Dies ist eine HTML Version eines Anhanges der Informationsfreiheitsanfrage '2012 Correspondence regarding the Fundamental Rights Agency.'.

HElping to MakE fUndaMEntal rigHtS 
 FOCUS
a rEality for EvEryonE in tHE EUropEan Union
Elements of independence 
of the data protection 
authorities in the EU
Data protection authorities’ 
funding and staffing

Contents 
Introduction .............................................................................................................................. 3 
1.  Data Protection Authorities’ tasks ................................................................................. 4 
2. Legal 
framework 
.............................................................................................................. 5 
3.  Principles applied to comparable institutions .............................................................. 7 
4. Financial 
independence 
................................................................................................ 
10 
4.1. Separate and independent annual budget ...................................................................... 10 
Promising practices ..................................................................................................................... 12 
4.2. Adequate financial resources ............................................................................................ 13 
Promising practices ..................................................................................................................... 18 
5. Staffing 
independence 
.................................................................................................. 
18 
5.1. Independent recruitment procedures .............................................................................. 19 
Promising practices..................................................................................................................... 21 
5.2. Adequate human resources .............................................................................................. 21 
Promising practices..................................................................................................................... 22 
5.3. Sufficiently qualified staff .................................................................................................. 23 
Promising practices..................................................................................................................... 23 
Conclusions ............................................................................................................................ 24 
Summary ................................................................................................................................ 25 
Annex ..................................................................................................................................... 26 
 
 
 
 
© FRA 
 2 

Introduction  
On 5 May 2012, European Commission Vice-President Viviane Reding, responsible for Justice, 
Fundamental Rights and Citizenship, delivered a speech on the importance of strong and independent 
Data Protection Authorities (DPAs). The speech followed the adoption of proposals for a reform of the 
EU's data protection rules by the Commission in January 2012. The proposed reform seeks to simplify 
the application of the data protection rules at EU level and strengthen the independent national data 
protection authorities in charge of its implementation. 
In recognising that many data protection authorities have concerns when it comes to funding and 
staffing issues in light of the reform proposals, Vice-President Reding stressed the importance of 
“well staffed and properly resourced data protection authorities in all Member States,” reiterating 
that financial autonomy is “a key aspect of full independence.”1 
The  need  to  ensure  that  data  protection  authorities are appropriately funded and staffed led to 
Commissioner Reding proposing a study to assess current practices and to identify good practices 
regarding funding and staffing for an effective, financially independent national data protection 
authority that can make a strong contribution to cooperation and coordination with other data 
protection authorities. 
In facilitating this study, the European Commission – between July and November 2012 – sent 
questionnaires to the DPAs in each EU Member State. The questionnaires covered five broad topics: 
1.  the current situation regarding budget; 
2.  staff and training issues;  
3.  task allocations;  
4.  the estimated impact of data protection reform proposals; and  
5.  IT tools.   
Individual anonymity was granted to the DPA staff members responsible for completing the 
Commission’s questionnaires, and the responses are noted as representative of the views held by 
each DPA. The European Commission then requested that the European Union Agency for 
Fundamental Rights (FRA) process the data received and report about the current situation, 
identifying promising practices for Member States regarding the funding and staffing of DPAs. The 
DPAs of Romania and Slovakia did not respond to the questionnaire, and are not included in the 
analysis below. 
The FRA did not take part in shaping or drafting the questionnaires, and the results presented are 
solely based on the responses gleaned from the individual DPAs, as well as additional exchanges 
between FRA and the DPAs, aimed at clarifying the answers. With regard to Germany, the responses 
to the questionnaire and the data used are relevant to the Federal Commissioner for Data Protection 
and Freedom of Information only, and do not cover the German federal states. The independence of 
DPAs is a broad concept incorporating a number of key principles, many of which can be found within 
the legal frameworks applied to other bodies and are included in an Annex to this analysis. Of these, 
the standards applied to National Human Rights Institutions (NHRIs) and legal frameworks of National 
Regulatory Authorities (NRAs) – including those from the broadcasting telecommunications, and 
health sectors – are of particular relevance, and provide a comparative aspect to this analysis. NHRIs 
benefit from a more developed structural framework that governs their composition and operation, 
and as “guardians” of fundamental rights – in much the same way that DPAs are – there are a number 
of promising practices to be drawn from the way in  which  they  operate.  FRA’s  report  on  national 
                                                            
1   European Commission Vice-President Reding, Strong and independent data protection authorities: the bedrock of the EU's 
data protection reform, Speech, Luxembourg, 3 May 2012, available at www.springconference2012.lu/ 
files/10/6/document_id32.pdf. 
 
 
© FRA 
 3 

human rights institutions (NHRIs),2 provides essential contextual background to this comparative 
approach. 
While the concept of independence is a broad one, and not all aspects are covered within this 
analysis,  it  is  also  worth  noting  that  independence  incorporates  both  positive  independence  –
independence  to carry out functions in a certain manner – and negative independence – 
independence  from external influence. This analysis emphasises the importance of both. Although 
independence and autonomy are closely linked, independence is seen as an overarching concept 
within which autonomy from external control is often seen as a necessary component. 
Whereas the European Commission’s questionnaire refers to the sufficiency of resources, a number of 
international instruments – namely the European Commission’s draft Regulation3 of the European 
Parliament and of the Council on the protection of  individuals  with  regard  to  the  processing  of 
personal data and on the free movement of such data (General Data Protection Regulation) – instead 
make reference to the adequacy of resources. In this paper, sufficient and adequate are used 
synonymously with regard to both the adequacy of resources, staff members and training provisions.  
Only those areas addressed by the European Commission’s questionnaire fall within the remit of this 
analysis. From the Commission’s questionnaire, two key aspects related to independence have been 
identified: financial independence and staffing independence. They will be addressed in turn after a 
short overview of the tasks that DPAs are expected to perform based on the Directive 95/46/EC of 
the European Parliament and of the Council of 24 October 1995 on the protection of individuals with 
regard to the processing of personal data and on the free movement of such data (Data Protection 
Directive), the legal standards in place and the principles applied to similar institutions. 
1. Data Protection Authorities’ tasks 
Any assessment made of what constitutes adequate – for the purposes of assessing the adequacy of 
resources, staff members and training provisions – should be made with reference to the duties, tasks 
and powers of the DPAs. The Data Protection Directive requires Member States to endow their 
national supervisory authorities with the general powers specified in Articles 28(2) (power to advise 
legislative or administrative authorities in the process of drafting legislation or regulations relating to 
the protection of individuals’ rights and freedoms with regard to the processing of personal data), 
28(3) (power of investigation, of intervention and of engagement in legal proceedings) and 28(4) 
(power to hear claims).4 The extent to which these provisions have been enacted varies between the 
Member States.5 Article 28(5) of the Data Protection Directive requires DPAs to draw up a report of 
their activities at regular intervals and to make it publicly available. DPAs also have a duty to raise the 
awareness of privacy and personal data rights among EU individuals. This is particularly important 
since the effectiveness of data protection legislation can be ensured only when individuals are aware 
of their fundamental rights and actively involved in securing them. 
As set out in the First Report on the implementation of the General Directive, published by the 
European Commission in 20036, all data protection authorities are charged with investigating possible 
breaches of the law within their jurisdiction. Such investigations can arise, in particular, out of doubts 
about a proposed processing operation, or out of specific complaints from individual data subjects 
                                                            
2   FRA (European Union Agency for Fundamental Rights) (2010), National Human Rights Institutions in the EU Member States – 
Strengthening the fundamental rights architecture in the EU I, Luxembourg, Publications Office of the European Union 
(Publications Office), available at: http://fra.europa.eu/sites/default/files/fra_uploads/816-NHRI_en.pdf. 
3   COM (2012) 11. 
4   Article 28 of Directive 95/46/EC of the European Parliament and of the Council on the Protection of Individuals with regard 
to the Processing of Personal Data and on the Free Movement of such Data. 24 October 1995, available at 
http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf.  
5   FRA  (2010),  Data Protection in the European Union: The role of National Data Protection Authorities. Strengthening the 
fundamental rights architecture in the EU II, Luxembourg, Publications Office, p. 20. 
 
 
 
© FRA 
 4 

(see Figure 3 below). The Report goes on to assert that when investigations are carried out, they are 
extensive, detailed and in-depth.7 
At the EU level, the DPAs cooperate and work jointly with each other under the framework of the 
Working Party on the Protection of Individuals with regard to the Processing of Personal Data, 
established by Article 29(1)(1) of the Data Protection Directive (also known as the “Article 29 
Working Party”).  
In addition, Articles 52 and 53 of the draft General Data Protection Regulation set out the duties and 
powers of DPAs. These provisions are more detailed than those provided by the Data Protection 
Directive. Any expansion of the role of DPAs has repercussions for any assessment of whether DPAs 
have adequate resources, with wider duties and powers potentially leading to calls for additional 
funds to carry out the resulting tasks.   
2. Legal framework 
At EU level, DPAs independence is enshrined in Article 8 (3) of the Charter of Fundamental Rights of 
the European Union (adopted in 2000, legally binding as EU Primary law with the entry into force of 
the Lisbon Treaty in 2009), which asserts that the rules laid down by the Charter “shall be subject to 
control by an independent authority”. Independence of DPAs at EU level is also enshrined in Article 16 
(2) of the Treaty on the Functioning of the European Union, which states that “the European 
Parliament and the Council (…) shall lay down the rules relating to the protection of individuals with 
regard to the processing of personal data” and that “compliance with these rules shall be subject to 
the control of independent authorities.” Article 28 of Data Protection Directive certifies that DPAs 
“shall act with complete independence in exercising the functions entrusted to them,”8 but the 
Directive does not elaborate on the nature of this independence. 
All 28 EU Member States, in compliance with the requirements of Article 28 (1) of the Data Protection 
Directive have appointed one national supervisory authority with the wide remit of monitoring the 
application of and ensuring respect for data protection legislation within their territories.  
As observed by the CJEU in European Commission v. Germany, DPAs are “the guardians of those 
fundamental rights and freedoms, and their existence in the Member States are considered an 
essential component of the protection of individuals with regard to the processing of personal data.”9   
In the Council of Europe context, the Convention for the Protection of Individuals with regard to 
Automatic Processing of Personal Data10 (Convention 108) itself did not originally provide for the 
setting up of national supervisory authorities. The 2001 Additional Protocol to Convention 108, 
however, enhanced the data protection guarantees by setting up supervisory authorities that “shal  
exercise their functions in complete independence”.11  
 
 
                                                            
7   European Commission, First Report on the implementation of the General Directive (95/46/EC), COM(2003) 265 final, 
Analysis and impact on the implementation of Directive 95/46/EC in Member States, pp. 39–41 
8   OJ 1995 L 281. 
9   CJEU, C-518/07, European Commission v. Germany, 9 March 2010, para. 23. 
10  Council of Europe, Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, CETS 
No. 108, 1981.  
11  Council of Europe, Article 1 (3), Additional Protocol to the Convention for the Protection of Individuals with regard to 
Automatic Processing of Personal Data regarding supervisory authorities and transborder data flows, CETS No. 181, 2001. 
(Additional Protocol to the Convention 108). The Additional Protocol entered into force in 2004. It is ratified by 21 EU 
Member States and Croatia. Belgium, Malta and Slovenia did not sign the Additional Protocol. Denmark, Greece, Italy and the 
United Kingdom did not ratify the Additional Protocol. 
 
