European Data Protection Supervisor

The European Data Protection Supervisor was set up under Article 286 of the Treaty establishing the European Communities within the context of harmonising data protection legislation in the European Union. While Directive 95/46/EC addresses personal data processing in the member states, Regulation 45/2001 covers the European institutions and bodies.

Peter Hustinx is the current EDPS and Joaquín Bayo Delgado is the Assistant Supervisor. They took office in January 2004 for a five year term. They are supported by a secretariat consisting of about 30 staff.

The EDPS' mandate is to ensure that the data protection standards set out in [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/17/ Regulation 45/2001 ] are upheld. The Regulation requires all institutions and bodies to appoint an internal [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/36/ Data Protection Officer] (DPO). The DPO is responsible for maintaining a register of all processing operations which involve personal data. If an operation is risky, e.g. because it relates to health, evaluations or suspected offences, the DPO must notify it to the EDPS. The EDPS then carries out a prior check on the processing operation. In a prior check [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/34/ opinion] , the EDPS assesses whether the operation complies with the Regulation and he may propose recommendations to ensure better compliance.

People whose personal data are processed by a European institution or body can also lodge a complaint with the relevant DPO if they feel their data protection rights have not been respected. Alternatively, they can lodge their complaint directly with the EDPS.

Apart from this supervisory role, the EDPS advises the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues with a data protection impact. The purpose of this consultative role is to analyse how policies affect the privacy rights of the citizens in the EU. The EDPS has issued several [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/4/ opinions] on legislative proposals, in particular in the field of exchanging and processing personal data for law enforcement purposes (within the EU's so-called "third pillar"). Some recent examples are the opinions on data protection in the third pillar and on the initiative to integrate the Prüm Convention into the EU's legal framework.

In addition, the EDPS can intervene in cases before the European Court of Justice with an impact on data protection. For example, in 2004, the EDPS intervened in two cases concerning an agreement between the EU and the US on the transmission of passenger name records to the United States (the so-called PNR case).

The EDPS also publishes [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/21/ papers] on different aspects of data protection relevant to his work.

Finally, the EDPS assumes a cooperative role in working closely with other data protection authorities. The purpose of this is to promote consistent data protection throughout Europe. For an increasing number of European databases, supervision is shared between different data protection authorities (such as the Eurodac database). The central platform for cooperation with national supervisory authorities is the Article 29 Working Party.

References

Legal texts

*Treaty establishing the European Community (consolidated version with the Treaty on European Union), available on [http://eur-lex.europa.eu/ EUR-Lex]

* [http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/DataProt/Legislation/Reg_45-2001_EN.pdf/ Regulation 45/2001 of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data]

* [http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/DataProt/Legislation/Dir_1995_46_EN.pdf/ Directive 95/46 of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data]

EDPS material

* [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/40/ EDPS Registry of published prior check opinions]

* [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/45/ EDPS Registry of published legislative opinions]

* [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/22/ EDPS Annual Report 2006]

* [http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/Publications/Papers/PositionP/05-11-28_DPO_paper_EN.pdf/ EDPS Position Paper on the Role of Data Protection Officers (DPO) in ensuring effective compliance with Regulation 45/2001]

Other relevant material

* [http://www.edps.europa.eu/EDPSWEB/edps/lang/en/pid/36/ List of DPOs]

* [http://www.europarl.europa.eu/parliament/expert/staticDisplay.do?id=68&language=en/ Data Protection Page of the European Parliament]

* [http://ec.europa.eu/dataprotectionofficer/ Website of the European Commission Data Protection Officer]

External links

* [http://www.edps.europa.eu/EDPSWEB/edps/site/mySite/lang/en/pid/1 EDPS website]

* [http://ec.europa.eu/justice_home/fsj/privacy/ European Commission, Directorate General Justice, Freedom and Security, Data Protection Unit ]

* [http://www.coe.int/T/E/Legal_affairs/Legal_co-operation/Data_protection/ Council of Europe Data Protection Page]

EU-stub