NoLeaks
NoLeaks

personal data protection authorities

Country Contact
Austria Österreichische Datenschutzbehörde, Wickenburggasse 8 1080 Vienna
Belgium Belgian Institute for Postal services and Telecommunications, Ellipse Building Bd. Du Roi Albert II, 35 - 1030 Brussels
Bulgaria Commission for personal data protection, 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Croatia Croatian Post and electronic communications Agency, Roberta Frangeša Mihanovića 9 10110 Zagreb
Cyprus Office for Personal Data Protection, P.O.Box 23378, 1682 Nicosia, Cyprus
Czech republic Office for Personal Data Protection, Pplk. Sochora 27 170 00 Praha 7
Denmark Danish Business Authority, Langelinie Allé 17 2100 Copenhagen Denmark
Estonia Estonian Data Protection Inspectorate, 39 Tatari St., 10134 Tallinn
Finland Finnish Communications Regulatory Authority,
France Commission Nationale de l'Informatique et des Libertés, 3 Place de Fontenoy TSA 80715 75334 PARIS CEDEX 07 France
Germany Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit, Husarenstr. 30 53117 Bonn
Greece Hellenic Data Protection Authority, Kifissias 1-3, 115 23 Athens
Hungary National Media and Infocommunications Authority, 1015 Budapest, Ostrom u. 23-25
Ireland Office of the Data Protection Commissioner, 21 Fitzwilliam Square South Dublin 2 D02 RD28
Italy Garante per la protezione dei dati personali, Piazza Venezia 11 – 00187 Roma
Latvia Data State Inspectorate, Blaumana iela 11/13-15, Riga, LV-1011
Lithuania State Data Protection Inspectorate, A. Juozapaviciaus g. 6, Vilnius
Luxembourg Commission nationale pour la protection des données, 1, avenue du Rock’n’Roll L-4361 Esch-sur-Alzette
Malta Office of the Information and Data Protection Commissioner, Level 2, Airways House High Street Sliema SLM 1549
Netherlands Dutch Data Protection Authority, Postbus 93374 2509 AJ Den Haag
Poland The Inspector General for the Protection of Personal Data, ul. Stawki 2, 00-193 Warsaw
Portugal Comissão Nacional de Protecção de Dados, Av. D. Carlos I, 134 - 1.º 1200-651 Lisboa
Romania National Supervisory Authority for Personal Data Processing, 28-30 G-ral Gheorghe Magheru Bld. District 1, post code 010336 Bucharest
Slovakia Telecommunications Regulatory Authority of the Slovak Republic, Tovarenska 7, P.O. BOX 40, 828 55 Bratislava 24
Slovenia Information Commissioner, Dunajska cesta 22 SI-1000 Ljubljana
Spain Agencia Española de Protección de Datos, C/ Jorge Juan, 6 28001 Madrid
Sweden Swedish Post and Telecom Authority, Box 5398 SE-102 49 Stockholm
EDPS

The European Data Protection Supervisor is an independent authority that supervises the EU administration's processing of personal data to ensure compliance with privacy rules.

News

Data for the public good: Building a healthier digital future francesco Fri, 04/09/2021 - 12:29 Fri, 04/09/2021 - 12:00 What is the impact of measures taken in response to the COVID-19 pandemic? Read blogpost by Wojciech Wiewiórowski 0Data for the public good: Building a healthier digital future

EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals julia Tue, 04/06/2021 - 12:39 Tue, 04/06/2021 - 12:00 Read the EDPB and EDPS Press Release & Joint Opinion   Read the European Data Protection Supervisor's speech to the LIBE Committee  0EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals

