New Regulation on European Union Agency for Asylum (EUAA) will strengthen personal data protection of asylum seekers


New Regulation on European Union Agency for Asylum (EUAA) will strengthen personal data protection of asylum seekers

Today marks the entry into force of Regulation 2021/2303, establishing a European Union Agency for Asylum (EUAA) to replace and succeed to the European Asylum Support Office (EASO), and transform it into a fully-fledged asylum agency.

Regulation 2021/2303, which forms part of the 2016 package to reform the Common European Asylum System (CEAS), grants the EUAA new powers to improve the implementation and functioning of the CEAS by strengthening practical cooperation and information exchange among Member States. In particular, it provides for the deployment of EUAA liaison officers in Member States and third countries; creates a reserve pool of 500 Member State experts to ensure availability for asylum support teams; and provides for enhanced information analysis and dispersion on the situation of asylum, including on country of origin and safe country concepts.

The EDPS welcomes the entry into force of Regulation 2021/2303, as it places a stronger emphasis on data protection in the field of asylum when compared to the previous Regulation 439/2010. Given the importance of protection of personal data when dealing with the most vulnerable in society, the new Regulation includes a dedicated chapter on data protection, outlining the purposes for which personal data can be processed and emphasising the principle of proportionality in data processing. The EDPS also applauds the mandatory inclusion of data protection aspects into the training offered by the Agency, as part of the European Asylum Curriculum. Through this curriculum, the practical application of data protection in asylum matters may be further harmonised across the European Union, benefitting practitioners and seekers of international protection.

The EDPS expects the EUAA to fully apply and respect these rules as from the date of their application and will continue to monitor their implementation.

Background information:

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.

The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.

Wojciech Wiewiórowski (EDPS), was appointed by a joint decision of the European Parliament and the Council on to serve a five-year term, beginning on 6 December 2019

About the European Asylum Support Office (EASO): EASO was initially established by Regulation (EU) No 439/2010 to improve the implementation of the CEAS, strengthen practical cooperation among Member States on asylum and provide and/or coordinate the provision of operational support to Member States subject to particular pressure on their asylum and reception systems.

About the Common European Asylum System (CEAS): The CEAS sets out common standards and co-operation to ensure that asylum seekers are treated equally in an open and fair system. Aside from the EUAA Regulation, CEAS is governed by five legislative instruments: the Asylum Procedures Directive, the Reception Conditions Directive, the Qualification Directive, the Dublin Regulation, and the EURODAC Regulation.

Personal data: see EDPS Glossary

Processing personal data: see EDPS Glossary

Privacy: the right of an individual to be left alone and in control of information about his or herself. The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).


Available languages: English