Supervision of data protection in the EU’s large-scale IT systems

The European Union has set up a number of large-scale IT systems, the supervision of which is shared between the national Data Protection Authorities and the European Data Protection Supervisor. In order to ensure a high and consistent level of data protection, national DPAs and the EDPS work together within the framework of the coordinated supervision.
Currently, this supervision model covers the following IT systems:

  • the Schengen Information System (SIS)
  • the Visa Information System (VIS)
  • the Eurodac
  • the Customs Information System (CIS)

Some of these systems contain huge amounts of data - for example, Eurodac contains the fingerprints of more than two million people and VIS tracks millions of visa applications per year.

The legal bases of these systems stipulate that national Data Protection Authorities and the EDPS cooperate to ensure coordinated supervision. To this end, representatives of national Data Protection Authorities and the EDPS meet regularly - usually twice a year - to discuss common issues of supervision. Activities include, inter alia, joint inspections and investigations and work on common methodologies.