Data protection implications of US mass surveillance on European soil

European Data Protection Supervisor did not have the information requested.

Dear European Data Protection Supervisor,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

1. Since the Schrems II ruling of the European Court of Justice from July 2020 regarding the invalidation and illegality of the former US-EU Privacy Shield Framework (governed by the International Trade Administration within the US Department of Commerce and the European Commission), reports have arisen in the press detailing bilateral plans to re-establish a new data sharing plan between the US and the EU. Can the EDPS validate/invalidate these claims based on existing documents?

2. What is the net cost in EUR in data breaches related to US surveillance efforts on European soil?

If the European Data Protection Supervisor does not presently possess any related documents, kindly relay me to another European institution that may have them.

Yours faithfully,

Alexander Borg

European Data Protection Supervisor

3 Attachments

Dear Mr. Borg,

We acknowledge receipt of your request, registered on 18.10. 2021. In
accordance with Article 7(1) of Regulation (EU) No 1049/2001 regarding
public access to European Parliament, Council and Commission documents,
you will receive a reply within 15 working days (by 09.11.2021).

Your case number is 2021-0963.

Please note that your personal data will only be processed for the
purposes of replying to your request and in accordance with the privacy
statement set out below. More information on how the EDPS process personal
information can be found on our [1]website.

You have lodged your application via the AsktheEU.org website. Please note
that this is a private website which has no link with any institution of
the European Union. The European Data Protection Supervisor is not
accountable for any technical issues or problems linked to the use of this
system.

Yours sincerely,

  EDPS Secretariat
[2]cid:image001.png@01D4D8CD.D37C9700
[3]| Tel. (+32) 228 31900  |
Fax +32(0)22831950  | ›  
Email  [4][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60,
B-1047 Brussels
Office address: Rue Montoyer 30,
B-1000 Brussels
[5]Twitter [6]@EU_EDPS  
[7]Website [8]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

According to Articles 15 and 16 of Regulation (EU) 2018/1725 (the
Regulation) on the protection of natural persons with regard to the
processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, we are processing your
personal data, where proportionate and necessary, for the purpose of
answering your request. The legal base for this processing operation is
Regulation (EU) 1049/2001 and Article 52(4) of the Regulation (EU)
2018/1725. Subject to applicable rules under EU legislation, the personal
data relating to you, as provided in your request as well as personal data
that might be collected while processing your request, are used solely for
the purpose of replying to your request. EDPS staff members dealing with
the request will have access to the case file containing your personal
data on a need-to-know basis. All access to case files is logged. Your
personal data are not disclosed outside the EDPS. Your personal data will
be stored electronically for a maximum of ten years after the closure of
the case, or as long as the EDPS is under a legal obligation to do so. You
have the right to access your personal data held by the EDPS and to
relevant information concerning how we use it. You have the right to
rectify your personal data. Under certain conditions, you have the right
to ask that we delete your personal data or restrict its use. We will
consider your request, take a decision and communicate it to you. For more
information, please see Articles 14 to 21, 23 and 24 of the Regulation.
Please note that in some cases restrictions under Article 25 of the
Regulation may apply. Any request to exercise your rights should be
addressed to the EDPS at [9][EDPS request email]. You may contact the data
protection officer of the EDPS ([10][email address]), if you have
any remarks or complaints regarding the way we process your personal data.
You have the right to lodge a complaint with the EDPS, as supervisory
authority. Any such request should be addressed to the EDPS at
[11][EDPS request email]. You can reach the EDPS in the following ways:
E-mail: [12][EDPS request email]; EDPS postal address: European Data
Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium. For more
information, please refer to the extended version of the data protection
notice available on the EDPS website:
[13]https://edps.europa.eu/data-protection/o....

References

Visible links
1. https://secure.edps.europa.eu/EDPSWEB/we...
3. file:///tmp/tel:+3222831900
4. mailto:[EDPS request email]
6. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
8. http://www.edps.europa.eu/
http://www.edps.europa.eu/
9. mailto:[EDPS request email]
10. mailto:[email address]
11. mailto:[EDPS request email]
12. mailto:[EDPS request email]
13. https://edps.europa.eu/data-protection/o...

European Data Protection Supervisor

5 Attachments

Dear Mr Borg,

 

Please find enclosed a letter signed electronically by Mr Leonardo Cervera
Navas on the above-mentioned subject.

 

Kind regards,

 

  EDPS Secretariat

' (+32) 228 319 00   | Fax +32 2 283 19 50
[1]Email [2][EDPS request email]
European Data Protection Supervisor
Postal address: Rue Wiertz 60, B-1047 Brussels
Office address: Rue Montoyer 30, B-1000 Brussels
[3]Twitter [4]@EU_EDPS   [5]Website [6]www.edps.europa.eu
This email
(and any
attachment)
may contain
information
that is
internal or
confidential.
Unauthorised
access, use or
other
processing is
not permitted.
If you are not
the intended
recipient
please inform
the sender by
reply and then
delete all
copies. Emails
are not secure
as they can be
intercepted,
amended, and
infected with
viruses. The
EDPS therefore
cannot
guarantee the
security of
correspondence
by email.

 

 

 

References

Visible links
2. mailto:[EDPS request email]
4. http://twitter.com/EU_EDPS
http://twitter.com/EU_EDPS
6. http://www.edps.europa.eu/
http://www.edps.europa.eu/