Decision on next EU privacy chief in deadlock

EU lawmakers and member states remain deadlocked over their choice of the next European Data Protection Supervisor (EDPS) – the privacy watchdog of the EU institutions - after negotiations on Thursday ended in stalemate, according to a source familiar with the process. 

The mandate of the current EDPS, Poland’s Wojciech Wiewiórowski, expired in early December, but lawmakers and member states failed to agree on a successor, with each backing different candidates from four contenders shortlisted by the European Commission following hearings in January.

The Parliament’s Civil Liberties, Justice and Home Affairs Committee, LIBE, voted to appoint long-time Commission official Bruno Gencarelli, from Italy, while the member states are backing Wiewiórowski to stay on for another mandate. 

A special working group with representatives from both institutions was set up, which met twice in March, with a further meeting yet to be scheduled. 

Next week, the Council will decide on how to proceed, according to sources briefed.

The process has been plagued by delays. The hearings, which were due before 5 December, when Wiewiórowski’s mandate ended, were pushed back by the Commission to January because of delays in approving its shortlist.  

Although the EDPS is not able to fine Big Tech companies for breaches of the EU privacy rules — that's a competence of the national data protection authorities — it publishes opinions on legislative proposals and weighs in on upcoming digital legislation.  

Last month, Think tank Centre for AI & Digital Humanism sent a letter, signed by a list of privacy professors, to the Parliament and Commission Presidents, signalling Gencarelli ought to be conflicted from the role. 

The next privacy regulator should not come from within the Commission's ranks, given the remit of the job, they warned. 

Early last year, the EDPS ruled for example that the use of Microsoft 365 by the EU executive was illegitimate.