 
© FRA 
 5 

 
"A number of elements contribute to safeguarding the independence of the supervisory authority in 
the exercise of its functions. These could include the composition of the authority, the method for 
appointing its members, the duration of exercise and conditions of cessation of their functions, the 
allocation of sufficient resources to the authority or the adoption of decisions without being subject to 
external orders or injunctions." 

Explanatory Report, Additional Protocol to Convention 108, para. 17. 
The Court of Justice of the European Union (CJEU) has so far clarified the concept of “complete 
independence” of data protection authorities in two landmark judgements delineating the precise 
requirements regarding independence in relation to influence and supervision. In the 2010 judgment 
European Commission v. Germany,12 the CJEU interpreted Article 28 of the Data Protection Directive 
as a norm setting up DPAs, which “must enjoy an independence allowing them to perform their 
duties free from external influence”.13 The CJEU reached this conclusion by interpreting the Directive 
homogeneously with the requirements in Article 44 of Regulation (EC) No 45/2001 of the European 
Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to 
the processing of personal data by the Community institutions and bodies and on the free movement 
of such data.14 Article 44 (2) of the Regulation 45/2001 states that: “the European Data Protection 
Supervisor shall […] neither seek nor take instructions from anybody”. This does not however mean 
that parliamentary influence is total y excluded, and Parliament may still play a role in appointing the 
management of the supervisory authorities, defining the powers of these authorities, and obligating 
them to report their activities to Parliament.15 In the 2012 judgment European Commission v. Austria
the CJEU reiterated that the independence required under EU law “precludes not only any influence 
exercised by the supervised bodies, but also any directions or any other external influence, whether 
direct or indirect” which may affect the DPA’s decisions.16 The most recent case - European 
Commission v. Hungary – 
demonstrates how the procedures in place to govern the recruitment and 
dismissal of staff members can also come under scrutiny, with indirect influence able to be exerted 
through the recruitment process. In this case, the European Commission has brought an action against 
Hungary before the CJEU, asking the court to declare that Hungary had failed to fulfil its obligations 
under the Data Protection Directive by removing the data protection supervisor from office 
prematurely.17 The case is currently pending before the CJEU. 
Understanding the component parts of the concept of independence is essential to any assessment of 
the extent to which DPAs operate free from external control. FRA’s report on Data Protection in the 
European  Union:  the  Role  of  National  Data  Protection Authorities highlights how autonomy with 
regard to both recruitment and budget is central to this broader concept of independence: 
The guarantee of independence is, in fact, primarily assured by the procedure of nomination and 
removal of the officers of the DPAs. The control over financial resources represents a second relevant 
element in ensuring the autonomy of supervisory authorities.” 18  
On 25 January 2012 the European Commission proposed a wide-reaching reform of EU data 
protection legislation. Concerning independence of data protection authorities, the draft General Data 
                                                            
12  Court of Justice of the European Union (CJEU), C-518/07, European Commission v. Germany, 9 March 2010. 
13 CJEU, 
C-518/07, 
European Commission v. Germany, 9 March 2010, para. 30. 
14  Council Regulation 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of 
individuals with regard to the processing of personal data by the Community institutions and bodies and on the free 
movement of such data. OJ 2001 L 8. (hereinafter Regulation 45/2001). 
15 CJEU, 
C-518/07, 
European Commission v. Germany, 9 March 2010, para. 43. 
16 CJEU, 
C-614/10, 
European Commission v. Republic of Austria, 16 October 2012, para 24. 
17 CJEU, 
C-288/12, 
European Commission v. Hungary, Action brought on 8 June 2012, pending. 
18 FRA (2010), Data Protection in the European Union: The role of National Data Protection Authorities. Strengthening the 
fundamental rights architecture in the EU II, Luxembourg, Publications Office, p. 8. 
 
 
© FRA 
 6 

Protection Regulation seeks to – among other things – strengthen the independence of DPAs. Draft 
Article 47 of the General Data Protection Regulation stipulates that: 
1. The supervisory authority shall act with complete independence in exercising the duties 
and powers entrusted to it. 
2. The members of the supervisory authority shal , in the performance of their duties, neither 
seek nor take instructions from anybody. 
3. Members of the supervisory authority shall refrain from any action incompatible with their 
duties and shall not, during their term of office, engage in any incompatible occupation, 
whether gainful or not. 
4. Members of the supervisory authority shall behave, after their term of office, with integrity 
and discretion as regards the acceptance of appointments and benefits. 
5. Each Member State shall ensure that the supervisory authority is provided with the 
adequate human, technical and financial resources, premises and infrastructure necessary for 
the effective performance of its duties and powers, including those to be carried out in the 
context of mutual assistance, co-operation and participation in the European Data Protection 
Board. 
6. Each Member State shall ensure that the supervisory authority has its own staff which shall 
be appointed by and be subject to the direction of the head of the supervisory authority. 
7. Member States shall ensure that the supervisory authority is subject to financial control 
which shall not affect its independence. Member States shall ensure that the supervisory 
authority has separate annual budgets. The budgets shall be made public.  
Once adopted by EU legislators, the General Data Protection Regulation would enshrine many of the 
key aspects of independence. The provisions set out in Article 47 – paragraphs 5 and 7 in particular – 
are discussed below.  
3.  Principles applied to comparable 
institutions 
The principles set out above are also contained within other wel -established and recognised 
European and international guidelines on independence. The frameworks applied to National Human 
Rights Institutions and National Regulatory Authorities – including those from the broadcasting 
telecommunications, and health sectors – are particularly valuable in informing any compilation of 
independence standards to be applied. While DPAs typical y have a more focused mandate than 
NHRIs, they are al  meant to be independent monitoring bodies with a role in the fundamental rights 
field.19  
                                                            
19   See also the discussions on the ‘Independence and powers of independent supervisory authorities’, which took place during 
the 3rd Annual FRA Symposium: FRA (2012), European Union data protection reform: new fundamental rights guarantees
3rd Annual FRA Symposium, Vienna, 10 May 2012 (hereafter FRA Symposium Report), available at 
http://fra.europa.eu/sites/default/files/fra_uploads/2280-FRA-Symposium-data-protection-2012.pdf, p.10, and FRA 
(2010), National Human Rights Institutions in the EU Member States. Strengthening the fundamental rights architecture in 
the EU I
, Luxembourg, Publications Office, available at: http://fra.europa.eu/sites/default/files/fra_uploads/816-
NHRI_en.pdf. 
 
 
© FRA 
 7 

“NHRIs hold a special position among independent mechanisms, since the rules governing their 
composition, mandate and working methods – the Paris Principles – form the criteria for evaluating 
these mechanisms, according to an OHCHR study.” 

European Union Agency for Fundamental Rights (FRA) (2012), EU Handbook on the establishment and 
accreditation of National Human Rights Institutions
, p. 4220 
The Paris Principles provide comprehensive guidance on the effective governing and independence of 
NHRIs. The International Coordinating Committee of National Institutions for the Promotion and 
Protection of Human Rights (ICC) reviews and accredits NHRIs through its sub-committee in 
compliance with these Principles. The ICC Sub-Committee’s General Observations concerning the Paris 
Principles affirm that “[f]inancial systems should be such that the institution has complete financial 
autonomy [and it should have] a separate budget line over which it has absolute management and 
control.”21  
“NHRIs must be ful y independent and guaranteed a sufficient infrastructure with adequate funding 
so as to ensure the highest attainable level of operations irrespective of changes in the political 
leanings of successive governments, economic downturns, or perceived sensitivity of the matters 
they address. NHRIs should have a separate budget line and legislative prescription of adequate 
resources, with clear goals and measurement of performance.
  
[…] NHRIs should also be […] sufficiently resourced to be able to collect data and conduct research 
and awareness-raising.”  

FRA’s Opinions as published in the Report (2010) National Human Rights Institutions in the EU 
Member States
 
The framework applied to equality bodies calls for the need for independence but does not provide 
detailed principles to which the bodies must adhere to. Article 13 of Council Directive 2000/43/EC of 
29 June 2000 implementing the principle of equal treatment between persons irrespective of racial or 
ethnic origin (Racial Equality Directive) provides that Member States shall designate a body or bodies 
for the promotion of equal treatment of all persons, and that the competences of these bodies should 
include providing independent assistance, conducting independent surveys, and publishing 
independent reports.22 Further elaboration on the concept of independence is not provided.23 
In the area of broadcasting regulation, Article 30 of Directive 2010/13/EU of the European Parliament 
and of the Council of 10 March 2010 on the coordination of certain provisions laid down by law, 
regulation or administrative action in Member States concerning the provision of audiovisual media 
services (Audiovisual Media Services Directive) only requires that Member States take appropriate 
measures necessary for the application of the Directive “through their competent independent 
                                                            
20   See also Office of the United Nations High Commissioner for Human Rights (OHCHR) (2010), National Human Rights 
Institutions, History, Principles, Roles and Responsibilities, available at http://www.ohchr.org/Documents/Publications/PTS-
4Rev1-NHRI_en.pdf. 
21   International Coordinating Committee of National Institutions for the Promotion and Protection of Human Rights, Report and 
Recommendations of the Session of the Sub-Committee on Accreditation (SCA), Geneva, 29 March -1 April 2010, available 
at http://nhri.ohchr.org/EN/ICC/AnnualMeeting/24/2Subcommittee%20on%20Accreditation/SCA%20REPORT%20-
%20March%20FINAL%20(with%20annexes).doc.  
22   Council Directive 2000/43/EC of 29 June 2000 implementing the principle of equal treatment between persons irrespective 
of racial or ethnic origin (Race Directive), OJ 2000 L 180, Art. 13. 
23   See however, Principle 5, Council of Europe, European Commission against Racism and Intolerance (ECRI), ECRI General 
Policy Recommendation N°2: Specialised bodies to combat racism, xenophobia, antisemitism and intolerance at national 
level
, Strasbourg, Council of Europe, 13 June 1997 and Equinet, European network of equality bodies, Between impartiality 
and responsiveness – Equality bodies and practices of independence
, December 2008. 
 
