Office of the Information and Data Protection Commissioner

International Co-operation

To fulfil the obligations under the Data Protection Act, the Commissioner is required to collaborate with supervisory authorities of other countries to the extent necessary for the performance of his duties, in particular by exchanging all useful information, in accordance with any convention to which
is a party or other international obligation. 

To honour this international commitment, the Commissioner attends and contributes in European and international meetings and conferences, which are:

Article 29 Data Protection Working Party

The Working Party has been established by Article 29 of Directive 95/46/EC. It is the independent EU Advisory Body on Data Protection and Privacy. Its tasks are laid down in Article 30 of Directive 95/46/EC and in Article 14 of Directive 97/66/EC.

The Working Party was set up to achieve several primary objectives:

}        To provide expert opinion from member state level to the Commission on questions of data protection.

}        To promote the uniform application of the general principles of the Directives in all Member States through co-operation between data protection supervisory authorities.

}        To advise the Commission on any Community measures affecting the rights and freedoms of natural persons with regard to the processing of personal data and privacy.

}        To make recommendations to the public at large, and in particular to Community institutions on matters relating to the protection of persons with regard to the processing of personal data and privacy in the European Community.

The Commissioner is an active member of the Article 29 Working Party.  Click here to access the documents adopted by the Article 29 WP.

Council of

Malta, being a party to the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention ETS no.108), is a member of the consultative committee (T-PD) set up in terms of Chapter V of the Convention, which meets regularly in January and June, and is entrusted inter alia to make proposals to facilitate or improve the application of the convention and to suggest amendments to the convention. 

International Conference on Privacy and Personal Data Protection

The conference is attended by Data Protection Commissioners from around the globe where data protection issues are discussed on an international level. The Commissioner is accredited as a member of this group. 

33rd International Conference of Data Protection and Privacy Commissioners
Mexico City, 2-3 November 2011

Conference of European Data Protection Authorities

The Commissioner is a member of the conference of the European Data Protection Authorities, most commonly referred to as the Spring Conference. One of the most important tasks of the European Data Protection Authorities consists in advising the authorities involved in legislative matters on data protection issues, by pointing out the risks that legislative initiatives might entail and by proposing alternatives which would be more respectful of individual's rights with regard to the processing of their personal data.

Case Handling Workshop

The Office participates in the Case Handling Workshop which meets twice a year. The working group was established by the Article 29 Working Party, and discusses inter alia complaints and current issues experienced by European Data Protection Authorities.  The sharing of cases in relation to a uniform application of the data protection directive creates the right environment for the authorities in their interpretations of domestic legislations.  The working group reports directly to the Article 29 Working Party.

Joint Supervisory Authorities

The Commissioner is a member of the Eurojust Supervisory Body, of the Europol Joint Supervisory Body and its Appeals Committee, the Schengen Joint Supervisory Authority and in the Customs Supervisory Authority.  

The Joint Supervisory Body of Europol

The Joint Supervisory Body is responsible with reviewing Europol's activities and ensure that the rights of the individual are not violated by the storage, processing and utilisation of data held by Europol. One way in which the JSB fulfils this general task is by carrying out inspections of Europol.

Under the Europol Convention the JSB is also vested with responsibility to consider whether Europol is following the principles of data protection in a number of specific areas, such as the opening of specific analysis files, the transmission of data originating from Europol, the implementation and interpretation of the Europol Convention,  analysing the rules governing the transmission of personal data by Europol to third bodies and non-Member States and drawing up harmonised proposals for common solutions to existing problems.

The JSB is responsible for safeguarding the rights individuals have in relation to their personal information. This includes considering the appeals of individuals who have requested access to their information but who are not satisfied with Europol's response.

The JSB Europol is composed of up to two representatives from the data protection authorities in each Member State . Each representative shall have an alternate member.

To ensure that the JSB remains a transparent body, the Europol Convention requires the JSB to publish an activity report at regular intervals.

