The European Parliament’s Civil Liberties, Justice and Home Affairs Committee (LIBE) is set to interview four candidates vying for the position of European Data Protection Supervisor (EDPS). This crucial role, responsible for overseeing data protection within EU institutions, became vacant in December 2023 following the expiration of Wojciech Wiewiórowski’s term. The selection process, initially scheduled for November, was delayed due to the European Commission’s failure to finalize the shortlist in time. While the EDPS doesn’t directly enforce penalties on private tech companies for data breaches, a responsibility held by national data protection authorities, its influence as an advisor to these authorities is substantial. The upcoming implementation of the AI Act later this year will further intertwine privacy and AI, granting the new EDPS significant power to shape the data protection agenda.
Among the contenders is the incumbent EDPS, Wojciech Wiewiórowski. Having served since 2019, Wiewiórowski boasts extensive experience, including his prior role as Assistant European Data Protection Supervisor under Giovanni Butarelli. His Polish background also adds to his credentials, having served as Inspector General at the Polish Data Protection Authority and Vice Chair of the Working Party Article 29 Group. Throughout 2024, Wiewiórowski actively engaged in key data protection issues, including investigating Frontex’s use of cloud providers, advising on AI liability rules, and providing an opinion on the AI Act. These experiences position him favorably compared to the other candidates. He has expressed his intention to prioritize discussions on artificial intelligence and guide the EU in ensuring safe AI deployment across various sectors.
François Pellegrini, a computer scientist and professor at the University of Bordeaux, brings a strong academic and practical background to the table. His research at the Bordeaux Computer Science Research Laboratory and his decade-long service as a member and Vice-President of the French data protection authority CNIL, where he oversaw areas such as e-commerce and cybersecurity, offer valuable expertise. With the European Commission anticipated to re-evaluate cybersecurity legislation during the next EDPS mandate, Pellegrini’s experience in this area is particularly relevant. He envisions the EDPS as a proactive and adaptable regulator, equipped with cutting-edge legal and technical expertise, collaborating effectively with counterparts, and providing informed advice to EU legislators.
Bruno Gencarelli, a seasoned EU official, brings a wealth of experience in privacy matters. His recent roles include cabinet member for former EU Justice Commissioner Didier Reynders and head of the International Affairs and Data Flows Unit within the Commission. Gencarelli’s involvement in the GDPR’s development and his leadership in negotiating data transfer agreements with countries like Japan and the US make him a strong candidate. Given the ongoing legal challenges surrounding the EU-US Data Privacy Framework and the EDPS’s investigation into the Commission’s use of Microsoft 365, Gencarelli’s expertise in US data exchanges is particularly pertinent. He anticipates a more complex governance system in the future, highlighting the need for the EDPS to adapt to evolving responsibilities.
Anna Pouliou, the current chair of the Data Protection Commission at CERN, offers a unique perspective. If selected, she would be the first woman to hold the EDPS position since its inception in 2004. Pouliou’s legal background, coupled with her leadership in corporate privacy teams and her lectureship in data governance, international privacy laws, and AI at prestigious universities, provides a well-rounded skillset. Her involvement as a member of the GDPR Multi-Stakeholder Expert Group advising the European Commission further strengthens her candidacy. Pouliou aims to establish the EDPS as a global leader in promoting innovation-friendly digital ethics and data governance.
The selection process for the next EDPS comes at a crucial juncture for data protection in the EU. With the impending implementation of the AI Act and the increasing complexity of the digital landscape, the new EDPS will play a vital role in shaping the future of data privacy. Each candidate brings a distinct set of skills and experiences to the table, offering diverse approaches to navigating the challenges ahead. The LIBE committee’s deliberations will be crucial in identifying the individual best suited to steer the EDPS through this evolving landscape and ensure the protection of fundamental data rights within the EU. The chosen candidate will face the task of balancing the need to foster innovation with the imperative to safeguard individual privacy in an increasingly data-driven world.
The interviews conducted by the LIBE committee will delve into each candidate’s vision for the EDPS, their understanding of the key challenges facing data protection in the EU, and their proposed strategies for addressing these challenges. The selection of the next EDPS will have far-reaching implications for the future of data protection within the EU and beyond, particularly as the EU strives to establish itself as a global leader in setting ethical standards for the digital age. The committee’s decision will shape the direction of the EDPS for the coming years and influence the development of data protection policies across the EU. The chosen candidate will need to demonstrate not only a deep understanding of the legal and technical complexities of data protection but also strong leadership skills and the ability to navigate the complex political landscape of the EU.