 
© FRA 
 8 

regulatory bodies,”24 without further elaborating on what is to constitute an independent regulatory 
body. A 2011 study conducted on behalf of the European Commission stated that independence is in 
many ways a relative term, the definition of which depends on the purpose of independence within 
the given context. It notes that independence and effective functioning are closely interrelated and 
can hardly be separated from one another. While the report acknowledges that there is no 
comprehensive and consistent theory of independence that we could simply apply to derive criteria 
and indicators, it does identify theoretically extractable criteria and descriptors, categorised under 
different dimensions of independence. These comprise Status and Powers (legal provisions that 
establish the regulatory body and specify its tasks and powers); Autonomy of Decision Makers (an 
organisational structure and management board that safeguards against political influence); Financial 
Autonomy (adequacy of the budget and autonomy in allocating the budget so as to minimise the 
involvement of other actors in the budget allocation process); Knowledge (professionalism and 
expertise of staff and board members); and Transparency & Accountability mechanisms (checks and 
balances to ensure that the regulator does not stray from its mandate, engage in corrupt practices, or 
become grossly inefficient).25 In March 2013, the European Commission launched a public 
consultation to assess whether the independence of regulatory bodies should be strengthened. The 
questions asked in the consultation sought – among other things – to identify key indicators of 
independence.26  
Council  of  Europe  standards  in  the  area  of  broadcasting  are  more  detailed.  In  providing  a 
Recommendation on the independence and functions of regulatory authorities for the broadcasting 
sector, the Council of Europe stated that the “funding of regulatory authorities should be specified in 
law in accordance with a clearly defined plan; [and that] public authorities should not use their 
financial decision-making power to interfere with the independence of regulatory authorities.” 27  
The EU framework applied to electronic communications networks and services is even more explicit, 
with many of the requirements directly informing the practices recommended in this paper. Directive 
2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending 
Directive 2002/21/EC on a common regulatory framework for electronic communications networks 
and services provides that the independence of the national regulatory authorities should be 
strengthened through express provision being made in national law to ensure that, in the exercise of 
its tasks, a national regulatory authority is protected against external intervention or political pressure 
liable to jeopardise its independent assessment of matters coming before it. It goes on to assert that 
rules should be laid down at the outset regarding the grounds for the dismissal of the head of the 
national regulatory authority. It also states that it is important that national regulatory authorities 
should have their own budget al owing them, in particular, to recruit an adequate number of qualified 
staff. In order to ensure transparency, this budget should be published annually. It goes on to affirm 
that Member States shall ensure that national regulatory authorities have adequate financial and 
human resources to carry out the task assigned to them.28 
With regard to NRAs for the health sector, the World Health Organisation provides useful human 
resources recommendations. Among them, they urge governments to ensure that competitive and 
                                                            
24   Directive 2010/13/EU of the European Parliament and of the Council of 10 March 2010 on the coordination of certain 
provisions laid down by law, regulation or administrative action in Member States concerning the provision of audiovisual 
media services (Audiovisual Media Services Directive), OJ 2010 L 95, Art. 30. 
25   INDIREG Final Report: Indicators for independence and efficient functioning of audiovisual media services regulatory bodies 
for the purpose of enforcing the rules in the AVMS Directive” (SMART 2009/0001). February 2011, available at: 
http://ec.europa.eu/avpolicy/docs/library/studies/regulators/final_report.pdf. 
26  European Commission Consultations on Media Freedom and Pluralism and Audiovisual Media Regulator Independence, open 
until 14th June 2013, available at: https://ec.europa.eu/digital-agenda/en/public-consultation-independence-audiovisual-
regulatory-bodies. 
27   Council of Europe, Recommendation Rec(2000)23 of the Committee of Ministers to Member States on the Independence 
and Functions of Regulatory Authorities for the Broadcasting Sector, Strasbourg, adopted on 20 December 2000. 
28  Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009 amending Directives 
2002/21/EC on a common regulatory framework for electronic communications networks and services, 2002/19/EC on 
access to, and interconnection of, electronic communications networks and associated facilities, and 2002/20/EC on the 
authorisation of electronic communications networks and services, OJ 2009 L 337. 
 
 
© FRA 
 9 

attractive salaries are available for NRA staff; merit-based staff selection and recruitment policies are 
in place; and that the NRAs are able to improve the knowledge and skills of their staff through in-
house and external training programmes.29 
In several countries, normative or practical obstacles raise concerns as to the effective independence 
of the national supervisory bodies from the political branches of government.30 An assessment of the 
extent to which these obstacles prevent DPAs from carrying out their functions in complete 
independence fol ows below in this report.  
The key areas to be explored herein fall broadly within the first two categories addressed by the 
Commission’s questionnaire that this FRA analysis is focusing on: 
1.  budget issues; the extent to which DPAs have a separate and independent annual budget 
along with adequate resources and the ability to use those resources free from external 
control (financial independence); and  
2.  staff and training issues; the extent to which DPAs are able to hire an adequate number of 
staff to fulfil their tasks, that they are able to recruit this staff independent of external 
influence, and that they are able to provide adequate training for all staff members (staffing 
independence
). 
4. Financial independence 
Financial independence is essential for the effective functioning of the DPAs. This incorporates DPAs 
having a) a separate and independent annual budget – so as to ensure that influence is not exerted 
on the DPA by the government through the budgetary process, and b) adequate financial resources to 
carry out their mandate. Both of these issues will be addressed in turn, and are of particular relevance 
in light of the proposal for a General Data Protection Regulation, which would abolish notification 
requirements, thereby preventing DPAs from earning revenue through the use of notification fees.  
4.1.  Separate and independent annual budget 
The budgets of DPAs should not be subject to influence by government. This relates to both their 
initial allocation – deciding on the amount to be received during budgetary preparations – and the way 
in which funds are subsequently spent (once the budget has been allocated), however the 
Commission’s questionnaire only covers the budgetary preparations process and therefore discussion 
here is limited to this issue. It is advisable that DPAs are given a separate and independent budget, 
authorised by Parliament alone. The independence of DPAs is also increased by ensuring that they 
are involved in all aspects of the budgetary preparations, making an assessment of the amount 
needed in a detailed proposal, and being consulted throughout the decision making process. Such 
involvement further minimises the risk of influence being exerted over the budgetary process by the 
government.  
Failing to involve the DPAs in the budgetary procedure risks placing them in a position whereby they 
are unable to respond to fluctuating demands due to a lack of specific resources. The CJEU has 
however indicated that, with regard to DPAs, budgetary independence can be achieved in the 
absence of a separate budget line: In the case of European Commission v Republic of Austria – 
according to the CJEU – Article 28 of the Data Protection Directive, does not oblige EU Member States 
                                                            
29   World health organisation (WHO) 2003, Aide-Memoire: Strengthening National Regulatory Authorities, available at 
http://www.who.int/medical_devices/publications/en/AM_National_Regulatory_Authorities_2003.pdf.  
30   FRA  (2010),  Data Protection in the European Union: The role of National Data Protection Authorities. Strengthening the 
fundamental rights architecture in the EU II, Luxembourg, Publications Office. 
 
 
© FRA 
 10 

to reproduce in their national legislation provisions similar to Article 43 (3) of the Regulation 45/2001 
(the Data Protection Regulation which applies to EU institutions), which states that the budget of the 
European Data Protection Supervisor “shal  be shown in a separate budget heading in […] the general 
budget of the European Union”.31 Indeed, national legislation “can therefore provide that, from the 
point of view of budgetary law, the supervisory authorities are to come under a specified ministerial 
department”.32 In this case, the CJEU did, however, express concern that in instances where the 
budgetary competence of the DPA falls within a specific ministerial department, “the attribution of 
the necessary equipment and staff to such authorities must not prevent them from acting ‘with 
complete independence’ in exercising the functions entrusted to them within the meaning of the 
second subparagraph of Article 28 (1) of Directive 95/46.”33 As such, instances in which the 
executive branch of government is responsible for the DPA budget risk undermining DPA 
independence and risk placing the DPAs under the control of individual members of government.   
Granting more control to the DPAs over their own budget would nevertheless decrease the likelihood 
that external interference can be imposed. A situation that offers the maximum amount of budgetary 
autonomy should be strived for as a way of increasing the financial independence of DPAs. As such – 
in the interest of ensuring greater independence - it is suggested here that DPAs should be entrusted 
with a separate budget line as well as control over how they allocate those funds. In the broadcasting 
field, Council of Europe Recommendation (2000) 23 of the Committee of Ministers to Member States 
on the Independence and Functions of Regulatory Authorities for the Broadcasting Sector “does not 
rule out financing from the state budget. However, because in this case regulatory authorities are 
more likely to be dependent on the budgetary favour of governments and parliaments, it states 
explicitly that public authorities should not use their financial decision-making power to interfere with 
the independence of regulatory authorities.”34 Similar calls have been made for Member States to 
ensure  that  –  with  regard  to  NHRIs  –  they  “provide  for  secure  and  stable  funding  from  a  central 
budget under a separate budget line, with parliamentary oversight.”35 
From the questionnaire results, the extent to which DPAs enjoy a separate and independent annual 
budget varies across Member States, from those that play no role in budgetary preparations, to those 
that are involved throughout and are answerable only to Parliament. 
The  responses  provided  indicate  that  the  majority  of  DPAs  are  involved  to  some  degree  in  the 
process of drafting their budget, but their ability to influence the amount of funds that they wil  
receive is limited. In most Member States, DPAs receive their funds from the State’s budget, and 
often from the budget allocated to either the Ministry  of  Justice  or  Ministry  of  Finance.  In  these 
instances, DPAs are usual y required to submit and defend proposals to the appropriate Ministry 
before Parliamentary approval is given. The DPAs in Austria, Bulgaria, Croatia,  Cyprus,  the  Czech 
Republic
, Denmark,  Estonia, Greece,  Finland,  France, Lithuania, Luxemburg,  Malta, Sweden and 
Slovenia all detail procedures in their responses to the questionnaire involving submitting their 
budgets to the relevant ministry, which is then able to propose amendments. 
Other DPAs report that they are excluded from budgetary discussions altogether. In Latvia, the 
Cabinet of Ministers determines the amount of budgetary resources for all the public institutions. A 
‘top-down’ approach is adopted, leaving the DPA without a say “in any preparatory work or decision 
making regarding its budget.”36 In the Netherlands, the Dutch DPA reports that it is “hardly informed 
or involved in the [budgetary] process.”37 The Portuguese DPA reports that a lack of budgetary 
control has also been combined with a yearly 5% reduction in the DPA’s funding over the last two 
years, which is imposed without taking in to account the needs of the DPA. While the DPA is required 
                                                            
31   CJEU, C-614/10, Commission v. Republic of Austria, 16 October 2012, para. 58. 
32   Ibid. 
33   Ibid. 
34   Council of Europe, Recommendation (2000) 23 of the Committee of Ministers to Member States on the Independence and 
Functions of Regulatory Authorities for the Broadcasting Sector 
35   Recommendations from the Preparatory Meeting of National Human Rights Institutions, organised by the OSCE Office for 
Democratic Institutions and Human Rights, 14–15 April 2011, available at: http://www.osce.org/odihr/84064.  
36   Information from Latvian DPA. 
37   Information from Dutch DPA. 
 
