The European Data Protection Supervisor has developed its influence arguably beyond what might have been anticipated when it was created 20 years ago. On paper, the EDPS has "investigation, corrective powers and sanctions, and authorization and advisory powers" and its remit pertains to EU bodies specifically — noting it is a long list which includes among others the Union's law enforcement and border control agencies.
What has truly made the EPDS an office to be reckoned with in the EU apparatus for the broader community has been its contribution to policymaking, a role the EDPS has saliently developed over time. Often jointly with the European Data Protection Board, it has provided countless opinions on draft pieces of legislation. Short of being a co-legislator, it has become a craftsman in all the European digital policy rules Brussels has put forward. The role has thus attracted a growing interest over the years, as the supervisor's influence grows.
This week, the European Parliament held hearings with the four shortlisted candidates for the next EDPS, following a closed-door hearing before the council of EU member states earlier this week.
Thursday's hearing started in a somewhat quirky way — as the four candidates' names were written on a small piece of paper, mixed in an envelope, for the committee chair to pick one and determine an order.
The candidates were all asked largely the same set of questions by MEPs representing a range of political groups, with a few variations for incumbent Wojciech Wiewiórowski, who is in the race for a second mandate.
Parliamentarians questioned all four candidates on how they see the balance of privacy and fundamental rights with security, and how they would navigate it in practice at the EDPS. They were also asked their views on the "increased pressure from tech giants" and a "potential tariff war" as U.S. President-elect Donald Trump soon takes office again, as well as their views on navigating artificial intelligence.
Candidates were also asked to provide guarantees of their independence, which is one of the founding criteria of the EDPS serving as a data protection officer for the EU bodies.
Parliament voted on its order of preference shortly after the hearing, putting Bruno Gencarelli as a frontrunner, closely followed by François Pellegrini, Wiewiórowski and Anna Pouliou closing the ranking. If member states share that preference, Gencarelli could take office in the coming days.
Overall, the hearing showed Parliament will be attentive to how the next supervisor navigates data protection vis-à-vis security, new technology, and geopolitics — and that with limited resources. It may be an EU civil servant position, but it deeply resonates with what most DPOs are facing right now.
Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.
This article originally appeared in the Europe Data Protection Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.