Press Releases

Following enforcement proceedings by the European Data Protection Supervisor (EDPS), the European Commission has demonstrated compliance with Regulation (EU) 2018/1725 in relation to its use of Microsoft 365 as examined by the EDPS. This follows the EDPS’ Decision of 8 March 2024, which identified a number of infringements and imposed corrective measures on the Commission.

Brussels, 9 July 2025 - The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued today a Joint Opinion on the European Commission’s Proposal for a Regulation amending certain regulations, including the GDPR.

The EDPS published on 28 May 2025 an Opinion on the Proposal for a Regulation establishing a common system for the return of third-country nationals staying illegally in the EU.

The EDPS recently published its Guidance for co-legislators, on key elements to consider when drafting legislative proposals and other acts that imply the processing of individuals’ personal data. With the Guidance published recently, the EDPS provides practical guidance for the EU co-legislators to uphold the highest standard of the fundamental rights to privacy and data protection. The EDPS will continue to provide its recommendations to EU co-legislators where there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data.

The EDPS presented its Annual Report 2024 today, concluding its 2020 - 2024 Mandate focusing on shaping a safer digital future, and marking the institution’s two-decades of protecting people’s privacy and personal data.

Demonstrating our commitment to the consistent application and enforcement of data protection across the EU institutions (EUIs) and the EU as a whole, the EDPS is participating in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on the right to erasure of personal data.

The European Data Protection Supervisor (EDPS) has released today its findings on the enforcement of individuals’ right of access to their personal data when processed by EU institutions, bodies, offices, and agencies (EUIs). These findings are part of the European Data Protection Board’s (EDPB) broader Coordinated Enforcement Action initiated in February 2024.

The EDPS reprimands Frontex, the European Border and Coast Guard Agency, for not complying with Regulation (EU) 2019/1896 (Frontex Regulation), when transmitting personal data of suspects of cross-border crimes to Europol, the EU’s agency for law enforcement cooperation.

The European Data Protection Supervisor (EDPS) is examining the European Commission’s compliance with its decision of 8 March 2024 regarding the use of Microsoft 365.

Under the decision, the European Commission had until yesterday, 9 December 2024, to demonstrate compliance with EDPS orders. On 6 December 2024, the Commission submitted to the EDPS a report on compliance with the EDPS decision of 8 March 2024.

From 9 to 11 October 2024, the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski participated in the 4th edition of the G7 Data Protection Authorities (DPA) Roundtable in Rome, Italy. This annual event, hosted by the Italian Data Protection Authority, brought together privacy and data protection regulators from Canada, France, Germany, Japan, the United Kingdom, the United States, the European Data Protection Board (EDPB) and the EDPS.

The EDPS has published today its Model Administrative Arrangement (Model) for transfers of personal data from EU institutions, bodies, offices and agencies (EUIs) to International Organisations.

The EDPS has published today its guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.

Two years ago, the EDPS embarked on a pioneering journey to launch two social media platforms, EU Voice and EU Video. The pilot project has proved successful in delivering alternative, privacy-friendly and user-focused social media platforms. It is time to review the results.

Presenting his Annual Report 2023 today, European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski emphasised his institution’s adaptability in the face of an evolving digital and regulatory landscape. 

The European Data Protection Supervisor (EDPS) has supported the objective of elaborating the first legally binding international instrument on artificial intelligence (AI) on the basis of the Council of Europe’s standards on human rights, democracy and the rule of law.

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.

The EDPS is participating in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on how individuals’ right of access is addressed specifically in the EU institutions, bodies, offices and agencies (EUIs), alongside the other 27 Data Protection Authorities (DPAs) across the European Economic Area (EEA).

The EDPS has issued an Opinion on the proposed Regulation to extend the temporary derogation from certain provisions of the ePrivacy Directive to combat child sexual abuse online.

The EDPS published on 23 January 2024 an Opinion on a Regulation to enhance police cooperation to prevent, detect, and investigate the smuggling of migrants and the trafficking of human beings, and to reinforce the role of the EU Agency for Law Enforcement Cooperation (Europol) in preventing and combating these crimes.

The EDPS publishes today the results of its survey on the role, responsibilities and tasks of data protection officers in the EU institutions, bodies, offices and agencies (EUIs). The outcome of the survey demonstrates a high level of awareness and compliance of EUIs with data protection officers’ advice.