 
© FRA 
 11 

to submit a budget proposal, “there is no discussion at all between the DPA and the budgetary 
authority,”38 and the DPA’s specific needs are not taken into account. 
The extent to which DPAs have stable budgets and are free to spend funds as they see fit was not 
addressed by the Commission’s questionnaire and as such, falls outside of the remit of this analysis. It 
is,  however,  worth  stressing  the  importance  of  this  aspect  of  independence  to  the  effective 
functioning of independent DPAs, distinct from the need for a separate annual budget. An example of 
a stable budget is provided by the DPA of the United Kingdom, wherein the DPA prepares its own 
annual budget as wel  as three year forecasts of income and expenditure. These are provided to the 
Ministry of Justice and do not require approval.39 It is important to note however that the majority of 
the United Kingdom DPA’s budget is funded through notification fees paid by data control ers, and 
that these fees are subject to review by the Ministry of Justice.  
Promising practices 
There are a number of promising practices among EU Member States. In these instances, the DPAs 
are involved in the budgetary process throughout, with Parliament ultimately responsible for 
budgetary allocations. In Denmark for instance, the DPA has independent budgetary status within the 
state budget concerning the Ministry of justice. While the “Ministry of justice draws up a draft on the 
budget – and the DPA comments – in the end it is for the Parliament to decide.”40 Similar collaborative 
approaches are found in Spain, where the DPA drafts its own budgetary proposals, which are included 
in the draft Budgetary Act through the Ministry of Justice.41 In Finland, negotiations are conducted 
between the DPA and the Ministry of Justice. Parliament then makes amendments before the final 
budget is published. The Italian DPA’s budgetary proposal is submitted by the DPA to the government 
and included directly in the State Budget – which is to be approved by Parliament. Despite the 
submission of a financial application to the government, the DPA interfaces with Parliament with 
regard to all issues relating to the final budgetary apportionment42  
There are also examples in which DPAs are involved in budgetary preparations throughout and are 
answerable only to Parliament. The Polish DPA drafts its own budget which is then presented to 
Parliament by the government. The government is unable to introduce any changes to the proposal, 
and the only institution that decides is Parliament. Likewise, the Belgian DPA files its budget with the 
Parliament. Parliament is the only institution able to grant the budget and the government is not 
involved in the budgetary process. 
There are also examples in which DPAs enjoy a separate budgetary line, further strengthening the 
independence of their budgetary procedures. The Hungarian DPA reports that its budgetary 
independence has been strengthened. Stable state funding is guaranteed through a separate 
budgetary appropriation line43 and the DPA’s budget constitutes an independent title within the 
budgetary chapter of Parliament.44  
Indeed the practice of ensuring the maximum amount of budgetary autonomy can be seen among 
other comparable institutions. The Paris Principles are the universally recognised primary source 
establishing minimum standards for the effective functioning of an NHRI. These Principles are applied 
to determine the accreditation status of NHRIs, whereby ful  compliance with the Principles warrants 
an A-status. There are currently 13 A-Status NHRIs across 10 Member States, each offering useful 
                                                            
38   Information from Portuguese DPA. 
39   Information from UK DPA. 
40   Information from Danish DPA. 
41   Information from Spanish DPA. 
42   Information from Italian DPA. 
43   Information from Hungarian DPA. 
44   Information from Hungarian DPA. 
 
 
© FRA 
 12 

examples of independent standards that could also be applied to DPAs.45 While the absence of a 
separate budget line does not necessarily preclude A-Status accreditation, it is illuminating to note 
that the budgetary procedures of both the Scottish Commission and the Spanish Ombudsman (which 
have been accredited with A-status) are composed in this way. As highlighted in FRA’s 2010 report 
on NHRIs in the EU Member States, the Scottish Commission is accountable only to the Parliament. 
The annual budget is subject to approval by the Scottish Parliament, and its annual accounts are 
scrutinised by the Scottish Parliament and the Auditor General. In the exercise of its functions, the 
Scottish Commission is not to be subject to the direction or control of any member of the Scottish 
Parliament, any member of the Scottish Executive, or of the Parliament itself. Moreover, unlike the 
Northern Ireland and British commissions, the Scottish Commission is not what is called a non-
departmental public body, but a ‘body corporate’ which is entirely independent of government and 
accountable directly to the Scottish Parliament. The annual budget of the Scottish Commission is 
separate and subject to approval only by the Scottish Parliament. This is similarly the case with the 
budget of the Spanish Ombudsman, which has a separate budget line from the Parliamentary 
budget.46  
4.2.  Adequate financial resources 
An essential aspect of DPAs independence is that they are given adequate resources. Human, 
financial and technical resources are necessary to ensure that DPAs run efficiently and effectively as 
independent supervisory authorities.  
In spite of this, in the Commission’s questionnaire, the majority of DPAs – plus the Croatian Agency for 
the Protection of Personal Data – report that they are under-funded and under-staffed, and that this 
has a negative impact on the quality and quantity of the work they are able to carry out. Many DPAs 
also report that a lack of resources limits their ability to control and sanction data protection 
breaches.47 
Figures 1-2 below detail the number of staff in each DPA, and the number of complaints received 
from individuals. The Figures offer a comparison between the DPAs, across the Member States, 
although in some instances incomplete statistics are held for Austria, Croatia, Denmark and Hungary. 
All of the data was provided by the 14th Annual Report of the Article 29 Data Protection Working 
party of 2010, and are correct for that year. In both Figures 1 and 2, the figures listed for Germany 
and Spain relate to their respective federal DPAs, and do not include data from their regional 
authorities. That is the Federal Commissioner for Data Protection and Freedom of Information in 
Germany, and the Spanish Data Protection Agency in Spain only. 
 
 
                                                            
45   The accreditation of NHRIs is periodically reviewed, at least every five years (‘re-accreditation’). See Chart of the Status of 
National Institutions accredited by the ICC, as of August 2011, available at: 
http://www.ohchr.org/Documents/Countries/NHRI/Chart_Status_NIs.pdf 
46   FRA (2010), National Human Rights Institutions in the EU Member States. Strengthening the fundamental rights architecture 
in the EU I, Luxembourg, Publications Office, p.34. 
47  FRA (2013 forthcoming), Data protection – redress mechanisms, Comparative report, Luxembourg, Publications Office, see 
Section 8.3. 
 
 
© FRA 
 13 



Figure 1: Number of staff members at each DPA48 
 
Source: FRA 2013 
Figure 2: Number of complaints from individuals that DPAs receive, annually49 
 
Source: FRA 2013 
Figure 3 below details the annual budget of the DPAs in euros, and again offers a comparison 
between the DPAs across the Member States. All amounts are taken as Euros, having been converted 
                                                            
48  Data was not available for the DPAs of Croatia and Hungary. 
49  Data was not available for the DPAs of Croatia, Denmark and Hungary. 
 
 
© FRA 
 14 


at the time that the figures were compiled.50 These figures were provided by the 14th Annual Report 
of the Article 29 Data Protection Working party of 2010, or the Annual reports of the individual DPAs 
from 2010. The budgets of all DPAs in Germany51 and Spain52  have  been  col ated  to  give  the  ful  
amount al ocated to DPAs across that Member State. It is, however, worth noting that the budget of 
some DPAs – such as the United Kingdom – are calculated to include their Freedom of Information 
work as well, meaning that the budgets of these DPAs will necessarily be inflated in comparison to 
those DPAs that only carry out Data Protection work.  
Figure 3: Budget of DPAs, annually (Euros)53 
 
Source: FRA 2013 
                                                            
50   The figure from Hungary was converted from HUF to EUROs using Euro foreign exchange reference rates as at 1 June 2010, 
taken from the European Central Bank, available at: https://www.ecb.int/stats/exchange/eurofxref/html/index.en.html.  
51   The budget of the Federal Commissioner for Data Protection and Freedom of Information, was taken from the 14th Annual Report of the 
Art.29 Working Party. In addition, Baden-Wuerttemberg, available at: http://www.statistik-bw.de/shp/2010-11/; Bayern, available at: 
http://www.stmf.bayern.de/haushalt/staatshaushalt_2009/haushaltsplan/; Berlin, available at: http://www.berlin.de/sen/finanzen/ 
dokumentendownload/haushalt/haushaltsplan-/haushaltsplan-2010-2011-/2010_2011_band02_epl_01_02_20_21.pdf; 
Brandenburg, available at: http://www.mdf.brandenburg.de/sixcms/media.php/4055/Einzelplan_01_2010.pdf; Bremen, available at: 
http://www.finanzen.bremen.de/sixcms/media.php/13/Landeshaushalt_2010.pdf; Hamburg, available at: http://www.hamburg.de/ 
contentblob/806940/data/einzelplan2.pdf; Hessen, available at: http://verwaltung.hessen.de/irj/HMdF_Internet?cid= 
113bcb3f51e32a34e1691054cf4f1dfc; Mecklemburg-Vorpommern, available at: http://www.regierung-
mv.de/cms2/Regierungsportal_prod/Regierungsportal/de/fm/Themen/Haushaltsplaene/Der_Haushaltsplan_20102011/index.jsp; 
Niedersachsen, available at: http://www.mf.niedersachsen.de/portal/live.php?navigation_id=1049&article_id=1569&_psmand=5; 
Nordrhein-Westfallen, available at: http://fm.fin-nrw.de/info/fachinformationen/haushalt/havinfo/hh2010.ges/daten/ 
pdf/2010/hh03/kap630.pdf; Rheinland-Pfalz, provided by the DPA; Saarland, available at: http://www.saarland.de/dokumente/ 
thema_haushalt_und_finanzen_hhpl_2010/01_Landtag.pdf; Sachsen, available at: http://www.finanzen.sachsen.de/download/ 
EPL_01_SLT.pdf; Sachsen-Anhalt, available at: http://www.sachsen-anhalt.de/fileadmin/Elementbibliothek/Bibliothek_Politik_und_ 
Verwaltung/Bibliothek_Ministerium_der_Finanzen/Dokumente/HHPL_E_2010_2011/Einzelplan01.pdf; Schleswig-Holstein, available 
at: http://www.schleswig-holstein.de/FM/DE/Landeshaushalt/ArchivHaushaltsplaene/Haushaltsplaene200920010/Epl01__blob 
=publicationFile.pdf; and Thueringen, available at: www.thueringen.de/imperia/md/content/tfm/haushalt/haushalt_20102/01_bp.pdf. 
52   The budget of the Spanish Data Protection Agency was provided by 14th Annual Report of the Art.29 Working Party. In 
addition, Catalan, available at:  http://www.apd.cat/media/2592.pdf; Basque, available at:   
http://www.avpd.euskadi.net/s04-5249/es/contenidos/informacion/memorias_anuales/es_memorias/r01hRedirectCont 
/contenidos/informacion/memorias_anuales/es_mem2010/adjuntos/cifras10.pdf; and Madrid, available at: 
http://www.madrid.org/wleg/servlet/Servidor?opcion=VerHtml&nmnorma=6176&cdestado=P. 
53   Data was not available for the DPAs of Austria and Croatia. 
 
