European Data Protection Supervisor
The EU's independent data protection authority
The 41st International Conference of data protection and privacy commissioners, 'Convergence and Connectivity - Raising Global Data Protection Standards in the Digital Age' will take place on 21-24 October in Tirana, Albania.
EDPS web inspection tool WEC is now available on GitHub. Read more.
It is with the deepest regret that we announce the loss of Giovanni Buttarelli, the European Data Protection Supervisor. Giovanni passed away surrounded by his family in Italy, last night, 20 August 2019.
Are digital technologies as virtual as we think? Listen to our latest #DebatingEthics Conversation with Andrew Brennan, Ruben Dekker and Heather Iqbal to learn more about the very material impact of data-intensive technologies on the environment.
Read the full text here.
Latest blogpost by Giovanni Buttarelli.
Summer holidays are a chance to relax, but they can be a source of high stress themselves if you are not safe online. To help with this, the European Data Protection Supervisor has created a simple guide of 11 tips to help you stay secure while using your computer, smartphone and tablet – and in a sunny mood!
The EDPS has adopted and published its lists of the kinds of processing operations that require a data protection impact assessment (DPIA) under Article 39 of the data protection regulation for the EU institutions, as well as those that at first sight do not require a DPIA.
The EDPS adopted these lists after consulting the European Data Protection Board (EDPB) on the draft lists. These lists provide additional guidance to controllers in the EU institutions and complement the accountability on the ground toolkit. In line with the Article 29 Working Party Guidelines on DPIAs, endorsed by the EDPB, these lists provide criteria for controllers to assess whether they need to do a DPIA; the lists are not exhaustive.
DPIAs are a new concept in the data protection regulation for the EU institutions, mirroring equivalent provisions in the GDPR. The DPIA process aims to provide assurance that controllers adequately address privacy and data protection risks of ‘risky’ processing operations. By providing a structured way of thinking about the risks to data subjects and how to mitigate them, DPIAs help organisations to comply with the requirement of data protection by design where it is needed the most, i.e. for ‘risky’ processing operations.
Risk-based approach under the data protection reform. Listen to the Podcast!
Latest blogpost by Wojciech Wiewiórowski.
Read the Press Release and follow the live webstreaming.
The EDPS carried out an inspection on the websites of major EU institutions and bodies.
Read the press release.
Latest blogpost by Wojciech Wiewiórowski.
Read the Press Statement
The International Association of Privacy Professionals (IAPP) has honoured the European Data Protection Supervisor, Giovanni Buttarelli, with the 2019 Privacy Leadership Award.
The IAPP Privacy Leadership Award is given once per year to individuals who demonstrate an “ongoing commitment to furthering privacy policy, promoting recognition of privacy issues and advancing the growth and visibility of the privacy profession”.
Latest blogpost by Wojciech Wiewiórowski.
Latest blogpost by Giovanni Buttarelli
For more information and registrations click here.
The EDPS and ENISA organize the conference 'Towards accessing the risk in personal data breaches' in Brussels on the 4th of April 2019.
The conference aims to address the aspect of assessing the risk of personal data breaches under the General Data Protection Regulation (GDPR) - (EU) 2016/679 and the Regulation (EU) 2018/1725 for the processing of personal data by EU Institutions and bodies .
2018 was a busy year for the EDPS and a pivotal year for data protection in general. The 2018 Annual Report provides an insight into all EDPS activities in 2018, including our efforts to prepare for the new legislation. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever. Read the press release.
'Being a DPO in the public sector: the EU side of things' EDPS podcast.
EDPS stakeholders’ consultation on the draft version of the guidelines.
Follow online our conference on elections and online manipulation.
Twitter #Europevotes2019 #EUelections2019
We closed the public session of the International Conference of Data Protection and Privacy Commissioners in October 2018 with a promise to continue the discussion on digital ethics. With the launch of our new #DebatingEthics Conversations, a series of six interactive webinars that will then also be released as podcasts, we aim to provide an open platform for this urgent debate.
Each webinar will revolve around a specific theme and bring together different perspectives. Our provisional programme is as follows:
28 February 2019: #DebatingEthics 1 - Digital ethics and the law
30 April 2019: #DebatingEthics 2 - Digitalisation and the future of work
19 June 2019: #DebatingEthics 3 - The environmental impact of new technologies
4 September 2019: #DebatingEthics 4 - Growing up in the digital age
20 November 2019: #DebatingEthics 5 - Digital platforms and their impact on relationships
5 December 2019: #DebatingEthics 6 - Why #DebatingEthics? Revisited
Each webinar will be open for anyone to listen in and comment or ask questions at the end of the discussion. How can moral reasoning help us shape responsible technological development? Follow our updates here and on Twitter and join us in #DebatingEthics.
EPIC presented the 2019 International Privacy Champion Award to Giovanni Buttarelli, European Data Protection Supervisor. This prestigious prize is awarded every year to distinguished representatives in the field of the fundamental rights to privacy and data protection. The EPIC award was presented at CPDP conference in Brussels, Belgium on January 30, 2019.
The official report of the 40th edition of the International Conference of Data Protection and Privacy Commissioners.
On 28 January each year, member states of the Council of Europe and EU institutions celebrate Data Protection Day. It marks the anniversary of the Council of Europe’s data protection convention, known as “Convention 108”. It was the first binding international law concerning individuals’ rights to the protection of their personal data.
EDPS presents the Annual Management Plan 2019.
First Technology Monitoring report of the EDPS on smart glasses.
Registrations to the event on elections and online manipulation are now closed.
See the programme.
