EDPS comments on the European Economic and Social Committee’s draft internal rules concerning restrictions of certain rights of data subjects (Article 25 of Regulation (EU) 2018/1725)
In line with the principle of accountability, EU institutions with the support of their DPOs are primarily responsible for complying with their data protection obligations.
To support them, the EDPS provides guidance on how to be compliant and we make sure that the rules are applied as they should be; our approach is to trust and verify.
When complex or novel issues arise, we will offer advice as necessary to guide and navigate through the complexities to ensure compliance.
Article 57(1)(g) of Regulation (EU) 2018/1725 outlines that EU institutions and DPOs can consult the EDPS for advice when drawing up measures or internal (administrative) rules that involve the processing of personal information, if they are complex or may pose risks to the rights and freedoms of individuals.
In any case, the EU institutions are obliged to inform or consult the EDPS when they adopt administrative rules that involve the processing of personal data (Article 41 of the Regulation (EU) 2018/1725) regardless of the level of risk.
We have issued a policy paper to guide EU institutions and bodies as to when they must consult us.
Our Opinions on administrative consultations have covered a diverse range of subjects such as the publication of personal data on the internet, the use of email in the workplace, the transfers of personal data to non-EU countries and the billing of individual users for non‑work related phone calls.
Not all of our replies to consultations are made public; those that we believe are useful for other institutions and the persons affected are published on this website.
In addition, some of the measures we are consulted on are sensitive and must therefore be treated confidentially.
EDPS comments on the European Banking Authority’s draft Decision laying down internal rules concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of the functioning of the European Banking Authority (EBA).
These comments from the EDPS refer to the draft internal rules of procedure of the European Public Prosecutor's Office (EPPO).
Disclaimer: Please note that parts of this document were redacted to protect the internal decision making process of the EPPO. The full text of the final document referred to in this opinion, as adopted by the EPPO College, can be found at: https://ec.europa.eu/info/law/cross-border-cases/judicial-cooperation/networks-and-bodies-supporting-judicial-cooperation/european-public-prosecutors-office_en#decisions-of-the-college-of-the-eppo.