European Data Protection Supervisor
A new body in the European
Institutional Landscape : the
EDPS
Presentation at the Court of Justice
Hielke HIJMANS
12 March 2007
1
European Data Protection Supervisor
Introduction



Happy to be back
Presentation in 2 parts
1. EDPS as an EC-institution (or
body)
2. The EDPS and the Court. What
are the relations ?
For more info: my article in CMLR
43, 1313-1342, 2006. (Can also be
found on www.edps.europa.eu).
2
European Data Protection Supervisor
PART 1: Data Protection: a
fundamental right




Closely linked to privacy but not the same
(Art 7 and 8 of Charter)
Distinction recognised in C-465/00,
Österreichischer Rundfunk. Privacy is
more than private life (also work-related
issues), but qualified interest. Data
protection covers all processing of
personal data.
In practice Article 8 ECHR (and
Strasbourg jurisprudence) plays important
role
Article 286 EC as recognition.
3
European Data Protection Supervisor
Part I: Independent supervision
Essential element of data protection, in
most western countries (not US).
 Why?
 Element of secrecy of data
processing: the right is not respected
by itself. Proactive enquiries might be
needed.
 Technical skills required.
 Judicial control not enough.

4
European Data Protection Supervisor
Part I: The EDPS





A new concept: supervising the institutions
Based on Article 286 EC and Regulation
45/2001
Needed to harmonise level of protection
within institutions with level in Member
States (public and private sector).
Wide responsibility ensuring respect of
fundamental rights by EU-institutions.
Not only supervision but also “consultation”
and “cooperation”.
5
European Data Protection Supervisor
Part I: The EDPS is not an institution
He is not listed in Article 7 EC
 He has to respect the institutional
balance
 But: he has privileged position (like
f.i. ECB or Ombudsman)
 For specific purposes (budget, Staff)
he is equal to institution
 Court did not find formal status
important when granting leave to
intervene.

6
European Data Protection Supervisor
Part I: The EDPS is not an agency
Because of his legal basis in the Treaty
itself.
 His task does not originate in
institutions, but is designed to supervise
the institutions.
 Agencies can supervise the market, but
not an institution.

7
European Data Protection Supervisor
Part I: The EDPS is not a regulator
A phenomenon coming from the US;
independent authority with powers to
give binding decisions and regulatory
powers
 In EU mainly known in connection with
liberalisation in specific sectors of
market
 EDPS has many similarities, but also
has completely different tasks

8
European Data Protection Supervisor
Part I: The EDPS is not an
Ombudsman
Not an ombudsman for data protection.
 Complaints with EDPS are remedies,
not political rights to participate.
 EDPS is not alternative to legal
protection, but part of it.
 But, part of “good governance”. Close
relation with European Ombudsman,
laid down in MoU.

9
European Data Protection Supervisor
Part I: Not a judicial authority
But he fulfils criteria Court under Article
234 EC (Dorsch Consult).
 He is established by law, permanent,
procedure is ‘inter partes’, he applies
rule of law and he is independent.
 However: he is not meant to be a judge
and has many tasks nothing to do with
judicial tasks.

10
European Data Protection Supervisor
Part I: Sui generis
He does not fit in category, but has
essential characteristics:
1. Visibility, giving data protection a face
2. Independence, offering additional
legal protection
3. Expertise, improving the quality of
EU-administration
4. Powers, building additional checks
and balances in the system
11
European Data Protection Supervisor
PART II: EDPS and Court
The EDPS supervising the Court of
Justice
 The EDPS as intervener
 The EDPS as applicant
 The EDPS as defendant

12
European Data Protection Supervisor
Part II: Supervision and the Court
The EDPS supervises all institutions
with exception of the court acting in its
judicial capacity.
 Cascade of supervision: Institutions
themselves, internal DPO, EDPS, Court
of Justice.
 DPO: internal monitoring in
independent manner. Guarantees for
independence in Art 24 of Reg 45/2001.

13
European Data Protection Supervisor
Part II: The EDPS as intervener
Art. 47 of Reg. 45/2001 allows EDPS to
intervene.
 Orders of Court 17-3-2005 (PNR-cases
C-317/04, C-318/04).
 “within limits deriving from the tasks
entrusted to him”.
 Experiences until now. Three
opportunities (6 affaires juridiques).

14
European Data Protection Supervisor
Part II: The EDPS as intervener 2



Secondary legislation can be legal
basis, where primary legislation
(Treaty, Statute) is silent.
Right to intervene not only relating to
supervision of processing of data (as
argued by Com)
Interest of intervention can extend to
cases on legal basis (C-301/06)
15
European Data Protection Supervisor
Part II: The EDPS as applicant





No experience yet.
On one hand: Article 230 EC, limits the
number of applicants (this does not include
EDPS)
On other hand: Article 47 of Reg 45/2001
allowing EDPS to refer matters to the Court
Logical consequence if EDPS is part of
system of legal protection
Will Court follow same line as in PNR?
16
European Data Protection Supervisor
Part II: The EDPS is defendant



Again Article 230 does not mention
EDPS.
Position comparable to agencies
like OHIM, whose decisions can be
contested before the Court.
What kind of cases?
Appeals by complainants
2. Appeals by institutions??
1.
17
European Data Protection Supervisor
FINAL REMARKS
Interesting part was to establish a real
role within institutional landscape
 We did lot, but some roles are still open
 Still waiting for cases involving EDPS
as a party.
 Those cases could arise before all 3
courts. EDPS is mentioned in Staff
Regulations.
 THANK YOU!!!

18