Strengthening data privacy: European Commission’s latest decision
These rules are designed to ensure compliance with Regulation (EU) 2018/1725 on data protection within the EU institutions.
The European Commission has adopted Decision (EU) 2025/628, establishing internal rules regarding the provision of information to data subjects and the conditions under which certain rights may be restricted. These rules are designed to ensure compliance with Regulation (EU) 2018/1725 on data protection within the EU institutions.These guidelines outline the conditions under which rights such as access, rectification, erasure, and restriction of processing can be limited, aiming to balance operational needs with the protection of personal data.
Why does it matter?
This decision is significant because it establishes standardized procedures for EU institutions when restricting data subject rights, ensuring that such restrictions are justified, documented, and regularly reviewed. By enforcing strict safeguards and retention policies, the Commission aims to uphold the integrity of data protection practices within its operations. This approach not only aligns with the EU’s commitment to data protection but also seeks to restore public trust in its institutions following previous data protection breaches. For example, in January 2025, the EU General Court ruled that the European Commission must pay damages to a German citizen for failing to comply with its own data protection regulations, marking a significant precedent in enforcing data protection laws within EU institutions.
