European Public Prosecutor's Office (EPPO)

The European Public Prosecutor's Office (EPPO) is an independent public prosecution service of the European Union (EU). It is responsible for the investigation, prosecution and taking to court of offences that conflict with the financial interests of the EU. Such as various types of fraud, VAT fraud with a damage of more than 10 million euro, money laundering and corruption.

On this page

Legislation for EPPO

The EPPO started its activities on 1 June 2021. The tasks of the EPPO are described in Regulation (EU) 2017/1939, which entered into force on 31 October 2017.

Personal data processing by EPPO


  • conducts investigations;
  • performs acts for criminal prosecution;
  • acts as public prosecutor before the competent courts of the participating EU Member States.

The EPPO does this until the case has been settled conclusively.

In order to do so, the EPPO processes personal data. The legal basis for this processing is laid down in the EPPO Regulation. 

The EPPO processes personal data for the following purposes:

  • criminal investigations and prosecution;
  • exchange of information with competent authorities of EU Member States and other EU bodies;
  • cooperation with third countries and international organisations;
  • determining whether the personal data are relevant to the tasks of the EPPO. 

Supervision of EPPO

This personal data processing is subject to independent supervision.  Supervision is exercised at European level by the European Data Protection Supervisor (EDPS). The EDPS is the independent data protection agency of the EU.

Tasks of the EDPS

Regarding EPPO the EDPS: 

  • Takes note of complaints of data subjects and investigates them.
  • Conducts investigations, at its own initiative or on the basis of complaints.
  • Ensures that the EPPO applies the rules for the processing of personal data as set out in the EPPO Regulation.
  • Advises the EPPO, at its own initiative or by consultation, about the processing of operational personal data. The EDPS does this in particular when internal rules are drawn up for the protection of fundamental rights and fundamental freedoms of data subjects.

Cooperation between EDPS and national data protection authorities

The EPPO Regulation explicitly provides for close cooperation between the EDPS and the national data protection authorities. This is done in the Coordinated Supervision Committee (CSC), under the umbrella of the European Data Protection Board (EDPB)

The CSC advises the EDPS and consists of representatives of all national data protection authorities and representatives from the EDPS. The Dutch Data Protection Authority represents the Netherlands in the CSC.