This article presents the results of an interview study carried out with sixteen data-protection authorities in Central and Eastern Europe. The study focuses on the way that data protection authorities reason about the past. The theoretical argument advanced in the text is that data protection in a post-communist context bears a specific historical significance due to the recent experiences with the extensive, coercive state surveillance that was systematized under the communist regimes. The article focuses on the institutional role conceptions of data protection authorities-a theoretical concept that denotes perceptions of the role of an organization within the larger institutional environment. High-level officials from data protection authorities in sixteen countries were interviewed about change and continuity in surveillance. The results show that historical reflectivity is not a dominant feature of the leadership of contemporary data protection authorities and that different countries differ considerably. The respondents least able or willing to discuss the topics of change and continuity are in societies with recent high-level surveillance scandals, such as Bulgaria and North Macedonia.