 
© FRA 
 15 


While these figures provide a useful comparison among EU Member States, in order to accurately 
compare the amounts allocated to the DPAs in different countries, it is also important to take into 
account the fact that the general price level varies from one Member State to the next, with the 
relative purchasing power of the Euro varying between states. This means that in some countries, a 
certain amount of money will go further than in others – with higher wages; resource costs etc. – 
distorting any comparison drawn between Member States. In order to make the amounts spent by 
each DPA comparable across the EU 28, Figure 4 has been compiled below, taking into account the 
population  of  each  Member  State,  as  wel   as  a  correction  coefficient,  which  takes  into  account 
purchasing power across the Member States. As such, the budget has been divided by the correction 
coefficient, with the whole sum in turn divided by the population of the member state, producing the 
relative amount available to DPAs per capita annually.  
The population figures used to calculate the per capita amount spent are provided by the EU 
Statistical Office (Eurostat) and are also correct as of 2010. The correction coefficient used has also 
been provided by Eurostat, in collaboration with the National Statistical Institutes of the Member 
States, which calculates the correction coefficients twice a year (for 1st July and 1st January). This 
coefficient was used as the best available, because: i) The surveys are done by national officials who 
are experienced in price surveys and at the same time know their local markets wel ; ii) They cover 
far more products than other surveys;. iii) The results are officially validated by the National Statistical 
Institutes.54 
Figure 4: Euros Spent by DPAs per capita, annually55 
 
Source: FRA 2013 
Neither Figures 1-2 nor Figures 3-4 provide an assessment of what constitutes adequate resources 
for the purpose of this paper, nor is a recommended amount provided, either annually or per capita. 
The Figures also do not take into account the relative needs of the DPAs, nor do they account for 
some DPA budgets being comprised largely from notification fees. The Figures do however prove 
very useful in comparing the amounts allocated to DPAs across the Member States. 
                                                            
54  EU Statistical Office (Eurostat), 2010. Statistics available at: 
http://epp.eurostat.ec.europa.eu/tgm/table.do?tab=table&plugin=1&language=en&pcode=tps00001.  
55   Data was not available for the DPAs of Austria, Croatia. 
 
 
© FRA 
 16 

A lack of financial resources across Member States seriously impedes the DPA's ability to ensure 
gradual and progressive realisation of the improvement of their operations and the fulfilment of their 
mandate. With financial resources used to ensure everything from adequate premises to 
remuneration of staff and establishment of communication systems, DPAs are unable to conduct their 
activities in a comprehensive and independent manner without adequate funds. 
The majority of DPAs answered the Commission questionnaire by stating that they do not have 
sufficient financial resources. Many DPA claim that they have suffered indiscriminate cuts on a yearly 
basis, with no assessment of their needs conducted beforehand. The Portuguese DPA reports that 
5%  annual  cuts  have  been  levied  in  each  of  the  last  two  years.  Despite  the  United Kingdom DPA 
deriving adequate resources through the use of notification fees for its data protection work, it stil  
relies on grants from the Ministry of Justice to fund its freedom of information work, and has reported 
that in this area there has been a reduction of “20% year on year for three years.”56 
This problem is compounded by the fact that a similar amount of DPAs consider their budget to be 
following a decreasing trend. The Irish DPA states that its resources are “not sufficient to meet [its] 
obligations”,57 a concern echoed among the Member States. The Bulgarian DPA lacks its own 
administrative building, which is an important aspect of ensuring that the DPA is perceived as 
independent by the outside world. Reliance on private or governmental institutions for the provision 
of premises risks projecting the image that its independence may be compromised. The Danish DPA 
points out that it will need additional funds if it is to carry out all of its duties, and the Dutch DPA 
notes a “structural shortage of resources,”58 forcing the DPA to make “a risk-based prioritisation of 
work and to continuously make far-reaching choices.”59  
Having financial control over the budget incorporates both control over the amount allocated, and the 
ability to spend that amount as the DPA sees fit. The adequacy of resources concerns the amount 
allocated, and even though the majority of DPAs that lack adequate financial resources attribute this 
to their inability to control the amount they receive, there are instances in which a lack of control 
over the amount received is not to blame. As such, being heavily involved in budgetary preparations 
does not necessarily guarantee that adequate funds wil  be allocated, despite both being necessary 
for DPAs to operate independently and effectively. The Italian DPA for instance – despite being 
heavily involved in budgetary preparations – notes that the apportionment that is envisaged for 2013 
is decreasing and is noted to be absolutely insufficient to meet al  of the requirements applying to the 
DPA.60   
A number of DPA report that a significant proportion of their funding is derived from external sources.  
The most notable external source of funding – which reduces dependency on governmental 
departments and generates an additional source of income – is the use of notification fees. By 
al owing  DPAs  to  charge  data  control ers  (those responsible for storage and use of personal 
information), they generate their own source of income which can be al ocated as they see fit. Indeed 
the United Kingdom DPA - which as previously noted derives the entirety of the funds necessary for 
its data protection work in this way – asserts that “this method of funding ensures financial 
independence from government and removes the funding of the DPA’s activities from the political 
agenda.”61 The Maltese and Portuguese DPAs also derive a certain percentage of their budget from 
notification fees. 
Similar practices can also been seen among other comparable institutions. With regard to the 
broadcasting sector, the Explanatory Memorandum of Recommendation (2000) 23 of the Committee 
of Ministers to Member States on the independence and functions of regulatory authorities for the 
broadcasting sector points out that the practice in most European countries shows that funding can 
mainly come from fees or a levy. The Explanatory Memorandum states that “this arrangement [of 
                                                            
56   Information from UK DPA. 
57   Information from Irish DPA. 
58   Information from Dutch DPA. 
59   Information from Dutch DPA. 
60   Information from Italian DPA. 
61   Information from UK DPA. 
 
 
© FRA 
 17 

funds derived from fees] would seem the best way of safeguarding financial independence inasmuch 
as it does not leave them reliant on the public authorities’ goodwill.”62 
Fees are also utilised to generate funds by NHRIs. The British Equality and Human Rights Commission 
for instance is allocated a budget from the Secretary of State, but “the Commission can also obtain 
funding from external sources”.63 It is worth noting however that the ICC Sub-Committee’s General 
Observations recommend that “funding from external sources, such as from development partners, 
should not compose the core funding of the NHRI as it is the responsibility of the state to ensure the 
NHRI’s minimum activity budget in order to allow it to operate towards fulfilling its mandate. Financial 
systems should be such that the NHRI has complete financial autonomy. This should be a separate 
budget line over which it has absolute management and control.”64 
Promising practices 
The DPAs that are able to function most effectively are those that are given adequate funding to 
carry out their tasks. It is therefore essential that Member States ensure that DPAs have adequate 
access to these funds. As has been demonstrated, external sources of funding are available to some 
of  the  DPAs,  and  this  can  indeed  provide  a  useful  supplement  to  the  DPAs  funds.  This  should  not, 
however, be the sole source of funding, and DPAs must be supported with core funding. If the draft 
General Data Protection Regulation is adopted, it will no longer be possible to charge notification fees, 
making the provision of core funding from each member state all the more important.  
Whether notification fees are utilised or not it is essential that al  Member States should ensure that 
DPAs have adequate financial resources to fulfil their mandate. This would significantly increase both 
the strength and independence of DPAs. There are a number of DPAs that indicate that they have 
adequate financial resources without the need for additional sources of funding, most of which report 
that their budget is on an increasing trend. The Hungarian DPA, for instance, notes that they “were 
able to achieve a reasonable increase concerning the Authority’s financial resources for the year of 
2013.”65 The Polish DPA also notes that its budget is increased yearly in line with the rate of inflation 
and subsequently, the sum it receives is sufficient to meet its needs. Member States should ensure 
that their DPA’s budget increases to meet its needs, with support from the DPA’s budgetary authority 
even more crucial in instances where funding from additional sources is not available. 
5. Staffing independence 
Issues regarding human resources are closely linked to those regarding financial management, with 
staff costs accounting for a significant part of any institutional costs. The extent to which DPAs are 
able to exercise and to enjoy independence with regard to all aspects of their own staff is also an 
important component of the overall ability of a DPA to carry out its functions. 
 
 
                                                            
62   Council of Europe. Recommendation (2000) 23 of the Committee of Ministers to Member States on the Independence and 
Functions of Regulatory Authorities for the Broadcasting Sector. 
63   FRA (2010), National Human Rights Institutions in the EU Member States. Strengthening the fundamental rights architecture 
in the EU I, Luxembourg, Publications Office, p. 32. 
64   International Coordinating Committee of National Institutions for the Promotion and Protection of Human Rights, Report and 
Recommendations of the Session of the Sub-Committee on Accreditation (SCA), Geneva, 29 March -1 April 2010, available 
at http://nhri.ohchr.org/EN/ICC/AnnualMeeting/24/2Subcommittee%20on%20Accreditation/SCA%20REPORT%20-
%20March%20FINAL%20(with%20annexes).doc.  
65   Information from Romanian DPA. 
 
