The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies. He does so by:
monitoring the EU administration's processing of personal data;
advising on policies and legislation that affect privacy; and
cooperating with similar authorities to ensure consistent data protection.
Giovanni Buttarelli and Wojciech Wiewiórowski are members of the institution. They took office on 4 December 2014. Their mission is to make sure that the fundamental right to protection of personal data is respected by the EU institutions and bodies. A data protection culture needs to be developed in practice. This work towards good administration takes several forms. The news and the press sections as well as the newsletter give a good overview of these activities.
The supervisory task is to ensure that the EU institutions and bodies process personal data of EU staff and others lawfully. The EDPS oversees Regulation (EC) 45/2001 on data protection, which is based on two main principles:
The responsible data controller needs to respect a number of obligations. For instance, personal data can only be processed for a specific and legitimate reason which must be stated when the data are collected.
The person whose data are processed - the data subject - enjoys a number of enforceable rights. This includes, for instance, the right to be informed about the processing and the right to correct data.
Every institution or body should have an internal Data Protection Officer. The DPO keeps a register of processing operations and notifies systems with specific risks to the EDPS. The EDPS prior checks whether or not those systems comply with data protection requirements. The EDPS also deals with complaints and conducts inquiries.
The EDPS advises the European Commission, the European Parliament and the Council on proposals for new legislation and a wide range of other issues with data protection impact. In essence, the consultative task is to analyse how policies affect the privacy rights of the citizens. This assessment helps to enable proper political discussions on how new legislation can be effective with due respect and adequate safeguards for citizens' freedoms. The advice makes it possible for the legislators in Europe to adopt better legislation that is in line with European values.
The EDPS cooperates with other data protection authorities in order to promote consistent data protection throughout Europe. Data protection laws are built on common principles. Moreover, for an increasing number of European databases, supervision is shared between different data protection authorities (such as the Eurodac database). The central platform for cooperation with national supervisory authorities is the Article 29 Working Party.