Sharing investigative expertise - a seconded national expert’s experience of the EDPS

Delphine Harou

The EDPS is lucky to benefit from the expertise of seconded national experts. These are data protection experts employed by an EU Member State’s national Data Protection Authority (DPAs) who are seconded to work with one of the teams at the EDPS for an extended period. The secondment process allows for a productive exchange of perspectives and knowledge between national DPAs and the EDPS, paving the way for smoother future cooperation.

Andy Curry, of the UK’s Information Commissioner’s Office (ICO), arrived at the EDPS in May of last year. He has been a wonderful asset to the institution, despite his relatively short stay in Brussels. His expertise has been particularly helpful in managing several high-profile investigations launched by the EDPS in this period. Here, he describes his experience at the EDPS and his important contributions to our work.

Delphine Harou, Head of Supervision and Enforcement


Since May 2019 I have been the Seconded National Expert from the UK Information Commissioner’s Office to the EDPS in Brussels, working with the Supervision and Enforcement Unit.

On arrival, we discussed the Unit’s priorities and it was clear that developing the team’s knowledge of investigative processes, developing policy and organising to deliver results were the main challenges. However, the EDPS was also running two potentially significant investigations: one into the EU institution’s contractual arrangements with Microsoft and another into the European Union elections to the Parliament and their use of NationBuilder. The latter investigation was of professional interest to me due to my previous experience on the ICO’s investigation into data analytics for political purposes.

The advent of digital campaigning, big data analytics and so-called micro-targeting during electoral campaigns are - rightly - a priority for most data protection authorities and the EDPS is no different in seeking to hold the Union’s institutions to account in their delivery of high standards of data protection. I was asked to use my experience to assist the investigation teams, including expert staff from the IT Policy Unit, on gathering evidence, analysing the issues and delivering outcomes in both cases.

I also became involved in the broader life of the Unit - handling complaints, advising on other issues, and learning about the Europol Regulation - not to mention Regulation 2018/1725; the bread and butter of our work. It took me some time to understand the breadth of the Unit’s work at the EDPS; delivering opinions on consultation requests, organising and delivering the inspection programme on EU institutions in order to set and maintain high standards of data protection. And, towards the end of the year, hosting the Case Handling Workshop in Brussels, at which I was asked to speak with my colleague, Diana Gentilini from the Italian data protection authority, on the data protection challenges arising from the activities of data-brokers and credit reference agencies.

The EDPS itself is one of the smaller EU institutions, which creates a tight family atmosphere within the organisation, although there are perhaps only very few other institutions that have the regulatory reach and interest into the work of every other institution. It therefore provides a great opportunity for people who wish to become involved in the work of the EU and, because of the size of the organisation, you can be involved in important work almost immediately.

I am pleased to have contributed to the development of the EDPS - the specific outcomes in respect of the Microsoft investigation and the Parliament’s use of NationBuilder, which included the first use of the EDPS’ new enforcement powers under the new Regulation. In order to keep pace with the outside world and the evolving nature of regulation, the EDPS must continue to challenge itself, so the new year will see newly-appointed EDPS Wojciech Wiewiórowski begin to exercise his mandate as the new Supervisor, and the institution continues to adapt to its new powers and responsibilities.

All good things have an end, and I now head back to the UK, and the ICO. The things I will miss are the warmth and support of colleagues from all nationalities and backgrounds, the Unit team meetings - the vie de l’Unite - and the morning Fika - catching up with colleagues over coffee and cake!