European Data Protection Supervisor
European Data Protection Supervisor



Publication European e-Justice Strategy

Friday, 19 December, 2008

Opinion on the Communication from the Commission towards a European e-Justice Stragegy, OJ C 28, 06.06.2009, p. 13

The Communication aims to propose an e-Justice Strategy that intends to increase citizens' confidence in the European area of Justice. E-Justice's primary objective should be to help justice to be administered more effectively throughout Europe, for the benefit of the citizens. The EU's action should enable citizens to access information without being hindered by the linguistic, cultural and legal barriers stemming from the multiplicity of systems. A draft action plan and timetable for the various projects are annexed to the Communication.

E-Justice has a very wide-ranging scope, including in general the use of ICT in the administration of justice within the European Union. This covers a number of issues like projects providing litigants with information in a more effective way. This includes online information on judicial systems, legislation and case law, electronic communication systems linking litigants and the courts and the establishment of fully electronic procedures. It covers also European projects like the use of electronic tools to record hearings and projects involving information exchange or interconnection.

The EDPS supports the present proposal to establish e-Justice and recommends taking into account the observations made in his opinion, which includes:

  • Taking into account the recent Framework decision on the protection of personal data in the field of police and judicial cooperation in criminal matters - including its shortcomings - not only when implementing the measures envisaged in the Communication, but also with a view to starting as soon as possible the reflections on further improvements of the legal framework for data protection in law enforcement;
  • Including administrative procedures in e-Justice. As part of this new element, e-Justice projects should be initiated to enhance the visibility of data protection rules as well as national data protection authorities, in particular in relation to the kinds of data processed in the framework of e-Justice projects;
  • Maintaining a preference for decentralized architectures;
  • Ensuring that the interconnection and interoperability of systems duly takes into account the purpose limitation principle;
  • Allocating clear responsibilities to all actors processing personal data within the envisaged systems and providing mechanisms of effective coordination between data protection authorities;
  • Ensuring that processing of personal data for purposes other than those for which they were collected should respect the specific conditions laid down by the applicable data protection legislation;
  • Clearly defining and circumscribing the use of automatic translations, so as to favour mutual understanding of criminal offences without affecting the quality of the information transmitted;
  • Clarifying Commission responsibility for common infrastructures, such as the s-TESTA;
  • With regard to the use of new technologies, ensuring that data protection issues are taken into account at the earliest possible stage ("privacy-by-design") as well as fostering technology tools allowing citizens to be in better control of their personal data even when they move between different Member States.

Publication Technical requirements for credit transfers and direct debits in euros

Thursday, 23 June, 2011

Opinion on the Proposal for a Regulation of the European Parliament and of the Council establishing technical requirements for credit transfers and direct debits in euros and amending Regulation (EC) No 924/2009, OJ C 284/01, 28.09.2011, p.1

Publication Combatting VAT Fraud

Friday, 15 March, 2019

EDPS Opinion on two legislative Proposals relating to combatting VAT Fraud.

Publication EU-Japan Passenger Name Record Data Agreement

Friday, 25 October, 2019

Opinion on the negotiating mandate of an Agreement between the EU and Japan for the transfer and use of Passenger Name Record data

Publication Use of information technology for customs purposes

Wednesday, 22 April, 2009

Opinion on the Initiative of the French Republic for a Council Decision on the use of information technology for customs purposes, OJ C 229, 23.09.2009, p. 12

Given his current role as the supervisory authority for the central part of the First Pillar part of the CIS, the EDPS is particularly interested in the Initiative and the new developments in the Council relating to its content.The EDPS emphasises the need for ensuring a coherent and comprehensive approach to align the First and Third Pillar parts of the system.

The EDPS notes that the Proposal involves various aspects relating to fundamental rights, in particular the protection of personal data as well as the right to information and other data subject's rights.

The EDPS is particularly interested in the new developments concerning the Third Pillar part of the CIS, given that he already exercises supervisory tasks over the central part of the First Pillar part, in accordance with the new Regulation 766/2008 amending Council Regulation 515/97 on mutual assistance between administrative authorities of the Member States and cooperation (...) to ensure the correct application of the law on customs and agricultural matters.

