Peter Hustinx is not, he insists, “a privacy freak”. Diplomats who have clashed with him beg to differ: they contend that he takes “extreme” positions in defence of privacy in his role as the European data protection supervisor.
What is uncontested is Hustinx’s expertise: data privacy has been his career. It was a path that the 66-year-old began to cut in 1970, when, as a 25-year-old student lawyer, he headed to the US to gain a master’s degree in comparative law at the University of Michigan.
His year in Michigan sparked an interest in data protection and privacy – and brought him into the world of computing, then the preserve of a few mainframe computers run by states and big corporations. “It was very interesting: privacy, computers and law” and “it was pioneering”, Hustinx says of the course, which also included issues such as intellectual property and confidentiality.
On returning to the Netherlands, he worked as a legal adviser in the justice ministry – and was swiftly appointed deputy-secretary of the Koopmans Commission on privacy and personal data, whose work lasted from 1972 to 1976.
After the commission completed its work, Hustinx continued to expand his interest in data protection and privacy, working as the Dutch representative on the Council of Europe’s expert committee on data protection. That committee drafted the first legally binding international data-protection convention, which still forms the basis of EU law.
In 1991, Hustinx took charge of the Dutch data-protection authority, becoming only its second chief. It was a post that he held until 2003.
In the intervening years, he was a force in the European Commission’s ‘Article 29 data-protection working party’, a body created in 1996, comprising data-protection officers from member states and charged with advising the Commission on the 1995 data-protection directive. It is a body in which he still has a seat, because it was expanded in 2004 to bring in the European data-protection supervisor.
Hustinx was interested in his current post from the outset. “I saw the opportunity and wanted to be part of that,” he says.
1945: Born, Vught
1970: Master’s degree in law, University of Nijmegen
1971: Master’s degree in comparative law, University of Michigan
1971-91: Legal adviser, Dutch Ministry of Justice
1972-76: Deputy secretary-general, Royal Commission on Privacy and Personal Data (Koopmans Commission)
1979-91: General counsel of the public law division, Dutch Ministry of Justice
1976-91: Member of the Council of Europe’s committee of experts on data protection (chairman in 1985-88)
1986-: Deputy judge at the Court of Appeal, Amsterdam
1991-2003: President, Dutch Data Protection Authority
1996-2000: Chairman of the EU’s Article 29 Data Protection Working Party
Click Here: kanken kids cheap
1998-2001: Chairman of the appeals committee of Europol’s supervisory body
2002-09: Chairman of the Commission for the Control of Interpol’s Files
2004-: European Data Protection Supervisor
It was a job that required starting from scratch, he says. Under Hustinx, the staff has swelled from 15 to 50-60 people (with the variance reflecting the flow of seconded national experts).
“The first mandate was making sure there was an authority that existed,” he says. Now into his second five-year mandate, Hustinx has established it as an institution respected for its expertise and seriousness.
His aim has been to ensure that data protection and privacy issues are considerations in everything done by the Commission, the Council of Ministers and the European Parliament. “The toughest thing in this long perspective is to get the institutional approach, to get a sense of compliance in the European Commission and the other institutions,” says Hustinx, who was appointed by member states and the Parliament.
Known as a measured and meticulous man, Hustinx has to perform a delicate balancing act in an area of legislation that is one of the EU’s most sensitive. He started modestly – and more importantly, he says, quietly. He prefers to ration his public appearances. “I believe it is better to be visible ten times a year than all the time,” he says. When Hustinx speaks out, it is because he feels public pressure can yield results.
He was critical of how the EU developed its security policies following the terrorist attacks in the US in 2001, Madrid in 2004 and London in 2005.
He was also critical on a number of aspects of the agreement to transfer EU citizens’ bank-transfer data to the US to help track terrorist funding, the SWIFT deal. Hustinx called for EU data and privacy rights to be enforced on US territory, criticised the length of time US authorities could retain the data (five years) and called for US requests for data to be assessed by an independent EU judicial authority.
Hustinx has yet to go public with his appraisal of the Anti-Counterfeiting Trade Agreement (ACTA), a controversial deal on combating piracy. He was, though, critical of its drafts, calling on the Commission in 2010 not to support sanctions on piracy of the sort developed by France, whose ‘three strikes’ rule denies repeat offenders access to the internet.
But the toughest challenge that Hustinx has faced, he says, was a clash with Germany in 2007, over an agreement to increase the sharing of data including DNA, fingerprints and vehicle registration numbers. Hustinx was critical of the way the agreement – the Prüm treaty – was originally (in 2005) negotiated outside the EU framework by seven member states, arguing that the treaty lacked democratic oversight and failed to protect data adequately. The treaty was eventually made into EU law. But Hustinx failed to convince Germany, the presiding country in the Council of Ministers, to take on board all of his recommendations.
“He is not someone who seeks the spotlight,” says Sophie in ’t Veld, a Dutch Liberal MEP who chairs the civil-liberties committee – and she believes that his low-key, neutral and pragmatic approach has earned Hustinx the respect of member states and the Commission.
Jan Philipp Albrecht, a German Green MEP, agrees. He adds, though, that the Commission and member states have disregarded Hustinx’s recommendations, notably on the accords that the EU has reached with the US on the transfer of passenger name records (PNR).
Diplomats and Commission officials acknowledge that Hustinx has been effective, saying that he has made the inclusion of protection and privacy issues “standard practice” in the drafting of EU legislation. They take issue, though, with his “extreme” positions on PNR issues, notably his opposition to EU plans to create its own European data-exchange system.
Looking back over eight years on the job, Hustinx himself is pleased with what he has accomplished. “None of this existed until ten years ago, certainly not 15 years ago,” he says, referring to the functioning system of data protection in the EU. Awareness of privacy issues is on the increase across the EU, he continues – but, he adds, people remain naïve.
Hustinx could write the book on their rights. He will not, though. When he retires in two years’ time, he intends to focus on his family (he and his wife have three sons and six grandchildren), and on films, travel and history books. “I am not going to do privacy consultancy or write memoirs or a handbook on privacy,” he says. “If you have seen three cycles of this subject” – as a government adviser, as a national supervisor and as a European supervisor – “that’s enough.”