Press Releases

The EU Entry/Exit System (EES) entered into operation on 12 October 2025. The EES is a large scale IT system developed by the EU to prevent irregular migration and enhance security in the Schengen area. This automated system registers which travellers from third countries, with or without a visa, enter and exit the Schengen area. It records personal data from travel documents such as name, date of birth, and place of birth.

On 17 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on the negotiating mandate for a framework agreement between the European Union and the United States of America on the exchange of information for security screenings and identity verifications.

On 4 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on two Proposals: one to authorise the signing, on behalf of the European Union, of the United Nations Convention against Cybercrime, and the other to authorise the conclusion, on behalf of the European Union, of the same Convention.

Following enforcement proceedings by the European Data Protection Supervisor (EDPS), the European Commission has demonstrated compliance with Regulation (EU) 2018/1725 in relation to its use of Microsoft 365 as examined by the EDPS. This follows the EDPS’ Decision of 8 March 2024, which identified a number of infringements and imposed corrective measures on the Commission.

Brussels, 9 July 2025 - The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued today a Joint Opinion on the European Commission’s Proposal for a Regulation amending certain regulations, including the GDPR.

The EDPS published on 28 May 2025 an Opinion on the Proposal for a Regulation establishing a common system for the return of third-country nationals staying illegally in the EU.

The EDPS recently published its Guidance for co-legislators, on key elements to consider when drafting legislative proposals and other acts that imply the processing of individuals’ personal data. With the Guidance published recently, the EDPS provides practical guidance for the EU co-legislators to uphold the highest standard of the fundamental rights to privacy and data protection. The EDPS will continue to provide its recommendations to EU co-legislators where there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data.

The EDPS presented its Annual Report 2024 today, concluding its 2020 - 2024 Mandate focusing on shaping a safer digital future, and marking the institution’s two-decades of protecting people’s privacy and personal data.

Demonstrating our commitment to the consistent application and enforcement of data protection across the EU institutions (EUIs) and the EU as a whole, the EDPS is participating in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on the right to erasure of personal data.

The European Data Protection Supervisor (EDPS) has released today its findings on the enforcement of individuals’ right of access to their personal data when processed by EU institutions, bodies, offices, and agencies (EUIs). These findings are part of the European Data Protection Board’s (EDPB) broader Coordinated Enforcement Action initiated in February 2024.

The EDPS reprimands Frontex, the European Border and Coast Guard Agency, for not complying with Regulation (EU) 2019/1896 (Frontex Regulation), when transmitting personal data of suspects of cross-border crimes to Europol, the EU’s agency for law enforcement cooperation.

The European Data Protection Supervisor (EDPS) is examining the European Commission’s compliance with its decision of 8 March 2024 regarding the use of Microsoft 365.

Under the decision, the European Commission had until yesterday, 9 December 2024, to demonstrate compliance with EDPS orders. On 6 December 2024, the Commission submitted to the EDPS a report on compliance with the EDPS decision of 8 March 2024.

From 9 to 11 October 2024, the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski participated in the 4th edition of the G7 Data Protection Authorities (DPA) Roundtable in Rome, Italy. This annual event, hosted by the Italian Data Protection Authority, brought together privacy and data protection regulators from Canada, France, Germany, Japan, the United Kingdom, the United States, the European Data Protection Board (EDPB) and the EDPS.

The EDPS has published today its Model Administrative Arrangement (Model) for transfers of personal data from EU institutions, bodies, offices and agencies (EUIs) to International Organisations.

The EDPS has published today its guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.

Two years ago, the EDPS embarked on a pioneering journey to launch two social media platforms, EU Voice and EU Video. The pilot project has proved successful in delivering alternative, privacy-friendly and user-focused social media platforms. It is time to review the results.

Presenting his Annual Report 2023 today, European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski emphasised his institution’s adaptability in the face of an evolving digital and regulatory landscape. 

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.

The European Data Protection Supervisor (EDPS) has supported the objective of elaborating the first legally binding international instrument on artificial intelligence (AI) on the basis of the Council of Europe’s standards on human rights, democracy and the rule of law.

The EDPS is participating in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on how individuals’ right of access is addressed specifically in the EU institutions, bodies, offices and agencies (EUIs), alongside the other 27 Data Protection Authorities (DPAs) across the European Economic Area (EEA).