Newsletter (110)

We are so pleased and thankful to have been able to welcome 800 of you both in person and online at our EDPS Summit: Rethinking data in a democratic society on 20 June 2024! 

For our 20th anniversary, we brought together a variety of experts: from privacy, tech, policy-makers and other influential voices from the public and private sector to discuss the role of a state in times of ever-growing collection of personal data, and what part data protection should play in modern democracies. 
Missed it? Don’t worry; you can catch up on all the Summit’s main and side sessions by watching their video recordings, now all available on the EDPS’ 20th anniversary website. 

The Summit was architected around 5 main sessions, as well as 5 side events to delve deeper on adjacent data protection topics, facilitate exchanges of views, share best practices to shape a safer digital future. 

During the main session on “what is 'data protection' protecting?" our panellists debated on the role of data protection in responding to societal challenges in the digital world, its limits, misconceptions, and untapped potential. 

Then it was time for our second round of experts to discuss the suitability of data protection law for public authorities. During this session, guest speakers questioned whether data protection can effectively curb EU public administration’s data collection practices. As a follow-up, they were invited to share their views on whether data protection law was adequately capturing recent technologies advancements and practices, particularly in light of the EU’s interoperability framework that is underway. 

Soon after, our third main session on possible pathways towards building a functioning democratic oversight took place. Conversations geared towards evaluating whether data protection alone is a sufficient safeguard when data is processed for national security purposes.  

As the Summit progressed, it was time to focus on putting data protection in practice. In the fourth main session, panellists concentrated on the functioning, effectiveness and proactiveness of the GDPR, how the latter can serve as a tool to determine the future, as well as the role of privacy and data protection authorities in these contexts. 

Once the state of play of data protection was dissected, the fifth and final main session of the Summit focused on the future of privacy, for stronger data protection in modern democracies. 

On the margins of these main sessions, we also hosted a book club, unveiling our latest publication “Two decades of personal data protection: What next?”, as homage to our 20th anniversary as the independent data protection authority of EU institutions, bodies, offices and agencies. Additionally, a side session on the challenges that data protection officers encounter in their role, and another on disinformation took place. Our last side session covered the collective and individual aspects of privacy and data protection. 

Check out the EDPS’ 20th anniversary website to catch up on all the video recordings of the main sessions and side sessions of the Summit, photos and 20th anniversary book.

On Wednesday 19 June, the EDPS and the Data Protection Officers' (DPO) network of the EU institutions, bodies, offices and agencies (EU institutions) met for the first traditional bi-annual meeting of the year.

All EU institutions have a data protection officer to ensure their compliance with EU data protection law. The role of a DPO requires independence from the EU institution they work for and expertise in data protection law. The EDPS - DPO network has fostered its collaboration over the last 20 years to embrace technological change whilst making sure that the personal data that EU institutions process is adequately protected.

Each EDPS- DPO meeting is prepared with a DPO support group - a rotating group of DPO volunteers - to guarantee that the topics and pressing issues brought to the meeting are relevant to DPOs. Therefore, it is no surprise that a large part of this edition of the EDPS-DPO meeting focused on Artificial Intelligence. The various sessions on AI covered AI correspondents, the development and use of AI in the EU institutions, followed by a presentation delivered by the data protection authority of France, which included practical recommendations concerning AI.

One of the priorities of the EDPS - DPO meeting is the practical application of data protection law to concrete situations that DPOs and their EU institutions may be confronted with. As such, a number of workshops were organised during the day, including on AI and data protection assessments, data subject access requests. 

The meeting was also an opportunity for the EDPS to provide an update on their work, and how this may impact DPOs’ work. Reciprocally, feedback and views provided by DPOs help inform the EDPS’ work on how to continue their tailored support to them.

Read blogpost on the EDPS-DPO network meeting by EDPS Secretary-General. 

The EDPS and the AEPD, the Data Protection Authority of Spain, have issued together a TechDispatch on Neurodata.

The brain, together with the spinal cord, makes up the central nervous system, which plays the crucial role of regulating and coordinating various bodily functions, including cognitive capabilities. In this TechDispatch, Neurodata are defined as the information directly gathered from the brain and/or from the nervous system and the conclusions drawn from on this data, such as emotional cues or preferences.

Over the years, several techniques have been developed to interpret the functions of the human brain, especially in the context of clinical medicine and neuroscientific research, allowing for progress in treatments for migraine and other disorders.

However, there is a worrying trend of ethically and legally questionable uses of neurotechnologies, for example the use of neurodata for marketing purposes. Some of these practices may be incredibly invasive, pose unacceptable risks to fundamental rights, and unlawful under EU data protection law.

In this Techdispatch, the EDPS and AEPD break down some of the methods used to process neurodata and their impact on the protection of your personal data and on privacy. This issue delves into some concrete scenarios to help you better understand neurodata processing. For those interested in learning more, this TechDispatch includes a list of further reading. 

Read TechDispatch on Neurodata available in English and Spanish.

On 25th June 2024, the EDPS issued an Opinion on the European Commission’s proposed Regulation on the General Fisheries Commission for the Mediterranean Agreement Area (GFCM).

The objective of the proposal is to integrate into EU law the measures adopted by the GFCM on the conservation and management of fisheries, to promote responsible and sustainable use of living marine resources and development of aquaculture in the Mediterranean and Black Sea.

The proposal may involve personal data processed by competent authorities in the context of activities related to fishing vessels.

To this end, the EDPS welcomes that the proposal includes the following elements:

• the protection of personal data and maintaining confidentiality;
• the retention period of personal data;
• the roles and responsibilities of the competent authorities processing personal data;

The EDPS’ recommendations focus on:

• the need to identify the fisheries databases and the users of these databases;
• the need to ensure appropriate safeguards for international transfers outside of the European Economic Area, since the GFCM is a regional fisheries management organisations established under the Food and Agriculture organisation of the United Nations. 

Read all the details in our Opinion, available here.

What goes on behind-the-scenes at the EDPS? Who are the people advising, monitoring and ensuring that EU institutions are protecting your personal data and respecting the EUDPR.

Coming from all corners of the EU, meet #teamEDPS colleagues from the Supervision & Enforcement, Policy & Consultation, Technology & Privacy, Human Resources, Budget & Administration and Governance & Internal Compliance Units.

In this short video, they share a sneak peek of the tasks they accomplish in their day-to-day work to help the EDPS shape a safer digital future.

Watch the video now.
Why not join us! Our latest vacancies can be found here.

Keynote Speech by Wojciech Wiewiórowski at the European Data Protection Summit: 'Rethinking Data in a Democratic Society', Brussels, Belgium.