IAPP-GDPR Web Banners-300x250-FINAL
The Baffling Case of the Headless EDPS

After working in Brussels for the last 15 years, I have become accustomed to the byzantine machinations of European politics. But the spectacle that is currently unfolding concerning appointment of a new European Data Protection Supervisor (EDPS) and Assistant Supervisor paints a particularly dismal picture of how data protection in the EU can become a political football.

The office of the EDPS, which includes approximately 50 officials, is responsible for ensuring that the EU institutions respect the right to privacy when processing personal data and also advises them on the adoption of new legislation, among other tasks. The Supervisor is the most important official at the European level dealing specifically with data protection, and the EDPS has gained worldwide respect since it was established 10 years ago.

The terms of current Supervisor Peter Hustinx and Assistant Supervisor Giovanni Buttarelli expired on January 16, and a process to select their successors has been underway since July 2013. Appointment is made by common accord of the European Parliament and of the Council (representing the Member States), based on a list drawn up by the European Commission following a public call for candidates.

Given that the EU is currently engaged in a complex reform of its data protection framework and has to deal with many other controversial and important data protection issues as well—such as surveillance by the intelligence services—one would think that the EU institutions would do everything possible to ensure the timely selection of a new Supervisor and Assistant Supervisor.

In fact, the opposite seems to be the case. The institutions had already dragged out the selection process, and Peter Hustinx sent a letter to various EU officials in early January expressing his concern about the negative effect this delay is having both on the EDPS as an institution and on data protection in the EU. The European Commission then suddenly stated to the press in mid-January that according to an inter-institutional EU “selection board,” none of the candidates are “sufficiently qualified”, so that the entire process has to start over.

Without naming any names, I know that the candidates included several current and former data protection commissioners and officials with extensive experience for whom I have the highest regard. The European public is owed an explanation of why none of these eminent individuals is a suitable candidate, and why the selection process has been handled in a way that will result in appointment being substantially delayed.

It is hard to know what is going on here. Are the Commission and the Council concerned about having a Supervisor experienced in data protection law who is too strong-willed? Are they planning to try to parachute a politician into the job? And what has been the role of the European Parliament (if any) in all this? These questions must be asked, but as an outside observer, I have no answers to them.

One can also raise a number of awkward questions about the transparency of the selection process. For example, who are the members of the selection board, what are their qualifications and on what basis did they decide that none of the applicants are suitable? Will the board’s determination be subject to public scrutiny? And why was the decision that there are no suitable candidates made public via the press just a few days before the incumbents’ terms ended?

We sorely need a strong EDPS, particularly since the proposed EU Data Protection Regulation would greatly increase its responsibilities. As a scholar of EU data protection law, I am baffled that extensive experience as a data protection commissioner seems to disqualify one for the job of what is in essence the EU’s data protection commissioner, and as a European citizen I am alarmed that we may now have to wait months before a new Supervisor and Assistant Supervisor are permanently appointed. I very much hope that this situation is resolved as soon as possible in a way that furthers the interest of data protection.

Written By

Christopher Kuner


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»