Publication Review of the Professional Qualifications Directive

Thursday, 8 March, 2012

Opinion on the Commission proposal for a Directive of the European Parliament and of the Council amending Directive 2005/36/EC on the recognition of professional qualifications and Regulation [...] on administrative cooperation through the Internal Market Information System, OJ C 137/01 12.05.2012, p1

See also the text of the proposal for a Directive of the European Parliament and of the Council amending the Directive 2005/36/EC on the recognition of professional qualifications and Regulation [...] on administrative cooperation through the Internal Market Information System


The objective of the Proposal is to modernize and amend the existing text of Directive 2005/36/EC (the Professional Qualifications Directive). From the data protection perspective, the two key aspects of the Proposal are (i) the introduction of an alert system and (ii) the introduction on a voluntary basis of a European Professional Card . The processing of personal data in both cases is foreseen to take place via the Internal Market Information System (IMI).

The EDPS welcomes the efforts made in the Proposal to address data protection concerns. The EDPS also welcomes the fact that the use of an existing information system, IMI, is proposed for the administrative cooperation, which already offers, at the practical level, a number of data protection safeguards. Nevertheless, important concerns remain, mainly relating to the alert system, which must remain proportionate.

The EDPS recommends, in particular, that:

  • the Proposal should specify unambiguously in which concrete cases alerts can be sent, more clearly define what personal data can be included in alerts, and limit the processing to the minimum that is necessary, taking into account proportionality and balancing of rights and interests;
  • in this respect, the Proposal should unambiguously specify that alerts can only be sent after a decision has been made by a competent authority or a court in a Member State prohibiting an individual to pursue his or her professional activities in its territory;
  • specify that the content of the alert must not contain more specific information regarding the circumstances and reasons for the prohibition;
  • clarify and limit to the minimum strictly necessary, the period for which alerts are retained; and
  • ensure that alerts are only sent to competent authorities in Member States and that these authorities shall keep alert information received confidential and not further distribute or publish it, unless the data were made public in accordance with the law of the sending Member State.

With regard to the European Professional Card and the related ‘IMI-file’, the EDPS recommends further clarifications on the conditions under which information concerning disciplinary action or criminal sanctions or any other serious specific circumstances must be included in the file, and the content of the information to be included, and also recommends clear limitation on the retention periods.

Further, the EDPS recommends that in the long term, if and when the use of Professional Cards and IMI will become widespread, the Commission undertake a review of whether the Article 56a alert systems are still necessary and whether they cannot be replaced by a more limited, and thus, from the data protection point of view, less intrusive, system.

Finally, the EDPS further recommends that the EDPS and Article 29 Working Party where national data protection authorities are also represented be consulted before the adoption of delegated acts referred to in Article 56a(5) and of any other delegated acts adopted under Article 58 which may have an impact on data protection. A data protection impact assessment should precede such consultation.

Publication ECRIS

Tuesday, 16 September, 2008

Opinion on the proposal for a Council Decision on the establishment of the European Criminal Record Information System (ECRIS) in application of Article 11 of Framework Decision 2008/XX/JHA, OJ C 42, 20.2.2009, p. 1

COM(2008) 332 final of 27.05.2008PDF icon

Publication Electronic evidence in criminal matters

Wednesday, 6 November, 2019

Opinion on Proposals regarding European Production and Preservation Orders for electronic evidence in criminal matters

Publication Prevention of money laundering and terrorist financing

Thursday, 4 July, 2013

Opinion on a proposal for a Directive of the European Parliament and of the Council on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, and a proposal for a Regulation of the European Parliament and of the Council on information on the payer accompanying transfers of funds

Publication Security features and biometrics in passports

Wednesday, 26 March, 2008

Opinion on the proposal for a Regulation amending Council Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States, OJ C 200, 06.08.2008, p. 1

On 26 March 2008, the EDPS adopted an opinion on the Commission's proposal aiming at revising the 2004 Council Regulation that sets out minimum standards for security features and biometrics in passports and travel documents.

The EDPS welcomes the introduction of exemptions from giving fingerprints based on the age of the person or his/her inability to provide fingerprints. However, he still considers these exemptions as insufficient to remedy the imperfections of biometrics, such as the impact of misidentification or failure to enrol.
The EDPS' opinion includes the following recommendations:

  • fingerprints from children: the proposed six-year age limit should be considered as a provisional one, or brought in line with international practice (14 years). After three years, the age limit should be reviewed and defined by an in-depth study which is to identify the accuracy of the systems obtained under real conditions;
  • fingerprints from the elderly: an age limit for elderly, based on similar experiences already in place (79 years), should be introduced as an additional exemption;
  • principle of "one person-one passport": this principle should be applied only to children above the relevant age limit;
  • "breeder" documents: additional measures should be proposed to harmonise the production and the use of documents required in Member States to issue passports (“breeder” documents).

