Vorabkontrolle

Opinion of 19 May 2008 on the notification for prior checking regarding OLAF's CCTV system (Case 2007-634)
This prior checking opinion concerns the closed-circuit television system (CCTV system) operated by the European Anti-Fraud Office (OLAF) within its premises in Brussels for security purposes. The case is the first among the EDPS opinions involving video-surveillance and constitutes a true prior checking case where the EDPS issued his opinion before OLAF started to operate the system.

On the whole, the EDPS was satisfied with the proportionality of the CCTV system and the data protection safeguards implemented by OLAF.

The positive outcome of the EDPS proportionality analysis was based primarily on the grounds that (i) the purposes of the system are clearly delineated, relatively limited, and legitimate and (ii) the location, field of coverage and resolution, and other aspects of the set-up of the CCTV system appear to be adequate, relevant and not excessive in relation to achieving the specified purposes, taking into consideration also the sensitivity of the information held by OLAF.

In particular, the main purpose of OLAF’s CCTV system is protection against unauthorized physical access, in particular, to sensitive operational information and IT equipment. Cameras are only located near exit and entry points to the OLAF secure area and at certain other strategic locations such as certain unattended IT rooms and the OLAF Document Management Centre.

None of the cameras monitor areas where staff would be continuously present and there are no instances where a staff member working in a certain area would be constantly in the field of vision of a camera. There are also no cameras in individual offices, in the cafeteria/kitchen areas, near or in restrooms, or in other areas where staff members and visitors would expect a high degree of privacy. Neither is the cameras' field of vision directed towards parts of the Commission building occupied by others than OLAF. Finally, the cameras' field of vision is also not directed to any areas outside the building on Belgian territory, with a view of neighbouring streets, buildings or other private or public areas.

Nevertheless, the EDPS made important recommendations. First and foremost, it recommended OLAF to reconsider the planned conservation period to ensure that data are kept no longer than necessary for the purposes initially contemplated.

In addition, although OLAF made significant efforts to set appropriate data protection safeguards, improvements could still be made, primarily in the way these safeguards are documented and communicated to data subjects. Importantly, the EDPS recommended that OLAF adopts an internal document describing its CCTV system and providing for appropriate data protection safeguards.

Finally, whereas the EDPS also welcomed OLAF's efforts to provide a layered notice in a user-friendly manner, he further encouraged OLAF to provide more specific and accurate information to data subjects regarding some items listed under Article 12 of the Regulation.

Opinion of 16 May 2008 on a notification for prior checking on the selection of candidates in order to establish a short-list for the position of European Data Protection Supervisor and the position of Assistant Supervisor (Case 2008-222)

Opinion of 29 April 2008 on a notification for prior checking on the selection procedure of members of the Agency's Scientific Committee (Joint cases 2008-179 and 2008-202)
In accordance with Regulation (EC) 168/2007 establishing the FRA, the Management Board of the Agency shall appoint a Scientific Committee after consultation of the competent Committee at the European Parliament. The FRA has therefore established a selection procedure for the selection of candidates for membership of the Scientific Committee and has submitted it to the EDPS for prior checking during the course of the procedure. Indeed, the shortlist of candidates has been established by the bodies involved in the selection procedure at the FRA (pre-selection panel, Executive Board, and Management Board) and the list of candidates is about to be communicated to the EP LIBE Committee.

The LIBE Committee requests that the Management Board provides the following information to the members of the Committee: a copy of the open call for tender and information on how the call was disseminated; a description of the selection criteria used during the procedure with justification of the selection methodology chosen; the number of applications received, broken down according to a Member State and gender, with information on how many of the applicants were not eligible to apply and a short list of candidates with their applications and CVs.

The LIBE Committee will discuss applications in a LIBE Committee session open to the public. It will then give its opinion about the candidates after receiving the above information by expressing its order of preference in a secret ballot. This opinion will be communicated to the FRA Management Board allowing it to nominate members of the Scientific Committee.

The LIBE Committee intends to make the names of the short listed candidates, their CVs and the results of the vote public based on the consent of the candidates. Non-consent on the part of any of the candidates will lead to the non publication on their data.

The EDPS adopted an opinion on this selection procedure and considered that although it was regrettable that the Notification from the FRA was submitted when the processing was well underway, all recommendations made by the EDPS, should be fully taken into account and the remedies should be put into practice. These recommendations where the following:
- that the FRA clarifies the periods for conservation of personal data; - that the FRA sets up procedures to ensure the right of access to candidates' personal data;
- that the FRA provides information to all the candidates in a privacy notice available on the FRA website and also to short listed candidates before communicating the data to the LIBE Committee;
- that the information on the processing of personal data remains available on the FRA website throughout the procedure in case applicants want to refer back to it;
- that the EP provides certain information on the processing of personal data to candidates when inviting them to attend the hearing before the LIBE Committee.

Opinion of 29 April 2008 on the notification for prior checking regarding the "Selection of confidential counsellors in the framework of the fight against psychological harassment and sexual harassment at the European Commission" (Case 2008-60)

Opinion of 28 March 2008 on the notification for prior checking regarding the case "Authorisations to give evidence in court" (Case 2007-721)