European Data Protection Supervisor
European Data Protection Supervisor



Press Release "Smart, sustainable, inclusive Europe": only with stronger and more effective data protection


The lobbying surrounding the current review of the EU data protection law by organisations both from Europe and elsewhere has been exceptional.

Publication Ex-ante product quality audits - EUIPO

Wednesday, 15 February, 2017

Prior checking Opinion concerning ex-ante product quality audits (Case 2016-0477)

Organisations such as EUIPO ensure the quality of their output in different ways. One such way is checking the quality of decisions before it leaves the organization (ex-ante), recording the error rate and trends in the type and category of errors - and using a database to record this monitoring process.
As staff members remain identifiable in the process and are given feedback at individual level on the basis of this processing operation, this might lead to implications for their performance evaluation(on such processing operations, see EDPS Guidelines in the area of staff evaluation ). This is why the organization needs to comprehensively inform those concerned, grant all data subjects’ rights and ensure the accuracy of the data processed.

Publication Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Tuesday, 16 July, 2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon

Press Release Smart borders: key proposal is costly, unproven and intrusive


There is no clear evidence that the Commission Proposals to create a smart border system for the external borders of the EU will fulfil the aims that it has set out, said the European Data Protection Supervisor (EDPS) today.

Press Release Credible cyber security strategy in the EU needs to be built on privacy and trust


Cyber security is not an excuse for the unlimited monitoring and analysis of the personal information of individuals, said the European Data Protection Supervisor (EDPS) today following the publication of his opinion on the EU's strategy on cyber security.

Publication Turbine (TrUsted Revocable Biometric IdeNtitiEs)

Tuesday, 1 February, 2011

Opinion on a research project funded by the European Union under the Seventh Framework Programme (FP7) for Research and Technology Development - Turbine (TrUsted Revocable Biometric IdeNtitiEs)

Publication Leading by Example: EDPS 2015-2019

Tuesday, 3 December, 2019

This report provides an overview of the activities carried out by the EDPS from 2015-2019. In particular, it focuses on how the EDPS has worked towards implementing the objectives set out in the EDPS Strategy 2015-2019, which relate to digitisation, global partnerships and the modernisation of data protection. This involved not only contributing historical pieces of legislation, such as the General Data Protection Regulation and Regulation 2018/1725, but also bringing the concepts of ethics and accountability to the forefront of data protection discourse and application.





HTML:    DE   EN   FR 

HTML (Summary):    DE    EN    FR

Full text of Leading by Example: EDPS 2015-2019:PDF icon
Summary (PDF):PDF icon

Publication 2018 Annual Report - a new era in data protection

Tuesday, 26 February, 2019

2018 was a busy year for the EDPS and a pivotal year for data protection in general. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever. Public awareness about the value of online privacy is at an all-time high.

The 2018 Annual Report provides an insight into all EDPS activities in 2018. Chief among these were our efforts to prepare for the new legislation. The General Data Protection Regulation (GDPR) became fully applicable across the EU on 25 May 2018 and new data protection rules for the EU institutions are also now in place. Working with the new European Data Protection Board (EDPB), the EDPS aims to ensure consistent protection of individuals’ rights, wherever they live in the EU.

Full text of Annual Report (HTML):     EN

Summary (HTML):     DE     EN     FR

Full text of Annual Report (PDF):PDF icon

Publication Alternative and Online Dispute Resolution for consumer disputes

Thursday, 12 January, 2012

Opinion on the legislative Proposals on Alternative and Online Dispute Resolution for consumer disputes, OJ C 136/01, 11.05.2012, p1

Publication Consumer Protection Cooperation System ("CPCS")

Thursday, 5 May, 2011

Opinion on the Consumer Protection Cooperation System ("CPCS") and on Commission Recommendation 2011/136/EU on guidelines for the implementation of data protection rules in the CPCS, OJ C 217/06, 23.07.2011, p.18

Publication The Digital Agenda for Europe

Wednesday, 10 April, 2013

Opinion on the Communication from the Commission on 'The Digital Agenda for Europe - Driving European growth digitally'

Publication 2019 Annual Report - a year of transition

Wednesday, 18 March, 2020

2019 could be described as a year of transition, across Europe and the world.  With new legislation on data protection in the EU now in place, the greatest challenge moving into 2020 and beyond is to ensure that this legislation produces the promised results. Awareness of the issues surrounding data protection and privacy, and the importance of protecting these fundamental rights, is at an all-time high and this momentum cannot be allowed to decline.

This Annual Report provides an insight into all EDPS activities in 2019, which was the last year of a five-year EDPS mandate. EDPS activities therefore focused on consolidating the achievements of previous years, assessing the progress made and starting to define priorities for the future.

HTML version: EN

Summary (HTML): EN - FR - DE

Full text of Annual Report (PDF):PDF icon

Publication EU Data Protection Law - Current State and Future Perspectives

Wednesday, 9 January, 2013

Speech of Peter Hustinx given at the High Level Conference: "Ethical Dimensions of Data Protection and Privacy", Centre for Ethics, University of Tartu / Data Protection Inspectorate, Tallinn

Publication European e-Justice Strategy

Friday, 19 December, 2008

Opinion on the Communication from the Commission towards a European e-Justice Stragegy, OJ C 28, 06.06.2009, p. 13

The Communication aims to propose an e-Justice Strategy that intends to increase citizens' confidence in the European area of Justice. E-Justice's primary objective should be to help justice to be administered more effectively throughout Europe, for the benefit of the citizens. The EU's action should enable citizens to access information without being hindered by the linguistic, cultural and legal barriers stemming from the multiplicity of systems. A draft action plan and timetable for the various projects are annexed to the Communication.

