European Data Protection Supervisor
European Data Protection Supervisor

Search

Search

Publication Management of incident or technical fault reports - EP

Thursday, 24 July, 2014
24
Jul
2014

Letter on the notification for prior-checking concerning "Management of incident or technical fault reports" within the European Parliament (Case 2014-0643)

Publication The use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras - ECB

Monday, 1 February, 2016
1
Feb
2016

Prior-checking Opinion regarding the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (case 2015-0938)

This case marks the first prior-checking Opinion involving the assessment of a data protection impact assessment (DPIA).

The Opinion regards the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (ECB). Under the EDPS Video-surveillance Guidelines such "high-tech video-surveillance tools" are subject to prior checking and permissible only subject to a DPIA. The DPIA conducted by the ECB allowed the EDPS to assess the permissibility of the technique used by the ECB.

The EDPS concluded that, because of the comprehensiveness of the information provided in the notification, of the outcome of the assessment and of the circumstances driving the ECB to apply these measures, operations may start before certain additionally recommended data protection safeguards have been implemented.

Publication Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies

Tuesday, 16 July, 2019
16
Jul
2019

Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).

A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.

SummaryPDF icon
Part I: Records and threshold assessmentPDF icon
Part II: DPIAs and prior consultationPDF icon

Publication Factsheet 3 - Supervising EU institutions and bodies & enforcing data protection principles

Monday, 11 November, 2013
11
Nov
2013

/file/factsheet3png_enfactsheet_3.png

When EU institutions and bodies process personal data, they must comply with the principle of accountability and the obligations set out in the EU Data Protection Regulation 45/2001. EDPS Factsheet 3 provides information on how the EDPS works with the EU insitutions to ensure they achieve compliance.

Press Release Rebuilding trust in financial services markets: 10 steps for responsible handling of personal information

25/11/2014
25
Nov
2014

Data protection can support the European economy, said the European Data Protection Supervisor (EDPS) today, following the publication of his Guidelines on data protection in EU financial services regulation.

Publication Data Protection Impact Assessment List

Wednesday, 17 July, 2019
17
Jul
2019

Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. For further information on how to use this list, please see the Accountability on the ground toolkit.

Press Release EDPS launches first Annual Report of new data protection era

26/02/2019
26
Feb
2019

2018 was a busy year for the EDPS and a pivotal year for data protection in general. Under new data protection rules, the rights of every individual living in the EU are now better protected than ever, the European Data Protection Supervisor (EDPS) said today, as he presented his 2018 Annual Report to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

Press Release Data Protection and Privacy in 2018: Going beyond the GDPR

20/03/2018
20
Mar
2018

2018 will be a landmark year for data protection. As co-host of the 2018 International Conference of Data Protection and Privacy Commissioners (ICDPPC) and a key player in the reform and implementation of the new EU data protection framework, the EDPS will remain at the forefront of the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today, as he presented his 2017 Annual Report to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

Publication Consultations in the field of Supervision and Enforcement

Friday, 23 November, 2012
23
Nov
2012

Policy on Consultations in the field of Supervision and Enforcement

Publication Put data protection accountability into practice

Monday, 15 May, 2017
15
May
2017

Hitting the ground running: How regulators and businesses can really put data protection accountability into practice, keynote speech by Giovanni Buttarelli at European Data Protection Days (EDPD) Conference, Berlin

Publication 2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report

Thursday, 4 May, 2017
4
May
2017

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

Full text of the Annual Report:PDF icon
E-book (e-pub):File

Publication Leading by Example: EDPS 2015-2019

Tuesday, 3 December, 2019
3
Dec
2019

This report provides an overview of the activities carried out by the EDPS from 2015-2019. In particular, it focuses on how the EDPS has worked towards implementing the objectives set out in the EDPS Strategy 2015-2019, which relate to digitisation, global partnerships and the modernisation of data protection. This involved not only contributing historical pieces of legislation, such as the General Data Protection Regulation and Regulation 2018/1725, but also bringing the concepts of ethics and accountability to the forefront of data protection discourse and application.

