Review of the European Data Protection Supervisor’s 2024 Budget and Activities
Published April 29, 2026
Goal: Protect people's data rights
Community improvement
Clickbaity title? Suggest change
The European Parliament's decision approves the EDPS, an independent watchdog that makes sure EU groups protect your data, confirming its spending while also giving it advice on how to handle new challenges like AI and cyber threats.
Document summary The source
The European Parliament's Decision on the EDPS
The European Parliament has approved the European Data Protection Supervisor’s (EDPS) work and spending for the 2024 financial year. This approval, known as a “discharge,” means Parliament trusts that the EDPS used its funds legally, regularly, and efficiently. The decision also includes specific comments and observations for the EDPS to consider in the future.
What is the EDPS?
The EDPS is an independent authority responsible for ensuring that EU institutions—such as the Commission, Parliament, and Council—respect data protection rules. Its role includes:
- Giving advice on new EU laws that affect data protection.
- Helping individuals who believe their data rights have been violated.
Financial Overview
The EDPS received approval for a total budget of €24.3 million for 2024, representing a 7% increase from the previous year.
In terms of spending:
- The EDPS planned to spend 96% of its budget, and 91.9% of the money was overall executed.
- IT spending increased by 10% to cover cybersecurity and new tools.
Performance Highlights
The EDPS reported several key activities during 2024:
- Complaints: 663 complaints were received, though most were found to be inadmissible.
- Decisions: The EDPS finalized 77 decisions on complaints, a 33% increase from the previous year.
- Investigations: The office conducted multiple investigations, including a major one into Microsoft 365, where violations were found and a data flow stop was ordered.
- Audits: Audits were conducted focusing on sensitive areas like health data, data retention, and research involving minors.
Operational Areas
The EDPS reported on several internal and external functions:
- Staffing: The total staff increased by 6% to 137 people. However, the text noted that there is a need for more permanent staff and better retention strategies.
- Technology: The EDPS is upgrading to new IT systems and working on a cloud solution. IT spending rose to support cybersecurity efforts.
- Governance: The EDPS passed a full internal-control audit, confirming that all standards were met.
- Sustainability: The office uses a smart building with solar panels and promotes sustainable travel, with most travel occurring within the EU by train or video conference.
- Outreach: The EDPS increased spending on communication and organized major events, including Data Protection Day and a civil-society summit.
Key Areas for Improvement
The Parliament highlighted several areas where the EDPS should focus its efforts:
- Resources: The EDPS needs more resources to handle its growing duties related to Artificial Intelligence (AI).
- Complaints: The number of complaints is rising, requiring the EDPS to improve its handling time and transparency.
- Staffing: There is a need for more permanent staff and better strategies to keep employees.
- Digital Tools: The EDPS must secure enough IT staff to manage its own systems and keep pace with new technologies.
- Accountability: The EDPS should publish a list of all meetings held with interest groups to strengthen accountability.
- Environment: The office should aim for EMAS certification and continue reducing its carbon footprint.
Contextual Analysis
This is one of the alternative context analyses generated by Mistral and rated 3 stars. Other AI versions:
Perplexity
ClaudeAI
Broader context
The discharge procedure is a key part of the EU’s financial accountability system. Every year, the European Parliament reviews how EU institutions and bodies—like the European Data Protection Supervisor (EDPS)—have spent their budgets. This ensures that public funds are used legally, efficiently, and for their intended purpose. The EDPS itself is a unique EU body: it is the independent watchdog that oversees how EU institutions handle personal data, ensuring they comply with data protection laws like the General Data Protection Regulation (GDPR).
The EDPS’s role has grown in importance as digital technologies, artificial intelligence (AI), and cybersecurity threats have become central to EU operations. The Microsoft 365 investigation mentioned in the summary highlights a major compliance issue where EU institutions were found to be improperly transferring data outside the EU, violating data protection rules. This case underscores the EDPS’s role in enforcing strict data protection standards, even against powerful tech companies.
