Key principles

When collecting statements of support for their initiative, organisers process signatories' personal data on a potentially large scale. The representative of the group of organisers (or the legal entity specifically created to manage the initiative, if any) is responsible for processing these personal data and is the so-called data controller.

Where the collection and/or transfer of the collected statements of support is carried out through the central online collection system, the European Commission steps in to alleviate the responsibility of the organisers by acting as a joint data controller for these processing operations.

In case the required number of statements of support has been collected by the group of organisers, these statements are then submitted to the competent national authorities for verification and certification. The national authorities are considered to be data controllers as regards these processing operations.

What are the rules to comply with when processing personal data?

Obligations of data controllers - Case scenario 1

Obligations of data controllers - Case scenario 2

Contacts at national level

  • The contact details of the national authorities responsible for verifying and certifying statements of support are available here.

  • The contact details of the national data protection authorities are available here.

Please note that this webpage provides limited information and does not cover rules as regards personal data processing in the context of collection of signatories' email addresses, initiative sponsors, initiative voluntary collaborators, etc.