The European Parliament decided by 589 votes to 11, with 42 abstentions, to grant discharge to the European Data Protection Supervisor in respect of the implementation of its budget for the financial year 2020.
Parliament noted that the Court of Auditors had not found any significant weaknesses in respect of the audited topics related to human resources and procurement for the European Data Protection Supervisor. The Court found, based on its audit work, that the payments for the financial year 2020 for the administrative expenditure of the institutions, including those of the Supervisor, are, on the whole, free from material error. No specific problems concerning the regularity of transactions were detected by the Court.
In its resolution, adopted by 577 votes to 17 with 44 abstentions, Parliament made the following observations.
Budgetary and financial management
In 2020, the Supervisor was allocated a budget of EUR 19 476 998, representing an increase of 16.3 % compared to the 2019 budget of EUR 16 638 572. The increase was mainly due to the impact of the new tasks set out in General Data Protection Regulation for the EU institutions
and the new supervisory responsibilities in connection with enforcement and judicial cooperation agencies, such as, amongst others, the European Prosecutor's Office and Eurojust.
The COVID-19 pandemic has had a negative impact on budget implementation (73 % in 2020, compared to 91.97 % in 2019). This impact is visible on the mission and training budgets (execution of less than 17 %) and on the organisation of meetings, including experts’ reimbursement and catering (execution of less than 15 %) resulting in savings of EUR 2 183 000, which represents 11 % of the overall budget consumption.
As human resources costs represent a significant part of the overall budget, the delay in recruitment procedures (another consequence of the COVID-19 pandemic) had a negative impact on the execution of the overall budget.
The Supervisor’s investment in its digital transformation at least partially compensated the low budget execution rate as the IT-related budget lines for the Supervisor and the EDPB exceeded the initial allocation (109 %).
Internal management, performance, internal control
Parliament welcomed the adoption of the new management tool - called ‘Bluebell’ - developed by the European Research Council Executive Agency (ERCEA), which allows better forecasting and monitoring of the actual implementation of budget lines based on data uploaded by the operational units. It welcomed the fact that in 2020, working methods had been adapted following the COVID-19 pandemic and that all paper-based signatures and procedures had been digitised. In addition, physical meetings have been replaced by cheaper and less time-consuming online meetings.
Human resources, staff well-being and gender equality
In 2020, the Supervisor had a total of 113 staff members, compared to 96 in 2019. Parliament noted the very low occupation rate of 86.90% of the establishment plan.
Parliament noted the favourable trend in the geographical distribution of the staff as a whole, which represented 20 Member States in 2020, given the size of the institution. It called on the EDPS to continue to pay attention to issues of gender balance, equal opportunities and geographical distribution, in particular during selection procedures.
In 2019 and 2020, the gender balance remained constant in the staff overall, at around 58% women and 42% men. At middle management level, the figures remain the same as in 2019, with 75% women and 25% men. As in 2019, the two senior management positions are occupied by men.
The Supervisor offers a range of working arrangements and all officers benefit from flexible working hours, with the exception of those receiving a management allowance. The Supervisor’s staff have made extensive use of teleworking as a flexibility tool to ensure business continuity and to manage the difficult conditions imposed by the COVID-19 pandemic.
Parliament noted that no cases of harassment were reported in 2020 and appreciated that in December 2020 the Supervisor signed a revision of his anti-harassment decision to clarify the rights and obligations of each party.
Ethical framework and transparency
Parliament noted that the Supervisor’s ethical framework was updated in 2019, requiring all new starters to attend a mandatory presentation on the subject during their initial training. The code of conduct for staff members was revised in December 2019 to bring it into line with changes in the institution and the new legal framework, and to include staff members of the Secretariat.
The EDPS does not currently use the inter-institutional Transparency Register but publishes the agenda and interventions of the Supervisor on its website, including meetings with interest representatives, to ensure accountability towards citizens; encourages the Supervisor to explore ways to link its own register to the Transparency Register.
Digitalisation, cyber security, data protection
Parliament noted that the Supervisor attaches importance to analysing the opportunities, risks and challenges that innovative technologies may pose for data protection and the personal data of individuals. It recognises the role of the EDPS in the global debate on digital ethics, in particular regarding the development of artificial intelligence and facial recognition technologies.
In December 2020, the Supervisor signed an SLA with CERT-EU (Computer Emergency Response Team for the EU institutions, bodies and agencies) on the provision of a wider range of cyber security services. Members welcomed the appointment of a full-time Data Protection Officer in September 2020 to strengthen its capacity to monitor personal data processing activities.
Parliament noted that in 2020, despite the COVID-19 pandemic, the Supervisor was able to offer several training sessions to many EU institutions to advise them on how to protect individuals' personal data.
Members believe that the Supervisor's participation in a number of international fora is crucial to shape and share best practice and create consistent procedures based on a common understanding of data protection rules.
COVID pandemic
Parliament underlined the crucial role of the Supervisor in protecting personal data and privacy, two fundamental rights in the Union, in the context of the COVID-19 pandemic, particularly the relevance and influence of its assessment of compliance with data protection of the numerous contact tracing and warning apps widespread during the pandemic. It acknowledged the additional workload that has faced the Supervisor and appreciated that the Supervisor had not only ensured business continuity, but also increased its productivity.