Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 02020Q0626(01)-20240818

Consolidated text: Decision of the European Data Protection Supervisor of 15 May 2020 adopting the Rules of Procedure of the EDPS

ELI: http://data.europa.eu/eli/proc_rules/2020/626/2024-08-18

02020Q0626(01) — EN — 18.08.2024 — 002.001


This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

►B

DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR

of 15 May 2020

adopting the Rules of Procedure of the EDPS

(OJ L 204 26.6.2020, p. 49)

Amended by:

 

 

Official Journal

  No

page

date

►M1

DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR (EDPS)  of 14 October 2022

  L 274

78

24.10.2022

►M2

DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR  of 18 July 2024

  L 2022

1

29.7.2024




▼B

DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR

of 15 May 2020

adopting the Rules of Procedure of the EDPS



TITLE I

MISSION, DEFINITIONS, GUIDING PRINCIPLES AND ORGANISATION

CHAPTER I

Mission and definitions

Article 1

The EDPS

The EDPS shall act in accordance with the provisions of Regulation (EU) 2018/1725, any other relevant Union legal act and this Decision, and follow the strategic priorities which the European Data Protection Supervisor may set out.

Article 2

Definitions

For the purposes of this Decision, the following definitions apply:

(a) 

‘the Regulation’ means Regulation (EU) 2018/1725;

(b) 

‘GDPR’ means Regulation (EU) 2016/679;

(c) 

‘‛institution’ means a Union institution, body, office or agency subject to the Regulation or to any other Union legal act providing for tasks and powers for the European Data Protection Supervisor;

(d) 

‘EDPS’ means the European Data Protection Supervisor as a body of the Union;

(e) 

‘European Data Protection Supervisor’ means the European Data Protection Supervisor appointed by the European Parliament and the Council in accordance with Article 53 of the Regulation;

(f) 

‘EDPB’ means the European Data Protection Board as a body of the Union established by Article 68(1) of the GDPR;

(g) 

‘EDPB’ secretariat’ means the secretariat of the EDPB established by Article 75 of the GDPR.

CHAPTER II

Guiding principles

Article 3

Good governance, integrity and good administrative behaviour

1.  
The EDPS shall act in the public’s interest as an expert as well as an independent, reliable, proactive and authoritative body in the field of privacy and personal data protection.
2.  
The EDPS shall act in accordance with the EDPS Ethics Framework.

Article 4

Accountability and transparency

1.  
The EDPS shall periodically publish its strategic priorities and an Annual Report.
2.  
The EDPS, as a data controller, shall lead by example in respecting the applicable law on the protection of personal data.
3.  
The EDPS shall engage openly and transparently with the media and stakeholders and explain its activities to the public in a clear language.

Article 5

Efficiency and effectiveness

1.  
The EDPS shall use state-of-the-art administrative and technical means to maximise the efficiency and effectiveness in carrying out its tasks, including internal communication and appropriate delegation of tasks.
2.  
The EDPS shall implement appropriate mechanisms and tools to ensure the highest level of quality management, such as internal control standards, a risk management process and the annual activity report.

Article 6

Cooperation

The EDPS shall promote cooperation among data protection supervisory authorities as well as with any other public authority whose activities may have an impact on privacy and personal data protection.

CHAPTER III

Organisation

Article 7

Role of the European Data Protection Supervisor

The European Data Protection Supervisor shall decide the strategic priorities of the EDPS and adopt the policy documents corresponding to the tasks and powers of the EDPS.

Article 8

EDPS secretariat

The European Data Protection Supervisor shall determine the organisational structure of the EDPS secretariat. Without prejudice to the Memorandum of Understanding between the EDPS and the EDPB of 25 May 2018, in particular relating to the EDPB secretariat, the structure shall reflect the strategic priorities set by the European Data Protection Supervisor.

