We make sure that that the fundamental right to the protection of personal information is respected by the European institutions and bodies (EU instituions).
We supervise the processing (collection, use, transfer, etc.) of personal information by the EU institutions, as well as ensuring that data protection safeguards are incorporated in EU legislation and policies, where necessary.
To learn more about your data protection rights and the EU institutions, read our factsheet.
Please read the information on this page before completing our complaints form. If you have read the above information and
you can lodge a complaint with the EDPS to investigate by filling in our complaints form.
In principle, a complaint to the EDPS will be inadmissible if you have not first contacted the institution or its data protection officer to rectify the matter; for instance, if you would like access your data, you should first request the institution to give you access. If you have not contacted the institution before complaining to the EDPS, please outline why in the form.
1) Anyone who has dealings with an EU institution(s) can complain against the processing of their personal data by it;
2) Anyone who is employed by an EU institution can complain against breaches of the data protection rules by an EU institution(s), even if you are not personally affected.
The data protection rules that the EU institutions must follow are set out in Regulation 45/2001. The Regulation says that if you believe your data protection rights have been infringed by the EU administration, for instance:
you can lodge a complaint with the EDPS.
If necessary, the EDPS can recommend the EU institution concerned to adopt specific measures to protect your rights.
A complaint to the EDPS must relate to the processing of personal information carried out by an EU institution.
If, for example:
you should contact the relevant national data protection authority and NOT the EDPS.
If the processing of personal information which is the subject of a complaint is not carried out by one of the EU institutions, your complaint will be inadmissible.
We will handle your complaint confidentially.
Confidentiality implies that your personal data will not be disclosed to persons outside of the EDPS.
However, it may be necessary for our investigation to inform the institution concerned, its Data Protection Officer and any third parties involved about the content of the complaint and your identity.
If you wish to remain anonymous, please outline your reasons for the EDPS to consider. The EDPS will inform you if it does or does not accept your request for anonymity. You will then be able to decide to withdraw or proceed with your complaint.
We are unable to accept complaints sent to us anonymously. If you are acting on behalf of a complainant, we ask you to provide the first and last names of the complainant and submit evidence of your power to represent the complainant.
The EDPS does not deal with matters that are currently before a court or that have already been settled by a court.
The EDPS does not deal with matters that are currently being examined by the European Ombudsman or that have already been settled by it unless you have significant new evidence to submit.
Your complaint is admissible even if another EU body is examining it. However, the EDPS can decide to await the outcome of that body’s procedures before starting its own investigation.
To help us investigate a complaint, the EDPS is entitled to obtain all personal data and all information necessary for our enquiries from the EU institution concerned. We can also access the premises of any EU institution should an on-site investigation be needed.
The EDPS strives to ensure a high level of security for information shared with us in this complaint form such as using Hypertext Transfer Protocol Secure (HTTPS). Nevertheless, communication over the internet, including email, is not fully secure and can potentially be intercepted by persons outside of the EDPS. The EDPS relies on third party services (the European Parliament and the European Commission) to help maintain the security and performance of the EDPS website; the EDPS IT infrastructure is subject to their security measures.