Review of the European Data Protection Supervisor’s 2024 Budget and Activities

The European Parliament's Decision on the EDPS

The European Parliament has approved the European Data Protection Supervisor’s (EDPS) work and spending for the 2024 financial year. This approval, known as a “discharge,” means Parliament trusts that the EDPS used its funds legally, regularly, and efficiently. The decision also includes specific comments and observations for the EDPS to consider in the future.

What is the EDPS?

The EDPS is an independent authority responsible for ensuring that EU institutions—such as the Commission, Parliament, and Council—respect data protection rules. Its role includes:

• Giving advice on new EU laws that affect data protection.
• Helping individuals who believe their data rights have been violated.

Financial Overview

The EDPS received approval for a total budget of €24.3 million for 2024, representing a 7% increase from the previous year.

In terms of spending:

• The EDPS planned to spend 96% of its budget, and 91.9% of the money was overall executed.
• IT spending increased by 10% to cover cybersecurity and new tools.

Performance Highlights

The EDPS reported several key activities during 2024:

• Complaints: 663 complaints were received, though most were found to be inadmissible.
• Decisions: The EDPS finalized 77 decisions on complaints, a 33% increase from the previous year.
• Investigations: The office conducted multiple investigations, including a major one into Microsoft 365, where violations were found and a data flow stop was ordered.
• Audits: Audits were conducted focusing on sensitive areas like health data, data retention, and research involving minors.

Operational Areas

The EDPS reported on several internal and external functions:

• Staffing: The total staff increased by 6% to 137 people. However, the text noted that there is a need for more permanent staff and better retention strategies.
• Technology: The EDPS is upgrading to new IT systems and working on a cloud solution. IT spending rose to support cybersecurity efforts.
• Governance: The EDPS passed a full internal-control audit, confirming that all standards were met.
• Sustainability: The office uses a smart building with solar panels and promotes sustainable travel, with most travel occurring within the EU by train or video conference.
• Outreach: The EDPS increased spending on communication and organized major events, including Data Protection Day and a civil-society summit.

Key Areas for Improvement

The Parliament highlighted several areas where the EDPS should focus its efforts:

• Resources: The EDPS needs more resources to handle its growing duties related to Artificial Intelligence (AI).
• Complaints: The number of complaints is rising, requiring the EDPS to improve its handling time and transparency.
• Staffing: There is a need for more permanent staff and better strategies to keep employees.
• Digital Tools: The EDPS must secure enough IT staff to manage its own systems and keep pace with new technologies.
• Accountability: The EDPS should publish a list of all meetings held with interest groups to strengthen accountability.
• Environment: The office should aim for EMAS certification and continue reducing its carbon footprint.

Broader Context

This discharge decision is part of the EU Parliament's annual review of how independent bodies like the EDPS use their budget. It follows audits by the European Court of Auditors and builds on past approvals (e.g., 2023 discharge). The EDPS enforces the EU General Data Protection Regulation (GDPR) across EU institutions, ensuring they protect personal data like names, emails, or health info. Rising complaints and breaches reflect growing data use in AI, cloud services (e.g., Microsoft 365 probe), and online tracking. Parliament's comments push EDPS to adapt to AI risks and cyber threats, linking to EU-wide efforts like the AI Act and Cyber Resilience Act.

Impact on People Living in the EU

EDPS protects your data rights when EU bodies handle your info (e.g., in job applications to Commission or Parliament data). Approval means reliable oversight continues, helping resolve complaints (though most are inadmissible due to wrong authority). More breaches investigated mean faster fixes for leaks. For you: easier to file valid complaints via EDPS site; better EU institution privacy (e.g., website cookies). Rising staff and IT focus on AI/cyber aim to shield against hacks affecting millions.

Ties to Global Privacy Efforts

EDPS aids Global Privacy Assembly events, sharing best practices with non-EU countries. Its Microsoft 365 findings influence worldwide scrutiny of cloud providers used globally. Children's data audits support international standards, indirectly benefiting EU citizens' kids using cross-border apps.