In February 2023, the EDPS has started piloting the use of the Open Source Software Nextcloud and Collabora Online (based on LibreOffice technology). Together, they offer the possibility to share files, send messages, make video calls, and allows collaborative drafting, in a secured cloud environment.
The contract negotiated by the EDPS with an EU-based service provider is accessible to all EU institutions, bodies, offices and agencies (EUIs), and ensures compliance with the EU’s data protection law applicable to EUIs, Regulation (EU) 2018/1725, as well as other rules specifically applicable to EUIs as an international organisation.
Wojciech Wiewiórowski, EDPS, said: “Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly.”
By procuring the Open Source Software from one single entity in the EU, the use of sub-processors is avoided. In doing so, the EDPS avoids data transfers to non-EU countries and allows for a more effective control over the processing of personal data.
The EDPS will assess in the coming months how these tools can support EUIs’ day-to-day work. This pilot phase is part of a larger IT reflection process that the EDPS already started last year aimed at encouraging EUIs to consider alternatives to large-scale service providers to ensure better compliance with Regulation (EU) 2018/1725.
The rules for data protection in the EU institutions, as well as the duties of the European Data Protection Supervisor (EDPS), are set out in Regulation (EU) 2018/1725.
The EDPS is the independent supervisory authority with responsibility for monitoring the processing of personal data by the EU institutions and bodies, advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection. Our mission is also to raise awareness on risks and protect people’s rights and freedoms when their personal data is processed.
Wojciech Wiewiórowski (EDPS) was appointed by a joint decision of the European Parliament and the Council to serve a five-year term, beginning on 6 December 2019.