Decision of the European Data Protection Supervisor (EDPS)

On October 14, 2022, the amendment to the EDPS Internal Regulations of May 15, 2020 was published. 

The European Data Protection Supervisor, currently represented by Wojciech Wiewiórowski, ensures that, when processing personal data, EU institutions and bodies respect the right to privacy of citizens.  

This body based in Brussels is appointed for a renewable five-year mandate and carries out its activities within the following categories: 

1. Monitoring and enforcement 

Assesses data protection compliance of EU institutions and bodies. 

2. Policy and consultation 

He advises EU legislators on data protection issues in various policy areas and in the framework of new legislative proposals. 

In the exercise of their functions, the EU institutions and bodies may process personal information of citizens in various formats (electronic, text or images), whether by collecting, recording, storing, retrieving, sending, blocking or deleting data. The task of the European Data Protection Supervisor (EDPS) is to uphold compliance with the strict rules of privacy protection that regulate those activities. 

It is because of that: 

• Supervises the processing of personal data by the EU administration, in order to ensure compliance with the rules of privacy protection. 
• Advises EU institutions and bodies on the processing of personal data and related policies and legislation. 
• It takes care of the claims and conduct research. 
• Work with national authorities in EU countries to ensure consistency in data protection. 
• Keeps track of the new technologies that may have an impact on data protection. 

What is the interested party entitled to?

Any interested party has the right to lodge a complaint with the European Data Protection Supervisor if he or she considers that the processing of personal data concerning him or her by the Union institutions, offices, bodies or agencies does not comply with the Regulation (EU). 2018/1725 and other applicable legal acts. The EDPS must deal with such complaints and investigate, to the appropriate extent, the reason for the claim. In doing so, the EDPS must take into account, among other things, the exact date on which the underlying events occurred, whether the conduct in question ceased to produce effects, the effects were eliminated or adequate guarantee of such elimination was provided. Given that the probability of establishing that a violation has occurred, and that the importance of its effects on data subjects tends to decrease over time, it is appropriate to establish a deadline for submitting complaints to the EDPS. Therefore, the EDPS must declare inadmissible and not process a complaint submitted more than two years after the complainant became aware of the alleged violation, except in duly justified circumstances and exceptional, for example, if there were legitimate reasons for the claimant not to act in time. 

The modification addressed, which will enter into force twenty days after its publication in the Official Journal of the European Union, focuses essentially on the management meeting and the conditions for the delegation of tasks and replacement of the position. 

The management meeting will be responsible for the strategic supervision of the work of the EDPS. It will be composed of the European Data Protection Supervisor, the head of the EDPS Secretariat, senior and middle management, as well as other civil servants who contribute to the strategic supervision of the work of the EDPS, as determined by the European Data Protection Supervisor. 

Likewise, the European Data Protection Supervisor may delegate to the head of the Secretariat, where appropriate and in accordance with the Regulation, the power to make and sign decisions legally binding, the content of which has already been determined by the European Data Protection Supervisor. 

In the same way, among other powers, the European Data Protection Supervisor may also delegate, where appropriate and in accordance with the Regulation, to the head of the Secretariat or to the head of unit or the head of sector concerned. the power to adopt and sign other documents. 

Find out all the details in our Master in Compliance and Data Protection.