Eurodac Supervision

Our office is also involved in the coordinated supervision of Eurodac, which is an information system set up for the purpose of identifying the Member State responsible for an asylum application lodged within the European Union, and in order to speed up the asylum procedure. The system enables the identification of asylum seekers and persons who have illegally crossed an external border of the European Union. The system allows Member States, through comparison of fingerprints, to verify whether an asylum seeker or foreign national, found irregularly present within the community has previously claimed asylum in another Member State . In this manner, asylum shop around in other EU countries after having already been rejected in one Member State can be avoided.

In accordance with the Eurodac Regulation, all asylum applicants over the age of 14 should have their fingerprints taken when they request asylum. These fingerprints are sent electronically to Eurodac’s Central Unit, hosted within the European Commission. The system compares the fingerprints with those already stored in the database, enabling the authorities to check if the applicant had already submitted an asylum request in another Member State .

The Eurodac Supervision is carried out centrally, by the European Data Protection Supervisor (EDPS), who is the competent authority to monitor the Central Unit, while at the national level, the data protection authorities of each participating state are responsible to oversee the collection, use and transmission of data occurring in their country.  

US Terrorist Finance Tracking Program (TFTP) - Application for access to and/or rectification, erasure or blocking of personal data processed pursuant to this program.

Article 15 of the Agreement between the United States of America and the European Union on the Processing and Transfer of Financial Messaging Data from the European Union to the United States for the Purposes of the Terrorist Finance Tracking Program (hereafter: the TFTP Agreement) provides the ability to seek access to personal data processed under the Agreement. Article 16 provides the ability to seek rectification, erasure or blocking of personal data that are inaccurate or processed in contravention of the Agreement. Articles 15 and 16 provide that your national data protection authority will act as intermediary to the U.S. Treasury Department, which administers the TFTP.

If you wish to make a request pursuant to Article 15 and/or Article 16 of the TFTP Agreement, please fill out the attached identification form (Form A), as well as the request form(s) (Form B and/or Form C) and waiver form (Form D). This is the information that is needed by the U.S. Treasury Department to conduct a thorough and accurate review in response to your request.

Proof of Identity 

Your national data protection authority needs to be satisfied that you are who you say you are. Consequently, we require you to provide evidence of your identity by supplying a photocopy of a driving licence, passport, identity card or other official identity document containing your photograph and bearing your signature. 

Your national data protection authority will verify your identity based solely on the information you provide. The photocopy of your proof of identity will not be transferred to the U.S. Treasury Department, but will remain with your national data protection authority. No later than six months after the file related to your Article 15 and/or Article 16 request has been closed, this photocopy will be destroyed.

Please note that this procedure only applies to individuals with the nationality of one of the EU Member States and those permanently residing in one of the countries of the European Union.


In order to start your application for access, please ensure you send at least the following information in hard copy to your data protection authority (see Annex 1):

- Identification Verification Form (Form A) - fully completed and signed

Article 15 Access Request Form (Form B) - fully completed and signed and/or

Article 16 Rectification, Erasure or Blocking Request Form (Form C) - fully completed and signed

Waiver form (Form D) - fully completed and signed

Photocopy of an official means of identification bearing your signature

Further information regarding your request may be provided in a separate letter. Please ensure that you have clearly indicated whether you authorize the transfer of the additional information to the U.S. Treasury Department. Without explicit authorization to transfer the additional information to the U.S. Treasury Department, that information will only be retained by your national data protection authority and will not be used by the U.S. Treasury Department to help process the request.

Upon its receipt of your application, your national DPA will forward Form D and Form(s) B and/or C to the U.S. Treasury Department. Your national DPA will keep you informed about the procedure and after a response is provided to your national DPA by the U.S. Treasury Department, your national DPA will forward the information regarding your request to you without undue delay. However, please bear in mind that the response to your access request may be very limited, given the nature of the Terrorist Finance Tracking Program.

Further information

For further information about the TFTP Agreement and requests pursuant to Article 15 and/or Article 16, please see