European Data Protection Supervisor
EDPS formal comments in response to the 'Cybersecurity Package' adopted by the Commission
Closing speech by Giovanni Buttarelli, San Francisco, United States
Dissemination and use of intrusive surveillance technologies
Keynote address by Giovanni Buttarelli given at the Cybersecurity and Privacy Innovation Forum 2015, Brussels
"Washington Meetings Program and the Digital and Cyberspace Policy Program: A Conversation with Giovanni Buttarelli", Council on Foreign Relations, Washington DC
The July 2014 edition of the EDPS Newsletter covers EDPS Opinions on asset freezing and Big Data and many other EDPS activities.
In October 2013, the EDPS was notified of a data security breach involving unauthorised access to an EU Agency database which is operated by an external contractor. This database contained the names and email addresses of approximately 70 individuals. The Agency asked the EDPS for advice on how best to handle this breach, and has now implemented all our suggested remedial measures. These included carrying out a full investigation with the contractor, implementing amendments to the contract, and notifying affected data subjects.
Some EU institutions may already have their own rules in place about reporting security breaches to the relevant internal departments. Whilst we welcome this type of proactive approach, we are presently unable to provide a direct or definitive instruction on any obligations to notify security breaches to the controller or the EDPS, under current data protection law. However, the contractual changes that the Agency has implemented in this particular case indicate a positive and practical approach to data breach management, by obligating contractors to promptly notify any such breaches to the controller. This will enable the Agency to deal with any future incident in a timely and effective manner.
Opinion on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber Security Strategy of the European Union: an Open, Safe and Secure Cyberspace', and on the Commission proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union
Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union
Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace
EDPS comments on DG Connect's public consultation on improving network and information security (NIS) in the EU
Opinion on the Proposal for a Regulation of the European Parliament and of the Council concerning the European Network and Information Security Agency (ENISA)
Second opinion on the review of Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ C 128, 06.06.2009, p. 28