EDPS takes on new supervisory role at Eurojust
A new supervisory framework for the processing of personal data at the EU Agency for Criminal Justice Cooperation (Eurojust) comes into force today. Under the new rules, the European Data Protection Supervisor (EDPS) takes over responsibility for monitoring Eurojust’s compliance with the applicable EU rules on data protection.
Eurojust is responsible for supporting and improving coordination and cooperation between the competent judicial authorities in the EU Member States on matters relating to serious organised crime. With public security certain to remain an important policy concern for the EU over the coming years, newly-appointed EDPS Wojciech Wiewiórowski is determined to ensure that the EU is able to achieve increased security without applying any undue restriction to individual data protection rights.
Wojciech Wiewiórowski, European Data Protection Supervisor, said: “Ensuring a secure and open Europe requires increased operational effectiveness, but it also requires a commitment to protecting the fundamental rights and freedoms of individuals, including the rights to data protection and privacy. Under the new rules, it will be the job of the EDPS to ensure that Eurojust is able to perform its role as a law enforcement body as efficiently as possible, while demonstrating full respect for EU data protection law. After a year of intense preparation, including close cooperation with our colleagues at Eurojust, I am confident that the EDPS is prepared to perform this role.”
The Eurojust Regulation, which comes into force today, applies to the processing of personal data for operational activities at Eurojust. It complements the rules set out in Chapter IX of Regulation 2018/1725, which apply to the processing of operational personal data in the EU’s law enforcement agencies more generally. As is the case for any other EU institution or body, the EDPS is also responsible for supervising the processing of personal data for administrative activities at Eurojust, under the rules for data protection in the EU institutions set out in Regulation 2018/1725.
Under the Eurojust Regulation, the EDPS takes on full responsibility for overseeing data protection compliance at Eurojust. This role will include investigating complaints, conducting inquiries, advising Eurojust on all matters concerning the processing of operational personal data and ensuring that the provisions of the Eurojust Regulation and Regulation 2018/1725 are applied and respected. In order to perform the role effectively, the new rules grant the EDPS certain powers. These range from referring a matter to Eurojust in the event of an alleged breach of the rules, to issuing Eurojust with an order to rectify, restrict or erase operational personal data, or even refering the matter to the EU Court of Justice.
This new role comes two-and-a-half years after the EDPS took on responsibility for supervising the processing of operational personal data at Europol, the EU body responsible for cooperating with the law enforcement authorities of the EU Member States to combat serious crime and terrorism. The experience gained through working with Europol has undoubtedly helped to prepare the EDPS for his new role at Eurojust and will also serve him well as he prepares to take on a similar role at the European Public Prosecutor’s Office (EPPO) in the coming months.
For new EDPS Wojciech Wiewiórowski, who took up his position at the head of the institution less than a week ago, this is the first of many new challenges he and his institution are likely to face over the coming five years. He looks forward to developing a constructive relationship with Eurojust, with the common goal of preserving a secure and open Europe.
Background information
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in the new Regulation (EU) 2018/1725. These rules replace those set out in Regulation (EC) No 45/2001. The EDPS is an increasingly influential independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.
Personal information or data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Processing of personal data: According to Article 4(1) of Regulation (EU) No 679/2016, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.” See the glossary on the EDPS website.