 
© FRA 
 18 


“The Paris Principles recognise that fundamental to ensuring the independence and efficient 
functioning of an NHRI is the provision of adequate resources.  An NHRI should be resourced in such 
as manner as to permit the employment and retention of staff with the requisite qualifications and 
experience to fulfil its mandate.  Their terms and conditions should be equivalent to staff with similar 
responsibilities and qualifications employed in other independent agencies of the state.”
66 
ICC SCA (2010) Accreditation report, March-April 2010 
The extent to which DPAs are a) able to independently recruit staff; b) recruit an adequate number of 
staff; and c) adequately train those staff members will be assessed in turn in the following. 
Figure 5: DPA Recruitment Flexibility
Total, No Flexibilty, 
4, 16%
Enough Flexibility
Limited Flexibility
No Flexibilty
Total, Enough 
Total, Limited 
Flexibility, 14, 56%
Flexibility, 7, 28%
* DPA assessment of the flexibility they have to recruit staff. 3 DPA 
failed to respond. Source: FRA 2013

5.1. Independent 
recruitment 
procedures 
Another essential aspect of DPAs independence is the need for transparent and meritocratic 
recruitment procedures. It is important that DPAs are empowered to appoint and govern their own 
staff. Ensuring that DPAs can recruit their own staff members, coupled with the ability to recruit an 
adequate number of staff, should also ensure that they are able to recruit adequately qualified staff 
members, and that appointments are made at the appropriate level. This is an important aspect of 
independence, with inappropriate appointments having the ability to significantly undermine the 
effective functioning of the DPAs. 
It is worth noting that While the procedure for appointing and dismissing members of a DPA’s 
governing body or Executive Committee has serious independence ramifications, discussion herein is 
confined to staff working within the DPAs, and does not deal with members of the governing 
bodies.67 
                                                            
66   Available at: http://nhri.ohchr.org/EN/AboutUs/ICCAccreditation/Documents/SCA%20REPORT%20MARCH%202010%20-
%20FINAL%20%28with%20annexes%29.pdf 
67   For discussion on the ramifications of dismissal of staff members from the governing body, see: CJEU, C-288/12, European 
Commission v. Hungary, Action brought on 8 June 2012, pending. See also FRA (2010), National Human Rights Institutions in 
 
 
 
© FRA 
 19 

From the questionnaire results, the DPAs can be placed into three broad categories based on the 
practices identified across the EU Member States in relation to their involvement in recruitment 
proceedings: 
a) those that play no part in the recruitment process and are unable to influence either the 
number of staff they recruit or the quality of those staff members;  
b) those that have some degree of flexibility with regard to the recruitment procedure but 
that are constrained due to financial restraints or national rules in place; and  
c) those with sufficient flexibility in choosing their own staff members.   
As shown in Figure 5, the majority of DPAs are of the opinion that they have sufficient flexibility in 
the recruitment of their staff. A large number of DPAs do however, state that they either have limited 
or no flexibility with regard to their recruitment procedures.  
Of those that noted that they had no flexibility or only limited flexibility in this regard, the Estonian
GreekPortuguese, Swedish and Croatian DPAs, all note that the lack of funding available restricts 
their ability to hire staff, either partially or completely. The Estonian DPA highlights how “there is 
flexibility in recruitment among candidates but it is strongly subject to the budget,”68 while the 
Swedish DPA notes that they have “ful  discretion over staff recruitment matters […] however, the 
budgetary conditions natural y pose a limit in this regard.”69 The Greek DPA maintains that its 
recruitment process is extremely cumbersome. It is also noted that due to the financial difficulties it is 
nearly impossible to increase posts or fill vacancies.70  
A number of DPAs also report how national regulations and legislation impede their ability to recruit 
staff. The Bulgarian DPA has to comply with requirements laid down in the Civil Servant Act,71 while 
the Latvian DPA, notes that there is a Cabinet of Ministers’ Regulation in place that determines the 
structure of state institutions and so the director of the office cannot employ any councillors or 
advisors for professional advice.72  A  number  of  DPAs  also  note  being  restrained  by  recruitment 
procedures in place in their Member State when hiring staff, often with regard to Civil Servants. The 
Spanish  DPA notes that it is subject to “the same procedural regulations on staff recruitment that 
apply to all public authorities in Spain and thus is not completely free to make decisions on the 
number of staff members.”73  It  goes  on  to  point  out  that  staff  has  to  be  recruited,  with  a  few 
exceptions, from among civil servants,74 although they have a large degree of flexibility with regard 
to job descriptions and selection of candidates. Similarly, the Luxembourg  DPA recruits its staff 
members through a centralised recruitment procedure, although their “preferences are taken on 
board for the final choice [… and] candidates may only apply if their qualifications are compatible with 
the careers conditions and general regulations applicable to public administration.”75 
Some DPAs report that they have no say in the recruitment procedures whatsoever. In Ireland, DPA 
“staff are Civil Servants assigned by the Department of Justice and Equality. There is no formal control 
over the number or quality of staff assigned.”76 This is also the case in Austria, where their DPA 
reports that they do not recruit their own staff. This relates to a concern raised by the CJEU, wherein it 
ruled that the regulatory framework in force in Austria fails to satisfy the condition that “the 
attribution of the necessary equipment and staff to [DPAs] must not prevent them from acting ‘with 
complete independence’ in exercising the functions entrusted to them within the meaning of the 
                                                                                                                                                                                          
the EU Member States. Strengthening the fundamental rights architecture in the EU I, Luxembourg, Publications Office; and 
Opinion  of  the  European  Union  Agency  for  Fundamental  Rights  on  the  proposed  data  protection  reform  package,  FRA 
Opinion – 2/2012, available at: http://fra.europa.eu/sites/default/files/fra-opinion-data-protection-oct-2012.pdf.   
68   Information from Estonian DPA. 
69   Information from Swedish DPA. 
70   Information from Greek DPA. 
71   Information from Bulgarian DPA. 
72   Information from Latvian DPA. 
73   Information from Spanish DPA. 
74   Information from Spanish DPA. 
75   Information from Luxembourg DPA. 
76   Information from Irish DPA. 
 
 
© FRA 
 20 

second subparagraph of Article 28(1)”77  of the Data Protection Directive, insofar as the  staff made 
available to the DPA consists of officials of the Federal Chancel ery who are in turn subject to 
supervision by the Federal Chancellery. 
Promising practices 
Despite deficiencies in some areas, there are examples of promising practice among the DPAs, with 
14 out of the 25 respondents indicating that they have sufficient flexibility in the recruitment of staff. 
In the United Kingdom, the Information Commissioner’s Office is responsible for the recruitment of its 
own staff and the selection process. It has in place a “Framework Agreement with the Ministry of 
Justice [which] states that the Commissioner has responsibility for the recruitment, direction, 
retention and motivation of his staff.”78 Similarly, the French DPA’s “legal status gives it freedom in 
its recruitment policy, within the limits of the budget allocated to it. Thus, the practical arrangements 
for recruitment, allocation of staff between departments, and of course the choice of candidates 
final y recruited, remain the prerogative of the President of [the] Commission.”79  
Such freedom is also afforded to the Italian DPA, in which the DPA's permanent staff is selected by 
public competitive examinations decided autonomously by the DPA in accordance with its own needs. 
The notices for these competitive examinations, organised by the DPA's Human Resources 
department, are published in the Italian Official Journal and posted on the DPA's website.80 The Italian 
DPA affirms that “there is no external influence exerted either before or during the recruitment 
procedures.”81 
This example of full and independent control granted over recruitment matters can be considered a 
promising practice. It ensures that external influence is not indirectly exerted over the DPA through 
the recruitment procedure, and is a practice that should be replicated by DPAs in other Member 
States. Recruitment procedures should be in place in each Member State to ensure objective 
standards are applied to the recruitment process. 
5.2. Adequate 
human 
resources 
The supervisory authorities should have the necessary technical and human resources (lawyers, 
computer experts) to take prompt, effective action in a person’s favour. 

Explanatory Report, Additional Protocol to the Convention 108, para. 8. 
                                                            
77   CJEU, C-614/10, European Commission v. Republic of Austria, 16 October 2012, para. 58. 
78   Information from UK DPA. 
79   Information from French DPA. 
80   Information from Italian DPA. 
81   Information from Italian DPA. 
 
 
© FRA 
 21 


Figure 6: Sufficient Human Resources?
Sufficient 
Sufficient Human 
Human 
Resources?, Yes, 5, 
Resources?, 
19%
Partly, 3, 12%
Yes
No
Sufficient Human 
Partly
Resources?, No, 18, 
69%
*DPA Assesment of the sufficiency of their human resources. 2 DPA failed 
to respond. Source: FRA 2013

It is integral to the functioning of the DPAs that they are adequately staffed, with specialist staff 
members. As Figure 6 highlights, only five DPAs consider that they have sufficient human resources. 
This lack of human resources among DPAs is severely hindering their ability to operate effectively.  
 
Many DPAs linked the insufficiency of their human resources to a lack of adequate financial 
resources. The Czech DPA expressed its concern that due to its “limited payroll resources [it is unable] 
to hire skilled experts from technological areas (namely ICT). Moreover, young and qualified experts 
have often left for better remunerated jobs, mostly in the private sector.”82 Limited payrol  resources 
have also led to shortages for DPAs in other areas. The Estonian DPA points out that they currently 
have “no resources for special staff for international relations.”83 Consequently, their DPA attends to 
all mandatory work but is unable to participate in all Article 29 Working Party subgroup work, where 
a substantial amount of work is conducted. Similarly, the Croatian  DPA  “is  not  able  to  employ  the 
necessary number of experts in the field of data protection,”84 and the Latvian DPA is unable to 
“carry out preventive control activities and privacy impact assessment.” The Latvian DPA goes on to 
state that the salaries they can offer are low and therefore “it is difficult to get professional staff.”85 
The  Portuguese DPA notes that it is subject to “restraining rules for staff admission in the public 
administration, preventing the DPA from recruiting more people, in particular IT and legal officers.”86 
The Italian DPA states that the amount they receive for human resources is set forth in law and was 
last  updated  by  the  Data  Protection  consolidation  Code  of  June  2003.  “Accordingly,  [the  amount 
apportioned] is becoming insufficient to fulfil the tasks committed to the DPA, which have been 
increasing over the years.”87  
Promising practices 
With almost all DPAs reporting insufficient human resources, prioritisation of tasks is essential to 
ensure that the basic functions of the DPAs are carried out, and in order to justify additional funding 
from the DPA’s budgetary authority. In Finland, it is noted that through prioritisation, their DPA is able 
to manage their basic duties, and in Sweden, their DPA remarks that the answer to whether or not 
                                                            
82   Information from Czech DPA. 
83   Information from Estonian DPA. 
84   Information from Croatian DPA. 
85   Information from Latvian DPA. 
86   Information from Portuguese DPA. 
87   Information from Italian DPA. 
 
