The European Union is committed to user privacy.

The European Union’s policy on the "protection of natural persons with regard to the processing of personal data by the Union institutions" is based on Regulation (EU) 2018/1725 of the European Parliament and of the Council of .

This general policy covers the European Union's institutional websites within the domain.

Although you can browse most of these websites without giving any information about yourself, if you request e-services we may need some personal information so that we can fulfil your request.

Websites that do require personal information process it in line with the regulation above and provide information about how they use your data in their specific privacy statements:

  • For each specific e-service, a controller determines how personal data should be processed and for what purpose, and ensures that the e-service complies with the privacy policy.

  • Each institution has a Data Protection Officer who ensures that the provisions of the regulation are applied and advises controllers on their obligations (see articles 43-45 of the regulation).

  • The European Data Protection Supervisor acts as an independent supervisory authority for all the institutions (see articles 52-60 of the regulation).

The European Union's institutional websites, within the domain, provide links to third-party sites. We do not have any control over their content, so we encourage you to review their privacy policies.

What is an e-service?

An e-service from a European Union institutional website is a service or resource made available on the Internet to improve communication between the European institutions and businesses or members of the public.

European Union institutional websites offer three types of e-service:

  • Information services that provide members of the public, the media, businesses, government bodies and other decision-makers with easy and effective access to information, thus increasing the transparency and understanding of EU policies and activities.

  • Interactive communication services to improve contact with members of the public, businesses, civil society and public stakeholders, thus facilitating policy consultations and feedback mechanisms in order to help shape policies and contribute to EU activities and services.

  • Transaction services that allow access to all basic forms of transaction with the EU, e.g. procurement, financial operations, recruitment, event enrolment, acquisition or purchase of documents, etc.

Information contained in a specific privacy statement

A specific privacy policy statement will contain the following information about the use of your data:

  • who controls the information collected and why it is being collected, on what legal basis and via what technical means. The EU only collects personal information when needed for a specific purpose and will not re-use information for a purpose other than that for which the personal data were collected.
  • To whom your information is disclosed. The EU will only disclose information to third parties if necessary for the purpose(s) identified above, and only to the (categories of) recipients mentioned. The EU will not divulge your personal data for direct marketing purposes.
  • Your rights as stated in articles 17 to 24 of Regulation (EU) 2018/1725: your right to access your personal data and have them rectified without undue delay if they are inaccurate or incomplete; under certain conditions, your right to ask for the erasure of your personal data or restriction of their use; where applicable, your right to object to the processing of your personal data, on grounds relating to your particular situation, at any time; and your right to data portability. Requests will be considered and a reply sent to you without undue delay and in any event within one month of receipt of the request. This period may be extended by two further months where necessary.

A specific privacy policy statement can also contain the following information about the use of your data:

  • your right to request the communication of any changes to your personal data, where possible, to other parties to whom your data have been disclosed; your right to be informed of whether the provision of personal data is mandatory or optional and of the possible consequence of failure to provide such data; your right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law; where applicable, your right to withdraw your consent at any time.
  • How long your data are kept. The EU only keeps the data for the time needed to collect or process it.
  • Whom to contact if you have queries or complaints.

Related links