E-Justice has a very wide-ranging scope, including in general the use of ICT in the administration of justice within the European Union. This covers a number of issues like projects providing litigants with information in a more effective way. This includes online information on judicial systems, legislation and case law, electronic communication systems linking litigants and the courts and the establishment of fully electronic procedures. It covers also European projects like the use of electronic tools to record hearings and projects involving information exchange or interconnection.

The EDPS supports the present proposal to establish e-Justice and recommends taking into account the observations made in his opinion, which includes:

  • Taking into account the recent Framework decision on the protection of personal data in the field of police and judicial cooperation in criminal matters - including its shortcomings - not only when implementing the measures envisaged in the Communication, but also with a view to starting as soon as possible the reflections on further improvements of the legal framework for data protection in law enforcement;
  • Including administrative procedures in e-Justice. As part of this new element, e-Justice projects should be initiated to enhance the visibility of data protection rules as well as national data protection authorities, in particular in relation to the kinds of data processed in the framework of e-Justice projects;
  • Maintaining a preference for decentralized architectures;
  • Ensuring that the interconnection and interoperability of systems duly takes into account the purpose limitation principle;
  • Allocating clear responsibilities to all actors processing personal data within the envisaged systems and providing mechanisms of effective coordination between data protection authorities;
  • Ensuring that processing of personal data for purposes other than those for which they were collected should respect the specific conditions laid down by the applicable data protection legislation;
  • Clearly defining and circumscribing the use of automatic translations, so as to favour mutual understanding of criminal offences without affecting the quality of the information transmitted;
  • Clarifying Commission responsibility for common infrastructures, such as the s-TESTA;
  • With regard to the use of new technologies, ensuring that data protection issues are taken into account at the earliest possible stage ("privacy-by-design") as well as fostering technology tools allowing citizens to be in better control of their personal data even when they move between different Member States.

Publication EU-wide real-time traffic information services

Wednesday, 12 March, 2014

Letter regarding the Public consultation on the provision of EU-wide real-time traffic information services under Directive 2010/40/EU

Annex 2 - EDPS Formal comments on the Commission Delegated Regulations supplementing Directive 2010/40/EU of the European Parliament and the Council with regard to "Data and procedures for the provision, where possible, of road safety related minimum universal traffic information free of charge to users" and "Provision of information services for safe and secure parking places for trucks and commercial vehicles"

Annex 1 - EDPS Opinion of 22 July 2009 on Intelligent Transport SystemsPDF icon
Annex 2 - EDPS Formal comments of 13 June 2013PDF icon

Publication Intelligent Transport Systems

Wednesday, 22 July, 2009

Opinion on the Communication from the Commission on an Action Plan for the Deployment of Intelligent Transport Systems in Europe and the accompanying Proposal for a Directive of the European Parliament and of the Council laying down the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other transport modes, OJ C 47, 25.02.2010, p. 6

The EDPS has adopted an opinion on the European Commission's proposed deployment plan for intelligent transport systems (ITS) in Europe that was adopted in December 2008 to accelerate and coordinate their deployment in road transport and their connection with other modes of transport. The deployment of ITS  has considerable privacy implications, for instance because these systems make it possible to track a vehicle and to collect a wide variety of data relating to European road users' driving habits.

The EDPS notes that data protection has been taken into consideration in the proposed legal framework and that it is also put forward as a general condition for the proper deployment of ITS. He however underlines that the Commission's proposal is too broad and too general to adequately address the privacy and data protection concerns raised by ITS deployment in the Member States. In particular, it is not clear when the performance of ITS services will lead to the collection and processing of personal data, what are the purposes and modalities for which data processing may take place, or who will be responsible for compliance with data protection obligations.

The EDPS opinion includes the following main recommendations:

  • clarification of responsibilities: it is crucial to clarify the roles of the different actors involved in ITS in order to identify who will bear the responsibility of ensuring that systems work properly from a data protection perspective (who is the data controller?);
  • safeguards for the use of location technologies: appropriate safeguards should be implemented by data controllers providing ITS services so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose, and ensuring  that location data are not disclosed to unauthorized recipients;
  • "privacy by design" approach: the EDPS recommends to consider privacy and data protection from an early stage of the design of ITS to define the architecture, operation and management of the systems. Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems.

Background information
ITS apply information and communication technologies (satellite, computer, telephone, etc.) to transport infrastructure and vehicles with the intention to make transport safer and cleaner and to reduce traffic congestion. ITS applications and services are based on the collection, processing and exchange of a wide variety of data, both from public and private sources, including information on traffic and accidents but also personal data, such as the driving habits and journey patterns of citizens. Their deployment will also rely to a large extent on the use of geolocalisation technologies, such as satellite-positioning and RFID tags. As such, ITS constitute a "data-intensive area" and raise a number of privacy and data protection issues that should be carefully addressed in order to ensure the workability of ITS across Europe.