Vorabkontrolle

Avis du 12 novembre 2008 sur la notification de conctrôle préalable concernant le recrutement de directeurs (Dossier 2008-435)
OHIM organises and manages the selection process of managers in order to select the best suited candidates for a particular position (internal and candidates). The data processing operations towards the selection of candidates are carried out by the Selection Committee, by its Secretariat and by the Internal Mobility and Recruitment of Managers Section of the Human Resources Department. The Prior Check Opinion gives recommendations to ensure full compliance with Regulation 45/2001, in particular, among others, it suggests that OHIIM (I) sets up a procedure for providing access rights; (II) Updates the processor contract to reflect the application of national law to the security measures that must be implemented by processors; (III) Amends the privacy policy and uploads it in a visible place on web site.

Avis du 11 novembre 2008 sur la notification de contrôle préalable à propos de la base de données d'experts (Dossier 2008-455)

Opinion of 11 November 2008 on a notification for prior checking on the procedure in the event of absence owing to illness or accident (Cases 2008-271 et 2008-283)

At the Council, absences owing to illnesses are managed by a specific Medical Absences Management Department, responsible for officials, temporary staff, contract staff and detached national and military experts working at the Council.  Various data processing operations are carried out by this department, for the purpose of ensuring compliance with all statutory and other regulations concerning absence owing to illness or accident and to prevent unjustified medical absences (obtaining medical certificates, checking medical absences, etc.).

The EDPS has examined the processing of personal data in the context of the management of absences owing to illness and has concluded that it does not appear to involve any infringement of the provisions of Regulation (EC) No 45/2001 provided that certain recommendations are followed, and in particular that the department responsible for the processing changes the data retention period, puts in place a procedure to be followed in respect of applications for access to or rectification of data and informs data subjects in accordance with Articles 11 and 12 of the Regulation.

Opinion of 10 November 2008 on a notification for prior checking related to Internt monitoring (Case 2008-284)

The Court of Auditors engages in the monitoring of the Court's of its Internet infrastructure for the following purposes: (i) to ensure the functionality of the network and avoid security breaches and also (ii) to verify whether Court's users employ the Internet in accordance with the allowed uses laid down in the Internet Security Policy.

The EDPS has issued an opinion relating to Court of Auditors Internet monitoring practices which assesses  the extent to which such monitoring  complies with Regulation 45/2001.  The EDPS concludes that the intended data processing activities give rise to doubts about their compatibility with necessity and proportionality principles laid down in Regulation 45/2001. To address this problem, the EDPS recommends, among others, the following:

(i) In the absence of an adequate suspicion, to abstain from monitoring URLs of visited Web sites unless there is a justified reason for such an activity, namely, in case of extremely long URLs, and  dangerous sites as specified in SANS, CERT, and similar publications; (ii) To consider using other indicators (volume of data downloaded, time spent, and other off line indicators) to discover abuse.

The Opinion contains other recommendations regarding other aspects of the data processing (provision of information, security, transfers of information, etc).

Opinion of 7 November 2008 on the notification for prior checking regarding the Internal Promotion of Officials and Regrading of Temporary Agents (Case 2008-095)