 
© FRA 
 22 

they have sufficient resources to carry out their tasks depends on the goals that the DPA sets itself.88 
The Swedish DPA goes on to assert that they deem their “resources largely sufficient with regard to 
the currently set goals.”89 
While the prioritisation of tasks can assist in justifying additional funding, it is imperative that the 
DPAs enjoy the full support of those responsible for apportioning funds, insofar as they are given the 
funds necessary to carry out their work. As the French DPA notes, their budget has been increasing 
over recent years. This increase ensures that it has the capacity “to implement all of its missions 
[and] is the result of the unanimous support of successive governments and the French Parliament.”90  
5.3.  Sufficiently qualified staff 
Integral to the requirement that DPAs have access to adequate human resources is the requirement 
that their staff members are also sufficiently qualified. This is particularly pertinent given that the 
DPAs operate in a rapidly developing field, with data protection issues increasing at the same rate as 
technological advancements in the IT field. Having sufficient access to resources to provide adequate 
training is essential to ensuring that staff are up-to-date with these developments. Whereas the 
majority of DPAs are able to conduct training sessions, there is concern that budgetary restrictions 
have a detrimental effect on the provision of these training sessions. The Irish DPA notes for instance 
that while it is able to provide occasional in-house seminars on specific issues their budget does not 
permit them to avail of external data protection training.91 In Greece, due to the lack of funds “for 
self-organising training programmes due to a drastic reduction of the budget, no specialized training 
has been organised.”92  This  is  also  the  case  in  both  Croatia and Portugal. The Lithuanian DPA is 
unable to provide training on legal, technical or international aspects of data protection, “including 
training on new developments in the field of data protection.”93 The Latvian  DPA reported that 
“adequate training on data protection issues […] is not available and IT security trainings are too 
expensive to be affordable.”94 It is also worth noting that the Latvian DPA must seek permission from 
the Minister of Justice for “training abroad regarding all the employees.”95 Such government oversight 
should be avoided in the interest of increased independence.  
Promising practices 
There are promising practices conducted in a number of Member States. The majority of DPAs report 
that they are able to conduct training sessions. The Bulgarian DPA “carries out training for the entire 
staff […] involving legal, technical and international aspects of data protection. The programmes 
make reference to the new developments in the area [and] the staff is given the possibility to 
participate in external training programmes aimed at developing their professional skills outside the 
data protection field.”96 The Czech  DPA has a “specialised training programme for newly recruited 
staff”97  and  fol ow-up  is  provided  by  external  trainers.  The  United Kingdom DPA has a “dedicated 
team who develop, procure, deliver and manage [the] training programme.”98  
                                                            
88   Information from Swedish DPA. 
89   Information from Swedish DPA. 
90   Information from French DPA. 
91   Information from Irish DPA. 
92   Information from Greek DPA. 
93   Information from Lithuanian DPA. 
94   Information from Latvian DPA. 
95   Information from Latvian DPA. 
96   Information from Bulgarian DPA. 
97   Information from Czech DPA. 
98   Information from UK DPA. 
 
 
© FRA 
 23 

As these practices demonstrate, it is possible for DPAs to conduct regular, independent training 
sessions when given the appropriate resources. All DPAs should strive to conduct regular training 
sessions in areas relevant to their work and give al  staff members the opportunity to benefit from 
these.  
Conclusions 
This study looked at well-established and recognised European and international standards on 
independence of bodies similar to DPAs. At a time when the European Institutions are discussing the 
most far-reaching data protection reform in the last twenty years, analogies to similar independent 
bodies can be useful in order to achieve a satisfactory reform. 
This FRA analysis highlighted a number of promising practices among DPAs, identifying five key 
principles of independence covered by the Commission’s questionnaire. Falling with two broad 
headings of financial and staffing independence, these principles comprise: a separate and 
independent annual budget; adequate financial resources; independent recruitment procedures; 
adequate human resources; and sufficiently qualified staff. 
The independence of DPAs seems to be strengthened when DPAs have a separate budget line 
authorised by Parliament alone. While some DPAs are not involved in budgetary preparations and 
most are susceptible to governmental influence, there are a number of DPAs that meet these 
requirements. In ensuring that DPAs are financially independent, Member States could ensure that 
DPAs are involved in all aspects of the budgetary preparations, further minimising the risk of 
influence being exerted over the authority by the government. Such involvement would also ensure 
budgetary stability and independence in deciding how to allocate funds.  
Another essential aspect of DPAs independence is that they are given adequate resources. Human, 
financial and technical resources are necessary to ensure that DPAs run efficiently and effectively as 
independent supervisory authorities in a fast evolving technological world. Incorporated within this 
are the requirements that DPA be given adequate funds to carry out their mandate, to recruit an 
adequate number of staff members for their needs, and to be able to carry out regular training 
sessions to ensure that their staff members are sufficiently trained and qualified. The majority of DPA 
report that they are significantly underfunded, and that it curtails their ability to carry out their 
mandate. While the use of notification fees is one possible solution to ensure that DPAs have enough 
funds to meet their needs, this source should not negate the responsibility of Member States to 
ensure that their DPA has adequate resources. A strong funding scheme would significantly increase 
the strength, efficiency and independence of DPAs. 
Another essential aspect of DPAs independence is the need for transparent and meritocratic 
recruitment procedures. It is important that DPAs are empowered to appoint and govern their own 
staff. The majority of DPAs report that they have sufficient flexibility and autonomy over their 
recruitment procedures – in terms of hiring their own staff members – which is vital in ensuring that 
external influence is not indirectly exerted over the DPA through the recruitment procedure. 
Recruitment procedures should be in place in each Member State to ensure objective standards are 
applied to the recruitment process. 
A core element of the proposed data protection reform is to strengthen the national data protection 
authorities. In order to provide strong and independent DPAs, the principles identified in this study 
could be useful in this context to secure their implementation across the EU Member States. 
According to the CJEU, DPAs are the “guardians” of the fundamental right to data protection. Ensuring 
that they are equipped to fulfil their mandate – free from external control – will not only aid the 
implementation of the proposed reform, but wil  also improve the efficiency of the DPAs.  
 
 
 
 
© FRA 
 24 

Summary 
The following summary is based on the analysis carried out above, taking particular account of the 
promising practices highlighted: 
Financial independence 
  DPAs operate most effectively when they have access to adequate resources. DPAs should 
be given adequate human, financial and technical resources to ensure that they run 
efficiently and effectively as independent supervisory authorities.  
  The financial independence of DPAs is strongest when they are granted a separate and 
independent budget, authorised by Parliament alone.  
  It would be advisable if DPAs could be involved in all aspects of the budgetary preparations, 
making an assessment of the amount needed, and being consulted throughout the decision 
making process. 
  Where the budget is not authorised solely by Parliament, a minimal amount of governmental 
influence over budgetary issues – both in terms of al ocation and subsequent spending 
decisions – should be strived for. Where possible, the ability of governments to influence the 
budgets of DPAs should therefore be limited. This relates to both their initial allocation and 
the way in which funds are subsequently spent. 
  Having access to core funding is an important part of guaranteeing financial independence. 
Member States should consider guaranteeing that adequate resources for the DPAs to 
perform their tasks are available through core funding. 
 
Staffing independence 
  The independence of DPAs is increased when they are empowered to appoint and govern 
their own staff, free from external influence in the recruitment procedures. 
  The independence of DPAs is further increased when – in addition to having adequate 
resources – they are also able to make their own decisions as to what constitutes an 
adequate number of staff members to carry out their tasks. 
  In  order  for  DPAs  to  operate  most  effectively,  they  should  be  able  to  recruit  sufficiently 
qualified staff members, with appointments made from a variety of fields, providing 
expertise in all aspects of the DPA’s work. Where necessary, DPAs should be equipped to hire 
specialist staff members. Any appointments should be made at the appropriate level.  
  Training is an essential part of ensuring that staff members are able to carry out their tasks 
adequately. DPAs should have the resources to provide adequate training to ensuring that 
staff members are up-to-date with developments affecting their work. 
  As a guarantee of independence, Member States should ensure that objective standards are 
applied to ensure a fair and transparent recruitment process. 
 
 
 
 
© FRA 
 25 

Annex 
Directive 2009/140/EC of the European Parliament and of the Council of 25 November 
2009 amending Directives 2002/21/EC on a common regulatory framework for electronic 
communications networks and services, 2002/19/EC on access to, and interconnection of, 
electronic communications networks and associated facilities, and 2002/20/EC on the 
authorisation of electronic communications networks and services 

Official Journal L 337, 18/12/2009 
(13) The independence of the national regulatory authorities should be strengthened in 
order to ensure a more effective application of the regulatory framework and to increase 
their authority and the predictability of their decisions. To this end, express provision should 
be made in national law to ensure that, in the exercise of its tasks, a national regulatory 
authority responsible for ex-ante market regulation or for resolution of disputes between 
undertakings is protected against external intervention or political pressure liable to 
jeopardise its independent assessment of matters coming before it. Such outside influence 
makes a national legislative body unsuited to act as a national regulatory authority under 
the regulatory framework. For that purpose, rules should be laid down at the outset 
regarding the grounds for the dismissal of the head of the national regulatory authority in 
order to remove any reasonable doubt as to the neutrality of that body and its 
imperviousness to external factors. It is important that national regulatory authorities 
responsible for ex-ante market regulation should have their own budget allowing them, in 
particular, to recruit a sufficient number of qualified staff. In order to ensure transparency, 
this budget should be published annually. (…) 

3. Member States shall ensure that national regulatory authorities exercise their powers 
impartial y, transparently and in a timely manner. Member States shall ensure that national 
regulatory authorities have adequate financial and human resources to carry out the task 
assigned to them."; 

(b) the following paragraphs shall be inserted: 
"3a. Without prejudice to the provisions of paragraphs 4 and 5, national regulatory 
authorities responsible for ex-ante market regulation or for the resolution of disputes 
between undertakings in accordance with Article 20 or 21 of this Directive shall act 
independently and shall not seek or take instructions from any other body in relation to the 
exercise of these tasks assigned to them under national law implementing Community law. 
This shall not prevent supervision in accordance with national constitutional law. Only appeal 
bodies set up in accordance with Article 4 shall have the power to suspend or overturn 
decisions by the national regulatory authorities. Member States shall ensure that the head of 
a national regulatory authority, or where applicable, members of the collegiate body 
fulfilling that function within a national regulatory authority referred to in the first 
subparagraph or their replacements may be dismissed only if they no longer fulfil the 
conditions required for the performance of their duties which are laid down in advance in 
national law. The decision to dismiss the head of the national regulatory authority 
concerned, or where applicable members of the collegiate body fulfilling that function shall 
be made public at the time of dismissal. The dismissed head of the national regulatory 

 
 
© FRA 
 26 

authority, or where applicable, members of the col egiate body fulfilling that function shall 
receive a statement of reasons and shall have the right to request its publication, where this 
would not otherwise take place, in which case it shall be published. 