▼M1 —————

▼M1

Article 10

Management Meeting

1.  
The Management Meeting shall ensure strategic oversight of the work of the EDPS. It shall comprise the European Data Protection Supervisor, the Head of the EDPS Secretariat, the senior and middle managers, as well as the other officials that contribute to the strategic oversight of the work of the EDPS as determined by the European Data Protection Supervisor.
2.  
Where the Management Meeting concerns issues relating to human resources, budget, finance or administrative matters relevant for the EDPB or the EDPB secretariat, it shall also comprise the Head of the EDPB secretariat.
3.  
The Management Meeting shall be chaired by the European Data Protection Supervisor, or in cases he or she is unable to attend the meeting, by the Head of EDPS Secretariat.
4.  
The Head of Secretariat shall ensure the proper functioning of the secretariat of the Management Meeting.
5.  
The meetings shall not be public. Discussions shall be confidential.

Article 11

Delegation of tasks and deputising

1.  
The European Data Protection Supervisor may delegate to the Head of the EDPS Secretariat, where appropriate and in accordance with the Regulation, the power to adopt and sign legally binding decisions, the substance of which has already been determined by the European Data Protection Supervisor.
2.  
The European Data Protection Supervisor may also delegate, where appropriate and in accordance with the Regulation, to the Head of the EDPS Secretariat or to the Head of Unit or Head of Sector concerned, the power to adopt and sign other documents.
3.  
Where powers have been delegated to the Head of the EDPS Secretariat pursuant to paragraphs 1 or 2, this latter may sub-delegate them to the concerned Head of Unit or Head of independent Sector reporting directly to the Head of the EDPS secretariat.
4.  
Where the European Data Protection Supervisor is prevented from exercising his or her functions or the post is vacant, the Head of the EDPS Secretariat, where appropriate and in accordance with the Regulation, shall perform tasks and duties of the European Data Protection Supervisor which are necessary and urgent to ensure business continuity.
5.  
Where the Head of the EDPS Secretariat is prevented from exercising his or her functions or the post is vacant and no official has been designated by the European Data Protection Supervisor, the functions of the Head of the EDPS Secretariat shall be exercised by the Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat with the highest grade or, in the event of equal grade, by the Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat with the highest seniority within the grade or, in the event of equal seniority, by the eldest. The Head of the EDPB secretariat may not deputise for the Head of the EDPS secretariat.
6.  
If there is no Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat available to exercise the duties of the Head of the EDPS Secretariat as specified under paragraph 5 and no official has been designated by the European Data Protection Supervisor, the official with the highest grade or, in the event of equal grade, the official with the highest seniority in the grade or, in the event of equal seniority, the one who is eldest, shall deputise. The staff members of the EDPB secretariat may not deputise for the Head of the EDPS secretariat.

▼M1 —————

▼B

TITLE II

MONITORING AND ENSURING THE APPLICATION OF THE REGULATION

Article 13

Monitoring and ensuring the application of the Regulation

The EDPS shall guarantee effective protection of rights and freedoms of individuals through monitoring and enforcement of the Regulation and of any other Union legal act providing for tasks and powers for the European Data Protection Supervisor. To that end, in the exercise of the investigative, corrective, authorisation and advisory powers, the EDPS may conduct compliance visits, surveys, bi-monthly visits, informal consultations or facilitate amicable settlements of complaints.

Article 14

Transparency of replies to consultations by institutions on their processing of personal data and to requests for authorisations

The EDPS may publish the replies to consultation by institutions on their processing of personal data in full or in part, taking applicable confidentiality and information security requirements into account. Authorisation decisions shall be published, taking applicable confidentiality and information security requirements into account.

Article 15

Data Protection Officers notified by the institutions

1.  
A register of the appointments of Data Protection Officers notified to the EDPS by the institutions in accordance with the Regulation shall be kept by the EDPS.
2.  
The updated list of the Data Protection Officers of the institutions shall be published on the website of the EDPS.
3.  
The EDPS shall provide guidance to Data Protection Officers, in particular by participating in the meetings organised by the network of the Data Protection Officers of the institutions.

Article 16

Handling of complaints

1.  
The EDPS shall not handle anonymous complaints.
2.  
The EDPS shall handle complaints submitted in writing, including in electronic form, in any official language of the Union and which provide details necessary for the complaint to be understood.
3.  
Where a complaint relating to the same facts has been lodged by the complainant with the European Ombudsman, the EDPS shall examine the admissibility of the complaint in accordance with the Memorandum of Understanding between the EDPS and the European Ombudsman.
4.  

