EDPS statement on EPPO becoming operational
Today marks another important date for Europe – the day the European Public Prosecutor's Office (EPPO) becomes operational.
For the first time in EU history, an independent European body is given the power to investigate and prosecute criminal offences against the European Union's financial interests. This is undoubtedly an important and difficult task, which also brings new challenges for the EDPS’ supervision activities.
In the past months, the EDPS has been working closely and constructively with EPPO to safeguard the fundamental rights of individuals when processing their data. As a supervisory authority, the EDPS has done and continues to do its best to help EPPO integrate the data protection rules into its procedures and IT systems.
The EDPS is aware that the complexity of EPPO's legal landscape will represent continuous challenges. The body's multi-layered structure and the interplay between the EPPO Regulation and national provisions implementing the law enforcement directive will require coordination between the EDPS and the national data protection authorities.
We wish EPPO all the best and will continue to support this new European body in fulfilling its data protection obligations.
Background information
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019.
About the European Public Prosecution’s Office (EPPO): The European Public Prosecutor’s Office (EPPO) is the EU’s first independent prosecution office, with the power to investigate, prosecute and bring to judgement large-scale, cross-border crimes against the EU budget, such as fraud and corruption. According to Article 85 of the Regulation (EU) 2017/1939, the EDPS supervises the operational activities of EPPO. More information can be found here.
Processing of personal data: According to Article 3(3) of Regulation (EU) 2018/1725, processing of personal data refers to “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. See the glossary on the EDPS website.
Personal data: any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, video footage, email addresses and telephone numbers. Other details, such as IP addresses and communications content - related to or provided by end-users of communications services - are also considered as personal data.
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).