Vorabkontrolle

Opinion of 23 March 2009 on a notification for prior checking on the management of information sent by OLAF under Memorandum of Understanding (Case 2009-011)

The Memorandum of Understanding (hereinafter MoU) organising the exchange of information between OLAF and the Commission with respect to OLAF internal investigations in the Commission, adopted on 23 July 2003, provides for information to be provided by OLAF to the Commission in the context of internal investigations and communicated, in confidence and on a need-to-know basis, to the responsible Commissioners and Directors-General concerned.  This information frequently contains personal data.  The Commission does not receive all the data relating to investigations conducted by OLAF only that provided for by Regulation (EC) No 1073/1999 as specified in the MoU adopted in July 2003.  This is summary information, in no way detailing all the activities undertaken during the investigations, hearings, evidence etc.  OLAF has control of the information it sends to the Commission during an investigation and it generally sends summary information when an investigation is opened and in the course of it.
This enables the Commission (the Commissioner and the relevant department) to have the information necessary to take any precautionary measures justified in the circumstances in order to protect the institution's financial interests and reputation (purpose of the processing).

The proposed processing does not appear to involve breaches of the provisions of Regulation (EC) No 45/2001 provided that the Commission strengthens the principle of data quality, reassesses the data storage period, reviews the content of the information provided and the arrangements for so doing and makes arrangements for exercise of the rights of access and rectification for data subjects.

Opinion of 10 March 2009 on the notification for prior checking concerning the "end-of-probation procedure" case (Case 2008-720)

Opinion of 26 February 2009 on a notification for prior checking regarding ETF - Flexitime procedure (Case 2008-697)

The European Training Foundation (ETF) has implemented a Flexitime system using RFID technology to ensure equal and fair treatment on a flexible working approach with a view to supporting staff to better conciliate work and private life. The procedure is implemented in a guide to Flexitime of the Agency.

The Flexitime system is not to be confused with any access control system. Although one common badge is used both for the entry to the building and for Flexitime, the Flexitime readers and the access control readers are separate machines. The Flexitime system is based on a Lotus database and is linked to other applications such as SIC Leave and SIC Mission.

There is no reason to believe that there is a breach of the provisions of Regulation (EC) No 45/2001, given that the ETF implements specific recommendations. These deal, among others, with the modification of the conservation period for data relating to audit trail, the introduction of a procedure by which the blocking of data could be ensured in case of complaint, the introduction of stronger security measures on the card and the reconsideration by ETF of its technological choice in terms of security.

Opinion of 23 February 2009 on the notification for prior checking on the "Staff Guidance and Reinstatement Group" (Case 2008-746)

The Council has set up a multidisciplinary group composed of the medical officer, examining doctor, welfare officer, psychologist, a member of the Careers and Development of Competencies Unit, a member of the Staffing and Mobility Unit and the Head of the Social Unit in order to prevent conflicts in the workplace and resolve individual professional problems at the written request of a member of staff.

The Supervisor, having examined how the Group operates in relation to the protection of personal data, has concluded that the provisions of Regulation (EC) No 45/2001 are complied with provided that the Council reviews the period of data storage, checks the appropriateness of transfer of data outside the Group on a case by case basis, ensures that only relevant data are transferred, gives fuller information to data subjects and, if necessary, informs other persons whose data are being processed.

Opinion of 20 February 2009 on a notification for prior checking regarding the engagement and use of temporary agents (Case 2008-315)

The CPVO engages long term and short-term temporary agents (TAs) for certain tasks. Personal data of applicants are used and processed during the recruitment procedure of temporary agents in order to evaluate and select the candidates for vacant TA posts. According to the internal Decision on TAs, the selection procedure for recruiting TAs for vacant posts in the CPVO can be carried out in two ways: firstly, upon request of the CPVO, the European Personnel Selection Office (EPSO) organises a selection procedure following the same standards as for competitions for officials, and secondly the CPVO itself can also organise the selection procedure. In the second case, the CPVO requests the candidates to submit the application form and various supporting documents and sets up a Selection Committee to assess the competences and knowledge of the candidates.

As a result of scrutinising the selection process from a data protection perspective, the EDPS made a number of recommendations, among those on the handling of personal information collected in the application process, on the data retention period, revision of the text and display of privacy statement.