Today, the European Data Protection Supervisor (EDPS) published a report on the new processing operations, and on the IT tools that EU institutions, bodies, offices and agencies (EUIs) introduced to ensure business continuity during the COVID-19 pandemic and the compliance of these activities with Regulation (EU) 2018/1725.
The report is based on an earlier survey and comprises three parts: new processing operations implemented by EUIs; IT tools implemented or enhanced by EUIs to enable teleworking; and new processing operations implemented by EUIs in charge of tasks related to public health.
Wojciech Wiewiórowski, EDPS, said: “EUIs made substantial efforts to ensure that new processing operations introduced in response to the COVID-19 pandemic were compliant with the Regulation in very short timeframes. This report enables the EDPS to provide further guidance to EUIs with regard to data protection aspects that deserve closer consideration. I invite EUIs to reassess their existing processing operations put in place during the pandemic, with the report’s recommendations in mind. The report’s conclusions also have relevance given that COVID-19’s long-lasting legacy may have an impact on EUIs’ operations concerning teleworking and remote recruitment practices for example.”
The dynamic evolution of the COVID-19 pandemic means that EUIs must continually adapt their processes. The report aims to support them in what appears to be a long-lasting challenge, which will likely continue to have an impact even after the end of the pandemic.
The survey results will feed into updating existing EDPS guidelines, or contribute to the development of new guidelines, depending on the evolution of the pandemic and the new practices that will continue once it is over. The survey results will also inform the EDPS’ execution of audits and investigations under Article 58 of Regulation (EU) 2018/1725.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019
Personal data: see EDPS Glossary
Processing personal data: see EDPS Glossary
Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).