The European Data Protection Board (EDPB) is another key body in this context. It brings together data protection authorities from across the EU to ensure consistent application of data protection rules. The EDPS works closely with the EDPB, especially on cross-border cases and coordinated enforcement actions.
Impact on people living in the EU
For EU citizens, the EDPS’s work directly affects their right to privacy and data protection. Here’s how:
- Stronger data protection: The EDPS ensures that EU institutions handle personal data—such as names, addresses, or medical records—responsibly and securely. This means citizens can trust that their data is protected when interacting with EU bodies.
- Access to justice: If someone believes their data rights have been violated by an EU institution, they can file a complaint with the EDPS. The rise in complaints (663 in 2024) shows that more people are aware of their rights and are seeking recourse.
- Transparency and accountability: The EDPS’s investigations into data breaches and website privacy (e.g., third-party tracking tools) help uncover and stop unauthorized data collection. This protects citizens from surveillance, misuse of personal data, or identity theft.
- AI and new technologies: The EDPS is developing guidelines on generative AI for EU institutions. This will shape how AI tools are used in the EU, ensuring they respect privacy and do not discriminate or harm individuals.
- Cybersecurity: By participating in cybersecurity exercises (like PATRICIA) and working with CERT-EU, the EDPS helps protect EU systems from cyberattacks, which could otherwise expose citizens’ data.
- Public awareness: Campaigns like the Personal Data Breach Awareness Campaign educate the public about their rights and the risks of data breaches, empowering them to take control of their personal information.
This is one of the alternative context analyses generated by Mistral and rated 3 stars. Other AI versions:
Perplexity
ClaudeAI
Broader context
The discharge procedure is a key part of the EU’s financial accountability system. Every year, the European Parliament reviews how EU institutions and bodies—like the European Data Protection Supervisor (EDPS)—have spent their budgets. This ensures that public funds are used legally, efficiently, and for their intended purpose. The EDPS itself is a unique EU body: it is the independent watchdog that oversees how EU institutions handle personal data, ensuring they comply with data protection laws like the General Data Protection Regulation (GDPR).
The EDPS’s role has grown in importance as digital technologies, artificial intelligence (AI), and cybersecurity threats have become central to EU operations. The Microsoft 365 investigation mentioned in the summary highlights a major compliance issue where EU institutions were found to be improperly transferring data outside the EU, violating data protection rules. This case underscores the EDPS’s role in enforcing strict data protection standards, even against powerful tech companies.
The European Data Protection Board (EDPB) is another key body in this context. It brings together data protection authorities from across the EU to ensure consistent application of data protection rules. The EDPS works closely with the EDPB, especially on cross-border cases and coordinated enforcement actions.
Impact on people living in the EU
For EU citizens, the EDPS’s work directly affects their right to privacy and data protection. Here’s how:
- Stronger data protection: The EDPS ensures that EU institutions handle personal data—such as names, addresses, or medical records—responsibly and securely. This means citizens can trust that their data is protected when interacting with EU bodies.
- Access to justice: If someone believes their data rights have been violated by an EU institution, they can file a complaint with the EDPS. The rise in complaints (663 in 2024) shows that more people are aware of their rights and are seeking recourse.
- Transparency and accountability: The EDPS’s investigations into data breaches and website privacy (e.g., third-party tracking tools) help uncover and stop unauthorized data collection. This protects citizens from surveillance, misuse of personal data, or identity theft.
- AI and new technologies: The EDPS is developing guidelines on generative AI for EU institutions. This will shape how AI tools are used in the EU, ensuring they respect privacy and do not discriminate or harm individuals.
- Cybersecurity: By participating in cybersecurity exercises (like PATRICIA) and working with CERT-EU, the EDPS helps protect EU systems from cyberattacks, which could otherwise expose citizens’ data.
- Public awareness: Campaigns like the Personal Data Breach Awareness Campaign educate the public about their rights and the risks of data breaches, empowering them to take control of their personal information.
Licensing: This article is available under Creative Commons Attribution 4.0 (CC BY 4.0).