Opinions Prior Check and Prior Consultations

Opinion of 31 July 2007 on a notification for prior checking on Trainee Recruitment (Case 2007-208)

In his Opinion the EDPS has recommended various actions in order to ensure that the data processing fully complies with Regulation (EC) No 45/2001.  In particular, among others, the EDPS has recommended certain periods for retaining different types of data about the trainee that the data controller must adopt and that the trainee is kept informed of these periods.  He has also recommended that it would be good practice to ensure that recipients are reminded when they receive the personal data of candidates that they should not use the data for any further purposes beyond that of trainee recruitment.

Opinion of 31 July 2007 on a notification for prior checking on the recruitment of translation trainees (Case 2007-324)

In his Opinion the EDPS has recommended various actions in order to ensure that the data processing fully complies with Regulation (EC) No 45/2001.  In particular, among others, the EDPS has recommended certain periods for retaining different types of data about the trainee that the data controller must adopt and that the trainee is kept informed of these periods.  He has also recommended that it would be good practice to ensure that recipients are reminded when they receive the personal data of candidates that they should not use the data for any further purposes beyond that of recruitment of translation trainees.

Opinion of 27 July 2007 on a notification for prior checking on the "Management of crèches and childcare facilities" (Case 2007-148)

This dossier deals with the management of "crèches and after-school childcare services in Brussels", undertaken by the Commission's Crèche and Childcare Service. The persons concerned are the children of the staff of the European institutions, those children's parents and persons authorised to collect and drop off children.

Processing is the subject of a prior check since, as part of assessing and selecting children to be admitted to crèches and childcare services based on the criteria set out in internal regulations, the collection of health and administrative data constitutes information on the state of health of the person concerned and their personality.

One recommendation by the EDPS is that if, in future, a waiting list is drawn up for the childcare services, the Commission should guarantee that the medical record is collected only after the child has been admitted to the outdoor or after-school childcare facilities. A further recommendation is that, instead of inquiring about civil status, the Commission should ask whether the family is a one or two-parent family (one or both parents has/have responsibility for the child) or should, at least, inform the parents that data collection on their marital status is not relevant/necessary for the purpose of data processing. It was stressed that the Commission should guarantee protection of the rights of the persons concerned in this kind of processing by means of a clause to be added to the service contract concluded with the company which runs the two private crèches. The EDPS has also recommended that the contract concluded with the childcare company explicitly include provisions on the roles of the controller and the sub-contractor respectively and include provisions on the requirements governing the confidentiality and security of the processing.

Opinion of 27 July 2007 on a notification for prior checking related to Administration of the Accidents and Occupational Disease Insurance (Case 2007-157)

The EDPS has issued an opinion on the management of the scheme which concludes that on a general basis the scheme complies with the principles established in the data protection regulation.  However the EDPS did make some recommendations mainly as concerns raising awareness among non-medical PMO.3 staff regarding medical secrecy, the need to make more visible the privacy statement in the appropriate web site so that EU staff members are properly informed of the processing of their personal data. The EDPS also suggested that the web site for the scheme should ask EU staff members to send medical reports in sealed envelopes marked with the terms 'confidential' and/or 'to be opened by addressee only' and that guidelines should be issued by PMO 3 in order to ensure that inadequate, irrelevant and non excessive information is not provided in medical reports.

Opinion of 27 July 2007 on a notification for prior checking regarding the dossier "Asbestosis: screening and follow-up - 'Asbestos' database (Medical service and psychological/social measures BXL)" (Case 2004-227)

• spécifie que les personnes en charge du traitement ne puissent pas utiliser ces données à d'autres fins. Le même principe est applicable aux autres éventuels destinataires mentionnés. En plus, le CEPD recommande que dans le cadre de transferts à d'autres institutions, seules les personnes habilitées à connaître des données relatives à la santé, soumises au secret professionnel, soient destinataires des dossiers médicaux.
• ne permette pas un refus général d'accès aux notes personnelles des médecins figurant dans le dossier médical.
• autorise la personne concernée à demander que son dossier médical figurant dans la base de données "Asbestos" soit complet, en ce sens qu'elle puisse demander que soient ajoutées à son dossier des informations telles que l'avis contradictoire d'un autre médecin ou une décision de la Commission sur un élément du dossier médical, pour garantir la présence d'informations mises à jour. Par conséquent, le CEPD considère que la réponse à la question 5 de la "Déclaration de confidentialité" devrait ajouter cette possibilité.