Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Activities 1.1 Supervision 1.2 Consultation 1.3 Cooperation 2 List of European Data Protection Supervisors 3 See also 4 References 5 External links 6 External links

European Data Protection Supervisor

●العربية ●Български ●Català ●Deutsch ●Ελληνικά ●Español ●Esperanto ●Euskara ●Français ●Italiano ●Nederlands ●Norsk bokmål ●Occitan ●Polski ●Português ●Slovenščina ●Suomi ●Svenska ●Українська Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

European Data Protection Supervisor

Incumbent Wojciech Wiewiórowski since 6 December 2019
Nominator	European Commission
Appointer	European Parliament and Council
Constituting instrument	Regulation (EU) 2018/1725
Formation	17 January 2004
First holder	Peter Hustinx
Website	edps.europa.eu

The European Data Protection Supervisor (EDPS) is an independent supervisory authority whose primary objective is to monitor and ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.^[1]

Wojciech Wiewiórowski has been appointed European Data Protection Supervisor (EDPS) by a joint decision of the European Parliament and the Council.^[2] Appointed for a five-year term, he took office on 6 December 2019.

Regulation (EU) 2018/1725^[3] describes the duties and powers of the European Data Protection Supervisor (Chapter VI) as well as the institutional independence of the EDPS as a supervisory authority. It also lays down the rules for data protection in the EU institutions.

Activities[edit]

The duties and powers of the EDPS, as well as the institutional independence of the supervisory authority, are set out in the "Data Protection Regulation".^[4] In practice the EDPS' activities can be divided into three main roles: supervision, consultation, and cooperation.

Supervision[edit]

In the "supervisory" role the EDPS' core task is to monitor the processing of personal data in European institutions and bodies.^[5] The EDPS does so in cooperation with the data protection officers (DPO)^[6] present in each European institution and body. The DPO has to notify the EDPS about any processing operations involving sensitive personal data or likely to pose other specific risks. The EDPS then analyses this processing in relation to the Data Protection Regulation and issues a "prior check" opinion.^[6] In most cases, this exercise leads to a set of recommendations that the institution or body needs to implement so as to ensure compliance with data protection rules.

In 2009, for instance, the EDPS adopted more than a hundred prior check opinions, mainly covering issues such as health data, staff evaluation, recruitment, time management, telephone recording performance tools, and security investigations. These opinions are published on the EDPS website and their implementation is followed up systematically.

The implementation of the Data Protection Regulation in the EU administration is also closely monitored by regular stock-taking of performance indicators, involving all EU institutions and bodies. In addition to this general monitoring exercise, the EDPS also carries out on-site inspections to measure compliance in practice.

The supervisory role of the EDPS also involves investigating complaints^[7] lodged by EU staff members or any other individual who feels that their personal data have been mishandled by a European institution or body. Examples of complaints include alleged violations of confidentiality, access to data, the right of rectification, erasure of data, and excessive collection or illegal use of data by the controller.

The EDPS has also developed other forms of supervision, such as advice on administrative measures and the drafting of thematic guidelines.^[8]

Consultation[edit]

In the "consultative" role the EDPS advises the European Commission, the European Parliament, and the Council of the European Union on data protection issues in a range of policy areas.^[9] This consultative role relates to proposals for new legislation as well as other initiatives that may affect personal data protection in the EU. It usually results in a formal opinion, but the EDPS may also provide guidance in the form of comments or policy papers. Technological developments having an impact on data protection are also monitored as part of this activity.

Some recent significant issues to which the EDPS has given special attention include international data transfers,^[10] internet governance, rebuilding trust between the EU and the US,^[11] eCommunications, cybersecurity, and the future of the area of freedom, security, and justice (Stockholm Programme).

The EDPS is also closely following the ongoing review of the legal framework for data protection aimed at modernising the Data Protection Directive in response to new globalisation and technological challenges.^[12] Realising this critical objective will be the dominant item on the EDPS' agenda over the coming years.

As part of his consultative role, the EDPS also intervenes in cases before the European Court of Justice that are relevant to his tasks. In June 2009 for instance, he intervened in a case concerning the relationship between transparency and data protection – the so-called "Bavarian Lager" case.^[13]

Cooperation[edit]

The EDPS cooperates with other data protection authorities in order to promote a consistent approach to data protection throughout Europe.