The EDPS shall decide how to handle a complaint taking into account:

(a) 

the nature and gravity of the alleged violations of data protection rules;

(b) 

the importance of the damage that one or more data subjects have or may have suffered as result of the violation;

(c) 

the potential overall importance of the case, also in relation to other public and private interests involved;

(d) 

the likelihood of establishing that the violation has occurred;

(e) 

the exact date on which the underlying events occurred, the conduct in question stopped generating effects, the effects were removed or an appropriate guarantee of such a removal was provided.

▼M1

The EDPS shall declare inadmissible and not handle complaints lodged more than two years after the complainant became aware of the alleged breach, except in duly justified and exceptional circumstances.

▼B

5.  
Where appropriate, the EDPS shall facilitate an amicable settlement of the complaint.
6.  
The EDPS shall suspend the investigation of a complaint pending a ruling by a court or a decision of another judicial or administrative body on the same matter.
7.  
The EDPS shall only disclose the identity of the complainant to the extent necessary for the proper conduct of the investigation. The EDPS shall not disclose any document related to the complaint, except for anonymised excerpts or summaries of the final decision, unless the person concerned consents to such disclosure.
8.  
If required by the circumstances of the complaint, the EDPS shall cooperate with the competent oversight authorities, including competent national supervisory authorities acting within the scope of their respective competences.

Article 17

Outcome of complaints

1.  
The EDPS shall inform the complainant as soon as possible of the outcome of a complaint and of the action taken.
2.  
Where a complaint is found to be inadmissible or the investigation is discontinued, the EDPS shall, where appropriate, advise the complainant to refer to another competent authority.
3.  
The EDPS may decide to discontinue an investigation at the request of the complainant. This shall not prevent the EDPS from further investigating the subject matter of the complaint.
4.  
The EDPS may close an investigation where the complainant has failed to provide the information requested. The EDPS shall inform the complainant about this decision.

▼M2

Article 18

Preliminary assessment and right to be heard

1.  

Before adopting a decision:

(a) 

containing finding of an infringement of the Regulation or of any other Union act relating to the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data by a Union institution or body; or

(b) 

exercising corrective powers pursuant to Article 58(2) of the Regulation; or

(c) 

imposing an administrative fine pursuant to Articles 58(2)(i) and 66 of the Regulation, or pursuant to point (l) of Article 43(3) of Regulation (EU) 2016/794 of the European Parliament and of the Council ( 1 ); or

(d) 

exercising powers against the European Union Agency for Law Enforcement Cooperation (Europol) pursuant to points (b), (c), (d) (e), (f), (g), (j), and (k) of Article 43(3) of Regulation (EU) 2016/794; or

(e) 

exercising powers against the European Public Prosecutor’s Office (EPPO) pursuant to points (b), (d) and (e) of Article 85(3)(b) of Council Regulation (EU) 2017/1939 ( 2 ) ; or

(f) 

exercising powers against the European Union Agency for Criminal Justice Cooperation (Eurojust) pursuant to points (b), (d) and (e) of Article 40(3) of Regulation (EU) 2018/1727 of the European Parliament and of the Council ( 3 );

the EDPS shall draft a preliminary assessment and communicate it to the controller or processor which is the subject of the proceedings conducted by the EDPS (“the controller or processor”).

2.  

Before adopting a decision in cases where the EDPS intends to partially or wholly dismiss a complaint lodged pursuant to:

(a) 

Articles 63 and 68 of the Regulation; or

(b) 

Article 47 of Regulation (EU) 2016/794; or

(c) 

Article 88 of Regulation (EU) 2017/1939;

(d) 

Article 43 of Regulation (EU) 2018/1727; or

the EDPS shall draft a preliminary assessment and communicate it to the complainant.

3.  

The preliminary assessment shall contain:

(a) 

the relevant established facts and references to supporting evidence on which the EDPS intends to rely on to reach its decision;

(b) 

the EDPS’ initial legal assessment of the facts, and any alleged infringement of the applicable data protection rules; and

(c) 

any corrective powers envisaged by the EDPS, having considered aggravating or mitigating factors.

