The European Data Protection Supervisor (EDPS), Wojciech Wiewiórowski, warned of a “sharp increase” in complaints received by 2025 concerning the processing of personal data by private entities, national authorities and international organisations, “linked to the growing use of automated and AI-based tools”. The EDPS received 2,725 complaints, compared with 555 in 2024, an increase of almost 500%, according to the 2025 annual activity report, which he presented to the European Parliament’s Committee on Civil Liberties (LIBE) on Thursday 7 May.
Most of these complaints are declared inadmissible, as they do not fall within the EDPS’ remit, says the report. Admissible complaints, enabling individuals to challenge the way in which the European Union’s institutions, bodies and agencies process their personal data, also increased, reaching 133, which is 23% more than the previous year, and representing 5% of the total number of complaints received. Most of these concern the right of access and the right to be informed about processing activities, as well as concerns relating to security and confidentiality. As in previous years, the majority concerned the European Commission.
During his presentation, Wojciech Wiewiórowski acknowledged the “unprecedented” level of threats in the field of cybersecurity and data protection, and stressed that while “no security parameter is perfect”, there is an “urgent” need to “contain” cases of data breaches. “We have encountered certain problems with European institutions that have not reacted in time to incidents that have occurred”, he conceded.
The EDPS contributed to 145 legislative consultations, notably in areas such as the return of third-country nationals, the mandate for a framework agreement with the United States on the exchange of information for border security control, as well as the European Digital Identity Wallet and the amendments to the General Data Protection Regulation (GDPR) to ensure that the new regulations are “legally sound”, “applicable” and provide “a high level of protection for personal data”.
The EDPS also carried out “six data audits, one more than planned”, and processed a record 72 requests for access to documents. (Original version in French by Ana Pisonero Hernández)