On 14 June 2022, following two years of online meetings due to the COVID-19 pandemic, the network of 70 Data Protection Officers (DPOs) of the EU institutions, bodies and agencies (EUIs) met in person to celebrate its 50th meeting with the EDPS.
Since the EDPS was established eighteen years ago, these meetings have been taking place twice a year. The objective has always been the same: to guide the DPO network to achieve compliance with data protection law and to support and boost cooperation between the DPOs of EU institutions, bodies and agencies.
At the meeting, we took stock of the good work done so far and launched a forward-looking reflection about the future of this network that has added so much value and pleasure to our work.
The role of the Data Protection Officers is key since the adoption of the GDPR and the EUDPR. Often, the principle of accountability only becomes a reality when there is a good DPO working hard, hand in hand with the data controller. This is because Data Protection Officers know the core needs of their organisations very well. They are therefore in an ideal position to advise on how best to strike a good balance between the needs of the organisation they serve and the rights of the data subjects concerned.
The EDPS, as any other organisation in the EU institutions, also process personal data of our staff, our service providers and our stakeholders. As Head of Administration of the EDPS, I meet regularly with our DPO, Constantin Chira-Pascanut, who provides me with extremely valuable advice. It is thanks to his hard work that I can reassure my boss, the European Data Protection Supervisor, Wojciech Wiewiórowski, that not only are things under control but that we are leading by example with our own practices.
Data protection is sometimes mistaken as the piece of legislation that “makes it difficult” for private and public organisations to process personal data. In fact, in our highly digitised societies, the processing of personal data is often not only necessary but also beneficial for the data subjects themselves. Therefore, the real issue is not that the processing of personal data becomes more difficult but rather than data controllers become more accountable. This is the ultimate goal of the DPOs in our system and I am proud to say that they do it very well.
DPOs of the EU institutions, agencies and bodies have done a great job in the last few years, even during the dark days of the recent pandemic. Thanks to their hard work and dedication, they have helped to normalise data protection as an integral part of good administration in the EU institutions. However, as I mentioned in my closing remarks, it would be a serious mistake to rest on our laurels. We will soon face huge challenges such as the new EU laws promoting data sharing or the development and use of artificial intelligence tools for which we need to start preparing now.
It is from this perspective that updating the network of DPOs of EU institutions, agencies and bodies and their meetings with the EDPS is extremely important and strategic. We should retain the valuable lessons from our cooperation to date but we should also make sure that whatever needs to be changed to continue being effective in the future will be changed. We have shared some ideas from the EDPS, from our own perception and experience, but our intention is not to interfere with or direct the governance of the DPO network, simply to offer support. As we at the EDPS know ourselves only too well, their independence is their strength.
This is why I have invited the DPO community and my colleagues at the EDPS to a period of reflection with the aim of re-founding the DPO network at the 52nd meeting in Alicante, in May 2023.
The first European Data Protection Supervisor, Peter Hustinx, the man who set up this network eighteen years ago, addressed the DPO community with an inspirational keynote speech. We were also very honoured to welcome two guest speakers: Dr. Frederick Richter, the Managing Director of the German Federal Foundation for Data Protection, who shared with us his experience and thoughts for the future in data protection; and Ms. Calli Schroeder, the Global Privacy Counsel of the Electronic Privacy Information Centre, who shared with us her views on privacy developments around the world, data transfers and the US perspective.
This was a very special meeting, organised deliberately in the same week that the EDPS’ Conference on The Future of Data Protection: Effective enforcement in the digital world takes place. This will allow many DPOs to participate in the stimulating discussions on the digital regulatory sphere because, as mentioned in a recent press article by European Data Protection Supervisor, Wojciech Wiewiórowski, we still need to talk about data protection because safeguarding fundamental rights should no longer be a radical dream, but an obvious reality.
Thanks to the DPO community for their hard work and let’s keep the good work and cooperation for the next 50 meetings to come!