Under EU law, all EU institutions, bodies, offices and agencies (EUIs) are required to appoint a data protection officer (DPO). To strengthen the effectiveness and independence of this function, the European Data Protection Supervisor (EDPS) has adopted two key documents clarifying the role and protection of DPOs within EUIs.
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the Digital Omnibus Regulation proposal.* This proposal aims to simplify the EU's digital regulatory framework, reduce administrative burden and enhance the competitiveness of European organisations.
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted a Joint Opinion on the European Commission’s Proposal for the ‘Digital Omnibus on AI’.
The European Data Protection Supervisor (EDPS) has issued its Opinion on the European Commission’s Proposal to amend Regulation (EU) No 904/2010, aimed at strengthening the fight against intra-Community value added tax (VAT) fraud by granting the European Public Prosecutor’s Office (EPPO) and the European Anti-Fraud Office (OLAF) specific direct and
The European Data Protection Supervisor (EDPS) today published its revised and updated guidelines on the use of generative Artificial Intelligence (AI) and processing of personal data by EU institutions, bodies, offices, and agencies (EUIs), reflecting the fast-moving technological landscape and the evolving challenges posed by generative AI systems.
The EU Entry/Exit System (EES) entered into operation on 12 October 2025. The EES is a large scale IT system developed by the EU to prevent irregular migration and enhance security in the Schengen area. This automated system registers which travellers from third countries, with or without a visa, enter and exit the Schengen area. It records personal data from travel documents such as name, date of birth, and place of birth.
On 17 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on the negotiating mandate for a framework agreement between the European Union and the United States of America on the exchange of information for security screenings and identity verifications.
On 4 September 2025, the European Data Protection Supervisor (EDPS) issued an Opinion on two Proposals: one to authorise the signing, on behalf of the European Union, of the United Nations Convention against Cybercrime, and the other to authorise the conclusion, on behalf of the European Union, of the same Convention.
Following enforcement proceedings by the European Data Protection Supervisor (EDPS), the European Commission has demonstrated compliance with Regulation (EU) 2018/1725 in relation to its use of Microsoft 365 as examined by the EDPS. This follows the EDPS’ Decision of 8 March 2024, which identified a number of infringements and imposed corrective measures on the Commission.
Brussels, 9 July 2025 - The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) issued today a Joint Opinion on the European Commission’s Proposal for a Regulation amending certain regulations, including the GDPR.
The EDPS recently published its Guidance for co-legislators, on key elements to consider when drafting legislative proposals and other acts that imply the processing of individuals’ personal data. With the Guidance published recently, the EDPS provides practical guidance for the EU co-legislators to uphold the highest standard of the fundamental rights to privacy and data protection. The EDPS will continue to provide its recommendations to EU co-legislators where there is an impact on the protection of individuals’ rights and freedoms with regard to the processing of personal data.
The EDPS presented its Annual Report 2024 today, concluding its 2020 - 2024 Mandate focusing on shaping a safer digital future, and marking the institution’s two-decades of protecting people’s privacy and personal data.
Demonstrating our commitment to the consistent application and enforcement of data protection across the EU institutions (EUIs) and the EU as a whole, the EDPS is participating in the European Data Protection Board’s (EDPB) Coordinated Enforcement Action on the right to erasure of personal data.
The European Data Protection Supervisor (EDPS) has released today its findings on the enforcement of individuals’ right of access to their personal data when processed by EU institutions, bodies, offices, and agencies (EUIs). These findings are part of the European Data Protection Board’s (EDPB) broader Coordinated Enforcement Action initiated in February 2024.
The EDPS reprimands Frontex, the European Border and Coast Guard Agency, for not complying with Regulation (EU) 2019/1896 (Frontex Regulation), when transmitting personal data of suspects of cross-border crimes to Europol, the EU’s agency for law enforcement cooperation.
The European Data Protection Supervisor (EDPS) is examining the European Commission’s compliance with its decision of 8 March 2024 regarding the use of Microsoft 365.
Under the decision, the European Commission had until yesterday, 9 December 2024, to demonstrate compliance with EDPS orders. On 6 December 2024, the Commission submitted to the EDPS a report on compliance with the EDPS decision of 8 March 2024.
From 9 to 11 October 2024, the European Data Protection Supervisor (EDPS) Wojciech Wiewiórowski participated in the 4th edition of the G7 Data Protection Authorities (DPA) Roundtable in Rome, Italy. This annual event, hosted by the Italian Data Protection Authority, brought together privacy and data protection regulators from Canada, France, Germany, Japan, the United Kingdom, the United States, the European Data Protection Board (EDPB) and the EDPS.
The EDPS has published today its Model Administrative Arrangement (Model) for transfers of personal data from EU institutions, bodies, offices and agencies (EUIs) to International Organisations.
The EDPS has published today its guidelines on generative Artificial Intelligence and personal data for EU institutions, bodies, offices and agencies (EUIs). The guidelines aim to help EUIs comply with the data protection obligations set out in Regulation (EU) 2018/1725, when using or developing generative AI tools.