Statement on European Data Protection Day

28 January 2021
GDPR Data Protection Day

Statement on European Data Protection Day

This years European Data Protection Day on January 28th, marks the 40th anniversary of the signing of the European Data Protection Convention (Convention 108) on January 28th 1981.

This international treaty set rules for the automated processing of personal data and data transfers for the first time and is still the foundation for current European data protection laws, such as the GDPR. The amount of data processed and technological developments over the past 40 years have increased dramatically, and so have the challenges for data protection.

"The right to data protection was first established on a European level in 1981. Since then, technology has developed quickly, but the principles of data protection stayed true until today. Even more than that, most legal principles have proven to be surprisingly forward-looking. For example: At times where digital storage was extremely expensive, a principle like data minimization was the factual norm, today the law ensures that companies and governments still have to limit what they keep on us." - Max Schrems, honorary chairman of

Europe has stringent data protection laws that regulate how personal data must be handled and also allow for severe penalties for violations of up to € 20 million or 4% of a company's turnover. However, we observe that even after two and a half years, the GDPR is often not being implemented by companies and also not enforced to the extent it deserves. Europe therefore risks to pride itself with a fundamantal right to data protection on paper, but much less protection in everyday life.

"We have not achieved broad compliance with these laws. 40 years after the right to data protection was established on a European level, we still see vast violations every day we use our computers and phones. While some European Data Protection Authorities do a great job, some key watchdogs continue to look the other way. The hefty fines and serious enforcement that the GDPR should have brought in 2018 did not materialize in practice. We therefore urge all relevant players to reflect on how the right to data protection can make the final step from paper to reality." - Max Schrems, honorary chairman of