European Data Protection Supervisor
European Data Protection Supervisor

Opinions Prior Check

Opinions Prior Check

Some of the procedures that EU institutions put in place pose risks to the data protection rights and freedoms of individuals.

EU institutions are obliged by the Regulation to notify us before putting in place these risky procedures or data processing operations. They are not required to notify us each time the processing takes place.

Article 27(1) of Regulation (EC) No 45/2001 outlines the types of processing that should be notified to us:

  • The processing of certain special categories of data such as health data in pre-recruitment medical exams;
  • The processing intended to evaluate persons such as in staff appraisals, recruitment and selection of staff or contractors under procurement procedures or external experts;
  • Processing which excludes persons from a right, benefit or contract such as blacklisting for project funding;
  • When data is collected for one purpose and potentially used for another without any legal justification (legal basis) for doing so such as linking databases that serve different purposes.

Where an EU institution is unsure whether to notify us, their data protection officer can consult us for advice to confirm.
Once we have received a notification, we issue recommendations as required, to help the EU institutions make the procedure comply with the data protection rules. Our follow up work includes verifying that our recommendations have been implemented by the institution.

In general, our prior checking Opinions are public, but we may delete sensitive elements where necessary, relating to security for example.

On average we receive around 130 such notifications per year.

Filters

Pages

25/04/2018
25
Apr
2018

Enquêtes du Bureau de sécurité du SG du Conseil de l’UE

Avis de contrôle préalable concernant la conduite des enquêtes du Bureau de sécurité du Secrétariat général du Conseil de l’Union européenne (Dossier 2017-0216)

04/04/2018
4
Apr
2018

EEAS’ processing of personal data for repatriation of EU expatriate staff on medical grounds

Prior-checking Opinion regarding the EEAS’ processing of personal data for repatriation of EU expatriate staff on medical grounds (Case 2016-0778)

22/03/2018
22
Mar
2018

Internal procedures and guidelines on whistleblowing - EMCDDA

Prior-check Opinion on European Monitoring Centre for Drugs and Drug Addiction's (EMCDDA) internal procedures and guidelines on whistleblowing (Case 2016-1083)

21/03/2018
21
Mar
2018

Whistleblowing Rules- FRA

Prior-check Opinion on FRA’s whistleblowing rules (Case 2016-0737)

21/03/2018
21
Mar
2018

"Data Processing for Social Media Monitoring" at the European Central Bank (ECB) - ECB

Priorcheck Opinion on "Data Processing for Social Media Monitoring" at the European Central Bank (ECB) (Case 2017-1052)

21/03/2018
21
Mar
2018

Whistleblowing procedure in the REA and the relevant internal fraud issues - Case 2014-0178

Prior-check Opinion on “Whistleblowing procedure in the REA and the relevant internal fraud issues” (Case 2014-0178)

15/03/2018
15
Mar
2018

Whistleblowing procedure - ECHA

Prior-check Opinion on the ECHA’s whistleblowing procedure (Case 2015-1029)

15/03/2018
15
Mar
2018

Whistleblowing Procedure - EDPS

Prior-check Opinion on the Whistleblowing Procedure at the EDPS (Case 2017-0493)

13/03/2018
13
Mar
2018

Selection, Recruitment and Administrative Management - EEAS

Prior check Opinion on Selection, Recruitment and Administrative Management for Junior Professionals in EU Delegations (JPDs) (Case 2016-0772)

13/03/2018
13
Mar
2018

OHC Pregnancy Self-Assessment Data - EIB

Prior-checking Opinion regarding OHC Pregnancy Self-Assessment Data at EIB (Case 2016-0614)

08/03/2018
8
Mar
2018

Processing of Personal Data - SRB

Prior-checking Opinion regarding ‘The processing of personal data in management of all leave entitlements, processing of received requests for reimbursement of annual medical check-ups, received pre-employment medical exams/clearances’ at the Single Resolution Board (SRB) (Case 2017-0853)

02/03/2018
2
Mar
2018

Recruitment of staff - SRB

Prior-checking Opinion regarding ‘Recruitment of staff: Temporary agents (TAs), Seconded National Experts (SNEs) and trainees’ at Single Resolution Board (SRB) (Case 2017-0851)

12/02/2018
12
Feb
2018

Selection and administrative management of Blue Book Trainees - EEAS

Prior check Opinion on selection and administrative management of Blue Book Trainees in EEAS Headquarters and EU Delegations (case 2016-0771)

26/01/2018
26
Jan
2018

First-aid intervention registers - Council

Summary of Case 2017-0969:

The Council established a network of first-aiders on the basis of the Staff Regulations and the rules in the area of well-being at work. Under Belgian law in that field, the employer keeps a register in which the employee who carries out a first-aid intervention must indicate particular information concerning his intervention. The Council decided to implement a staff first-aid intervention register (first-aider record book) and a register of first-aid intervention for the medical service for instances where the medical service intervenes (on site and/or after transport of the casualty to its premises). The data subjects must be duly informed about the protection of personal data. In the light of the sensitive nature of those data and the urgent nature of the work of the first-aider, it is also essential that appropriate measures be implemented in order to guarantee the security of the personal data contained in the first-aider record book.

17/01/2018
17
Jan
2018

Administrative inquiries and disciplinary proceedings - EIT

Prior-check Opinion on "administrative inquiries and disciplinary proceedings" at European Institute of Technology & Innovation (EIT) (Case 2016-1165)

15/12/2017
15
Dec
2017

EU High Level Advisers programme in Moldova – EEAS / EC

Joint prior-checking Opinion concerning the EU High Level Advisers programme in Moldova (EDPS cases 2016-0505 and 2017-0712)

14/12/2017
14
Dec
2017

Activities of the medical service of the EEAS - EEAS

Prior-checking Opinion regarding the activities of the EEAS’ medical service (EDPS case 2016-0780)

14/12/2017
14
Dec
2017

Selection and recruitment of temporary agents, contract agents and seconded national experts - EIOPA

Notification on the selection and recruitment of temporary agents, contract agents and seconded national experts at EIOPA (case 2013-0541)

14/12/2017
14
Dec
2017

Procedure for identifying, dealing with and remedying cases of professional incompetence - EDPS

Ex-post Prior Checking Opinion on the procedure for identifying, dealing with and remedying cases of professional incompetence (Case 2017-0489)

06/12/2017
6
Dec
2017

Feedback event 2017 - EUIPO

Prior-checking Opinion regarding the Feedback Event at the European Union Intellectual Property Office (EUIPO) covering peer feedback for staff members and a 360° evaluation exercise for managers (case 2017-0136).


The peer feedback enables staff members to perform a self- assessment and provide and receive feedback about and from their peers, while the 360° feedback allows for managers receiving feedback from their peers and from direct report and line managers about their leadership skills. Individual and group feedback reports are both developed to provide an organizational overview of the results obtained through the peer and the 360º feedback exercises.
The EDPS recommended to revise the privacy statement clarifying that participants can decide to opt-out at any time  and to define the purpose of the group reports and the categories of data covered.

 

Pages