Autoridade Europeia para a Proteção de Dados (AEPD)

• Functions: Ensure that all EU institutions and bodies respect citizens' right to privacy when processing their personal data
• Authority: Giovanni Buttarelli
• Deputy authority: Wojciech Wiewiórowski
• Created in 2004
• Headquarters: Brussels (Belgium)
• Internet site: European Data Protection Supervisor

In the performance of their duties, EU institutions and bodies sometimes process citizens' personal data in electronic, written or visual form. This treatment includes the collection, recording, storage, extraction, sending, blocking or deletion of data. It is the responsibility of the European Data Protection Supervisor to ensure compliance with the privacy rules governing such activities.

What does the EDPS do?
• Controls the processing of personal data in order to ensure compliance with privacy rules
• advises EU institutions and bodies on all aspects of the processing of personal data, policies and legislation in this field
• Process complaints and conduct surveys
• Works with national authorities in EU countries to ensure consistency in data protection
• Monitor new technologies that may have an impact on data protection

How does the EDPS work?
The Authority and the Deputy Authority shall be appointed for five years, with a renewable mandate. For its daily activities, the EDPS has two main entities:
• The "Supervision and enforcement" entity - assesses compliance with data protection standards by EU institutions and bodies.
• Policy and consultation - advises the EU legislator on data protection issues in various policy areas as well as proposals for new legislation.

The EDPS and the citizen
EU institutions and bodies should not process personal
• Racial or ethnic origin
• Political opinions
• Religious positions or philosophical concepts
• Union affiliation

They also can not process personal data relating to the health or sexual orientation of a citizen, unless such data are necessary for the purpose of providing health care. In this case, the data must be processed by a health professional or other person related to professional secrecy.
If you have reason to believe that your right to privacy has been violated by an EU institution or body, please first contact those responsible for the processing of personal data at the place where you think the infringement was committed. If you are not satisfied with the result, you should contact the data protection officer of the EU institution or body where you think the infringement was committed.
If this does not work, you can complain to the EDPS using your own form. The European Data Protection Supervisor shall investigate the case and inform it of its decision as to the merits of the complaint and how to remedy the situation.
If you do not agree with the decision of the EDPS, you can refer the matter to the EU Court of Justice.