European Data Protection Supervisor
This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’, bodies’, offices’ and agencies’ (‘EU institutions’) use of Microsoft products and services. These findings and recommendations from the investigation are likely to be of wider interest than just of the EU institutions: they may be of particular interest to all public authorities in EU/EEA Member States.
Joint paper of the Spanish data protection authority, Agencia Española de Protección de Datos (AEPD), and the European Data Protection Supervisor (EDPS) on 14 misunderstandings with regard to biometric identification and authentication.
The use of biometric data for identification and authentication purposes is not new but has greatly increased in recent years. Along with its growing popularity, unfortunately, some misconceptions about the technologies involved have become widespread.
The objective of this document is to raise awareness about some misunderstandings about biometric technologies, and to motivate its readers to check assertions about the technology, rather than accepting them without verification.
The EDPS’ role is to ensure effective protection of people’s fundamental rights and freedoms against the (mis)use of technologies, in particular in relation to the processing of personal data by the EU institutions, bodies, offices and agencies (collectively ‘EUIs’). More specifically, under Article 57 of Regulation (EU) 2018/1725 on data protection for the EUIs, one of our main tasks is to ‘monitor and enforce the application of this Regulation’. This paper explains how we will act in that role, explaining both to individuals whose data EUIs process (the data subjects) and the EUIs themselves what they can expect from us as the supervisory authority for EUI’s processing of personal data and what we expect EUIs to do.
Replying to consultations from EU institutions, bodies, offices and agencies ('EUIs') in their capacity as controllers (organisations processing personal data) is one of the tasks of the EDPS as supervisory authority for the EUIs. Under Regulation (EU) 2018/1725, the data protection regulation for the EUIs, there are several situations in which EUIs can or have to consult the EDPS. In some cases, EUIs may want to obtain additional guidance on specific questions they face from the EDPS, while in others, they are obliged to consult (and in some cases, obtain authorisation from) the EDPS. This document provides practical tips on consulting the EDPS and on what kind of reply to expect.
Joint paper of the Spanish data protection authority, Agencia española de protección de datos (AEPD), and the European Data Protection Supervisor (EDPS) on hash techniques in data processing activities as a safeguard for personal data.
Role of Data Protection Officers (DPO) in ensuring effective compliance with Regulation (EC) No 45/2001.
Reflection paper on the interoperability of information systems in the area of Freedom, Security and Justice
Necessity toolkit on assessing the necessity of measures that limit the fundamental right to the protection of personal data
Background document for the 38th International Conference of Data Protection and Privacy Commissioners
Developing a 'toolkit' for assessing the necessity of measures that interfere with fundamental rights
The EDPS as Supervisor of Large-Scale IT Systems and Member of Supervision Coordination Groups
The transfer of personal data to third countries and international organisations by EU institutions and bodies
The EDPS as an advisor to EU institutions on policy and legislation: building on ten years of experience
Policy on Consultations in the field of Supervision and Enforcement
Monitoring and Ensuring Compliance with Regulation (EC) 45/2001
The EDPS and EU Research and Technological Development
The EDPS as an advisor to the Community institutions on proposals for legislation and related documents.