In 2018, the EDPS developed the Website Evidence Collector (WEC) to use it in its own remote website audits and investigations.
The WEC collects evidence of personal data processing, such as cookies and similar tracking technologies. The collection parameters are configured before running the tool and then collection is carried out automatically. The collected evidence, structured in a human- and machine-readable format (HTML and YAML) and allows website controllers, data protection officers and end users to understand better which information is transferred and stored during a visit of a website.
The WEC source code is available on the EU’s JoinUp platform and on GitHub under the European Union Public Licence (EUPL v1.2) and can be installed on Windows, Mac and Linux computers. The WEC provides website owners and data controllers with the means to self-assess their websites’ compliance and foster accountability. Consumers and NGOs can use the WEC to check if websites comply with the regulatory framework.
More information on the WEC here.
EU Voice and EU Video
In 2022, the EDPS launched the public pilot phase of two social media platforms: EU Voice and EU Video. The two platforms are part of decentralised, free and open-source social media networks that connect users in a privacy-oriented environment, based on Mastodon and PeerTube software.
EU institutions, bodies, offices and agencies (EUIs) participating in the pilot phase of these platforms are able to interact with the public by sharing short texts, images and videos on EU Voice; and by sharing, uploading, commenting videos and podcasts on EU Video.
The pilot phase contributes to the European Union’s strategy for data and digital sovereignty to foster Europe’s independence in the digital world.
In 2023, the EDPS started piloting the use of the Open Source Software Nextcloud and Collabora Online, based on LibreOffice technology. Together, they offer the possibility to share files, send messages, make video calls, and allows collaborative drafting, in a secured cloud environment.
The contract negotiated by the EDPS with an EU-based service provider offers all EU institutions, bodies, offices and agencies (EUIs) to participate in the pilot, and ensures compliance with the EU’s data protection law applicable to EUIs, Regulation (EU) 2018/1725, as well as other rules specifically applicable to EUIs as an international organisation.
By procuring the Open Source Software from one single entity in the EU, not only the use of sub-processors is avoided, but also data transfers to non-EU countries, which allows for a more effective control over the processing of personal data.
The pilot phase is part of a larger IT reflection process that the EDPS started last year aimed at encouraging EUIs to consider alternatives to large-scale service providers to ensure better compliance with Regulation (EU) 2018/1725.