Vorabkontrolle

Opinion of 16 January 2009 on a notification for prior checking on the management of Central and Local Training SYSLOG Formation (Case 2008-481)

SYSLOG is the administrative management tool for training at the European Commission in three fields: informatics, language and general. It is managed by DG ADMIN. However, some data processing also takes place within each Directorate-General by its training manager (COFO) and informatics training manager (REFOI).

The EDPD considers that the data processing is in line with Regulation 45/2001 but advises DG ADMIN among others to: (1) Set up reasonable time limits for dealing with requests from data subjects exercising their right of access and, (2) Set up procedures to provide the privacy policy to staff members working for agencies/bodies with no access to SYSLOG.

Opinion of 16 January 2009 on the notification for prior checking regarding the "Invalidity Committee procedure" (Case 2008-626)

The Council of the European Union has established a procedure defining the arrangements for referrals to and the functioning of an invalidity committee responsible for evaluating the invalidity of an official, temporary member of staff or contract member of staff, the opinion of which will be used as a basis for a decision on whether the person concerned should be granted invalidity or resume work.

The EDPS recommends, inter alia, that the administrative departments dealing with social medicine be reminded that they are subject to professional secrecy, and that health-related data be disclosed only to persons authorised to receive such data and who are subject to professional secrecy. The EDPS also recommends that the information note be revised to include information on data recipients and on whether replies to questions are obligatory or voluntary and the possible consequences if the individual refuses to produce medical certificates.

Opinion of 15 January 2009 on the notification of prior checking concerning the "management of the crèche of the General Secretariat of the Council and billing" case (Case 2007-441).

The processing operation concerns, firstly, the procedure for enrolment and admission, as the case may be, of children to the GSC crèche through the examination of administrative and financial data provided by the persons having legal responsibility for the child. It is also designed to monitor the child's presence at the facilities, particularly with a view to monitoring attendance, controlling access of persons dropping off children and reimbursing crèche expenses.
It follows that the processing operation in this case is intended to evaluate the personal and family circumstances of parents and their children in the light of the eligibility criteria for admission. The processing operation also concerns data relating to health.
In its recommendations, the EDPS stressed, inter alia, that the GSC should:

• remove the requirement to submit a medical form from Article II of the crèche rules and clarify Article VIII so that it is understood that there will be no medical examination until after the child has obtained a place at the crèche;
• refer in the crèche rules to the existence of a waiting list;
• ensure that the administrative arrangement with the OIB specifies that the processor can act only on instructions from the controller, and that it sets out the security measures applicable to the data to which the OIB has access.

Opinion of 9 January 2009 on the notification for prior checking on the "Annual exercise for early retirement without reduction of pension rights" (Case 2008-552)

The purpose of the processing is the implementation of the annual exercises for early retirement without reduction of acquired pension rights, in accordance with Article 9 of Annex VIII to the Staff Regulations and the second and third subparagraphs of Article 39(1) of the CEOS. Decision 100-2004 of 21 December 2004 laying down general implementing provisions on early retirement without reduction of pension rights implements this data processing operation.

The proposed processing operation would not appear to involve any breach of the provisions of Regulation (EC) No 45/2001, provided the Court of Auditors reconsiders the data storage period and reviews the content of the information supplied and the arrangements for supplying it, and also the rights of access and rectification.

Opinion of 24 November 2008 on a notification for prior checking concerning the "promotion procedure" (Case 2007-292)

On 19 November 2005 the Court of Auditors adopted a Decision (No 45/2005) on promotions, in application of Article 45 of the Staff Regulations of Officials of the European Communities.

The proposed processing operation does not appear to involve any infringement of Regulation (EC) No 45/2001 provided that the Court informs recipients that they may not use the data for other purposes, revises the content and form of information it provides, and clarifies the rights of access granted to data subjects.