Two decades of protecting privacy and data protection to fuel the future

Wojciech Wiewiórowski

20 years ago, on 17 January 2004, the EDPS set out on its mission to build an independent authority that protects people’s fundamental rights to privacy and data protection.

Since then, the way personal data is processed and the digital landscape as a whole have considerably evolved. The EDPS too has changed. As an institution, we have become stronger, bolder, with one constant drive: our appetite and ambition to protect people, to influence and steer the development of data protection and its governing rules across the European Union (EU).

The EDPS’ expertise spans four mandates, each embodying various priorities to shape the data protection landscape that we know today.

Looking back, the first mandate laid the first stepping-stone towards upholding privacy in the EU institutions, bodies, offices and agencies (EUIs), with the pursuit of many ground-breaking initiatives including the first complaints, legislative consultations, or the creation of the EDPS - data protection officers’ network of EUIs. During the second mandate, the EDPS championed excellence in data protection, bolstered by the entry into force of the Lisbon Treaty, which crystallised data protection as a directly enforceable right for everyone. The third mandate was marked by a revolution in data protection law with the entry into force of the General Data Protection Regulation for the EU/ the European Economic Area and Regulation (EU) 2018/1725 for the EUIs. The EDPS was, and continues to be, instrumental in the development, enforcement and practical application of these key pieces of legislation, therefore contributing to elevating data protection principles to a global standard. In this current and fourth mandate, the EDPS aims to promote a safer digital future for the EU and a positive vision of digitisation that values and respects all individuals, in particular the most vulnerable.

Reflecting on the progress made, the mountains conquered, and lessons learned, I am fuelled with the determination to tackle the challenges that lie ahead, to continue to shape the digital world of tomorrow.

As such, I see the celebration of the EDPS’ 20th anniversary as an opportunity to take stock of the past and to build on the present to approach the upcoming challenges in a way that respects individuals’ privacy and leaves no one behind.

To achieve this, my institution has chosen to base its anniversary on four key pillars - all designed to highlight the importance and impact of data protection, which you can follow on the dedicated EDPS 20th Anniversary website.

Preparing for the data protection landscape of tomorrow requires an acute understanding of past, present and possible future dynamics between data protection, privacy, technology, policy and other fields.

To this end, the first pillar is composed of a book and a timeline that analyses key data protection milestones and the EDPS’ influence and history in this remit over the last two decades, as well as an in-depth analysis of what is yet to come.

To inform our work as a data protection authority going forward, we must also be able to learn from others. Our second pillar comprises 20 talks with leading voices from around the world who share their unique perspective on how data protection and privacy shapes their respective fields.

With a view of modernising the EDPS’ approach to anticipate and tackle future challenges, our third pillar includes 20 initiatives aimed at further emboldening individuals’ fundamental rights.

The fourth pillar is our European Data Protection Summit - Rethinking Data in a Democratic Society, taking place on 20 June 2024, in Brussels, Belgium. During this event, we aim to foster dynamic and open discussions on the role of privacy and data protection in modern democracies by examining, in particular, the role of a state at a time of an ever-growing collection of information about citizens.

With these four pillars, the EDPS, as a responsible and forward-looking data protection authority, aims to anticipate the challenges and opportunities ahead in order to equip itself with enforceable regulatory tools that protect individuals’ personal data, in an era where data is pivotal in shaping the digital landscape, businesses, governments and other entities.

My institution will continuously work on these four pillars in the coming months. You can follow our progress on the dedicated EDPS 20th Anniversary website.