The EDPS recalls that exemptions should in no way stigmatize or discriminate individuals who will be exempt, because of their age as a precautionary principle or because they present obviously unreadable fingerprints

COM(2007) 619 final of 18.10.2007PDF icon

Publication EU-wide real-time traffic information services

Wednesday, 12 March, 2014

Letter regarding the Public consultation on the provision of EU-wide real-time traffic information services under Directive 2010/40/EU

Annex 2 - EDPS Formal comments on the Commission Delegated Regulations supplementing Directive 2010/40/EU of the European Parliament and the Council with regard to "Data and procedures for the provision, where possible, of road safety related minimum universal traffic information free of charge to users" and "Provision of information services for safe and secure parking places for trucks and commercial vehicles"

Annex 1 - EDPS Opinion of 22 July 2009 on Intelligent Transport SystemsPDF icon
Annex 2 - EDPS Formal comments of 13 June 2013PDF icon

Publication Implementing rules of Prüm Initiative

Wednesday, 19 December, 2007

Opinion  on the Initiative of the Federal Republic of Germany, with a view to adopting a Council Decision on the implementation of Decision 2007/…/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, OJ C 89, 10.4.2008, p. 1

On 19 December 2007, the EDPS issued his Opinion on the German initiative establishing implementing rules which are necessary for the functioning of the Council Prüm initiative. This initiative aims to step up cross-border cooperation, particularly for fighting terrorism and cross-border crime, by establishing mechanisms to exchange personal data such as DNA profiles and fingerprints.
In his Opinion, the EDPS holds the view that a clear, effective and comprehensive legal framework - combining general provisions and specific tailored rules on data protection - should be in place before the current Prüm initiative enters into force. He also points out that the initiative's implementing rules and their annex are of particular importance since they define crucial aspects and tools of the exchanges of data that are essential to ensure guarantees for concerned persons.
More specifically, the EDPS recommends the following:
  • the initiative and its annex should benefit from a broad and open discussion involving all relevant actors, such as the European Parliament and Data Protection Authorities;
  • the accuracy in searches and comparisons of DNA profiles and fingerprints should be duly taken into account and constantly monitored, also in the light of the larger scale of the exchange;
  • relevant data protection authorities should be put in a position to properly carry out their supervisory and advisory role throughout all the different stages of the implementation.
Initiative published in OJ C 267, 9.11.2007, p. 4 PDF icon

Publication Privacy and competitiveness in the age of big data

Wednesday, 26 March, 2014

Preliminary Opinion on "Privacy and competitiveness in the age of big data: The interplay between data protection, competition law and consumer protection in the Digital Economy"

Publication European PNR

Thursday, 20 December, 2007

Opinion on the Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes, OJ C 110, 01.05.2008, p. 1

The European Data Protection Supervisor (EDPS) has issued an Opinion on 20 December 2007 onthe proposal of the Commission for a Council Framework Decision on the use of Passenger Name Record (PNR) data for law enforcement purposes. The proposal involves obligations for air carriers to transmit data about all passengers on flights to or from an EU Member State.
The Opinion emphasizes the major impact the proposal would have on privacy and data protection rights of air passengers. While acknowledging that the fight against terrorism is a legitimate purpose, the EDPS expresses serious concerns about the necessity and proportionality of the proposal which, in his view, are not sufficiently established in the proposal. In addition, the EDPS takes a critical stance on the lack of clarity in relation to various aspects of the proposal, in particular the applicable legal framework, the identity of the recipients of personal data, and the conditions of transfer of data to third countries.
The Opinion focuses on four key issues and draws the following conclusions: 
  • legitimacy of the processing: the proposal does not provide for sufficient elements of justification to support and demonstrate the legitimacy of the processing of data;
  • applicable legal framework: a significant lack of legal certainty is noted as regards the regime applicable to the different actors involved in the matter;
  • the identity of data recipients: the draft Decision does not provide for any specification concerning the identity of the recipients of personal data collected by airlines companies;
  • transfer of data to third countries: it is imperative that conditions of transfer of PNR data to third countries be coherent and subject to a harmonised level of protection. 

Finally,  the EDPS advises not to adopt the draft Decision before the new Lisbon Treaty's entry into force, so that it can follow the co-decision procedure foreseen by the new Treaty and the European Parliament is fully involved.

COM(2007) 654 final of 06.11.2007 PDF icon

Publication Net neutrality

Friday, 7 October, 2011

Opinion on net neutrality, traffic management and the protection of privacy and personal data, OJ C 34/01, 08.02.2012, p.1

Publication Eurojust

Friday, 25 April, 2008

Opinion on the Initiative with a view to adopting a Council Decision concerning the strenghtening of Eurojust and amending Decision 2002/187/JHA, OJ C 310, 5.12.2008, p. 1

On 25 April 2008, the EDPS adopted an opinion on the Initiative of 14 Member States with a view to adopting a Council Decision concerning the strengthening of Eurojust. The initiative aims at further enhancing the operational effectiveness of Eurojust. The EDPS was not asked for advice on this initiative, although a significant part of the initiative deals with the - conditions for - processing of personal data by Eurojust. The opinion was therefore issued on his own initiative.

