EDPS Annual Report 2019: new EU data protection rules must produce promised result

With new legislation on data protection in the EU now in place, our greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results, the European Data Protection Supervisor (EDPS) said today, as he published his 2019 Annual Report.

Wojciech Wiewiórowski, EDPS, said: “Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and we cannot allow this momentum to decline. With a new European Parliament and Commission now in place, developing an effective response to the challenges of the digital era is a top priority, and must include ensuring that new rules on ePrivacy remain firmly on the agenda. The EDPS intends to contribute fully to these efforts, while also ensuring that the EU institutions themselves maintain the highest standards of data protection practice.”

The Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future. Of particular note were EDPS efforts to ensure that new EU rules on data protection are put into practice.

As the data protection supervisory authority for the EU institutions and bodies, the EDPS has dedicated much time and effort to ensuring that the institutions are adequately equipped to implement the new rules, set out in Regulation 2018/1725. Over the course of 2019, this included conducting training sessions, issuing Guidelines and continuing to work closely with the Data Protection Officers (DPOs) of the EU institutions, among other activities. The EDPS also stepped up enforcement activities, launching several investigations into the processing of personal data by EU institutions. As well as holding the respective institutions accountable, these investigations have helped to increase cooperation and understanding between the EU institutions and the EDPS.

The EDPS also continued to work closely with the European Data Protection Board (EDPB) to both provide and support the EDPB secretariat and to contribute, as a member of the EDPB, to initiatives aimed at ensuring the consistent application of the General Data Protection Regulation (GDPR) across the EU. This included working with the EDPB to produce the first joint EDPS and EDPB Opinion and jointly issuing advice to the European Parliament.

In addition to this, a significant focus of EDPS work in 2019 was on developing and sharing technological expertise. Among other initiatives, the EDPS launched TechDispatch, a regular online publication providing information on new technologies and their data protection impact. The institution also developed and shared the Website Evidence Collector  (WEC), a tool that can be used to determine websites’ compliance with data protection rules.

The EDPS was expected to present the Annual Report to the European Parliament this week. However, the hearing was cancelled due to restrictions relating to the COVID-19 outbreak. Given that the situation is still evolving and the calendar of hearings at the European Parliament will be significantly disrupted, the EDPS made the decision to go ahead with the publication of the Annual Report, in order to provide a timely assessment of data protection in the EU institutions, bodies and agencies in 2019.

As we move into 2020, and the first year of a new mandate, the EDPS will continue to work with the EDPB, international organisations and others to ensure the success of EU and other efforts to advance the fundamental rights of individuals and to develop an effective response to the challenges of the digital era. In doing so, the EDPS will continue to honour and advance the work and vision of its late Supervisor, Giovanni Buttarelli, who sadly passed away in August 2019.