Print

Empowering the DPO network to carry data protection compliance in EUIs

Leonardo CERVERA NAVAS

The EDPS and the Data Protection Officers' (DPO) network of the EU institutions, bodies, offices and agencies (EUIs) met for the second time this year on 30 November 2023, kindly and efficiently hosted by the European Parliament in Strasbourg. A symbolic venue - where the Council of Europe was born to promote democracy, human rights, and the rule of law - for an emblematic meeting. 

With 60 DPOs, or their representatives, attending in person and 40 attending remotely, I take pride in the successful outcome of this meeting. Therefore, in this blogpost, I would like to share with the DPO community of the EU and beyond, the main takeaways of this symbolic gathering, which was structured around several interactive workshops.

Our Supervisor, Wojciech Wiewiórowski, opened the meeting by providing an overview of the most recent EDPS developments, such as our latest legislative consultations, Supervisory Opinions and technology monitoring activities. He reiterated the importance of these meetings and the significance of the EDPS-DPO network relationship as a way to empower DPOs of EUIs to advance data protection compliance, to safeguard individuals’ privacy rights.

The first workshop of the day focused on the results of the survey completed by DPOs on their role and tasks. Conducted last spring, the survey is part of a broader initiative by the European Data Protection Board (EDPB) to streamline enforcement actions and cooperation amongst DPOs. The initiative will be the subject of a report on the DPO’s role across the countries of the EU/European Economic Area, including within the EUIs. The EDPB intends to publish this report, accompanied by recommendations, at the beginning of 2024. The EDPS will also publish a report on the outcome of its own survey on the DPO’s role within EUIs.

Assisted by the DPO support group - a rotating group of voluntary DPOs that are closely involved in the preparation of the EDPS-DPO meetings each year - we used the results of the survey to feed discussions, organised in smaller groups of DPOs, on particular issues that they may face within the remit of their role. Topics discussed were wide-ranging. This included exchanges on the way DPOs are appointed and the management of resources, their independence and potential conflict of interests, to mention a few. The results of the survey, supplemented with the conversations held in smaller groups of DPOs, have given the EDPS an invaluable insight into the DPOs’ reality when performing their duties, which, in turn, will help us focus our guidance and supervisory activities. The outcome of this first session will further contribute to the professionalisation of the DPO function, thus strengthening the position of EUIs’ DPOs. 

It has not escaped anyone’s notice that AI is the current hot topic! Following numerous demands from DPOs, we dedicated a full session to AI. Generative AI systems may often be opaque and complex and may, without appropriate safeguards and supervision, present significant risks to privacy and the protection of personal data. The EDPS underscored the importance of having AI systems that are transparent, explainable, consistent, auditable and accessible, as a way to ensure fair processing of personal data. This is all the more important since data protection rules apply whenever the use of AI systems involves the processing of personal data, and EUIs are accountable for such use. In light of this, we discussed the benefits of explainable AI, such as techniques that can be used to help individuals understand what elements contribute to a particular outcome and what can be expected from the system. 

It was very fitting that the 53rd bi-annual meeting with the DPO network took place at the European Parliament in Strasbourg - the cradle of EU democracy - since we dedicated significant time in the afternoon to a democratic exercise: an open forum for discussion on the cooperation between the EDPS and DPO network. This EDPS-DPO network meeting was a follow-up to the previous meeting held in Alicante in June 2023 during which DPOs were invited to share both positive aspects and areas of improvement in their cooperation with the EDPS. During this EDPS-DPO network meeting, focus was put on the future. We asked DPOs to come up with concrete suggestions on how to tackle the challenges that lie ahead. Once again, it proved valuable to ask our privileged partners in the EUIs directly what they expect from the EDPS and how we can be more efficient and create more synergies. Giving DPOs the right tools and guidance contributes to achieving compliance and foster a robust and sustainable data protection culture within EUIs.

Before the meeting drew to a close, the Cabinet of the Supervisor presented the EDPS’ plans for the upcoming 20th anniversary, including the involvement of the DPO's network as key contributors to the development of the EDPS in the last 20 years.

In my concluding remarks, I recognised with satisfaction that the network has significantly evolved since its creation in 2004; it is now a fully-fledged support system with an elected board. Indeed, the election of a board constitutes another important milestone in the 20 years of existence of the network, and, as I congratulated the DPOs on this achievement, I expressed our enthusiasm to continue to further deepen our cooperation with the network and its board.

As we reach the end of this year, we are looking ahead to 2024 and the 20th anniversary of the EDPS with great excitement. We look forward to having the network of DPOs on board, as DPOs will undoubtedly contribute to the success of this event.