Presentation at Data protection in the Western Balkans and the Eastern Partnership Region. High-level exchange and learning week organised by SIGMA, GIZ, RCC and ReSPA.

1. EUROPEAN
DATA
PROTECTION
SUPERVISOR
The EU’s independent data
protection authority
Policy & Consultation Unit
Meeting DPAs from
Western Balkans and
Eastern Partnership
countries
19 September 2023

2. 2

3. EDPS Organigramme
POLICY AND
CONSULTATION
Valid as from 10/10/2022
MARIO
GUGLIELMETTI
Legal officer
ANNA
BUCHTA
Head of Unit
NIKSA
STOLIC
Legal officer
MATTHIAS POLLMANN
Legal officer
GEOFFREY
DEVIN
Legal officer
FLORENCE DOSE
Administrative
Assistant
VERONIQUE
CIMINA
Legal officer
BRENDAN VAN
ALSENOY
Deputy Head of Unit
CLAIRE AGNÈS MARNIER
Legal officer
MARIA TIGANITAKI
Administrative Assistant
ANA SOFIA
JIMENEZ
Secretary
AGNIESZKA
ZAPOROWICZ
Legal officer
MICHÈLE
DUBROCARD
Legal officer
Data protection notice
OLIVIER MATTER
Head of Activity –
International
Cooperation
International
cooperation
Secretariat
Justice and Home
Affairs Matters
Policy and
consultation
PLAMEN
ANGELOV
Head of Activity
– Justice and
Home Affairs
Matters
LEDA
BARGIOTTI
Legal officer

4. • Advising EU institutions on legislative and other proposals (own
initiative or on request)
• Articles 42, 57(1)(g), 58(3)(c) Regulation 2018/1725
• EDPS as EDPB member (coordination)
• International cooperation coordination (GPA, CoE, OECD, G7, IOs)
• Strasbourg office
• Interventions on behalf of EDPS in cases before the Court of Justice of
the European Union (CJEU) (support to the Legal Service officer)
What we do
4

5. Legislative consultation
5
• Mandatory consultation by the Commission (Article 42(1) EUDPR)
• following the adoption proposals for a legislative act
• following the adoption of recommendations or of proposals to the
Council pursuant to Article 218 TFEU
• when preparing delegated or implementing acts
... where there is an impact on the protection of individuals’ rights and
freedoms with regard to the processing of personal data
• Joint EDPS-EDPB opinions (Article 42(2) EUDPR)

6. • Opinions and EDPS-EDPB Joint Opinions relating to proposals for
legislation, addressed to the Parliament, Commission and Council
• Formal comments addressing the data protection implications of draft
implementing/delegated acts (Art 20 EDPS RoP)
• Informal comments at an early stage of the Commission’s internal
decision-making procedures (recital(60))
• Own-initiative opinions related to the impact that new technologies or
other societal changes may have on data protection
• Follow-up to legislative developments (EP / Council)
Legislative consultation
6

7. Statistics 2022
7
0
20
40
60
80
100
120
140
2020 2021 2022
EDPS REPLIES TO CONSULTATIONS' REQUESTS

8. 8
0
10
20
30
40
50
60
70
80
OPINIONS JOINT OPINIONS FORMAL COMMENTS INFORMAL COMMENTS
EVOLUTION BY TYPE OF CONSULTATION ISSUED
2020 2021 2022

9. 9
EU Digital Rulebook project
• NIS2 Directive
• Cyber Resilience
Act
• Data Governance Act (DGA)
• Data Act
• Artificial Intelligence Act (AIA)
• Digital Services Act (DSA)
• Digital Markets Act (DMA)
• Common Data Spaces (e.g., EHDS)
• Consumer Credits Directive
• Platform Workers Directive
• European Digital Identity
Wallets Regulation
• Online political advertising
• Child Sexual Abuse (CSAM)
Source:
https://iapp.org/media/pdf/resource_center/recent_eu
_data_initiatives_in_context_infographic.pdf
Focus of the EU Digital Rulebook Project

10. 10
EU Digital Rulebook project
The EU Digital Rulebook project aims at analysing, in a systematic manner:
• the interplay between each Act and EU data protection law;
• the governance model of each Act;
• the possibilities for cooperation between the competent authorities under each Act
and national data protection authorities, the EDPS and/or EDPB.
It is divided into three workstreams:
• Workstream 1 - analyse the provisions of each Act that will create interplay or friction
with the GDPR
• Workstream 2 - the authorities responsible for supervision and enforcement,
cooperation and consistency among those authorities, the distribution of competences,
roles and responsibilities
• Workstream 3 – based on outcomes of phase 1 and 2, provide recommended initiatives
to EDPS / EDPB and policy recommendations regarding any gaps or obstacles identified.

11. 11
External impacts of EU Digital Rulebook project: the DMA example
• EDPB and EDPS as a member of the DMA High Level Group (HLG)
• Creation of the EDPB Taskforce on the interplay between
Competition, Consumer and Data Protection Law (March 2023)
• EDPS is co-coordinating
• Alignment of EDPB and EDPS positions at the HLG and beyond
(e.g., joint contributions to public consultations)
• Development of guidelines on the interplay between DMA and
GDPR

12. • Proposal for EU Artificial Intelligence Act (AIA):
o binding horizontal instument covering both public and private sector;
o risk-based approach;
o possibility to ban AI applications posing unacceptable risk.
• Council of Europe Convention on AI (CAI)
o binding transversal instrument based on the CoE’s standards on human rights,
democracy and the rule of law
o open to countries outside Europe, such as US, Canada, Mexico, Israel.
Regulating Artificial Intelligence (AI)
12

13. • Opinion 4/2021 on the strengthening the mandate of Europol
o no inherent and irreconcilable conflict between security and
fundamental rights
o fair and objective assessment of the necessity and proportionality of
the proposed measures
o with a stronger powers should always come a stronger oversight
o key challenge – processing of ‘big data’ by law enforcement
authorities.
EDPS Opinions in the area of Justice and Home Affairs
13

14. • Opinions on the Proposals for EU Police Cooperation Code
• Opinion 9/2020 on the new Pact on Migration and Asylum
• Opinion 8/2021 on negotiating mandate for a cooperation agreement
between the EU and INTERPOL
• Opinion 6/2022 the collection, preservation and analysis of evidence
relating to genocide, crimes against humanity and war crimes at Eurojust
• Opinion 29/2023 on the Proposal for a Directive on combating corruption
• Opinions and formal comments on JHA large-scale IT systems and their
interoperability
EDPS Opinions in the area of Justice and Home Affairs
(cont.)
14

15. • Global Privacy Assembly (GPA)
• Spring Conference (European DPAs > EU)
• Council of Europe
• T-PD (Consultative Committee to the Convention 108)
• CAI (Convention on Artificial Intelligence)
• Roundtable of G7 Data Protection Authorities
• Bonn 2022, Tokyo 2023
International cooperation
15

16. Thank you!
POLICY-CONSULT@edps.europa.eu
https://edps.europa.eu/data-protection/our-role-advisor_en
https://edps.europa.eu/data-protection/our-work/our-work-by-type/opinions_en
https://edps.europa.eu/data-protection/our-work/our-work-by-type/formal-
comments_en
https://edps.europa.eu/data-protection/our-work/our-work-by-type/edps-edpb-
joint-opinions_en
https://edps.europa.eu/data-protection/our-work/edps-worldwide/data-protection-
and-international-organisations_en
16

17. @EU_EDPS
European Data
Protection Supervisor
EDPS
The EU’s independent data
protection authority
EUROPEAN
DATA
PROTECTION
SUPERVISOR