Dear European Data Protection Supervisor,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

On 10 July 2023, the European Data Protection Supervisor (EDPS) announced several organisational changes. One of them is establishment of the position of the Secretary-General. The post of a Secretary General and an associated grade - AD 16, the highest possible grade for an official in the EU institutions, with salary usually above 20.000 euro a month, should be reserved for most senior EU officials, governing thousands of people and performing the most complex tasks. Much bigger EU bodies do not have such a position, which is typical for the Commission, European Parliament, the EU Council, hiring thousands of staff. For example, Europol with more than 1400 staff, 14x times the size of the EDPS, does not have a Secretary General post. Such post does not exist at Frontex, Eurojust, or FRA.

I would therefore like to receive all documents that assess the need to establish a post of a Secretary General in an EU body of the size of the EDPS and all documents in which the Supervisor explains why he saw the need to establish this post in his organisation, hiring around 100 people.

Including, but not limited to information:
- all internal documents;
- the costs generated by a new AD 16 post;
- how many candidates applied for this position?
- how many of them were internal candidates, which means people already working at the EDPS?
- how many candidates were deemed eligible and interviewed for this post?
- the list of topics on which the Secretary General provided strategic advices to the Supervisor.

Instead of creating this position, EDPS could hire e.g. 2-3 lawyers to deal with AI, which I would consider much better spending of EU taxpayers money. The importance of my access request is increased by the budgetary cuts on the EU level and I hope to better understand why this post was so needed.

Yours faithfully,

Florian Allers

European Data Protection Supervisor, Europäischen Datenschutzbeauftragten

3 Attachments

Dear requester,

We acknowledge receipt of your request, registered on 12.01.2024. In
accordance with Article 7(1) of Regulation (EU) No 1049/2001 regarding
public access to European Parliament, Council and Commission documents,
you will receive a reply within 15 working days (by 02.02.2024).

Your case number is 2024-0064.

Please note that your personal data will only be processed for the
purposes of replying to your request and in accordance with the privacy
statement set out below. More information on how the EDPS process personal
information can be found on our [1]website.

You have lodged your application via the AsktheEU.org website. Please note
that this is a private website which has no link with any institution of
the European Union. The European Data Protection Supervisor is not
accountable for any technical issues or problems linked to the use of this
system.

Yours sincerely,

 

 

  EDPS Secretariat
[2]cid:image001.png@01D4D8CD.D37C9700
[3]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | › Email
 [4][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[5]Twitter [6]@EU_EDPS  
[7]Website [8]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation), we are processing your personal data in order to reply to
your request. The controller is the European Data Protection Supervisor
(EDPS). The legal basis for this processing operation is Article 5(1)(b)
of the Regulation, since processing is necessary for compliance with a
legal obligation to which the EDPS is subject. The data processed include
your contact details, your request, as well as personal data that might be
collected during the investigation of your request. For the EDPS, case
handlers, administrative staff and hierarchy involved in the request
handling will have access to the case file containing your personal data
on a need-to-know basis. All access to case files is logged. Your data
will only be transferred to other EU institutions and bodies or to third
parties when it is necessary to ensure the appropriate investigation or
follow up of your request. Your data will be stored by the EDPS in
electronic files until the end of the reporting period of the current year
(as a rule, until mid-next year), unless legal proceedings require us to
keep them for a longer period. Afterwards, only a brief anonymous note
will be included in a file in order to keep record of the request.

You have the right of access to your personal data and to relevant
information concerning how we use it. You have the right to rectify your
personal data. Under certain conditions, you have the right to ask that we
delete your personal data or restrict its use. We will consider your
request, take a decision and communicate it to you. For more information,
please see Articles 14 to 21, 23 and 24 of the Regulation. Please note
that in some cases restrictions under Article 25 of the Regulation may
apply. Any request to exercise your rights should be addressed to the EDPS
at [9][EDPS request email]. You may also contact the data protection
officer of the EDPS ([10][email address]), if you have any remarks or
complaints regarding the way we process your personal data. You have the
right to lodge a complaint with the EDPS, as supervisory authority. Any
such request should be addressed to the EDPS at [11][EDPS request email].
You can reach the EDPS in the following ways: e-mail:
[12][EDPS request email]; EDPS postal address: European Data Protection
Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium.