The main platform for cooperation between data protection authorities in Europe is the Article 29 Data Protection Working Party. The EDPS takes part in the activities of the Working Party, which plays an important role in the uniform application of the Data Protection Directive and the superseding General Data Protection Regulation (GDPR). The EDPS and the Working Party have cooperated effectively on a range of subjects, but particularly on the implementation of the Data Protection Directive and on the challenges raised by new technologies. The EDPS also strongly supported initiatives taken to ensure that international data flows respect European data protection principles

One of the most important cooperative tasks of the EDPS involves Eurodac where the responsibilities for supervision are shared with national data protection authorities.

The EDPS cooperates with data protection authorities in the former "third pillar" – the area of police and judicial cooperation – and with the Working Party on Police and Justice.

Cooperation also takes place through participation in two major annual data protection conferences: a European Conference that gathers data protection authorities from the EU Member States and the Council of Europe, and an International conference attended by a wide range of data protection experts, both from the public and private sectors.

List of European Data Protection Supervisors[edit]

Term		Assistant Supervisor
2004–2009^[14]	Peter Hustinx	Joaquín Bayo Delgado
2009–2014^[15]	Peter Hustinx	Giovanni Buttarelli
2014–2019^[2]	Giovanni Buttarelli	Wojciech Wiewiórowski
2019–^[16]	Wojciech Wiewiórowski	Post discontinued

References[edit]

^ "About | European Data Protection Supervisor". edps.europa.eu. Retrieved 8 November 2021.

^ ^a ^b Decision 2014/886/EU, OJ L 351, 9.12.2014, p. 9

^ Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.), 21 November 2018, retrieved 9 October 2019

^ Regulation (EC) No 45/2001, OJ L 8, 12.1.2001, p. 1–22

^ "EDPS Homepage | European Data Protection Supervisor".

^ ^a ^b "Glossary | European Data Protection Supervisor". edps.europa.eu. Retrieved 2 November 2022.

^ "Complaints | European Data Protection Supervisor".

^ "Guidelines | European Data Protection Supervisor".

^ "Our role as an advisor | European Data Protection Supervisor". edps.europa.eu. Retrieved 2 November 2022.

^ "Data protection".

^ "Archived copy" (PDF). Archived from the original (PDF) on 4 January 2017. Retrieved 6 January 2015.{{cite web}}: CS1 maint: archived copy as title (link)

^ Data Protection Directive, Directive 95/46/EC, OJ L 281, 23.11.1995, p. 31–50

^ "Archived copy" (PDF). Archived from the original (PDF) on 9 March 2012. Retrieved 12 October 2010.{{cite web}}: CS1 maint: archived copy as title (link)

^ Decision 2004/55/EC, OJ L 12, 17.1.2004, p. 47

^ Decision 2009/30/EC, OJ L 11, 16.1.2009, p. 83

^ "Wojciech Wiewiórowski replacing EDPS". European Data Protection Supervisor. 26 August 2019. Retrieved 1 September 2019.

External links[edit]

EDPS website Archived 19 December 2008 at the Wayback Machine

External links[edit]

Official website

v t e Privacy
Principles	Right of access to personal data Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Brazil Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Switzerland United Kingdom United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany India Indonesia Ireland Isle of Man Netherlands Norway Philippines Poland South Korea Spain Sweden Switzerland Thailand Turkey United Kingdom
Areas	Consumer Digital Education Medical Workplace
Information privacy	Law Financial Internet Facebook Google Twitter Email Personal data Personal identifier Social networking services Privacy-enhancing technologies Privacy engineering Privacy-invasive software Privacy policy Secret ballot Virtual assistant privacy
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Data Privacy Lab Electronic Frontier Foundation Electronic Privacy Information Center European Digital Rights Future of Privacy Forum Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Cellphone surveillance Data security Eavesdropping Global surveillance Identity theft Mass surveillance Panopticon PRISM Search warrant Wiretapping Human rights Personality rights
Category

Law

Authority control databases
International	ISNI VIAF
National	Norway Spain France BnF data Catalonia Germany United States Czech Republic Croatia
Academics	CiNii
Other	IdRef