In his opinion, the EDPS emphasises that he understands the need to improve the legal framework of Eurojust. However, he regrets that the initiative was not accompanied by an impact assessment, together with an analysis of the shortcomings of the existing rules and the expected effectiveness of the new provisions.

Furthermore, the opinion highlights the various arguments in favour of waiting for the entry into force of the Lisbon Treaty. Other issues addressed in the opinion are the provisions on data protection, the relations with third parties and the supervision.

Initiative published in OJ C 54 of 27.02.2008, p. 4 PDF icon

Publication EU Internal Security Strategy in Action: Five steps towards a more secure Europe

Friday, 17 December, 2010

Opinion on the Communication from the Commission "EU Internal Security Strategy in Action: Five steps towards a more secure Europe"

See also the text of the Communication from the Commission to the European Parliament and the Council - "The EU Internal Security Strategy in Action: Five steps towards a more secure Europe".

Publication Intelligent Transport Systems

Wednesday, 22 July, 2009

Opinion on the Communication from the Commission on an Action Plan for the Deployment of Intelligent Transport Systems in Europe and the accompanying Proposal for a Directive of the European Parliament and of the Council laying down the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other transport modes, OJ C 47, 25.02.2010, p. 6

The EDPS has adopted an opinion on the European Commission's proposed deployment plan for intelligent transport systems (ITS) in Europe that was adopted in December 2008 to accelerate and coordinate their deployment in road transport and their connection with other modes of transport. The deployment of ITS  has considerable privacy implications, for instance because these systems make it possible to track a vehicle and to collect a wide variety of data relating to European road users' driving habits.

The EDPS notes that data protection has been taken into consideration in the proposed legal framework and that it is also put forward as a general condition for the proper deployment of ITS. He however underlines that the Commission's proposal is too broad and too general to adequately address the privacy and data protection concerns raised by ITS deployment in the Member States. In particular, it is not clear when the performance of ITS services will lead to the collection and processing of personal data, what are the purposes and modalities for which data processing may take place, or who will be responsible for compliance with data protection obligations.

The EDPS opinion includes the following main recommendations:

  • clarification of responsibilities: it is crucial to clarify the roles of the different actors involved in ITS in order to identify who will bear the responsibility of ensuring that systems work properly from a data protection perspective (who is the data controller?);
  • safeguards for the use of location technologies: appropriate safeguards should be implemented by data controllers providing ITS services so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose, and ensuring  that location data are not disclosed to unauthorized recipients;
  • "privacy by design" approach: the EDPS recommends to consider privacy and data protection from an early stage of the design of ITS to define the architecture, operation and management of the systems. Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems.

Background information
ITS apply information and communication technologies (satellite, computer, telephone, etc.) to transport infrastructure and vehicles with the intention to make transport safer and cleaner and to reduce traffic congestion. ITS applications and services are based on the collection, processing and exchange of a wide variety of data, both from public and private sources, including information on traffic and accidents but also personal data, such as the driving habits and journey patterns of citizens. Their deployment will also rely to a large extent on the use of geolocalisation technologies, such as satellite-positioning and RFID tags. As such, ITS constitute a "data-intensive area" and raise a number of privacy and data protection issues that should be carefully addressed in order to ensure the workability of ITS across Europe.

Publication Evaluation report from the Commission to the Council and the European Parliament on the Data Retention Directive (Directive 2006/24/EC)

Tuesday, 31 May, 2011

Opinion on the Evaluation report from the Commission to the Council and the European Parliament on the Data Retention Directive (Directive 2006/24/EC), OJ C 279/01, 23.09.2011, p.1

Publication Public access to documents

Monday, 30 June, 2008

Opinion on the Proposal for a Regulation regarding public access to European Parliament, Council and Commission documents, OJ C 2, 7.01.2009, p. 7

The Opinion reacts on the Commission's proposal aimed at reviewing the rules on public access to documents held by EU institutions. The Opinion focuses on an amended provision dealing with the relation between public access to documents and the protection of personal data. Although the EDPS welcomes the Commission's intention to clarify the delicate interaction between public access and data protection, he feels that the substance of the proposed amendment fails to provide the appropriate answer. He therefore proposes a different provision to stimulate discussions in Parliament and Council.