EU official should not get top privacy job, says think tank

The next privacy regulator for the EU institutions – the European Data Protection Supervisor (EDPS) – should not come from within the European Commission's ranks, a letter to the European Parliament and European Commission Presidents, initiated by think tank Centre for AI & Digital Humanism, said.

The letter – signed by a list of privacy professors – stresses that if the role is awarded to long-time EU official Bruno Gencarelli, the EDPS' legitimacy is at stake and poses a risk of conflict. Early last year, the EDPS ruled for example that the Commission’s use of Microsoft 365 was not legitimate.

Gencarelli – who spent 12 years working in managerial roles on data protection at the Commission, and who was formerly a head of the executive's International Affairs and Data Flows Unit – is one of four contenders shortlisted for the role by the Commission. 

After hearings in both institutions earlier this month, the Parliament’s Civil Liberties, Justice and Home Affairs Committee, LIBE, voted to appoint Gencarelli, followed by the current EDPS Wojciech Wiewiórowski. The member states are backing Wiewiórowski for the job however.

Next week, the Parliament’s Conference of Presidents is set to endorse the LIBE decision, after which the institutions will have to find a compromise. 

The hearings were due last November but were delayed because the Commission failed to draw up the shortlist before the mandate of the Wiewiórowski – in the role since 2019 – expired on 5 December.

Although the EDPS is not able to fine Big Tech companies for a privacy breach — that's a competence of the national data protection authorities — its role as an advisor to those watchdogs is significant. 

Later this year, the AI Act will start to apply, and national privacy watchdogs will see their privacy work more and more intertwined with AI, which will enable the new EDPS to take an agenda setting role.