Newsletter (108)

For just one day, get to know the European Data Protection Supervisor (EDPS) and the European Data Protection Board (EDPB). 

On 4 May 2024, come and see us at our stand in “Our Strong Digital Europe Village” to ask questions about our work and more. You will also have the opportunity to try out some of our Artificial Intelligence tools to understand the privacy challenges they may pose, and how the EDPS is tackling them. There will also be a chance to challenge yourself with our data protection quiz with prizes to win. 

We look forward to meeting you! 

All details can be found here.

Presenting his Annual Report 2023 on 9 April 2024, European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski emphasised his institution’s adaptability in the face of an evolving digital and regulatory landscape. 

Wojciech Wiewiórowski, EDPS, said: “The year 2023 has been one of adaptability in light of digital and regulatory advancements. More than ever, multilateral and cross-border collaboration have proved crucial to achieve and elevate data protection standards in the EU and beyond. As we move to 2024, coinciding with the EDPS’ 20th Anniversary, my institution’s role is to anticipate and prepare for the data protection challenges of the next two decades”. 

Amongst its activities in the areas of Supervision & Enforcement, Policy & Consultation and Technology & Privacy, the EDPS focused on: 

• steering the regulation of Artificial Intelligence 

• advocating for the safety of communications 

• addressing societal matters, in the Area of Freedom, Security and Justice 

• investing resources in technology monitory and innovation.

Continue to read Press Release.

Read the EDPS Annual Report and its Executive Summary.

Read the EDPS Supervisor’s speech before the European Parliament’s Committee Civil Liberties, Justice and Home Affairs.

We have launched a series called “20 Talks”, in which we invite influential personalities and leading voices from all around the world, with diverse backgrounds - from technology, academia, international organisations, activists - to discuss how privacy is shaping their respective fields of expertise. 

More 20 Talks episodes are coming to you in 2024; in the meantime you can catch up on: 

• our talk on fake identities in the digital world, fraud and online scams with Ayleen Charlotte, Scam Fighter Person of the year 2023 and Leading Voice in the Netflix Show, the Tinder Swindler. 

• our discussion on the evolution of African digital societies, and the current environment of national data protection laws in African jurisdictions with Towela Nyirenda Jere, Head of Infrastructure, Digitalisation and Energy Division at the African Union Development Agency.

• our conversation on international cooperation, Artificial Intelligence and digital humanism with Amandeep Singh Gill, UN Secretary General's Envoy on Technology. 

With our “20 Talks” diverse series, there is something for everyone. Find these talks and more episodes of our 20 Talks series on our EDPS 20th Anniversary Website. 

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.

The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA). In particular, the Commission has failed to provide appropriate safeguards to ensure that personal data transferred outside the EU/EEA are afforded an essentially equivalent level of protection as guaranteed in the EU/EEA. Furthermore, in its contract with Microsoft, the Commission did not sufficiently specify what types of personal data are to be collected and for which explicit and specified purposes when using Microsoft 365. The Commission’s infringements as data controller also relate to data processing, including transfers of personal data, carried out on its behalf.

The EDPS has therefore decided to order the Commission, effective on 9 December 2024, to suspend all data flows resulting from its use of Microsoft 365 to Microsoft and to its affiliates and sub-processors located in countries outside the EU/EEA not covered by an adequacy decision. The EDPS has also decided to order the Commission to bring the processing operations resulting from its use of Microsoft 365 into compliance with Regulation (EU) 2018/1725. The Commission must demonstrate compliance with both orders by 9 December 2024.

Continue to read Press Release.

Read Decision available here.

How do you want to follow the EDPS’ actions aimed at protecting your privacy and personal data? You decide! 

Want to grasp all the finer details of our work, our website includes our Opinions, Decisions, Investigations and other official documents with our legal analysis on the specific cases we encounter in our day-to-day work. 

Interested in receiving a monthly overview of our work, why not subscribe to our Newsletter? Each issue promises to give you a summary of our most relevant work in the areas of Supervision & Enforcement, Policy & Consultation, Technology & Privacy. From our inbox to yours, we condense our data protection and privacy news, so that you don’t miss the important information.

Looking for some interactive and behind-the-scenes content, you can follow us on our social media channels: X: @EU_EDPS, LinkedIn: EDPS, Youtube: European Data Protection Supervisor, Mastodon: EU Voice, Peertube: EU Video, Instagram: eu_edps.

On the move? Check out our podcast channel on Spotify at EDPS on Air, to grab your dose of the EDPS’ data protection news whilst on the go.