EDPS Annual Report 2024
On 23 April 2025, the European Data Protection Supervisor (EDPS) presented its Annual Report 2024, which reviews activities over the year organised under the headings of supervision and enforcement, policy and consultation, technology and privacy, and artificial intelligence.
The year 2024 was marked by celebrations around the 20th anniversary of the EDPS. (→eucrim 2/2024, 107). On this occasion, the EDPS published a book entitled "Two Decades of Personal Data Protection: What Next?", retracing its journey, highlighting its role in shaping the digital landscape and safeguarding privacy, reflecting on key lessons learned, and anticipating future challenges. The EDPS also launched the 20 Talks series, exploring the role of privacy and data protection across various sectors, bringing together experts from technology, policy, academia, and activism.
Throughout the year, the EDPS worked on 20 initiatives, publishing one per month, to keep pace with the evolving digital landscape and to strengthen its position as a modern data protection authority. In June 2024, a major conference in Brussels marked EDPS's anniversary, drawing data protection specialists, policymakers, and technology experts to reflect on the role of data protection in modern democracies.
Alongside its anniversary events, the EDPS introduced several new initiatives in 2024, including the creation of an Artificial Intelligence Unit and the launch of an AI Strategy centred on governance, risk management, and supervision. It also provided a record-breaking 97 responses to legislative consultation requests from the European Commission, issuing opinions and formal and informal comments to guide data protection in draft EU legislation and international agreements.
In the area of Justice and Home Affairs, the EDPS issued Opinions on, for example:
- The proposed Regulation to extend the temporary derogation from certain ePrivacy Directive provisions to combat child sexual abuse online;
- The Regulation to enhance police cooperation to prevent, detect, and investigate the smuggling of migrants and the trafficking of human beings, and to reinforce the role of Europol in preventing and combating these crimes;
- Proposed agreements to enhance judicial cooperation with Eurojust and Bosnia & Herzegovina and the Republic of Lebanon;
- The EU–Canada agreement on transfers of Passenger Name Record (PNR) data.
The EDPS also closely followed the development and interoperability of the EU’s large-scale IT systems to support law enforcement, border management, and migration and asylum. Such systems include the Entry/Exit System (EES), Visa Information System (VIS), European Travel Information and Authorisation System (ETIAS), Eurodac, Schengen Information System (SIS), and the European Criminal Records Information System for Third Country Nationals (ECRIS TCN).
In its capacity as supervisory authority, the EDPS reprimanded Frontex for failing to comply with its regulation when transmitting personal data of cross-border crime suspects to Europol. (→eucrim 4/2024, 280-281). It also issued 23 recommendations to Europol to ensure or improve its compliance with the data protection legal framework.
Finally, the year 2024 marked the conclusion of the EDPS Strategy 2020–2024 focused on building a safer, fairer, and more sustainable digital Europe (→eucrim 2/2020, 102). To this end, the EDPS published a review of its mandate during this period (→separate news item).