EDPS Formal Comments on the proposed European Health Union package francesco Thu, 03/18/2021 - 12:08 Thu, 03/18/2021 - 12:00 The EDPS has issued its Formal Comments on a package of three legislative proposals for a European Health Union. He welcomes a European unified approach to tackle cross-border health threats while respecting the role and competences of EU Member States’ national health systems. In these Formal Comments, he takes note of the positive steps taken by the Commission to further strengthen a coordinated approach on health matters and, in particular, to broaden the European Medicines Agency’s and the European Centre for Disease Prevention and Control’s tasks. Both of these EU bodies have proved to be key assets in the management of the COVID-19 pandemic. Proposal for a Regulation on a reinforced role for the European Medicines Agency (EMA) in crisis preparedness and management for medicinal products and medical device The EDPS recommends that specific provisions on the application of data protection law are included in the proposal. Likewise, the role of the entities involved under data protection law should also be covered in the proposal. More specifically on the processing of ‘electronic health data outside of clinical studies’ and ‘real-time data’, a clear definition of the ‘data generated outside the scope of clinical trials’ should be included; and the meaning of “real world data” should be clarified, specifying, at least, examples of the type of data concerned and the purpose for which this data will be used.  To find out more, read the EDPS’ Formal Comments. Proposal on establishing a European Centre for Disease Prevention and Control (ECDC) The EDPS provides a series of recommendations. In particular, he advises that:  the categories of individuals who will have their personal data processed should be clearly demarcated alongside a description of the specific measures to protect the rights and freedoms of the individuals involved, in line with data protection legislation;  to clearly identify the situations where the tasks, under the ECDC’s remit, will entail the processing of personal data and to set up a strong data governance mechanism which requires the clear identification of the main actors involved in the processing of personal data. As for the new tasks of the ECDC regarding digital platforms and applications supporting epidemiological surveillance, the EDPS notes that these applications are likely to present high risks for  the rights and freedoms of individuals and, thus, require a data protection impact assessment (DPIA) to be conducted prior to their deployment. Moreover, the EDPS insists that contact tracing applications use privacy-enhancing technologies.  In relation to the ECDC’s task of establishing and operating a network of national blood and transplant services and the national authorities of this network, the EDPS encourages the development of a Code of Conduct for the processing of personal data as an effective enabler of cross-border exchange of this data, which would bring further clarity and trust in the new system. To find out more, read the EDPS’ Formal Comments. Proposal for a Regulation on serious cross-border threats to health  The EDPS recommends providing for further implementing or delegated acts that would lay down the roles of the actors involved in the processing of personal data via the use of IT tools and systems envisaged in the proposal. Given the potential risks associated with the use of surveillance systems and artificial intelligence, the EDPS recommends that the ECDC conducts a DPIA prior to the deployment of a digital platform. The EDPS also points out that, unless the data controller takes measures to mitigate the risk in cases where the DPIA reveals that the processing of personal data would entail a high risk for individuals’ rights and freedoms, there is an obligation to consult the supervisory authority under Article 40 of Regulation (EU) 2018/1725.  In a similar way, but in relation to the Early Warning and Response System (EWRS), the EDPS reiterates that a DPIA should be carried out before processing personal data using innovative technologies if the processing is likely to result in high risk for individuals’ rights and freedoms. Moreover, the EDPS draws the EU legislators’ attention to the EDPB Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak which provide useful guidance and clarifications on the conditions and principles surrounding the use of location data and contact tracing tools in a proportionate way.  To find out more, read the EDPS’ Formal Comments. Finally, in relation to the three proposals, the EDPS reiterates that transfers of personal data to third countries or international organisations must comply with Regulation (EU) 2018/1725, including Chapter V of this Regulation.   1EDPS Formal Comments on the proposed European Health Union package

EDPS welcomes EU Cybersecurity update julia Fri, 03/12/2021 - 09:02 Fri, 03/12/2021 - 12:00 Read Press Release and Opinion   0EDPS welcomes EU Cybersecurity update

EDPB & EDPS adopt joint opinion on the Data Governance Act (DGA) julia Wed, 03/10/2021 - 16:24 Wed, 03/10/2021 - 12:00 Read the EDPB & EDPS Press Release Read Opinion 0EDPB & EDPS adopt joint opinion on the Data Governance Act (DGA)

EDPS Opinion on Europol’s mandate review julia Mon, 03/08/2021 - 13:32 Mon, 03/08/2021 - 12:00 Read Press Release and EDPS Opinion  0EDPS Opinion on Europol’s mandate review

Democratic Societies in the Digital Age: what role for data protection? julia Wed, 03/03/2021 - 17:57 Thu, 03/04/2021 - 12:00 Read blogpost written by the EDPS and EDPB trainees 0Democratic Societies in the Digital Age: what role for data protection?

Newsletter #85 julia Wed, 02/24/2021 - 16:08 Wed, 02/24/2021 - 12:00 The EDPS February newsletter is out now!  Read more 0Newsletter #85

Data protection is non-negotiable in international trade agreements francesco Thu, 02/25/2021 - 09:21 Mon, 02/22/2021 - 12:00 The EDPS published today his Opinion on two EU-UK agreements. Read the press release. 0Data protection is non-negotiable in international trade agreements

EDPS Podcast - Final Episode! guifre Tue, 02/23/2021 - 15:20 Mon, 02/22/2021 - 12:00 The last episode of Democratic Societies in the Digital Age is here! Today's topic: Emerging Technologies and Future Challenges. 1 Listen to the final episode hereEDPS Podcast - Final Episode!

© ec.europa.eu/digital-single-market/en/news/list-personal-data-protection-competent-authorities