4.  
By way of derogation from paragraph 3, in cases of application of Article 18(1)(c), the preliminary assessment shall only contain the relevant elements on which the EDPS intends to rely in deciding whether to impose an administrative fine and in deciding on the amount of the administrative fine, having regard to the elements listed in Article 66(1) of the Regulation.
5.  

The EDPS may restrict the information provided to the complainant in the preliminary assessment referred to in paragraphs 2 and 3, to protect any of the interests referred to in:

(a) 

Article 25(1) of the Regulation; or

(b) 

Articles 79(3), 81(1) or 84(2) of the Regulation; or

(c) 

Articles 58(3), 60(1) and 61(5) of Regulation (EU) 2017/1939; or

(d) 

any other legitimate interests of confidentiality or of professional and business secrecy.

In such cases, the EDPS shall inform the complainant at least about the part(s) of the complaint that it intends to dismiss, and of the justification for applying any of the restrictions referred to in the first subparagraph. In cases of restriction of information for interests referred to in points (b) and (c) of the first subparagraph, the EDPS may omit information regarding the justification for applying any of the restrictions where the provision thereof would undermine these interests. In such cases, the EDPS shall inform the complainant in accordance with Article 84(3) of the Regulation and Article 62(3) of Regulation (EU) 2017/1939.

6.  
The EDPS shall give to the controller or processor and the complainant the opportunity of being heard on the finding of an infringement of the Regulation or of any other Union act relating to the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data by a Union institution or body, and/or the exercise of corrective powers, or the imposition of an administrative fine, or where the EDPS intends to partially or wholly dismiss a complaint, as the case may be. The EDPS shall set a time-limit within which the controller or processor and the complainant may make known their views in writing, taking into account the urgency of the matter.
7.  
The EDPS may limit access to the file where this is necessary to protect any of the interests referred to in paragraph 5 above.
8.  
The EDPS shall base his or her decisions only on findings and measures on which the controller or processor or the complainant have been able to comment, except in cases of application of paragraphs 5 and 7.
9.  
The EDPS shall, in the text of its decision, inform the controller or processor and the complainant of their right to challenge the decision before the Court of Justice of the European Union in accordance with Article 263 of the Treaty on the Functioning of the European Union.

▼B

Article 19

Notification of a personal data breach to the EDPS by institutions

1.  
The EDPS shall provide a secure platform for the notification of a personal data breach by an institution and implement security measures for the exchange of information regarding a personal data breach.
2.  
Upon notification the EDPS shall acknowledge receipt to the institution concerned.

TITLE III

LEGISLATIVE CONSULTATION, TECHNOLOGY MONITORING, RESEARCH PROJECTS, COURT PROCEEDINGS

Article 20

Legislative consultation

▼M1

1.  
In response to requests from the Commission pursuant to Article 42(1) of the Regulation, the EDPS shall issue an opinion where the request concerns a proposal for a legislative act or a recommendation or proposal to the Council pursuant to Article 218 TFEU. Where the request concerns a draft delegated act or implementing act, the EDPS shall issue formal comments.

▼B

2.  
The opinions shall be published on the website of the EDPS in English, French and German. Summaries of opinions shall be published in the Official Journal of the European Union (C Series). Formal comments shall be published on the website of the EDPS.
3.  
The EDPS may decline to respond to a consultation where the conditions set out in Article 42 of the Regulation are not met, including where there is no impact on the protection of individuals’ rights and freedoms with regard to data protection.
4.  
Where despite best efforts a joint opinion of the EDPS and the EDPB pursuant to Article 42(2) of the Regulation cannot be issued within the set deadline, the EDPS may issue an opinion on the same matter.
5.  
Where the Commission shortens a deadline applicable to a legislative consultation pursuant to Article 42(3) of the Regulation, the EDPS shall strive to respect the deadline set in so far as is reasonable and practicable, taking into account in particular the complexity of the subject matter, the length of the documentation and the completeness of the information provided by the Commission.

Article 21

Technology monitoring

The EDPS, in monitoring the development of information and communication technologies insofar as they have an impact on the protection of personal data, shall promote awareness and advise in particular on the principles of data protection by design and data protection by default.

