2013/504/EU: Decision of the European Data Protection Supervisor of 17 December 2012 on the adoption of Rules of Procedure

1.

Summary of Legislation

Rules of Procedure of the European Data Protection Supervisor

Since 2004, the European Data Protection Supervisor has grown from a small body comprising two Members and a Secretariat to one employing over 50. Reorganised in 2010, adopting Rules of Procedure in 2012 marked the institution’s coming of age.

ACT

Decision of the European Data Protection Supervisor 2013/504/EU of 17 December 2012 on the adoption of Rules of Procedure.

SUMMARY

The European Data Protection Supervisor (EDPS) is an independent supervisory authority that ensures that personal data and privacy are respected by European Union (EU) institutions and bodies. Its powers are set out in Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Its role falls under three headings:

  • Supervision: ensuring that EU institutions and bodies process personal data of EU staff and others lawfully. Data controllers need to respect obligations, such as only processing personal data for the specific and legitimate reason stated when the data are collected. The data subject (the person whose data are processed) has enforceable rights, such as the right to be informed about the processing and the right to correct data. All EU institutions/bodies must have an internal Data Protection Officer. The EDPS also investigates complaints lodged by individuals who consider their personal data-related rights have been infringed by an EU institution or body.
  • Consultation: the EDPS advises the European Parliament, Council and Commission in respect of the data protection impact of new draft laws and other issues relating to citizens’ privacy. The EDPS is monitoring closely the review of the data protection legal framework.
  • Cooperation: the EDPS cooperates with other data protection authorities to encourage a consistent approach to data protection issues throughout Europe. The central platform for cooperation with national supervisory authorities is the Article 29 Working Party.

The EDPS adopted Rules of Procedure in 2012. While reiterating many of the principles laid down in Regulation (EC) No 45/2001, they also lay down detailed rules on internal decision-making processes, the roles of the Supervisors and the Management Board, the organisation and working of the Secretariat, planning, internal administration and the openness and transparency of the institution.

Background

Since the EDPS was established in 2004, major changes in the legal, economic and technological context have occurred. The Lisbon Treaty confirmed data protection as a general principle of EU law, and a number of European Court of Justice decisions have underlined the importance of privacy and data protection as an integral part of EU decision-making.

REFERENCES

 

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Decision 2013/504/EU

18.12.2012

-

OJ L 273 of 15.10.2013

RELATED ACT

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001).

Last updated: 27.06.2014

This summary has been adopted from EUR-Lex.

2.

Legislative text

2013/504/EU: Decision of the European Data Protection Supervisor of 17 December 2012 on the adoption of Rules of Procedure