Annual Reports

The GDPR is an outstanding achievement for the EU, its legislators and stakeholders, but the EU's work to ensure that data protection goes digital is far from finished. The majority of the world population now has access to the internet, while tech giants now represent the six highest valued companies in the world. With this in mind, in 2017 the EDPS issued advice to the legislator on the new ePrivacy Regulation, as well as pursuing his own initiatives relating to the Digital Clearinghouse and Digital Ethics, the latter of which will be the main topic of discussion at the 2018 International Conference of Data Protection and Privacy Commissioners, co-hosted by the EDPS.

Finalising and implementing a revised version of the current legislation governing data protection in the EU institutions and bodies as soon as possible is also a priority, if the EU is to remain a credible and effective leader in the protection of individuals' rights. The EDPS intends to exercise the powers granted to him in the revised Regulation efficiently and responsibly, in order to ensure that the EU's institutions and bodies set an example for the rest of the EU to follow. For this reason, the EDPS has invested a lot of effort in preparing the EU institutions for the new rules and will continue to do so throughout 2018.  

In 2017, the EDPS also contributed to ongoing discussions on the Privacy Shield and on the free flow of data in trade agreements, which will remain on the EU and EDPS agenda throughout 2018. With the fight against terrorism still a pressing concern for the EU, the EDPS continues to advocate the need to find a balance between security and privacy in the processing of personal data by law enforcement authorities. As the new data protection supervisor for Europol, the EU’s police authority, he is determined to ensure that the EU sets an example in achieving this balance.

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

The EDPS focused considerable efforts in 2015 on ensuring the successful adoption of new and effective data protection rules, providing legislators with detailed recommendations in the form of an app. He now turns his attention to the successful implementation of these rules and the reform of the current Regulation, which will apply to the work of the EDPS and the other EU institutions and bodies.

The EDPS launched several new initiatives in 2015, such as those on data ethics and big data. He also worked closely with the Article 29 Working Party to analyse the consequences of the Court of Justice of the European Union's ruling on Safe Harbour and advise the Commission on alternative solutions. These and other initiatives will continue into 2016 and beyond to ensure that the EU remains at the forefront of data protection and privacy policy in the years to come.

2014 was a year of transition for the EDPS, marked by the delayed selection and appointment of a new Supervisor and Assistant Supervisor. Despite the resulting uncertainty, the EDPS under the calm authority and tireless efforts of Peter Hustinx, whose 10-year tenure as EDPS drew to a close in 2014, continued to make significant progress in mainstreaming data protection in EU policymaking.

Building on this legacy, the EDPS' priorities for 2015, as part of the five year strategy of the dynamic team of new Supervisors, is to help the EU to speak with one voice on data protection to uphold the rights and interests of the individual in our digitalised society. To this end, the adoption of the data protection reform will be a significant milestone for Europe and an important message to the rest of the world.

In 2013, in the context of his consultation work advising on new legislative measures, the review of the EU legal framework for data protection continued to be at the top of the EDPS agenda and will remain a priority in 2014. The Digital Agenda and the privacy risks of new technologies were also significant features of 2013.

The implementation of the Stockholm programme in the area of freedom, security and justice and issues in the internal market, such as financial sector reform, and in public health and consumer affairs, also had an impact on data protection. The EDPS also increased his cooperation with other supervisory authorities, particularly with regard to large-scale IT systems.

In the supervision of EU institutions and bodies, when processing personal data, the EDPS interacted with more data protection officers in more institutions and bodies in 2013 than ever before. In addition, a number of EDPS surveys revealed that most EU institutions and bodies, including many agencies, have made good progress in complying with the data protection Regulation, although there are still some which should increase their efforts.