On 3 January 2022, the EDPS notified Europol of an order to delete data concerning individuals with no established link to a criminal activity (Data Subject Categorisation). This Decision concludes the EDPS’ inquiry launched in 2019.
We conduct investigations on our own initiative or on the basis of a complaint. We have extensive powers to access personal data, information and documents which are necessary for our investigations and to access premises, in case an on-site investigation is needed.
An investigations can be of a general nature, such as our survey on compliance with data protection rules in the EU institutions, which we conduct every two years.
We also conduct more targeted investigations on specific subjects, for instance, video surveillance in the EU institutions.
In general, our reports on general and targeted investigations are public.
Some of our investigations are conducted to investigate complaints or issues that have been brought to our attention. In order to respect the confidentiality of complaints, we do not make the findings of such inquiries public, for example, verifying if an institution correctly provided a complainant with access to her personal data by physically checking their files.
EDPS Decision on the own initiative investigation on the personal data processing activities of the European Parliament’s Wi-Fi network services (case 2019-0971)
"Redacted version for public release"
EDPS Decision on the own initiative inquiry on Europol’s big data challenge.
This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’, bodies’, offices’ and agencies’ (‘EU institutions’) use of Microsoft products and services. These findings and recommendations from the investigation are likely to be of wider interest than just of the EU institutions: they may be of particular interest to all public authorities in EU/EEA Member States.