skip to Main Content
BY THE EUROPEAN DATA PROTECTION SUPERVISOR: EDPS Annual Report 2020: Data Protection During COVID-19

BY THE EUROPEAN DATA PROTECTION SUPERVISOR: EDPS Annual Report 2020: data protection during COVID-19

This post is also available in: Italiano Español Français

Today, European Data Protection Supervisor presented its Annual Report 2020. The Report presents how the EDPS continued to fulfil its role as the data protection authority for EU institutions, agencies and bodies (EUIs) in the context of the pandemic.

This report is a testimony to the resilience and professionalism of the EDPS staff, who, despite the difficulties we were all facing because of the pandemic, managed to strengthen the role of the EDPS as a supervisory authority and as an advisor to the EU lawmaker. I am very happy that the EDPS was not only able to address new challenges stemming from the pandemic, but also maintained strong oversight of the EUIs.

Acknowledging the particular challenge and responsibility posed by the pandemic to data protection authorities, the EDPS established an internal COVID-19 taskforce, composed of members of all the EDPS’ units and sectors, to coordinate and proactively undertake actions related to the interplay between privacy and the pandemic. Believing in the need for a unified response at EU level, the EDPS called for a pan-European approach to combat the virus, especially in the context of contact tracing apps.

While almost all core activities were performed remotely, the EDPS, nevertheless, maintained strong oversight of the EUIs concerning the processing of individuals’ personal data. Examples demonstrating this include, the conclusion of the investigation into the use of cloud products and services by EUIs and the investigation into the processing of large data sets by Europol, followed by the use of corrective powers. Remote audits further contributed to the strong supervision of EUIs and, through the use of online tools, the EDPS was able to carry out more audits than ever before.

In 2020, the EDPS also demonstrated its commitment to ensuring that EUIs comply with the “Schrems II” Judgement of the Court of Justice by publishing its own strategic document. Protecting the data of EU citizens when processed in non-EU countries will remain a top priority for the EDPS in 2021.

Despite the pandemic, the EDPS issued a record number of legislative Opinions and Comments as a trusted advisor to the European Commission, the Council and the European Parliament. Examples of these include, the Opinions on the European strategy for data, on Artificial Intelligence, or on the proposed temporary derogations from the e-privacy framework. The EDPS also issued Opinions on its own initiative on the use of data for scientific research and health-related purposes to name a few.

The EDPS further increased its monitoring of technologies, acting as a reference point when it comes to analysing technological developments and their impact on privacy and data protection. In the past year, the EDPS also developed open source software tools for the automation of privacy and personal data protection inspections of websites.

The EDPS also continued to contribute to the activities of the European Data Protection Board (EDPB). Answering the calls for a closer cooperation between data protection authorities, the EDPS proposed the establishment of the Support Pool of Experts which aims to bring together the EDPB members’ efforts to address the need for a stronger enforcement of EU data protection laws.

2020 also marked the beginning of a new EDPS mandate and the unveiling of the EDPS Strategy 2020-2024. As such, the EDPS started to work towards meeting its objectives according to three strategic pillars: Foresight, Action, Solidarity. The overarching priority of the EDPS, as set out in its Strategy, is to shape a safer digital future.

Within its specific role in the EU institutional landscape, and equipped with the unique expertise and knowledge of his staff, the EDPS is even more committed to acting as a centre of gravity and as a global leading institution for the promotion and protection of the fundamental rights to privacy and data protection in Europe and beyond.

The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.

EDPS-2021-08-AR_2020_EN

SOURCE: GARANTE EUROPEO PER LA PROTEZIONE DEI DATI  – EDPS

Back To Top