European Data Protection Supervisor
European Data Protection Supervisor

Privacy in the EU Institutions

Privacy in the EU Institutions

Regulation (EC) No 45/2001 - which will be adapted in 2018, in order to be brought in line with the General Data Protection Regulation - lays down the data protection obligations for the EU institutions and bodies when they process personal data and develop new policies. The Regulation also sets out the duties of the EDPS including its role as an independent supervisory authority of the EU institutions and bodies when they process personal data and for advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Here you will find EDPS documents about privacy and data protection concerning the processing of personal data by the EU institutions and bodies, such as staff evaluation, accreditation of external visitors, access control.

Filters

Pages

01/10/2020
1
Oct
2020

Opinion on the European Public Prosecutor’s Office’s prior consultation on the risks identified in the Data Protection Impact Assessment carried out on its Case Management System

The EDPS will consider hereinafter the main data protection issues concerning the processing of personal data at stake, having regard to the measures envisaged by the European Public Prosecutor's Office (EPPO) to address data protection risks.

 

DisclaimerPlease note that parts of this document were redacted to protect public security and the internal decision making process of the EPPO.

Tags:
17/09/2020
17
Sep
2020

EDPS comments on the EPPO’s draft internal rules of procedure (Case 2020-0781)

These comments from the EDPS refer to the draft internal rules of procedure of the European Public Prosecutor's Office (EPPO).

 

DisclaimerPlease note that parts of this document were redacted to protect the internal decision making process of the EPPO. The full text of the final document referred to in this opinion, as adopted by the EPPO College, can be found at: https://ec.europa.eu/info/law/cross-border-cases/judicial-cooperation/networks-and-bodies-supporting-judicial-cooperation/european-public-prosecutors-office_en#decisions-of-the-college-of-the-eppo.

17/09/2020
17
Sep
2020

EDPS comments on the EPPO’s draft revised rules on processing of personal data (Case 2020-0782)

The present comments from the EDPS refer to the draft revised rules on processing of personal data by the European Public Prosecutor's Office (EPPO).

 

DisclaimerPlease note that parts of this document were redacted to protect the internal decision making process of the EPPO. The full text of the final document referred to in this opinion, as adopted by the EPPO College, can be found at: https://ec.europa.eu/info/law/cross-border-cases/judicial-cooperation/networks-and-bodies-supporting-judicial-cooperation/european-public-prosecutors-office_en#decisions-of-the-college-of-the-eppo.

01/09/2020
1
Sep
2020

Body temperature checks by EU institutions: Careful assessment and data protection safeguards are necessary

The European Data Protection Supervisor issued today orientations on the use of body temperature checks by Union institutions, bodies, offices and agencies (EUIs) in the context of the COVID-19 crisis, highlighting that a careful assessment and appropriate data protection safeguards are necessary.  

01/09/2020
1
Sep
2020

Orientations from the EDPS: Body temperature checks by EU institutions in the context of the COVID-19 crisis

A number of European institutions, agencies and bodies (EUIs) have implemented body temperature checks as part of the health and safety measures adopted in the context of their “return to the office” strategy as an appropriate complementary measure, among other necessary health and safety measures, to help prevent the spread of COVID-19 contamination.

At the same time, systematic body temperature checks of staff and other visitors to filter access to EUIs premises may constitute an interference into individuals’ rights to private life and/or personal data protection. The EDPS observes that body temperature checks can be implemented through a variety of devices and processes that should be subject to careful assessment. The EDPS has decided to issue the present orientations to help EUIs and Data Protection Officers (DPOs) meet the requirements of Regulation (EU) 2018/1725 (the Regulation), where applicable.

31/08/2020
31
Aug
2020

Informal Consultation on the application of Article 39(3)(b) of Regulation (EU) 2018/1725

Informal consultation from an EU Agency on whether a particular number of data subjects concerned by a processing should be considered as “large scale” in the sense of Article 39(3)(b) of the Regulation.

The EDPS notes that the Regulation itself does not define what constitutes “large-scale”, analyses existing guidance on the matter and concludes that in the case of the processing underlying the informal consultation, the proportion of the relevant population as well as the nature of the personal data processed and possible resulting risks cumulatively advocate for conducting a DPIA in the case at hand.