 

 

References

Visible links
1. https://edps.europa.eu/about-edps/data-p...
3. file:///tmp/tel:+3222831900
4. mailto:[EDPS request email]
6. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
8. http://www.edps.europa.eu/
http://www.edps.europa.eu/
9. mailto:[EDPS request email]
10. mailto:[email address]
11. mailto:[EDPS request email]
12. mailto:[EDPS request email]

European Data Protection Supervisor, Europäischen Datenschutzbeauftragten

7 Attachments

Dear Mr Allers,

 

Please find attached a letter (+ annexes) to your attention electronically
signed by Luisa Palla on the above-mentioned subject.

 

Best regards,

 

 

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax (+32) 228 31950  |
› Email: [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation), we are processing your personal data in order to reply to
your request. The controller is the European Data Protection Supervisor
(EDPS). The legal basis for this processing operation is Article 5(1)(b)
of the Regulation, since processing is necessary for compliance with a
legal obligation to which the EDPS is subject. The data processed include
your contact details, your request, as well as personal data that might be
collected during the investigation of your request. For the EDPS, case
handlers, administrative staff and hierarchy involved in the request
handling will have access to the case file containing your personal data
on a need-to-know basis. All access to case files is logged. Your data
will only be transferred to other EU institutions and bodies or to third
parties when it is necessary to ensure the appropriate investigation or
follow up of your request. Your data will be stored by the EDPS in
electronic files until the end of the reporting period of the current year
(as a rule, until mid-next year), unless legal proceedings require us to
keep them for a longer period. Afterwards, only a brief anonymous note
will be included in a file in order to keep record of the request.

You have the right of access to your personal data and to relevant
information concerning how we use it. You have the right to rectify your
personal data. Under certain conditions, you have the right to ask that we
delete your personal data or restrict its use. We will consider your
request, take a decision and communicate it to you. For more information,
please see Articles 14 to 21, 23 and 24 of the Regulation. Please note
that in some cases restrictions under Article 25 of the Regulation may
apply. Any request to exercise your rights should be addressed to the EDPS
at [8][EDPS request email]. You may also contact the data protection
officer of the EDPS ([9][email address]), if you have any remarks
or complaints regarding the way we process your personal data. You have
the right to lodge a complaint with the EDPS, as supervisory authority.
Any such request should be addressed to the EDPS at
[10][EDPS request email]. You can reach the EDPS in the following ways:
e-mail: [11][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium.

 

 

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/
8. mailto:[EDPS request email]
9. mailto:[email address]
10. mailto:[EDPS request email]
11. mailto:[EDPS request email]

Dear European Data Protection Supervisor,

Please pass this on to the person who reviews confirmatory applications.

I am filing the following confirmatory application with regards to my access to documents request 'Creation of a new 20.000 EUR/month post at the EDPS'.

Dear EDPS,

I submit the confirmatory application for access to the vacancy notice for the position of the Secretary General, which is not publicly available (in documents Wojciech WIEWIOROWSKI mentioned “selection procedure”, which should take place in “full transparency” ). Also, I did not receive information about the number of candidates and whether they were all internal candidates. Other information I did not receive:
- the costs generated by a new AD 16 post? (it is a lot of taxpayers money - 20k EUR/month post)
- how many candidates were deemed eligible and interviewed for this post?
- the list of topics on which the Secretary General provided strategic advices to the Supervisor.

I’m asking about the internal candidates because I tried to find it myself and different crawling tools shows that you have never published the vacancy for the Secretary General (I crawled: https://edps.europa.eu/careers_en) Around that time you published e.g. Vacancy Notice EDPS 11/2023,Vacancy Notice EDPB 3/2023, Vacancy Notice EDPS 12/2023. The same is on Twitter: back in 2013 and 2014 the EDPS advertised on Twitter the vacancy notices for the Supervisor and the Assistant Supervisor (for example here https://twitter.com/EU_EDPS/status/47162...), however the EDPS official account and website have never ever shared information about the opening of the post of Secretary General (it could not because it was never public). That is why I think that noone from outside of the EDPS could apply for this post - because the Supervisor has never publicly published the vacancy.

The Secretary may replace EDPS. How did you advertise this post to get best candidates?

Which "growing tasks related to legislation" meant the EDPS?

Why do you need Secretary General for 100 people organisation? Wojciech WIEWIOROWSKI says the size justifies new post, but how?

A full history of my request and all correspondence is available on the Internet at this address: https://www.asktheeu.org/en/request/crea...

Yours faithfully,

Florian Allers

European Data Protection Supervisor, Europäischen Datenschutzbeauftragten

3 Attachments

Dear applicant,

 

We acknowledge receipt of your confirmatory application in case file
2024-0064. Your application was registered on 12/02/2024.

