With effect from 12 December 2019, the European Data Protection Supervisor is responsible for monitoring and ensuring the legality of Eurojust’s data processing activities.
Eurojust is the common name for the European Union Agency for Criminal Justice Cooperation. It is a European Union body with legal personality, set up with the aim of supporting and improving the coordination and cooperation between the competent judicial authorities of Member States on matters of serious organised crime. Eurojust may intervene in the investigation of serious crimes affecting two or more Member States or in situations that require prosecution on common bases, with relation to operations carried out or information supplied by Member State authorities and Europol.
In order to fulfil our supervisory duties effectively and responsibly, the EDPS has notably the right to:
- advise Eurojust on all matters that concern the processing of operational personal data, namely, data processed for the purpose of a criminal investigation;
- conduct inquiries or consult Eurojust regarding submitted requests or concerns that have emerged regarding the processing of operational data;
- hear and investigate complaints from individuals who believe that their personal data has been mishandled by Eurojust, and inform the data subject of the outcome within a reasonable period;
- order Eurojust to carry out the rectification, restriction of processing or erasure of operational personal data that have been processed in breach of relevant legislation, or to carry out specific operations with regard to the processing of operational personal data.
The role of the EDPS relating to personal data breaches stems from the applicable provisions of Chapter IX of Regulation 2018/1725.
The EDPS must publish an annual report on our supervision of Eurojust’s data processing activities, in which observations offered by national supervisory authorities are also included. In order to ensure the compliance of Eurojust’s data processing activities with relevant legislation, the EDPS must cooperate with Eurojust’s appointed Data Protection Officer and meet regularly with national supervisory authorities within the European Data Protection Board. Cooperation between the EDPS and national supervisory authorities is without prejudice to the independence of the EDPS or to our responsibilities for the data protection supervision of Eurojust.
The EDPS is committed to exercising our supervisory role, reinforcing safeguards to ensure that Eurojust is able to strike the right balance between security and privacy when processing data for the purpose of criminal investigations.
Please see the following legislation for further information:
- Regulation (EU) 2018/1727 of 14 November 2018 on Eurojust’s establishment and mission.
- Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies.
- Documents and legislation relating to Eurojust’s former supervisory body, the Joint Supervisory Body (JSB) of Eurojust.
Regulation (EU) 2018/1725 applies to Eurojust’s processing of administrative data, while Chapter IX of Regulation relates specifically to the processing of operational personal data by Eurojust, without prejudice to the lex specialis provisions of the Regulation (EU) 2018/1727.