The institutions principally responsible for monitoring the compliance with Article 8 of the CFREU and the GDPR are national supervisory authorities (DPAs), called by the Court of Justice of the European Union “guardians of the fundamental right to data protection”. In order to ensure the consistent application of the GDPR they shall cooperate with each other within the European Data Protection Board (EDPB) and the Commission. This paper aims to explain to what extent they participated in the adoption of COVID-19-related surveillance measures and actively contributed to the protection of constitutional rights. Were they consistent in their positions on governments’ actions? What was the role of the EDPB in that regard? What does the way the DPAs reacted to the EU-wide restrictions to the fundamental right to personal data tell about their role as quasi-ombudsmen in the post-pandemic world?