European Data Protection Supervisor
European Data Protection Supervisor

Opinions Prior Check and Prior Consultations

Opinions Prior Check and Prior Consultations

Some of the procedures that EU institutions put in place pose risks to the data protection rights and freedoms of individuals.

Under the old legal framework (Regulation (EC) 45/2001), EU institutions were obliged to notify us before putting in place risky data processing operations.

In general, our prior checking Opinions were public.

Regulation 2018/1725 builds on the old Regulation and mirrors the General Data Protection Regulation (EU) 2016/679 (GDPR) that applies to most organisations processing personal data in the Member States. Compared to the previous rules, Regulation 2018/1725 aligns documentation obligations more closely to the risks caused by processing personal data. This means for example that the documentation requirements for a EUI’s newsletter subscription will be lower than for a system using ‘intelligent CCTV’ covering publicly accessible space or a database profiling travellers for screening purposes.

Depending on the process at hand, EU institutions processing personal data ('controllers') may not have to go through all the steps below (these steps are described in the Accountability on the ground toolkit): 
• Generate basic documentation (called ‘records’) for all processes; 
• Check if the process is likely to result in high risks to the people whose data are processed and consult the DPO if it appears to do so; 
• If the EU institution needs to do a data protection impact assessment (DPIA), they analyse those risks in more detail and develop specific safeguards/controls to manage them; 
• If the results of the DPIA still indicate high residual data protection risks, the EU institution has to file a prior consultation with the EDPS (see Articles 40 and 90 of Regulation 2018/1725 respectively for administrative and operational personal data).

Article 39 of Regulation 2016/794 on Europol provides for an ad hoc prior consultation mechanism for new type of processing of operational data, namely data processed by Europol to support the Member States in preventing and combating serious crime and terrorism. Similarly, Article 72 of Regulation 2017/1939 on the European Public Prosecutor Office (EPPO) provides a specific prior consultation mechanism for the processing of operational data, namely data processed in the context of criminal investigations and prosecutions undertaken by the EPPO. Regulation 2018/1725, including the standard prior consultation mechanism, applies to Europol's and EPPO's processing of administrative data, which includes data on staff and visitors, for example.

Where an EU institution is unsure whether to notify us a data processing operation for prior consultation, their DPO can consult us for advice to confirm.

As for the old prior checking Opinions, in general the prior consultation Opinions are public, but we may delete sensitive elements where necessary, related to security for example. Some opinions, which are by nature sensitive, in particular in the police and justice area, may not be published. For the sake of transparency, these Opinions are summarised in our Annual Report.

Filters

Pages

26/04/2019
26
Apr
2019

Security Verifications of External Contractors

Security Verifications of External Contractors requiring access to [certain] EU Institutions & Bodies in Belgium (Case 2016-0894)

17/12/2018
17
Dec
2018

La procédure d’invalidité au sein le Médiateur européen

Avis de contrôle préalable concernant la procédure d’invalidité au sein le Médiateur européen (dossier 2016-0451).

10/12/2018
10
Dec
2018

Joint Prior-checking Opinion regarding Grants Award and Management in the in the Participant Portal

Joint Prior-checking Opinion regarding Grants Award and Management in the in the Participant Portal (under H2020 ÏT tools) in a number of European Union institutions - EDPS cases: C-2017-1080 REA, C- 2017-1076 SESAR, C-2017-1037 INEA, C- 2017-1068 CHAFEA, C-2017-0977 EASME and C-2017-1070 EIT.

30/11/2018
30
Nov
2018

Recruitment of Local Agents in EU Delegations by the European External Action Service (EEAS)

Prior check Opinion on Recruitment of Local Agents in EU Delegations by the European External Action Service (EEAS)

23/11/2018
23
Nov
2018

Prior-checking Opinion concerning the handling of complaints to the International Labour Organisation Administrative Tribunal

Prior-checking Opinion concerning the handling of complaints to the International Labour Organisation Administrative Tribunal (ILOAT) and EFTA Court by current or former staff members against a recruitment decision taken by ESA (EDPS case 2017-0080)

12/11/2018
12
Nov
2018

Selection, Recruitment and Administrative Management for international staff

Prior check Opinion on Selection, Recruitment and Administrative Management for international staff in CSDP Missions by the EEAS Civilian Planning and Conduct Capability (CPCC)

16/10/2018
16
Oct
2018

Selection procedure for the position of Members of the Advisory Forum of the ECDC

EDPS prior-check Opinion on the "Selection procedure for the position of Members of the Advisory Forum of the ECDC” at DG SANTE, Commission (case 2018-0039)

26/09/2018
26
Sep
2018

Updated notifications for staff appraisal and reclassification at CdT

Prior-checking Opinion regarding the updated notifications for staff appraisal and reclassification at CdT (EDPS cases 2016-0011 and 2016-0292)

25/09/2018
25
Sep
2018

The management of experts in the Participant Portal in a number of Executive Agencies

Joint Prior-checking Opinion regarding the management of experts in the Participant Portal (under H2020 IT tools) in a number of Executive Agencies and Joint Undertakings - EDPS cases: C-2017-1073 BBI, C-2017-1063 EACEA, C-2017-1085 REA, C- 2017-1075 SESAR, C-2017-1038 INEA, C- 2017-1053 CHAFEA and C-2017-0976 EASME.

19/09/2018
19
Sep
2018

Selection of confidential counsellors and informal procedures for cases of harassment

Prior-checking Opinion regarding the selection of confidential counsellors and informal procedures for cases of harassment at EIF (EDPS cases 2017-1042 and 2017-1043)

18/09/2018
18
Sep
2018

Security clearance procedure - ESA

Prior Checking Opinion on security clearance procedure at the EFTA Surveillance Authority (Case 2017-1004)

Topics:
18/09/2018
18
Sep
2018

"HR Administrative, B, H and V, Disciplinary and Grievance investigations" at EFTA Surveillance Authority

EDPS prior-check Opinion on "HR Administrative, B, H and V, Disciplinary and Grievance investigations" at EFTA Surveillance Authority (case 2017-1142)

18/09/2018
18
Sep
2018

Reasonable accomodation for persons with disabilities

EDPS prior-check Opinion on "Reasonable Accommodation for persons with disabilities” at the Council of the European Union (case 2018-0592)

31/07/2018
31
Jul
2018

Selection and management of experts outside the Participant Portal (COSME programme and EMFF) – EASME

Joint Prior-checking Opinion regarding the selection and management of experts outside the Participant Portal (COSME programme and EMFF) - EDPS cases 2017-1036 and 2017-1040

31/07/2018
31
Jul
2018

Grants management outside the Participant Portal (COSME programme and EMFF) – EASME

Joint Prior-checking Opinion regarding the grants management outside the Participant Portal (COSME programme and EMFF) - EDPS cases 2017-1035 and 2017-1039

24/07/2018
24
Jul
2018

Administrative inquiries and disciplinary proceedings - EBA

Prior-check Opinion on "administrative inquiries and disciplinary proceedings" at EBA (EDPS Case 2017-1083)

19/07/2018
19
Jul
2018

Procedure for the renewal of contracts - EBA

Prior-checking Opinion on the procedure for the renewal of temporary and contract agents’ contracts at EBA (EDPS case 2017-1082)

12/07/2018
12
Jul
2018

Administrative Inquiry Procedures - EIB

Prior-check Opinion on "Administrative Inquiry Procedures” at EIB (EDPS Case 2017-1071)

Pages