EDPS audit on newsletter subscriptions: transparency is key

The European Data Protection Supervisor (EDPS) published today the outcome of his remote audit on how European institutions, bodies and agencies (EUIs) inform individuals about the way their personal data is processed when signing up to newsletters and other similar subscriptions.  

Wojciech Wiewiórowski, EDPS, said: “With the absence of in-person events and other outreach activities due to COVID-19, EUIs have increased their online presence. The sending of newsletters is an effective way of reaching out to individuals and stakeholders. EUIs should lead by example in providing transparent information to individuals on the way their personal data is being handled”.

The EDPS has found that most EUIs comply with the information and transparency requirements set out in the applicable data protection law, Regulation (EU) 2018/1725.

Even before receiving the EDPS’ recommendations following the audit, the majority of EUIs proactively took interim measures. Based on the letter announcing the audit, EUIs revised, for example, their data protection statements or improved the accessibility of information. These measures aim to ensure that individuals have easy access to clear information on the EUIs’ websites about how their personal data is processed when subscribing to newsletters. 

This audit, for which no on-the-spot action was required, is part of a number of audits conducted remotely by the EDPS due to the ongoing COVID-19 crisis. This adapted audit format has allowed the EDPS to continue its supervisory work, by reaching out to a high number of EUIs, their data protection officers, and EUI staff processing individuals’ personal data in their day-to-day work.

Read Press Release