Document 32022Q1024(01)

Help

Decision of the European Data Protection Supervisor (EDPS) of 14 October 2022 amending the Rules of Procedure of the EDPS of 15 May 2020

OJ L 274, 24.10.2022, p. 78–80 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

Legal status of the document In force

ELI: http://data.europa.eu/eli/proc_rules/2022/1024/oj

HTML

PDF

Official Journal

24.10.2022

Official Journal of the European Union

L 274/78

DECISION OF THE EUROPEAN DATA PROTECTION SUPERVISOR (EDPS)

of 14 October 2022

amending the Rules of Procedure of the EDPS of 15 May 2020

THE EUROPEAN DATA PROTECTION SUPERVISOR,

Having regard to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (1) (the ‘Regulation’), and in particular, Articles 54(4) and 57(1)(q) thereof,

Whereas:

(1)

In accordance with Article 54(4) of Regulation (EU) 2018/1725, the European Data Protection Supervisor is to be assisted by a secretariat, whose officials and other staff members are appointed by him or her. The EDPS Rules of Procedure of 15 May 2020 (2) adopted in accordance with Article 57(1)(q) of the Regulation provide, in their Chapter III, some of the provisions necessary to organise the work of the Secretariat. However, it is appropriate to clearly distinguish the essential procedural provisions governing the performance of the tasks of the EDPS from the provisions concerning the organisational structure of the EDPS’ secretariat; these latter should not be found in the Rules of procedure.

(2)

In particular, the following provisions do not need to be included in the Rules of Procedure, as they do not concern the procedures to be followed by the EDPS: the specific articulation of the posts in the management functions, in particular with regard to the role and functions of the Director; the designation of the Appointing Authority within the meaning of the Staff Regulations of officials of the European Union laid down by Council Regulation (EEC, Euratom, ECSC) No 259/68 (3); the designation of who is authorised to exercise the powers to conclude contracts of employment within the meaning of Article 6 of the Conditions of Employment of other servants of the European Union laid down by Regulation (EEC, Euratom, ECSC) No 259/68.

(3)

Any data subject has the right to lodge a complaint with the European Data Protection Supervisor if he or she considers that the processing of personal data relating to him or her by Union institutions, offices, bodies or agencies does not comply with Regulation (EU) 2018/1725 and other applicable legal acts. Article 57(1)(e) Regulation (EU) 2018/1725 provides that the EDPS should handle such complaints and investigate, to the extent appropriate, the subject matter of the complaint. In so doing, the EDPS should, inter alia, take into account the exact date on which the underlying events occurred, whether the conduct in question ceased to generate effects, the effects were removed or an appropriate guarantee of such a removal was provided. Given that the likelihood of establishing that a violation has occurred, and that the significance of its impact on data subjects tend to decrease with the passing of time, it is appropriate to establish a time-limit for submitting complaints to the EDPS. The EDPS should therefore declare inadmissible and not handle a complaint lodged more than two years after the complainant became aware of the alleged violation, except in duly justified and exceptional circumstances, e.g. if there were legitimate reasons for the complainant not to act in time.

(4)	After consulting the Staff Committee,

HAS ADOPTED THIS DECISION:

Article 1

The Rules of Procedure of the EDPS of 15 May 2020 are amended as follows:

(1)	Article 9 is repealed.

(2)

Article 10 is replaced by the following:

‘Article 10

Management Meeting

1. The Management Meeting shall ensure strategic oversight of the work of the EDPS. It shall comprise the European Data Protection Supervisor, the Head of the EDPS Secretariat, the senior and middle managers, as well as the other officials that contribute to the strategic oversight of the work of the EDPS as determined by the European Data Protection Supervisor.

2. Where the Management Meeting concerns issues relating to human resources, budget, finance or administrative matters relevant for the EDPB or the EDPB secretariat, it shall also comprise the Head of the EDPB secretariat.

3. The Management Meeting shall be chaired by the European Data Protection Supervisor, or in cases he or she is unable to attend the meeting, by the Head of EDPS Secretariat.