 

In accordance with Article 8(1) of Regulation (EU) No 1049/2001 regarding
public access to European Parliament, Council and Commission documents,
you will receive a reply within 15 working days (by 04/03/2024).

 

Yours sincerely,

 

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax (+32) 228 31950  |
› Email: [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation), we are processing your personal data in order to reply to
your request. The controller is the European Data Protection Supervisor
(EDPS). The legal basis for this processing operation is Article 5(1)(b)
of the Regulation, since processing is necessary for compliance with a
legal obligation to which the EDPS is subject. The data processed include
your contact details, your request, as well as personal data that might be
collected during the investigation of your request. For the EDPS, case
handlers, administrative staff and hierarchy involved in the request
handling will have access to the case file containing your personal data
on a need-to-know basis. All access to case files is logged. Your data
will only be transferred to other EU institutions and bodies or to third
parties when it is necessary to ensure the appropriate investigation or
follow up of your request. Your data will be stored by the EDPS in
electronic files until the end of the reporting period of the current year
(as a rule, until mid-next year), unless legal proceedings require us to
keep them for a longer period. Afterwards, only a brief anonymous note
will be included in a file in order to keep record of the request.

You have the right of access to your personal data and to relevant
information concerning how we use it. You have the right to rectify your
personal data. Under certain conditions, you have the right to ask that we
delete your personal data or restrict its use. We will consider your
request, take a decision and communicate it to you. For more information,
please see Articles 14 to 21, 23 and 24 of the Regulation. Please note
that in some cases restrictions under Article 25 of the Regulation may
apply. Any request to exercise your rights should be addressed to the EDPS
at [8][EDPS request email]. You may also contact the data protection
officer of the EDPS ([9][email address]), if you have any remarks
or complaints regarding the way we process your personal data. You have
the right to lodge a complaint with the EDPS, as supervisory authority.
Any such request should be addressed to the EDPS at
[10][EDPS request email]. You can reach the EDPS in the following ways:
e-mail: [11][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium.

 

 

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/
8. mailto:[EDPS request email]
9. mailto:[email address]
10. mailto:[EDPS request email]
11. mailto:[EDPS request email]

European Data Protection Supervisor, Europäischen Datenschutzbeauftragten

5 Attachments

Dear Mr Allers,

 

Attached you will find the letter and the annex for your attention, on the
above-mentioned subject.

It was signed electronically by EDPS Secretary General, Mr. Leonardo
Cervera Navas.

                                       

Best regards,

 

  EDPS Secretariat
[1]cid:image001.png@01D4D8CD.D37C9700
[2]| Tel. (+32) 228 31900  |
Fax (+32) 228 31950  |
› Email: [3][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[4]Twitter [5]@EU_EDPS  
[6]Website [7]www.edps.europa.eu

This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

Data Protection Notice

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation), we are processing your personal data in order to reply to
your request. The controller is the European Data Protection Supervisor
(EDPS). The legal basis for this processing operation is Article 5(1)(b)
of the Regulation, since processing is necessary for compliance with a
legal obligation to which the EDPS is subject. The data processed include
your contact details, your request, as well as personal data that might be
collected during the investigation of your request. For the EDPS, case
handlers, administrative staff and hierarchy involved in the request
handling will have access to the case file containing your personal data
on a need-to-know basis. All access to case files is logged. Your data
will only be transferred to other EU institutions and bodies or to third
parties when it is necessary to ensure the appropriate investigation or
follow up of your request. Your data will be stored by the EDPS in
electronic files until the end of the reporting period of the current year
(as a rule, until mid-next year), unless legal proceedings require us to
keep them for a longer period. Afterwards, only a brief anonymous note
will be included in a file in order to keep record of the request.

You have the right of access to your personal data and to relevant
information concerning how we use it. You have the right to rectify your
personal data. Under certain conditions, you have the right to ask that we
delete your personal data or restrict its use. We will consider your
request, take a decision and communicate it to you. For more information,
please see Articles 14 to 21, 23 and 24 of the Regulation. Please note
that in some cases restrictions under Article 25 of the Regulation may
apply. Any request to exercise your rights should be addressed to the EDPS
at [8][EDPS request email]. You may also contact the data protection
officer of the EDPS ([9][email address]), if you have any remarks
or complaints regarding the way we process your personal data. You have
the right to lodge a complaint with the EDPS, as supervisory authority.
Any such request should be addressed to the EDPS at
[10][EDPS request email]. You can reach the EDPS in the following ways:
e-mail: [11][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium.

