On 20 April 2022, the EDPS published the Annual Report for the year 2021. In addition to a summary of the highlights of the work in 2021, the report offers chapters on the EDPS’ supervision and enforcement measures, especially in the area of freedom, security and justice, his work in the fields of technology and privacy, his legislative consultations, communication activities, budget and administration. Furthermore, the report looks at the role of the EDPS as a member of the European Data Protection Board (EDPB), his international cooperation and his cooperation with the civil society. Ultimately, the report outlines the work of the Data Protection Officer (DPO) at the EDPS. All 12 EDPS opinions and 76 formal comments issued in 2021 are listed in the annex of the report.

Regarding the highlights of the work carried out by the EDPS in 2021, it is pointed out that the EDPS played an active role in ensuring and monitoring the compliance of the EU institutions, bodies, and agencies (EUIs) with the Schrems II judgment of the CJEU concerning transfers of personal data to the US (→ eucrim 2/2020, 89-99). In this context, the EDPS launched two investigations in order to help EUIs improve their data protection compliance when negotiating contracts with their service provider. One investigation concerned the use of cloud services provided by Amazon Web Services and Microsoft under Cloud II contracts by EUIs, the second one dealt with the use of Microsoft Office 365 by the European Commission.

As the year 2021 was still marked by the COVID-19 pandemic, the EDPS continued to monitor the pandemic and its impact on data protection by providing advice, producing guidelines, and launching other initiatives to support EUIs in their processing activities during this time.

Regarding his supervision activities in the area of freedom, security and justice, the EDPS took several measures on the processing of personal data by Europol, Eurojust, the EPPO, and Frontex. In December 2021, the EDPS used his corrective powers and issued an order to Europol requesting to delete data concerning individuals with no established link to a criminal activity.

Among the several legislative opinions delivered in 2021, the opinions on the Digital Markets Act and the Digital Services Act are highlighted since the two legal acts will significantly shape Europe’s digital future.

To better understand future developments in the technology sector from a data protection perspective, the EDPS launched a new initiative called "TechSonar" in 2021. The TechSonar reports aim to anticipate emerging technology trends to better understand their future developments, especially their potential implications on data protection and individuals’ privacy. With TechSonar, the EDPS hopes to be able to better determine which technologies are worth monitoring in order to be prepared for a more sustainable digital future where the protection of personal data is efficiently guaranteed. The first 2021 TechSonar report explored technology trends such as smart vaccination certificates, synthetic data, central bank digital currency, just walk out technology, biometric continuous authentication, and digital therapeutics.

Ultimately, in 2021, the EDPS’ TechDispatch reports (i.e., short reports providing factual descriptions of a new technology together with an assessment of the possible impact of the technology on privacy and personal data protection) received the Global Privacy and Data Protection 2021 Award in the category “Education and Public Awareness”. The price is awarded by the Global Privacy Assembly, an international forum for data protection and privacy authorities.