4. The Head of Secretariat shall ensure the proper functioning of the secretariat of the Management Meeting.

5. The meetings shall not be public. Discussions shall be confidential.’

(3)

Article 11 is replaced by the following:

‘Article 11

Delegation of tasks and deputising

1. The European Data Protection Supervisor may delegate to the Head of the EDPS Secretariat, where appropriate and in accordance with the Regulation, the power to adopt and sign legally binding decisions, the substance of which has already been determined by the European Data Protection Supervisor.

2. The European Data Protection Supervisor may also delegate, where appropriate and in accordance with the Regulation, to the Head of the EDPS Secretariat or to the Head of Unit or Head of Sector concerned, the power to adopt and sign other documents.

3. Where powers have been delegated to the Head of the EDPS Secretariat pursuant to paragraphs 1 or 2, this latter may sub-delegate them to the concerned Head of Unit or Head of independent Sector reporting directly to the Head of the EDPS secretariat.

4. Where the European Data Protection Supervisor is prevented from exercising his or her functions or the post is vacant, the Head of the EDPS Secretariat, where appropriate and in accordance with the Regulation, shall perform tasks and duties of the European Data Protection Supervisor which are necessary and urgent to ensure business continuity.

5. Where the Head of the EDPS Secretariat is prevented from exercising his or her functions or the post is vacant and no official has been designated by the European Data Protection Supervisor, the functions of the Head of the EDPS Secretariat shall be exercised by the Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat with the highest grade or, in the event of equal grade, by the Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat with the highest seniority within the grade or, in the event of equal seniority, by the eldest. The Head of the EDPB secretariat may not deputise for the Head of the EDPS secretariat.

6. If there is no Head of Unit or Head of independent sector reporting directly to the Head of the EDPS secretariat available to exercise the duties of the Head of the EDPS Secretariat as specified under paragraph 5 and no official has been designated by the European Data Protection Supervisor, the official with the highest grade or, in the event of equal grade, the official with the highest seniority in the grade or, in the event of equal seniority, the one who is eldest, shall deputise. The staff members of the EDPB secretariat may not deputise for the Head of the EDPS secretariat.’

(4)	Article 12 is repealed.

(5)	In Article 16, the following subparagraph is added to paragraph 4: ‘The EDPS shall declare inadmissible and not handle complaints lodged more than two years after the complainant became aware of the alleged breach, except in duly justified and exceptional circumstances’

(6)

In Article 20, paragraph 1 is replaced by the following:

‘1. In response to requests from the Commission pursuant to Article 42(1) of the Regulation, the EDPS shall issue an opinion where the request concerns a proposal for a legislative act or a recommendation or proposal to the Council pursuant to Article 218 TFEU. Where the request concerns a draft delegated act or implementing act, the EDPS shall issue formal comments.’

(7)

In Article 28, paragraph 1 is replaced by the following:

‘1. The Staff Committee, representing the staff of the EDPS, including the EDPB secretariat, shall be consulted on draft decisions relating to the implementation of the Staff Regulations of officials of the European Union and the Conditions of Employment of other servants of the European Union laid down by Regulation (EEC, Euratom, ECSC) No 259/68 and may be consulted on any other question of general interest concerning the staff. The Staff Committee shall be informed of any question related to the execution of its tasks.’

and paragraph 3 is repealed.

(8)

In Article 33, paragraph 1 is replaced by the following:

‘1. The decisions of the EDPS shall be authenticated by the apposition of the signature by the European Data Protection Supervisor or the Head of the EDPS Secretariat as provided for in this Decision. Such signature may be handwritten or in electronic form.’

Article 2

This Decision shall enter into force 20 days following its publication in the Official Journal of the European Union.

Done at Brussels, 14 October 2022.

For the EDPS

Wojciech Rafał WIEWIÓROWSKI

European Data Protection Supervisor

(1) OJ L 295, 21.11.2018, p. 39.

(2) OJ L 204, 26.6.2020, p. 49.

(3) Regulation (EEC, Euratom, ECSC) No 259/68 of the Council of 29 February 1968 laying down the Staff Regulations of Officials and the Conditions of Employment of Other Servants of the European Communities and instituting special measures temporarily applicable to officials of the Commission (Conditions of Employment of Other Servants) (OJ L 56, 4.3.1968, p. 1), consolidated text available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A01962R0031-20220101

Top