Article 22

Research projects

The EDPS may decide to contribute to the Union’s Framework Programmes and to serve on the advisory committees of research projects.

Article 23

Action against institutions for breach of the Regulation

The EDPS may refer the matter to the Court of Justice of the European Union, in case of non-compliance by an institution with the Regulation, in particular where the EDPS has not been consulted in cases provided for by Article 42(1) of the Regulation and in case of failure to effectively respond to enforcement action taken by the EDPS under Article 58 of the Regulation.

Article 24

EDPS intervention in actions brought before the Court of Justice of the European Union

1.  
The EDPS may intervene in actions brought before the Court of Justice of the European Union in accordance with Article 58(4) of the Regulation, Article 43(3)(i) of Regulation (EU) 2016/794, Article 85(3)(g) of Regulation (EU) 2017/1939, and Article 40(3)(g) of Regulation (EU) 2018/1727.
2.  

When deciding whether to request leave to intervene or whether to accept an invitation from the Court of Justice of the European Union to do so, the EDPS shall take into account in particular:

(a) 

whether the EDPS has been directly involved in the facts of the case in performing its supervisory tasks;

(b) 

whether the case raises data protection issues that are either substantial in themselves or decisive to its outcome; and

(c) 

whether intervention by the EDPS is likely to affect the outcome of the proceedings.

TITLE IV

COOPERATION WITH NATIONAL SUPERVISORY AUTHORITIES AND INTERNATIONAL COOPERATION

Article 25

EDPS as a member of the European Data Protection Board

The EDPS as a member of the EDPB shall aim to promote the Union perspective, and in particular the shared values referred to in Article 2 of the Treaty of the European Union.

Article 26

Cooperation with national supervisory authorities under Article 61 of the Regulation

1.  

The EDPS shall cooperate with national supervisory authorities and with the joint supervisory authority established under Article 25 of Council Decision 2009/917/JHA ( 4 ) with a view to, in particular:

(a) 

exchanging all relevant information, including best practices, as well as information in relation to requests to exercise monitoring, investigative and enforcement powers by competent national supervisory authorities;

(b) 

developing and maintaining contact with relevant members and staff of the national supervisory authorities.

2.  
Where relevant, the EDPS shall engage in mutual assistance and take part in joint operations with national supervisory authorities, each acting within the scope of their respective competences as set out in the Regulation, the GDPR and other relevant acts of Union law.
3.  
The EDPS may take part upon invitation in an investigation by a supervisory authority or invite a supervisory authority to take part in an investigation in accordance with the legal and procedural rules applicable to the inviting party.

Article 27

International cooperation

1.  
The EDPS shall promote best practices, convergence and synergies on the protection of personal data between the European Union and third countries and international organisations, including through participation in relevant regional and international networks and events.
2.  
Where appropriate, the EDPS shall engage in mutual assistance in the investigative and enforcement actions of supervisory authorities of third countries or international organisations.

TITLE V

GENERAL PROVISIONS

Article 28

Consultation with the Staff Committee

▼M1

1.  
The Staff Committee, representing the staff of the EDPS, including the EDPB secretariat, shall be consulted on draft decisions relating to the implementation of the Staff Regulations of officials of the European Union and the Conditions of Employment of other servants of the European Union laid down by Regulation (EEC, Euratom, ECSC) No 259/68 and may be consulted on any other question of general interest concerning the staff. The Staff Committee shall be informed of any question related to the execution of its tasks.

▼B

2.  
The Staff Committee shall contribute to the good functioning of the EDPS, including the EDPB secretariat by making proposals on organisational matters and working conditions.

▼M1 —————

▼B

Article 29

Data Protection Officer

1.  
The EDPS shall appoint a Data Protection Officer (DPO).
2.  
The DPO shall be consulted, in particular, when the EDPS as controller intends to apply a restriction based on the internal rules implementing Article 25 of the Regulation.
3.  
In accordance with point IV(2)(viii) of the Memorandum of Understanding between the EDPS and the EDPB, the EDPB has a separate DPO. In accordance with point IV(4) of the Memorandum of Understanding between the EDPS and the EDPB, the DPO of the EDPS and of the EDPB shall meet regularly in order to ensure that their decisions remain consistent.

