European data protection officer

Logo :
Seat :	Brussels
Founded :	January 2004
Legal basis :	Article 286, Treaty establishing the European Community , today Article 16, Paragraph 2, Clause 2, Treaty on the Functioning of the European Union Regulation (EC) No. 45/2001 of December 18, 2000 on the protection of natural persons with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of data .
Data protection officer :	Wojciech Wiewiórowski
Deputy data protection officer :
Predecessor :	Giovanni Buttarelli
Website :	www.edps.europa.eu

The European Data Protection Supervisor (EDPS) is an independent supervisory authority of the European Union , the main task of which is to ensure that the right to privacy and data protection is respected when the EU institutions and bodies process personal data or develop new political strategies. On December 6, 2019, Wojciech Wiewiórowski took up his post as European Data Protection Supervisor. He was appointed for a five-year term by joint decision of the European Parliament and the Council.

Regulation (EU) 2018/1725 contains the tasks and powers of the European Data Protection Supervisor (Chapter VI) as well as his institutional independence. This also defines the data protection provisions for the EU institutions.

Duties and powers

The duties and powers of the EDPS and his deputy as well as the independence of the supervisory authority are not in the Data Protection Regulation set (DS-GMO), but in a separate data protection ordinance (EU 2018/1725).

In practice, the activities of the EDPS can be divided into three areas of responsibility: supervision, advice and cooperation.

At sight

In his supervisory role, the European Data Protection Supervisor oversees the processing of personal data by the European institutions and bodies. He performs this task in cooperation with the official data protection officers, who are deployed in all European institutions and bodies. The data protection officers must notify the EDPS of any processing of sensitive personal data that may involve specific risks. The EDPS then checks this processing against the provisions of the Data Protection Regulation and issues a "prior checking opinion". In most cases, a set of recommendations is then formulated which the institution or body must follow to ensure compliance with data protection rules.

For example, in 2009 the EDPS adopted over 100 prior checking Opinions, mainly dealing with issues such as: B. Health data, staff appraisal, staff hiring, time management, telephone monitoring, performance measurement tools and security reviews went. These opinions are published on the EDPS website and their implementation is systematically monitored.

The application of the data protection regulation in the EU administration is also closely monitored by regularly taking stock of the performance indicators in all EU institutions and bodies. In addition to this general monitoring, the EDPS also carries out on-the-spot checks to verify compliance in practice.

The EDPS oversight role includes examining complaints from EU officials or anyone else who believes that their personal data has not been properly processed by a European institution or body. Examples of grounds for a complaint are a breach of confidentiality, access to data, the right to correct or delete data, disproportionate data collection or unlawful use of the data by the person responsible for processing.

The EDPS has also developed other forms of work in the field of supervision, e.g. B. Opinions on administrative measures and the development of thematic guidelines.

consultation

The EDPS advises the European Commission , the European Parliament and the Council of the European Union on data protection issues in a number of policy areas. Its advisory role extends to proposals for new legislation as well as other initiatives related to the protection of personal data in the EU. The results are mostly official opinions, but the EDPS can also provide advice in the form of comments or strategy papers. As part of this activity, technological developments that affect the protection of personal data are also monitored.

Topics that are currently of particular concern to the EDPS include: a the "TFTP- SWIFT agreement " on the processing of payment transaction data, the amendment of the data protection directive for electronic communications, the developments in connection with the Stockholm program in the field of justice and home affairs, the review of the Eurodac regulation, the passenger name records and the current revision of the data protection framework to modernize the Data Protection Directive (95/46 / EC) in response to new challenges posed by globalization and technological development. This crucial objective will be high on the EDPS agenda for the years to come.

As part of his advisory role, the EDPS can also intervene in proceedings before the European Court of Justice that are relevant to his tasks . In June 2009, for example, he supported a lawsuit in proceedings that concerned the relationship between transparency and data protection.

cooperation

The EDPS is working with other data protection authorities to improve data protection coherence in Europe.

The most important platform for cooperation between data protection authorities in Europe is the European Data Protection Board . The EDPS is actively involved in the work of the group, which plays an important role in the uniform application of the General Data Protection Regulation (GDPR). The EDPS and the working group are working together successfully in several areas, but above all in the implementation of the General Data Protection Regulation (GDPR) and in view of the challenges posed by new technologies. The EDPS also fully supports initiatives aimed at ensuring compliance with European data protection principles in international data flows.

One of the main collaborative tasks relates to the Eurodac fingerprint database , where the EDPS shares responsibility for monitoring data protection with the national data protection authorities.

The EDPS also cooperates in the former “third pillar” of the EU - the area of police and judicial cooperation - with the data protection authorities and the Police and Justice Group.

The cooperation includes participation in two large annual data protection conferences: a European conference, which brings together data protection authorities from the EU member states and the Council of Europe, and an international conference, in which data protection experts from the public and private sectors take part.

Data protection officer

Term of office	Data protection officer	Deputy Data protection officer
2004-2009	Peter Johan Hustinx	Joaquín Bayo Delgado
2009-2014	Peter Johan Hustinx	Giovanni Buttarelli
2014-2019	Giovanni Buttarelli	Wojciech Wiewiórowski
2019-2024	Wojciech Wiewiórowski

literature

Peter J. Hustinx: Data Protection in the European Union. P&I 2005, pp. 62-65. online (PDF)

Peter J. Hustinx: Data protection and security in the EU. online (PDF)

The European Data Protection Supervisor: Public access to documents and data protection. European Communities, Reference Documents , 2005. online (PDF, edps.europa.eu)

The European Data Protection Supervisor (EPDS / CEPD): The European Data Protection Supervisor acts as an advisor to the Community institutions and bodies on proposals for legislation and related documents. Strategy paper, Brussels, March 18, 2005. online (PDF, edps.europa.eu)