On November 27, European Parliament President Martin Schultz announced that the next European Data Protection Supervisor (EDPS) will be Giovanni Buttarelli, the Assistant EDPS and former Secretary General to the Italian Data Protection Authority. The new Assistant Supervisor will be Wojciech Rafal Wiewiorowski, the head of the Polish data protection authority. Buttarelli and Wiewiorowski will serve in the EDPS office for the next five years.

The EDPS is responsible for ensuring that all European Union (EU) institutions and bodies respect people’s right to privacy when processing their personal data. The EDPS advises EU entities on personal data processing, including activities such as collecting information; recording and storing it; retrieving it for consultation; sending it or making it available to other people; and also blocking, erasing or destroying data.

Buttarelli replaces Peter Hustinx in the role of EDPS. Buttarelli is an Italian national who earned a law degree from the University of Rome in 1984, has been a member of the Italian judiciary since 1986 and has been involved in working groups in the Council of Europe on data protection and privacy matters. During an April 2013 conference on data privacy in Paris, Buttarelli released a statement noting that “[t]he protection of personal data is going through a historic phase. In the political and institutional agenda of the European countries of the past 40 years, there have been important stages in the evolution of the way in which we strengthen the safeguards of personal rights … [and] [t]he choices we are making now, this time mainly at [the] European level rather than in each country in its own way, will have a profound and lasting impact on the way in which public institutions, large multinationals, small businesses and individual internet users will operate in the digital age.” For a copy of the conference transcript, click here.

Buttarelli further stated that “compliance with the rules of the game in terms of lawful and fair processing of data is our right in itself, even if we do not suffer any specific damage. The focus will increasingly shift from the protection of the static right (in which we are merely asked bureaucratically for prior consent to the processing of our personal data) towards dynamic protection allowing us to check exactly how our data are being processed, even if this sometimes happens after the event.”