Article 30

Public access to documents and Transparency Officer of the EDPS

The EDPS shall designate a Transparency Officer to ensure compliance with Regulation (EC) No 1049/2001 of the European Parliament and of the Council ( 5 ), without prejudice to the handling of public access to documents requests by the EDPB secretariat in accordance with point IV(2)(iii) of the Memorandum of Understanding between the EDPS and the EDPB.

Article 31

Languages

1.  
The EDPS is committed to the principle of multilingualism, as cultural and linguistic diversity is one of the cornerstones and assets of the European Union. The EDPS strives to find a balance between the principle of multilingualism and the obligation to ensure sound financial management and savings for the budget of the European Union, hence making a pragmatic use of its limited resources.
2.  
The EDPS shall respond to any person addressing it on a matter falling within its competence in one of the official languages of the European Union in the same language used to address it. All complaints, requests for information and any other requests may be sent to the EDPS in any of the official languages of the European Union, and shall be answered in the same language.
3.  
The website of the EDPS shall be available in English, French and German. Strategic documents of the EDPS, such as the strategy for the mandate of the European Data Protection Supervisor, shall be published in English, French and German.

Article 32

Support services

The EDPS may enter into cooperation agreements or service level agreements with other institutions, and may participate in inter-institutional calls for tenders resulting in framework contracts with third parties for the provision of support services to the EDPS and the EDPB. The EDPS may also sign contract with external service providers in accordance with the procurement rules applicable to the institutions.

Article 33

Authentication of decisions

▼M1

1.  
The decisions of the EDPS shall be authenticated by the apposition of the signature by the European Data Protection Supervisor or the Head of the EDPS Secretariat as provided for in this Decision. Such signature may be handwritten or in electronic form.

▼B

2.  
In case of delegation or deputising in accordance with Article 11, the decisions shall be authenticated by the apposition of the signature of the person to whom the power has been delegated or of the person deputising. Such signature may be handwritten or in electronic form.

Article 34

Remote working at EDPS and electronic documents

1.  
By decision of the European Data Protection Supervisor, the EDPS may implement a system of remote working by all or part of its staff. This decision shall be communicated to the staff and published on the EDPS and EDPB websites.
2.  
By decision of the European Data Protection Supervisor, the EDPS may determine the conditions of validity of electronic documents, electronic procedures and electronic means of transmission of documents for the EDPS’ purposes. This decision shall be communicated to the staff and published on the EDPS website.
3.  
The Chair of the EDPB shall be consulted where those decisions concern the EDPB Secretariat.

Article 35

Rules for the calculation of periods, dates and time limits

The EDPS shall apply the rules for calculation of periods, dates and time limits established under Regulation (EEC, Euratom) No 1182/71 of the Council ( 6 ).

TITLE VI

FINAL PROVISIONS

Article 36

Supplementary measures

The European Data Protection Supervisor may further specify the provisions of this Decision by adopting implementing rules and supplementary measures relating to the functioning of the EDPS.

Article 37

Repeal of Decision 2013/504/EU of the European Data Protection Supervisor

Decision 2013/504/EU of the European Data Protection Supervisor ( 7 ) is repealed and replaced by this Decision.

Article 38

Entry into force

This Decision shall enter into force on the day following its publication in the Official Journal of the European Union.



( 1 ) Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).

( 2 ) Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (“the EPPO”) (OJ L 283, 31.10.2017, p. 1).

( 3 ) Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ L 295, 21.11.2018, p. 138).

( 4 ) Council Decision 2009/917/JHA of 30 November 2009 on the use of information technology for customs purposes (OJ L 323, 10.12.2009, p. 20).

( 5 ) Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ L 145, 31.5.2001, p. 43).

( 6 ) Regulation (EEC, Euratom) No 1182/71 of the Council of 3 June 1971 determining the rules applicable to periods, dates and time limits OJ L 124, 8.6.1971, p. 1).

( 7 ) Decision 2013/504/EU of the European Data Protection Supervisor of 17 December 2012 on the adoption of Rules of Procedure (OJ L 273, 15.10.2013, p. 41).

Top