23/07/2020
23
Jul
2020

Comprehensive Union policy on preventing money laundering and terrorism financing

EDPS Opinion on  the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing

Tags:
Friday, 17 July, 2020
17
Jul
2020

Newsletter (N°
81
)

In this newsletter, we cover the EDPS Strategy 2020-2024 focusing on Digital Solidarity. As well as, in the context of The Hague Forum, a report on the use of Microsoft products and services by the EUIs. Finally, the EDPS published a report accompanied by a factsheet and video on Data Protection Impact Assessments and the EDPS/EDPB trainees organised a conference on Data Protection in times of COVID-19.
15/07/2020
15
Jul
2020

Orientations from the EDPS: Reactions of EU institutions as employers to the COVID-19 crisis

The European institutions, bodies and agencies have had to react to the COVID-19 crisis not only in their policy roles, but also in their roles as employers. Changes in operations, such as moving the vast majority of staff to remote working have raised numerous questions on which EUIs consulted the EDPS. 

This document compiles the advice given on questions such as teleworking tools, staff management, health data aspects and replying to data subject access requests. 

This document builds on the experience of the past months and addresses the issues that were raised to us or encountered by us and is still relevant because telework will most likely be a big part of the ‘new normal’ for EUIs work. 

Tags:
06/07/2020
6
Jul
2020

EDPS Report: EU Institutions’ use of Data Protection Impact Assessments

Today, the European Data Protection Supervisor (EDPS) published a Report on how EU institutions, bodies and agencies (EUIs) carry out Data Protection Impact Assessments (DPIAs) when processing information that presents a high risk to the rights and freedom of natural persons.

06/07/2020
6
Jul
2020

EDPS Survey on Data Protection Impact Assessments under Article 39 of the Regulation

This Report, based on a survey carried out in February 2020, is on the European Institutions' use of Data Protection Impact Assessments (DPIAs), case 2020-0066

02/07/2020
2
Jul
2020

Outcome of own-initiative investigation into EU institutions’ use of Microsoft products and services

This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’, bodies’, offices’ and agencies’ (‘EU institutions’) use of Microsoft products and services. These findings and recommendations from the investigation are likely to be of wider interest than just of the EU institutions: they may be of particular interest to all public authorities in EU/EEA Member States.

PDFPDF icon
EPUBFile
HTMLHTML icon
Tags:
02/07/2020
2
Jul
2020

The Hague Forum: Reinforcing cooperation for fair IT contracts in Europe

The Hague Forum, jointly organised with the Dutch Ministry of Justice and Security and the European Commission, met for the second time, on 2 July. The Hague Forum is a cooperation platform for public authorities in the EU, EU institutions (EUIs) and other international organisations to exchange information and strengthen their negotiation power with ICT service providers, including cloud service and communications providers.

Tags:
03/06/2020
3
Jun
2020

Consultation on relationship with travel agency

Consultation from an European Institution on the relationship with its contractor for providing travel agency services. The contractor considers that it should be a separate controller; the EDPS analyses the relationship at hand, the consequences of different legal constructions, and concludes that a controller-processor relationship is the most appropriate arrangement. 

20/05/2020
20
May
2020

EDPS’ comments on EASO’s draft internal rules concerning restrictions of certain rights of data subjects (Case 2020-0468)

These comments refer to EASO’s draft implementing rules concerning restrictions on certain rights of data subjects (pursuant to Article 25 of Regulation (EU) 2018/1725).

06/05/2020
6
May
2020

Consultation on agreement for payroll services for local employees in a third country

EDPS Letter Consultation on agreement for payroll services for local employees in a third country

25/03/2020
25
Mar
2020

EDPS comments on CEDEFOP’s draft internal rules concerning restrictions of certain rights of data subjects (Case 2020-0298)

These comments refer to CEDEFOP’s draft implementing rules concerning restrictions on certain rights of data subjects (pursuant to Article 25 of Regulation (EU) 2018/1725).

23/03/2020
23
Mar
2020

EDPS closes investigation into European Parliament’s 2019 election activities

The European Data Protection Supervisor (EDPS) has closed its investigation into the European Parliament’s use of a US-based political campaigning company to process personal data as part of its activities relating to the 2019 EU parliamentary elections. The contract between the European Parliament and NationBuilder came to a natural end in July 2019 and all data collected has been transferred to the European Parliament’s servers, the EDPS announced today.

18/03/2020
18
Mar
2020

2019 Annual Report - a year of transition

2019 could be described as a year of transition, across Europe and the world.  With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.

This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.

HTML version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF):PDF icon
02/03/2020
2
Mar
2020

EDPS comments on the draft internal rules concerning restrictions of certain rights of data subjects in the functioning of the Executive Agencies EACEA, ERCEA, REA, INEA and EASME (Case 2020-0057)

These comments refer to the draft internal rules of the Executive Agencies EACEA, ERCEA, REA, INEA and EASME, concerning restrictions of certain rights of data subjects in relation to processing of personal data in the framework of their functioning.

Pages