European Data Protection Supervisor

Brussels, Belgium

• Article 286, Treaty establishing the European Community (PDF, 496 kB), now Article 16, paragraph 2, sentence 2, Treaty on the Functioning of the European Union
• Regulation ( EC) No 45/2001 of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data.

Peter Johan Hustinx

Giovanni Buttarelli

The European Data Protection Supervisor (EDPS ) is an independent supervisory authority of the European Union, which primarily ensures that the right to privacy and confidentiality is respected, if the EU institutions and bodies process personal data or develop new policies. Peter Johan Hustinx and Giovanni Buttarelli were appointed by a joint decision of the European Parliament and the European Council to the European Data Protection Supervisor or Deputy Supervisor. They began their five -year term in January 2009.

• 3.1 Legal Texts
• 3.2 Information about the EDPS
• 3.3 Other relevant information

Functions and powers

The duties and powers of the EDPS and his deputy as well as the independence of the supervisory authority are set out in the " Data Protection Act ".

In practice, the activities of the EDPS in three areas are divided: supervision, consultation and cooperation.

Supervision

In its supervisory role of the European Data Protection Supervisor shall supervise the processing of personal data by the European institutions and bodies. This task he performs in collaboration with DPOs, which are used in all European institutions and bodies. The data protection officer have the EDPS to report any processing of sensitive personal data, or could involve specific risks. The EDPS then checks this processing in terms of the provisions of the Data Protection Act and is an " opinion for prior checking " from. In most cases, then a series of recommendations will be formulated which must follow the institution or body concerned to ensure compliance with data protection regulations.

In 2009, the EDPS for example, more than 100 comments on the preliminary control to where it focused mainly on issues such as health data, personnel evaluation, recruitment of staff, time management, telephone monitoring, performance collection instruments and safety checks. These opinions are published on the EDPS website and their implementation is systematically controlled.

The application of data protection regulation in the EU administration is also strictly monitored by an inventory of performance indicators is carried out in all EU institutions and bodies regularly. In addition to this general monitoring, the EDPS also performs spot checks to verify compliance with the provisions in practice.

At the supervisory role of the EDPS includes the review of complaints from staff of the EU or other persons who are of the opinion that their personal data is not processed correctly by a European institution or a European institution. Examples of grievances are a violation of the duty of confidentiality, access to data, the right to correction or deletion of data, data collection disproportionate or unlawful use of data by the data controller.

The EDPS has developed in the area of ​​supervision and other forms of work, such as statements on administrative measures and the elaboration of thematic guidelines.

Advice

The EDPS advises the European Commission, the European Parliament and the Council of the European Union in matters of data protection in a number of policy areas. His advisory role extends to proposals for new legislation as well as other initiatives that relate to the protection of personal data in the EU. Results are mostly official statements, but the EDPS can provide advice in the form of comments or policy papers. Within that framework, and technological developments will be monitored affect the protection of personal data.

Issues of concern to the EDPS currently most are, and a is the " TFTP - SWIFT agreement " concerning the processing of payments data, the change of the Directive on privacy and electronic communications, developments in connection with the Stockholm Programme in the field of justice and home affairs, review of the Eurodac Regulation, the Passenger Name Records and the current revision of the legal framework for data protection to modernize the data Protection Directive ( 95/46/EC) in response to new challenges posed by globalization and technological development. This ultimate goal is on the agenda of the EDPS for the coming years are high.

As part of its advisory role, the EDPS may also in proceedings before the European Court of Justice, which are relevant for its tasks, act as interveners. In June 2009, he supported, for example, an action in a procedure in which it came to the relationship between transparency and data protection ( the so-called Bavarian Lager case, PDF, 40 kB).

Cooperation

The EDPS cooperates with other data protection authorities, to improve the consistency of data protection in Europe.

The main platform for cooperation between data protection authorities in Europe is the Article 29 Data Protection Working Party ( see also here). The EDPS is actively involved in the activities of the group, which plays an important role in the uniform application of the Privacy Policy. The EDPS and the Working Group to work successfully in several areas together, but especially in the implementation of the Data Protection Directive and with regard to the challenges posed by new technologies. Full support by the EDPS also get initiatives with the aim to ensure compliance with European data protection principles of international data flows.

One of the most important cooperative tasks refers to the Eurodac fingerprint database, in which the EDPS shares the responsibilities for monitoring data protection with the national data protection authorities.

The EDPS also cooperates in the former " third pillar" of the EU - the area of ​​police and judicial cooperation - with the data protection authorities and the group "Police and Justice".

The cooperation includes, but is participating in two major annual data protection conferences: a European conference, together with the data protection authorities of the EU Member States and the Euro Europe, and an international conference attended by the data protection experts from the public and private sectors.