The EU institutions and bodies sometimes process citizens' personal information - in electronic, written or visual format - in the course of their duties. Processing includes collecting, recording, storing, retrieving, sending, blocking or erasing data. It is the task of the European Data Protection Supervisor (EDPS) to uphold the strict privacy rules governing these activities.
The Supervisor is appointed for a renewable 5-year term of office. For everyday operations, the EDPS comprises 2 main entities:
The EU institutions and bodies must not process personal data on your
Nor may they process data on your health or sexual orientation, unless these are needed for health care purposes. Even then, this must be done by a health professional or other person sworn to professional secrecy.
If you believe that your right to privacy has been infringed by an EU institution or body, you should first tell the EU staff members responsible for processing your data in the instance where you think the infringement was committed. If you are not satisfied with the outcome, contact the data protection officer of the EU institution or body which you believe has committed the infringement.
If this fails, you can make a complaint to the EDPS using a complaint submission form. The European Data Protection Supervisor will investigate and let you know whether they agree with your complaint and, if so, how the situation is being rectified.
If you disagree with the EDPS's decision, you may take the matter to the Court of Justice of the EU.