 

 

 

 

HTML:    DE   EN   FR 

HTML (Summary):    DE    EN    FR

Full text of Leading by Example: EDPS 2015-2019:PDF icon
Summary (PDF):PDF icon

Publication The accountability principle in the new GDPR

Friday, 30 September, 2016
30
Sep
2016

Speech by Giovanni Buttarelli given at the European Court of Justice, Luxembourg

Publication Consumer Protection Cooperation System ("CPCS")

Thursday, 5 May, 2011
5
May
2011

Opinion on the Consumer Protection Cooperation System ("CPCS") and on Commission Recommendation 2011/136/EU on guidelines for the implementation of data protection rules in the CPCS, OJ C 217/06, 23.07.2011, p.18

Publication Energy market integrity and transparency

Tuesday, 21 June, 2011
21
Jun
2011

Opinion on the Proposal for a Regulation of the European Parliament and of the Council on energy market integrity and transparency, OJ C 279/03, 23.09.2011, p.20

The main aim of the Proposal is to prevent market manipulation and insider trading on wholesale energy (gas and electricity) markets. The Proposal contains several provisions relevant to the protection of personal data, including those on market monitoring and reporting and investigation and enforcement. The EDPS recommendations included the following:

The Proposal should clarify whether any personal data may be processed in the context of market monitoring and reporting and which safeguards will apply. If, in contrast, no processing of personal data is expected (or such processing would only be exceptional and would be restricted to rare cases, where a wholesale energy trader might be an individual rather than a legal entity), this should be clearly set forth in the Proposal, at least in a recital.

Provisions on data protection, data security and accountability should be clarified and further strengthened, especially if the processing of personal data would play a more structural role. The Commission should ensure that adequate controls are in place to ensure data protection compliance and provide evidence thereof ("accountability").

The Proposal should clarify whether on-site inspections would be limited to a business property (premises and vehicles) of a market participant or also apply to private properties (premises or vehicles) of individuals. In the latter case, the necessity and proportionality of this power should be clearly justified and a judicial warrant and additional safeguards should be required. This should be clearly foreseen in the proposed Regulation.

The scope of the powers to require "existing telephone and existing data traffic records" should be clarified. The Proposal should unambiguously specify what records can be required and from whom. The fact that no data can be required from providers of publicly available electronic communications services should be explicitly mentioned in the text of the proposed Regulation, at least in a recital. The Proposal should also clarify whether the authorities may also require private records of individuals, such as employees or executives of the market participant under investigation (e.g. text messages sent from personal mobile devices or browsing history of home internet use). If this would be the case, the necessity and proportionality of this power should be clearly justified and the Proposal should also require a warrant from a judicial authority.

With regard to reporting of suspected market abuse, the Proposal should explicitly provide that any personal data contained in these reports should only be used for purposes of investigating the suspected market abuse reported. Unless a suspected market abuse has led to a specific investigation and the investigation is still on-going (or a suspicion has proved to be well-founded and has led to a successful investigation), all personal data related to the reported suspected market abuse should be deleted from the records of all recipients after the lapse of a specified period (unless otherwise justified, at the latest two years following the date of report). In addition, parties to an information exchange should also send each other an update in case a suspicion proves to be unfounded and/or an investigation has been closed without taking further action.

Publication EDPS recommendations on the EU’s options for data protection reform

Monday, 27 July, 2015
27
Jul
2015

Europe’s big opportunity, EDPS recommendations on the EU’s options for data protection reform

Annex: Comparative table of GDPR texts with EDPS recommendationsPDF icon

Publication Comprehensive approach on personal data protection in the European Union

Friday, 14 January, 2011
14
Jan
2011

Opinion on the Communication from the Commission on "A comprehensive approach on personal data protection in the European Union", OJ C 181/01, 22.06.2011, p.1

See also the text of the Communication from the Commission to the European Parliament, the Council, the Economic and Social Committee and the Committee of the Regions - "A comprehensive approach on personal data protection in the European Union".