The year 2020 was unique for the world and, by extension, for the European Data Protection Supervisor (EDPS). Like many other organisations, the EDPS had to adapt its working methods as an employer, but also its work since the COVID-19 health crisis strengthened the call for the protection of individuals' privacy.
This Annual Report provides an insight into all EDPS activities in 2020.
The Executive Summary of the EDPS Annual Report 2020 will be made available in all official languages of the EU in due course.
2019 could be described as a year of transition, across Europe and the world. With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.
This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.
HTML version: EN
2018 was a busy year for the EDPS and a pivotal year for data protection in general. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever. Public awareness about the value of online privacy is at an all-time high.
The 2018 Annual Report provides an insight into all EDPS activities in 2018. Chief among these were our efforts to prepare for the new legislation. The General Data Protection Regulation (GDPR) became fully applicable across the EU on 25 May 2018 and new data protection rules for the EU institutions are also now in place. Working with the new European Data Protection Board (EDPB), the EDPS aims to ensure consistent protection of individuals’ rights, wherever they live in the EU.
Full text of Annual Report (HTML): EN
The GDPR is an outstanding achievement for the EU, its legislators and stakeholders, but the EU's work to ensure that data protection goes digital is far from finished. The majority of the world population now has access to the internet, while tech giants now represent the six highest valued companies in the world. With this in mind, in 2017 the EDPS issued advice to the legislator on the new ePrivacy Regulation, as well as pursuing his own initiatives relating to the Digital Clearinghouse and Digital Ethics, the latter of which will be the main topic of discussion at the 2018 International Conference of Data Protection and Privacy Commissioners, co-hosted by the EDPS.
Finalising and implementing a revised version of the current legislation governing data protection in the EU institutions and bodies as soon as possible is also a priority, if the EU is to remain a credible and effective leader in the protection of individuals' rights. The EDPS intends to exercise the powers granted to him in the revised Regulation efficiently and responsibly, in order to ensure that the EU's institutions and bodies set an example for the rest of the EU to follow. For this reason, the EDPS has invested a lot of effort in preparing the EU institutions for the new rules and will continue to do so throughout 2018.
In 2017, the EDPS also contributed to ongoing discussions on the Privacy Shield and on the free flow of data in trade agreements, which will remain on the EU and EDPS agenda throughout 2018. With the fight against terrorism still a pressing concern for the EU, the EDPS continues to advocate the need to find a balance between security and privacy in the processing of personal data by law enforcement authorities. As the new data protection supervisor for Europol, the EU’s police authority, he is determined to ensure that the EU sets an example in achieving this balance.
The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.
In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.
The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.