References

Visible links
2. file:///tmp/tel:+3222831900
3. mailto:[EDPS request email]
5. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
7. http://www.edps.europa.eu/
http://www.edps.europa.eu/
8. mailto:[EDPS request email]
9. mailto:[email address]
10. mailto:[EDPS request email]
11. mailto:[EDPS request email]

European Data Protection Supervisor, Europäischen Datenschutzbeauftragten

4 Attachments

Dear Mr Allers,

On 9 February 2024, you submitted a confirmatory application to the
European Data Protection Supervisor (EDPS) in accordance with Regulation
(EC) No 1049/2001 to your Access to Documents Request (case 2024-0064).
With the same letter, you also requested information about:

·        the vacancy notice for the position of the Secretary General

·        the number of candidates and whether they were all internal
candidates

·        the costs generated by a new AD 16 post

·        how many candidates were deemed eligible and interviewed for this
post

·        the list of topics on which the Secretary General provided
strategic advices to the Supervisor

Further to the reply to your confirmatory application sent to you earlier
today, please find below the answers to your Request for Information
questions.

The vacancy notice for the post of the EDPS Secretary General was
published at the Inter-institutional Vacancy Notices page (Please see also
the information on EDPS’s recruitment practice for EU officials at
[1]https://www.edps.europa.eu/careers_en), meaning that it was advertised
to colleagues of other EU institutions, bodies and agencies, and not just
within the EDPS. This practice reflects the needs and specificities of the
post of the Secretary General, as only senior EU Officials would be
eligible and be considered for the position. Note also that Article 29 of
the Staff Regulations (OJ P 045 14.6.1962, p. 1385) requires to fill posts
in order of priority from within the Institution, then from across other
EU Institutions and bodies and lastly to make a vacancy open to the
broader public.

There were two candidates for this post, none of whom was external (i.e.
from outside of the EU institutions, agencies and bodies). Both candidates
were deemed eligible and were interviewed for this post.

Furthermore, the position of the Secretary General did not incur any
additional costs for the EDPS. On one hand, the position of the EDPS
Director was abolished, and on the other, a provision for an AD 16 post
was foreseen in the EDPS establishment plan since many years ago.

Finally, as the documents already transmitted to you in the context of the
initial reply (EDPS ref: 2024-0064 - D(2024) 0300) to your request for
Access to Document show, the post of the Secretary General was established
to:

1.      ensure smooth functioning of the EDPS as an institution, in cases
where the European Data Protection Supervisor is temporarily prevented to
exercise his/her mandatory and urgent duties;

2.      explicitly be empowered to adopt management or administrative
measures at the highest level;

3.      ensure that the EDPS can be represented at an appropriate level by
the Head of its administration, when dealing with counterparts in other EU
institutions, bodies and agencies.

In addition, among others, the Secretary General takes primary
responsibility for ensuring implementation by the EDPS Secretariat of
policy lines decided by the Supervisor and coordinates the Secretariat's
work accordingly, and where empowered he adopts, on behalf of the
Supervisor, legally binding decisions or other non-legally binding
documents.

Recent or upcoming legislation has created additional tasks for the EDPS;
see for e.g. participation of the EDPS in the European Innovation Board
established under the Data Governance Act, participation of the EDPS in
the High Level Group of DMA, established under the Digital Markets Act,
participation of the EDPS in the European Cybersecurity Board established
with the Cybersecurity Regulation, and most prominently, a number of
duties and tasks entrusted to the EDPS under the upcoming AI Regulation.
These include for example EDPS participation in the Artificial
Intelligence Board, the EDPS to act as competent authority for EU
institutions, bodies and agencies that fall within the scope of this
regulation, the EDPS to serve as market surveillance authority, as well as
notifying authority, within the meaning of the regulation. Reference to
those tasks is without prejudice to expanding activities under other
legislation, such as, inter alia, the GDPR, the Europol, Eurojust, Frontex
and EPPO regulation, as well as future legislation that will highly likely
attribute further tasks and responsibilities to the EDPS.

Yours sincerely,

  Olivier ROSSIGNOL
Head of Information &
Communication
[2]' (+32) 2 283 19 00 | › MTS
07X060 
European Data Protection
Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[3]Twitter [4]@EU_EDPS  
[5]Website [6]www.edps.europa.eu

 

[7]signature 20
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

[8]Data
protection
notice

 

 

References

Visible links
1. https://www.edps.europa.eu/careers_en
2. file:///tmp/tel:+3222831935
4. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
6. http://www.edps.europa.eu/
http://www.edps.europa.eu/
8. https://edps.europa.eu/about-edps/data-p...