Member States shall ensure that national regulatory authorities referred to in the first 
subparagraph have separate annual budgets. The budgets shall be made public. Member 
States shall also ensure that national regulatory authorities have adequate financial and 
human resources to enable them to actively participate in and contribute to the Body of 
European Regulators for Electronic Communications (BEREC)  

Declaration of the Committee of Ministers of the Council of Europe on the 
independence and functions of regulatory authorities for the broadcasting sector
 
(Adopted by the Committee of Ministers on 26 March 2008 at the 1022nd meeting of the 
Ministers’ Deputies)
 
III. FINANCIAL INDEPENDENCE 
18. Another key factor for ensuring the independence of regulatory authorities is their 
funding arrangements, which, according to the recommendation, should be specified in law 
in accordance with a clearly defined plan, and with reference to the estimated cost of the 
regulatory authorities’ activities, so as to allow them to carry out their functions fully and 
independently (cf. Appendix to the recommendation, Section III, paragraphs 9 to 11). 
19.  The  majority  of  Council  of  Europe  member  states  have  legal  provisions  defining  the 
source of funding of the regulatory body. By contrast, in at least a quarter of member states, 
the legal framework does not appear to be clear on this subject. 
20. It is common practice among many regulatory authorities in Council of Europe member 
states to receive their funding directly through fees in order to be independent from public 
authorities’ decision making. Nonetheless, the laws of a large number of member states 
specify that the regulatory authority is to be financed by the state budget. In some member 
states, the law mentions clearly that public authorities must not use their financial decision-
making power to interfere with the independence of the regulatory authority; however in 
most countries where the regulatory authority is financed by the state budget no such 
precautions are laid down in the law. 
21. In some member states, the law stipulates that the regulatory authority proposes its 
annual budget plan which then has to be automatically approved by a specific state body (or 
the approval of such a body being a formality). However, in at least a third of all Council of 
Europe member states, no clear rules exist to ensure that the approval for the regulatory 
authority’s funding is not up to the discretion of such other state bodies. 
22. It would appear that, despite the law envisaging an independent funding plan for the 
regulatory authority, in certain Council of Europe member states those authorities claim to 
feel under threat of or have experienced pressure from governments which go back on 
agreed funding plans and/or use funding decisions as leverage in political power struggles. 
Reportedly, in more than one case, broadcasting regulatory authorities which, according to 
the law should be financed independently, in practice received their revenue from the state 
 
 
© FRA 
 27 

because of a weak broadcasting market or because the licence fee collecting system was 
ineffective. In at least two member states, the regulatory authority did not publicly disclose 
the source of their revenue after the licence fee system had collapsed. 
23. In addition, many regulators also complain that they are not given the means (in 
particular human resources) to adequately perform their duties (see below for further 
details). 
Recommendation No. R (2000) 23 of the Committee of Ministers to Member States on the 
Independence and Functions of Regulatory Authorities for the Broadcasting Sector 

(Adopted by the Committee of Ministers on 20 December 2000 at the 735th meeting of the 
Ministers’ Deputies)
 
III. Financial independence 
9. Arrangements for the funding of regulatory authorities - another key element in their 
independence – should be specified in law in accordance with a clearly defined plan, with 
reference to the estimated cost of the regulatory authorities’ activities, so as to allow them 
to carry out their functions fully and independently. 
10. Public authorities should not use their financial decision-making power to interfere with 
the independence of regulatory authorities. Furthermore, recourse to the services or 
expertise of the national administration or third parties should not affect their 
independence. 
11. Funding arrangements should take advantage, where appropriate, of mechanisms which 
do not depend on ad-hoc decision-making of public or private bodies. 
Explanatory Memorandum to Recommendation No. R (2000)23 of the Committee of 
Ministers to member states on the independence and functions of regulatory authorities 
for the broadcasting sector 

(Adopted by the Committee of Ministers on 20 December 2000 at the 735th meeting of the 
Ministers' Deputies)
 
III. Financial independence 
24. The arrangements for funding regulatory authorities - like the procedures for appointing 
their members - have the potential to work both as levers for exerting pressure and as 
guarantees of independence. Experience shows that if regulatory authorities enjoy real 
financial independence, they will be less vulnerable to outside interference or pressure. 
25. With this in mind, the Recommendation provides that arrangements for the funding of 
regulatory authorities should be specified in law in accordance with a clearly defined plan, 
with reference to the estimated cost of the regulatory authorities' activities, so as to allow 
them to carry out their functions fully and independently. As regards the question of 
whether regulatory authorities should only use their own human and financial resources, the 
Recommendation does not formally forbid national administrations or third parties from 
 
 
© FRA 
 28 

acting on a regulatory authority's behalf, provided such action is carried out in a context that 
safeguards the independence of the authority. 
26. The Recommendation does not indicate in a concrete manner the possible funding 
sources of regulatory authorities. This being said, the practice in most European countries 
shows that there are two main sources for the funding of regulatory authorities, which can 
be combined where appropriate. Funding can mainly come from concession fees - or, where 
appropriate, a levy on turnover - paid by licensees. Provided such licence fees or levies are 
fixed at a level that does not constitute an operational impediment to broadcasters, this 
arrangement would seem the best way of safeguarding the regulatory authorities' financial 
independence inasmuch as it does not leave them reliant on the public authorities' goodwill. 
At the same time, the Recommendation does not rule out financing from the state budget. 
However, because in this case regulatory authorities are more likely to be dependent on the 
budgetary favour of governments and parliaments, it states explicitly that public authorities 
should not use their financial decision-making power to interfere with the independence of 
regulatory authorities. 
27. Whatever funding arrangements are adopted, account must be taken of the human, 
technical and other resources which regulatory authorities need in order to perform all their 
functions independently. Clearly, the more numerous and substantial those functions, the 
more important it is that the funding of the regulatory authority should match its needs. 
28. Where funding levels are fixed annually, account must be taken of the estimated cost of 
the regulatory authorities' activities and of the fact that, in addition to the costs of regulation 
itself, there are related expenses essential to the effective performance of the authorities' 
tasks. In this respect, in order to perform those tasks competently, taking decisions based on 
close analyses of the current, and indeed future, situation of the broadcasting sector, 
regulatory authorities normally need to have recourse to consultants, carry out research, 
fact-finding missions and studies and issue publications, all of which clearly entails additional 
expenditure. 
ECRI General Policy Recommendation N°2: Specialised bodies to combat racism, 
xenophobia, antisemitism and intolerance at national level 

Adopted by ECRI on 13 June 1997 
Principle 5 Independence and accountability 
1. Specialised bodies should be provided with sufficient funds to carry out their functions 
and responsibilities effectively, and the funding should be subject annually to the approval 
of parliament. 
2. Specialised bodies should function without interference from the State and with all the 
guarantees necessary for their independence including the freedom to appoint their own 
staff, to manage their resources as they think fit and to express their views publicly. 
3. Specialised bodies should independently provide reports of their actions on the basis of 
clear and where possible measurable objectives for debate in parliament. 
 
 
© FRA 
 29 

4. The terms of reference of specialised bodies should set out clearly the provisions for the 
appointment of their members and should contain appropriate safeguards against arbitrary 
dismissal or the arbitrary non-renewal of an appointment where renewal would be the 
norm. 
International Coordinating Committee of National Institutions for the 
Promotion and Protection of Human Rights 

Report and Recommendations of the Session of the Sub-Committee on Accreditation (SCA) 
(Geneva, 29 March -1 April 2010) 
Annex III 
GENERAL OBSERVATIONS 
1.  Composition and guarantees of independence and pluralism 
 

2.1  Ensuring pluralism: The Sub-Committee notes there are diverse models of ensuring 
the requirement of pluralism set out in the Paris Principles. However, the Sub-
Committee emphasizes the importance of National Institutions to maintain consistent 
relationships with civil society and notes that this will be taken into consideration in 
the assessment of accreditation applications. 
 
The Sub-Committee observes that there are different ways in which pluralism may 
be achieved through the composition of the National Institution, for example:  
a)  Members of the governing body represent different segments of society as 
referred to in the Paris Principles; 
b)  Pluralism through the appointment procedures of the governing body of the 
National Institution, for example, where diverse societal groups suggest or 
recommend candidates; 
c)  Pluralism through procedures enabling effective cooperation with diverse societal 
groups, for example advisory committees, networks, consultations or public 
forums; or 
d)  Pluralism through diverse staff representing the different societal groups within 
the society. 
 
The Sub-Committee further emphasizes that the principle of pluralism includes 
ensuring the meaningful participation of women in the National Institution. 
2.2   Selection and appointment of the governing body: The Sub-Committee notes the 
critical importance of the selection and appointment process of the governing body 
in ensuring the pluralism and independence of the National Institution. In particular, 
the Sub-Committee emphasizes the following factors:  
 
a)  A transparent process 
b)  Broad consultation throughout the selection and appointment process 
c)  Advertising vacancies broadly  
 
 
© FRA 
 30 

d)  Maximizing the number of potential candidates from a wide range of societal 
groups 
e)  Selecting members to serve in their own individual capacity rather than on behalf 
of the organization they represent. 
 
2.3  Government representatives on National Institutions: The Sub-Committee 
understands that the Paris Principles require that Government representatives on 
governing or advisory bodies of National Institutions do not have decision making or 
voting capacity. 
 
2.4  Staffing by secondment: 
 
In order to guarantee the independence of the NHRI, the Sub-Committee notes, as a 
matter of good practice, the following:  
a)  Senior level posts should not be filled with secondees; 
b)  The number of seconded should not exceed 25% and never be more than 50% 
of the total workforce of the NHRI. 
 
2.5  IMMUNITY:  IT IS STRONGLY RECOMMENDED THAT PROVISIONS BE INCLUDED IN 
NATIONAL LAW to protect legal liability for actions undertaken in the official capacity 
of the NHRI. 
 
2.6   Adequate  Funding: Provision of adequate funding by the state should, as a 
minimum include:  
 
a)  the allocation of funds for adequate accommodation, at least its head office;  
b)  salaries and benefits awarded to its staff comparable to public service salaries 
and conditions;  
c)  remuneration of Commissioners (where appropriate); and 
d)  the establishment of communications systems including telephone and  internet.  
 
Adequate funding should, to a reasonable degree, ensure the gradual and 
progressive realisation of the improvement of the organization’s operations and the 
fulfilment of their mandate.  
Funding from external sources, such as from development partners, should not 
compose the core funding of the NHRI as it is the responsibility of the state to ensure 
the NHRI’s minimum activity budget in order to allow it to operate towards fulfilling 
its mandate.  
Financial systems should be such that the NHRI has complete financial autonomy. 
This should be a separate budget line over which it has absolute management and 
control.  
2.7  Staff of an NHRI: As a principle, NHRIs should be empowered to appoint their own 
staff. 
 
2.8  Full-time Members: Members of the NHRIs should include full-time remunerated 
members to: 
 
 
© FRA 
 31 

 
a)  Ensure the independence of the NHRI free from actual or perceived conflict of 
interests; 
b)  Ensure a stable mandate for the members; 
c)  Ensure the ongoing and effective fulfilment of the mandate of the NHRI. 
 
2.9  Guarantee of tenure for members of governing bodies: Provisions for the dismissal 
of members of governing bodies in conformity with the Paris Principles should be 
included in the enabling laws for NHRIs.  
 
a)  The dismissal or forced resignation of any member may result in a special review 
of the accreditation status of the NHRI; 
b)  Dismissal should be made in strict conformity with all the substantive and 
procedural requirements as prescribed by law; 
c)  Dismissal should not be allowed based on solely the discretion of appointing 
authorities.  
 
2.10 Administrative regulation 
 
The classification of an NHRI as a public body has important implications for the 
regulation of its accountability, funding, and reporting arrangements.  
In cases where the administration and expenditure of public funds by an NHRI is 
regulated by the Government, such regulation must not compromise the NHRI’s 
ability to perform its role independently and effectively. For this reason, it is 
important that the relationship between the Government and the NHRI be clearly 
defined. 
 
 
 
© FRA 
 32