Privacy on Pause? Why the EU Still Has No New Data Protection Chief After Six Months
Privacy Enforcement

Privacy on Pause? Why the EU Still Has No New Data Protection Chief After Six Months

Europe’s world-renowned data privacy regime, anchored by the General Data Protection Regulation (GDPR), is facing an unexpected leadership vacuum. As of June 2025, the European Union has been without a permanent European Data Protection Supervisor (EDPS) for more than six months. This unprecedented delay in appointing a new privacy chief is more than just political gridlock; it’s a growing concern for privacy advocates, tech companies, and EU citizens alike, though it doesn’t mean enforcement is on pause.  

So, how did we get here, who are the players involved, and what does this ongoing deadlock mean for the future of digital privacy in Europe? 

The Role of the EDPS: Why It Matters 

Before diving into the current impasse, it’s important to understand the critical function of the European Data Protection Supervisor. 

The EDPS is: 

  • The independent authority responsible for overseeing the EU’s data protection framework. 
  • A watchdog that ensures EU institutions comply with privacy laws. 
  • A thought leader and enforcer influencing how personal data is managed across the EU and beyond. 

Since the GDPR came into force in 2018, the EDPS has played a key role in shaping global privacy standards. The outgoing supervisor, Wojciech Wiewiórowski, completed his term in December 2024, leaving behind a legacy of activism and engagement in high-profile digital rights debates. 

The Deadlock Explained: Politics Over Privacy 

Despite the urgency of the role, EU lawmakers have been unable to agree on a successor. The process began in earnest in late 2024, with four shortlisted candidates vying for the role. By March 2025, however, the selection process was mired in political disagreement. 

Key reasons for the impasse include: 

  • Political Power Plays: The European Parliament and Council must jointly agree on the appointment. But ideological divides and geopolitical maneuvering have stalled consensus. 
  • Conflicting Agendas: Some lawmakers are pushing for a privacy chief with a more pro-business stance, while others favor a strict enforcer of privacy rights. 
  • Election-Year Gridlock: With EU elections looming in 2025, party politics are influencing decisions more than qualifications or policy positions. 

The situation has become so contentious that, as of June 2025, not only is there no clear frontrunner, but there are also growing doubts about whether an appointment will be made before the next European Commission takes office. 

Meet the Contenders: Four Candidates, One Office 

The initial shortlist of candidates, published in January 2025, reflected a diverse mix of experience and ideology. Here’s a breakdown of the four finalists: 

  1. Inge Bernaerts – A Belgian official with a background in EU competition law and digital policy. Seen as a technocrat, Bernaerts is respected for her deep understanding of digital markets but has limited experience in data protection enforcement. 
  2. Endre Szabó – A Hungarian lawyer who has served in privacy-focused roles within the EU. He has faced criticism from privacy advocates who question his independence, particularly given Hungary’s broader record on rule-of-law issues. 
  3. Annemie Turtelboom – A former Belgian justice minister and current member of the European Court of Auditors. Known for her pragmatic approach, Turtelboom could appeal to both lawmakers and business leaders seeking a balanced regulatory stance. 
  4. Renate Nikolay – A German official and long-time civil servant in the European Commission. Nikolay has significant experience in digital and privacy policy and is often seen as the most continuity-friendly candidate. 

Despite the clear qualifications among the contenders, no candidate has managed to secure the broad political support needed to clinch the role. 

The Cost of Inaction 

Six months without a permanent EDPS isn’t just a bureaucratic headache, it carries real-world consequences. 

Here’s what’s at stake: 

  • Weakened Oversight: Without strong leadership, the EDPS risks losing its influence over rapidly evolving technologies like AI, biometrics, and digital surveillance. 
  • Delayed Decisions: Critical guidance and enforcement actions may be postponed, affecting companies and citizens awaiting regulatory clarity. 
  • Loss of Global Standing: The EU’s status as a global privacy leader could be undermined if internal dysfunction continues. 

Acting officials are currently managing the day-to-day responsibilities of the office, but they lack the mandate and political clout to steer long-term strategy or take bold enforcement actions. 

What Happens Next? 

Unless lawmakers break the deadlock, the EU may face the troubling prospect of entering 2026 without a privacy chief. Some potential developments to watch: 

  • Post-Election Momentum: The outcome of the EU elections could shake up the political dynamics enough to enable a compromise.
  • Renewed Calls for Reform: The delay may prompt demands for a more transparent and efficient appointment process in the future.
  • Heightened Public Pressure: Citizens and civil society organizations may intensify their calls for action, especially amid growing concerns over AI and digital surveillance.

A Leadership Vacuum in a Critical Era 

In an age where data is currency and digital rights are under constant threat, the EU’s inability to appoint a new privacy chief sends a troubling message. The longer this leadership vacuum persists, the more it jeopardizes the EU’s ability to uphold its own privacy standards and influence global digital governance. While the candidates are ready and the need is urgent, political will remains the missing piece. For now, the fate of EU privacy leadership hangs in the balance and the clock is still ticking. 


Author

Paras Kamboj
Paras Kamboj
June 5, 2025

Let Truyo Be Your Guide Towards Safer AI Adoption

Connect with us today