter Hustinx, the EDPS.

Peter Hustinx, the European Data Protection Supervisor (EDPS) adopted his opinion on the proposal for a Directive amending Directive on re-use of public sector information (PSI) adopted in December 2011, and which is part of the Commission's Open Data Package. The EDPS opinion stresses that although the re-use of public sector information (PSI) containing personal data may bring significant benefits, also entails great risks to the protection of personal data, due to the wide variety of data held by public sector bodies.

In particular, the opinion highlights the need for specific safeguards for data protection whenever PSI contains personal data. It therefore recommends that public sector bodies take a 'proactive approach' when making personal data available for re-use. According to the EDPS, this would make it possible to make data publicly available, on a case by case basis, subject to conditions and safeguards in compliance with data protection rules.

The EDPS further recommends that the proposal should require that a data protection assessment be carried out by the public sector body concerned before any PSI containing personal data may be made available; require that the terms of the licence to re-use PSI include a data protection clause, whenever personal data are processed; where necessary considering the risks to the protection of personal data, require applicants to demonstrate that any risks to the protection of personal data are adequately addressed and that the applicant will process data in compliance with applicable data protection law; and where appropriate, require that data be fully or partially anonymised and license conditions specifically prohibit re-identification of individuals and re-use of personal data for purposes that may individually affect the data subjects.