Annual Reports

2018 was a busy year for the EDPS and a pivotal year for data protection in general. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever. Public awareness about the value of online privacy is at an all-time high.

The 2018 Annual Report provides an insight into all EDPS activities in 2018. Chief among these were our efforts to prepare for the new legislation. The General Data Protection Regulation (GDPR) became fully applicable across the EU on 25 May 2018 and new data protection rules for the EU institutions are also now in place. Working with the new European Data Protection Board (EDPB), the EDPS aims to ensure consistent protection of individuals’ rights, wherever they live in the EU.

Full text of Annual Report (HTML):     EN

Summary (HTML):     DE     EN     FR

The GDPR is an outstanding achievement for the EU, its legislators and stakeholders, but the EU's work to ensure that data protection goes digital is far from finished. The majority of the world population now has access to the internet, while tech giants now represent the six highest valued companies in the world. With this in mind, in 2017 the EDPS issued advice to the legislator on the new ePrivacy Regulation, as well as pursuing his own initiatives relating to the Digital Clearinghouse and Digital Ethics, the latter of which will be the main topic of discussion at the 2018 International Conference of Data Protection and Privacy Commissioners, co-hosted by the EDPS.

Finalising and implementing a revised version of the current legislation governing data protection in the EU institutions and bodies as soon as possible is also a priority, if the EU is to remain a credible and effective leader in the protection of individuals' rights. The EDPS intends to exercise the powers granted to him in the revised Regulation efficiently and responsibly, in order to ensure that the EU's institutions and bodies set an example for the rest of the EU to follow. For this reason, the EDPS has invested a lot of effort in preparing the EU institutions for the new rules and will continue to do so throughout 2018.  

In 2017, the EDPS also contributed to ongoing discussions on the Privacy Shield and on the free flow of data in trade agreements, which will remain on the EU and EDPS agenda throughout 2018. With the fight against terrorism still a pressing concern for the EU, the EDPS continues to advocate the need to find a balance between security and privacy in the processing of personal data by law enforcement authorities. As the new data protection supervisor for Europol, the EU’s police authority, he is determined to ensure that the EU sets an example in achieving this balance.

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

The EDPS focused considerable efforts in 2015 on ensuring the successful adoption of new and effective data protection rules, providing legislators with detailed recommendations in the form of an app. He now turns his attention to the successful implementation of these rules and the reform of the current Regulation, which will apply to the work of the EDPS and the other EU institutions and bodies.

The EDPS launched several new initiatives in 2015, such as those on data ethics and big data. He also worked closely with the Article 29 Working Party to analyse the consequences of the Court of Justice of the European Union's ruling on Safe Harbour and advise the Commission on alternative solutions. These and other initiatives will continue into 2016 and beyond to ensure that the EU remains at the forefront of data protection and privacy policy in the years to come.

2014 was a year of transition for the EDPS, marked by the delayed selection and appointment of a new Supervisor and Assistant Supervisor. Despite the resulting uncertainty, the EDPS under the calm authority and tireless efforts of Peter Hustinx, whose 10-year tenure as EDPS drew to a close in 2014, continued to make significant progress in mainstreaming data protection in EU policymaking.

Building on this legacy, the EDPS' priorities for 2015, as part of the five year strategy of the dynamic team of new Supervisors, is to help the EU to speak with one voice on data protection to uphold the rights and interests of the individual in our digitalised society. To this end, the adoption of the data protection reform will be a significant milestone for Europe and an important message to the rest of the world.