Vorabkontrolle

Opinion of 5 June 2009 on the notification for prior checking regarding the "Application for administering traineeships" (Case 2008-485)

The European Commission has a department responsible for administering the procedures for selecting and recruiting Commission trainees.

The EDPS has examined the processing of personal data under these procedures and has concluded that the processing operation does not appear to involve any breach of the provisions of Regulation (EC) No 45/2001, provided that certain recommendations are followed, in particular that the department responsible reassesses the categories of data stored and their respective storage periods, verifies on a case-by-case basis that the data transfer is necessary and that only relevant data are transferred, and guarantees the right of access to evaluations carried out as part of the process for recruiting trainees.

Opinion of 4 May 2009 on a notification for prior checking concerning "ETF annual dialogue" (Case 2009-168)

This notification concerns the processing of personal data in the exercise of yearly evaluation of staff members of ETF.

The EDPS made recommendations in particular relating to data retention period, the right of blocking and the privacy statement to be given to the data subjects

Opinion of 20 May 2009 on the notification for prior checking regarding the management of safety at work at the Joint Research Centre's Institute for Health and Consumer Protection in Ispra (Case 2008-541)

The Notification and the EDPS Opinion concern a dedicated filing system: "Management of Safety at Work" used by the Institute. Personal data with an implication for safety at work are collected and stored in this filing system and consulted when needed. The purpose of the processing is to comply with the employer's obligations on safety at work under Italian laws. The processing operation covers all employees of the Institute.

With regard to data quality and proportionality, the EDPS recommended that the Institute should reconsider whether the safety officer indeed needs direct access to general training data in SYSLOG Formation, as well as training data on languages and e-learning, in addition to training information directly relevant to safety at work. On rights of access, the EDPS recommended that the Institution should establish a minimum set of safeguards to ensure that access requests will be addressed in a timely manner and without restraints. With regard to information to data subjects, the EDPS recommended that notice with respect to certain items under Articles 11 and 12 of the Regulation should be provided in a more specific manner.

Opinion of 19 May 2009 on the notification for prior checking regarding the prevention of harassment (Case 2008-477)

The Advisory Committee on Harassment and its Prevention at the Workplace functions in the European Parliament with the multiple purpose of promoting a peaceful and productive working environment, preventing and/or stopping harassment of staff (officials and other servants) of the European Parliament (EP), playing a role of conciliation and mediation, training and information and playing an active role within the EP's existing health promotion network. The ACPH combats psychological and sexual harassment on the basis of complaints. In the framework of its activities, the ACPH can process various personal data, including sensitive data, related to a particular individual.

After careful analysis of the data processing activities, the EDPS advised to improve different aspects of the processing, inter alia, regarding the confidentiality of handling personal data, reconsidering the retention period and drawing up a privacy notice and provide personalised information to the person concerned.

Opinion of 19 May 2009 on the notification for prior checking regarding the processing of personal data in DG ENTR Entreprise Data Warehouse (Case 2008-487)

The DG ENTR Data Warehouse (EDW) is a system in charge of retrieving data from multiple data sources (ABAC, COMREF, SYSLOG and DG ENTR's in-house financial data). The main goal is to provide managers with powerful reports presenting metrics of performance, like the 'Scoreboard' report, at destination of the Head of Units, Directors and Director General.

The EDPS examined the processing in the light of the legal requirements of Regulation (EC) 45/2001 and concluded that there was no breach of the Regulation provided certain recommendations are taken into account and notably:

• The Data Warehouse should be limited to the use of data specified in the current notification and require further authorisation if other databases where to be added as database sources;
• The data minimization principles, the accuracy of data and the necessity to transfer them should be assessed and evaluated;
• DG ENTR should implement specific security measures relating to the planned system's specifications.