Legislative Observatory
European Parliament
Please fill in this field to find a procedure

2023 discharge: General budget of the EU - European Data Protection Supervisor

2024/2028(DEC)

The Committee on Budgetary Control adopted the report by Joachim Stanisław BRUDZIŃSKI (ECR, PL) on the implementation of the general budget of the European Union for the financial year 2023, Section IX - European Data Protection Supervisor (EDPS).

The committee called on the European Parliament to grant discharge to the European Data Protection Supervisor in respect of the implementation of its budget for the financial year 2023.

Budgetary and financial management

The report noted that the final budget adopted for the EDPS for the financial year 2023 was EUR 22 711 559, representing an increase of 12.06% compared to 2022. The EDPS's monitoring and planning efforts during the financial year 2023 resulted in a budget implementation rate of commitment appropriations for the current financial year of 96% (a rate slightly lower than that of 2022, namely 98%).

Members noted that the effects of Russia's illegal war of aggression against Ukraine continued to put budgetary pressure on the EDPS in 2023, notably due to rising inflation and the resulting increase in energy costs. They expressed concern about the significant increase in mission expenses of EDPS staff.

Internal management, performance, and internal control

In 2023, the EDPS monitored its performance using nine key indicators, exceeding its targets, with the exception of the number of EDPS followers on certain social media accounts. The EDPS faced considerable challenges due to a growing workload and complex data protection issues arising from the rapidly evolving digital landscape, as well as several legislative developments over the past two years that impacted its work. The Commission and the budgetary authority are invited to take these elements into account in the annual budgetary procedure.

The EDPS has strengthened its capacity to study emerging technological trends and their potential impact on privacy and data protection, using a foresight-based approach, with a focus on exploring developments in areas such as large language models, digital identity wallets, the Internet of Behaviour, extended reality, and deep fake detection. Members congratulated the EDPS on winning the Global Privacy and Data Protection Awards 2023 in the innovation category, awarded internationally by the Global Privacy Assembly (GPA).

The EDPS developed various procedural and policy tools to improve its investigation procedures and reduce the high number of complaints. Its consultative role in the legislative process has strengthened, with a 93% increase in requests over the past five years.

The EDPS is urged to prioritise and improve procedures for handling the personal data of minors under the age of 15, particularly in the context of Europol's systems, where these minors may be considered suspects. Lastly, the EDPS investigated the Commission’s alleged use of micro-targeting on platform X and continued two preliminary investigations: one concerning the use by institutions, bodies, offices and agencies of the Trello cloud service, which was closed in 2023, and the other, conducted in 2024, concerning the use of profiling by EU institutions, bodies, offices and agencies. In total, six investigations and four preliminary investigations were launched within the area of ​​freedom, security and justice, which reflects a significant increase compared to 2022.

The committee responsible makes the following observations, inter alia:

- at the end of 2023, the EDPS had 129 staff members, compared to 127 in 2022. The establishment plan for 2023 reflects a high occupancy rate (95.65%), but also a high turnover rate (13%). Members encouraged the EDPS to continue its efforts to achieve a more balanced geographical representation across all Member States, particularly at management level. They welcomed the increased diversity of nationalities represented, but deplores the persistent underrepresentation of women in senior management positions;

- the EDPS focused its efforts on raising staff awareness of the ethical framework of the EDPS and the European Data Protection Board by organising specific mandatory training sessions for all staff and appointing a new Ethics Officer. The EDPS has never been involved in an investigation by the European Anti-Fraud Office (OLAF) since its creation. Members, however, regretted that the EDPS has still not officially joined the EU Transparency Register;

- the 2023 budget for IT equipment and projects was 9.5% higher than that of 2022. The IT tools and services provided by the Commission and Parliament do not fully meet the EDPS's specific needs. These gaps should be addressed by developing in-house capabilities and applications. The EDPS has made progress in digitalising its workflows and processes and plays a leading role in improving the cybersecurity preparedness of the EU institutions;

- the EDPS has achieved budgetary and administrative savings through interinstitutional cooperation, in particular the conclusion of service-level agreements with Parliament for the rental of its premises and the use of IT applications, the supply of IT equipment and maintenance, and with the Commission for human resources and business administration processes, as well as participation in large interinstitutional framework contracts.