Back to EUR-Lex homepage

EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search
You are here

Summaries of EU Legislation

Rules of procedure of the European Data Protection Supervisor

 

SUMMARY OF:

Decision of the European Data Protection Supervisor adopting the body’s rules of procedure

WHAT IS THE AIM OF THE RULES OF PROCEDURE?

  • They replace the former rules of procedure for the European Data Protection Supervisor (EDPS) set out in Decision 2013/504/EU, which it repeals.
  • They set out the guiding principles of the EDPS, along with rules on internal decision-making processes, the organisation and working of the secretariat, planning, internal administration, and the openness and transparency of the institution.
  • The rules were amended in 2022 to clearly distinguish the essential procedural rules governing the performance of the EDPS’s tasks from those concerning the organisational structure of the EDPS’s secretariat (since the latter should not be included in the rules of procedure).

KEY POINTS

The role of the EDPS is set out in Regulation (EU) 2018/1725 – see summary.

These rules take into account changes in European Union (EU) data protection legislation, specifically:

  • Regulation (EU) 2016/679, the general data protection regulation – see summary;
  • Directive (EU) 2016/680 on data protection by police and criminal justice authorities – see summary;
  • Regulation (EU) 2018/1727 on the European Union Agency for Criminal Justice Cooperation – see summary;
  • Regulation (EU) 2018/1241 on the European Travel Information and Authorisation System – see summary;
  • Regulation (EU) 2017/1939 on the European Public Prosecutor’s Office – see summary;
  • Regulation (EU) 2016/794 on the European Union Agency for Law Enforcement Cooperation – see summary.

Guiding principles

The rules require the EDPS to follow a number of guiding principles covering:

  • good governance, integrity and good administrative behaviour – the EDPS must act in the public’s interest as an expert, as well as an independent, reliable, proactive and authoritative body in the field of privacy and personal data protection;
  • accountability and transparency;
  • efficiency and effectiveness;
  • cooperation.

Role of the Supervisor

The Supervisor’s tasks include:

  • deciding the strategic priorities of the EDPS;
  • adopting policy documents corresponding to the tasks and powers of the EDPS;
  • deciding on the organisational structure of the EDPS secretariat, reflecting the strategic priorities.

Monitoring data protection

  • The EDPS must guarantee effective protection of rights and freedoms of individuals through the monitoring and enforcement of Regulation (EU) 2018/1725 and any other EU law that sets out tasks and powers for the EDPS.
  • In carrying out its investigative, corrective, authorisation and advisory powers, the EDPS may carry out compliance visits, surveys, visits every two months and informal consultations or encourage amicable settlements of complaints.

Complaints

  • The EDPS handles written complaints taking into account a number of factors including:
    • the nature and gravity of the alleged violations;
    • the importance of the damage suffered;
    • the potential overall importance of the case.
  • It must inform the complainant as soon as possible.
  • It shall declare inadmissible and not handle complaints lodged more than 2 years after the complainant became aware of the alleged breach, except in duly justified and exceptional circumstances.
  • The complainant or institution concerned can ask the EDPS to review its decision.

Legislative consultation

FROM WHEN DOES THE DECISION APPLY?

It has applied since 27 June 2020.

BACKGROUND

  • Article 7 of the Charter of Fundamental Rights states that everyone has the right to respect for their private and family life, home and communications.
  • Article 8 of the Charter of Fundamental Rights states that everyone has the right to personal data protection.
  • Article 16 of the Treaty on the Functioning of the European Union further develops that right. This article is the legal basis for any EU legislation on data protection.

For further information, see:

MAIN DOCUMENT

Decision of the European Data Protection Supervisor of 15 May 2020 adopting the Rules of Procedure of the EDPS (OJ L 204, 26.6.2020, pp. 49–59).

Successive amendments to the decision have been incorporated in the original text. This consolidated version is of documentary value only.

RELATED DOCUMENTS

Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ L 295, 21.11.2018, pp. 138–183).

See consolidated version.

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39–98).

Regulation (EU) 2018/1241 of the European Parliament and of the Council of 12 September 2018 amending Regulation (EU) 2016/794 for the purpose of establishing a European Travel Information and Authorisation System (ETIAS) (OJ L 236, 19.9.2018, pp. 72–73).

Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (OJ L 283, 31.10.2017, pp. 1–71).

See consolidated version.

Consolidated version of the Treaty on the Functioning of the European Union – Part One – Principles – Title II – Provisions having general application – Article 16 (ex Article 286 TEC) (OJ C 202, 7.6.2016, p. 55).

Consolidated version of the Treaty on the Functioning of the European Union – Part Five – The Union’s external action – Title V – International agreements – Article 218 (ex Article 300 TEC) (OJ C 202, 7.6.2016, pp. 144–146).

Charter of Fundamental Rights of the European Union – Title II – Freedoms – Article 7 – Respect for private and family life (OJ C 202, 7.6.2016, p. 395).

Charter of Fundamental Rights of the European Union – Title II – Freedoms – Article 8 – Protection of personal data (OJ C 202, 7.6.2016, p. 395).

Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, pp. 53–114).

See consolidated version.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1–88).

See consolidated version.

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, pp. 89–131).

See consolidated version.

last update 23.11.2022

Top