European Data Protection Supervisor
European Data Protection Supervisor

Opinions Prior Check

Opinions Prior Check

Some of the procedures that EU institutions put in place pose risks to the data protection rights and freedoms of individuals.

EU institutions are obliged by the Regulation to notify us before putting in place these risky procedures or data processing operations. They are not required to notify us each time the processing takes place.

Article 27(1) of Regulation (EC) No 45/2001 outlines the types of processing that should be notified to us:

  • The processing of certain special categories of data such as health data in pre-recruitment medical exams;
  • The processing intended to evaluate persons such as in staff appraisals, recruitment and selection of staff or contractors under procurement procedures or external experts;
  • Processing which excludes persons from a right, benefit or contract such as blacklisting for project funding;
  • When data is collected for one purpose and potentially used for another without any legal justification (legal basis) for doing so such as linking databases that serve different purposes.

Where an EU institution is unsure whether to notify us, their data protection officer can consult us for advice to confirm.
Once we have received a notification, we issue recommendations as required, to help the EU institutions make the procedure comply with the data protection rules. Our follow up work includes verifying that our recommendations have been implemented by the institution.

In general, our prior checking Opinions are public, but we may delete sensitive elements where necessary, relating to security for example.

On average we receive around 130 such notifications per year.

Filters

Pages

11/07/2017
11
Jul
2017

Whistleblowing Procedure - EP

Prior-checking Opinion on the European Parliaments Whistleblowing Procedure (EDPS case 2017-0379)

07/07/2017
7
Jul
2017

Initial Processing in the event of Whistleblowing - CJUE

Prior Checking Opinion on Initial Processing in the event of Whistleblowing (Case 2017-0304)

27/06/2017
27
Jun
2017

Probation periods - EIF

Prior-checking Opinion regarding probation periods and the e-probation tool at the European Investment Fund (Case 2015-1107)

During the probation evaluation of a staff member and the adoption of the probation report, the EIF processes personal data of that staff member. To ensure transparency and fairness, information on this processing should be provided to the concerned individuals through a specific data protection notice. This notice should be made available on the Intranet. A link to the notice should also be added to the respective forms, reports and/or to the messages sent to the staff members in the different stages of probation evaluation. The notice should also clearly set out the procedures for granting individuals' rights, including also information on within which time limit a reaction can be expected from the EIF to the requests of the individuals. Staff members should be granted access to all their data kept in their personal file and in the electronic database, even after the end of employment. While letters containing probation decisions would need to be kept throughout the career of a staff member, probation reports may not necessarily remain relevant during the whole career. The retention of probation reports up to five years after the end of a particular appraisal procedure would be considered appropriate.

21/06/2017
21
Jun
2017

Whistleblowing procedure - EDA

Prior check opinion on EDA’s Whistleblowing procedure (Case 2017-0381)

07/06/2017
7
Jun
2017

Video-surveillance - GSA

Prior-checking Opinion regarding video-surveillance at the GSA headquarters (Case 2016-1052)

04/04/2017
4
Apr
2017

Internal mobility - EIF

Prior-checking opinion regarding internal mobility at the European Investment Fund (Case 2015-1102)

04/04/2017
4
Apr
2017

Promotion and reclassification - EMSA

Prior checking notification concerning promotion and reclassification at the European Maritime Safety Agency (Case 2016-0396)

04/04/2017
4
Apr
2017

360° tool - feedback and leadership competencies - EC/OIB

Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)

The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.

Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.

03/04/2017
3
Apr
2017

Whistleblowing policy - ENISA

Prior-check Opinion on ENISA’s Whistleblowing Policy (Case 2017-0109)

29/03/2017
29
Mar
2017

Whistleblowing Procedure - EUIPO

Prior-check Opinion on EUIPO Whistleblowing Procedure (Case 2016-1056)

28/03/2017
28
Mar
2017

360° Feedback Exercise - F4E

Prior-checking Opinion regarding 360° feedback exercise for managers at Fusion for Energy (Case 2016-0535)

22/03/2017
22
Mar
2017

Staff appraisal - EUIPO

Prior check opinion on an update of EUIPO's procedures for staff appraisal (update of cases 2004-0293 and 2008-0415)

15/02/2017
15
Feb
2017

Ex-ante product quality audits - EUIPO

Prior checking Opinion concerning ex-ante product quality audits (Case 2016-0477)

Organisations such as EUIPO ensure the quality of their output in different ways. One such way is checking the quality of decisions before it leaves the organization (ex-ante), recording the error rate and trends in the type and category of errors - and using a database to record this monitoring process.
As staff members remain identifiable in the process and are given feedback at individual level on the basis of this processing operation, this might lead to implications for their performance evaluation(on such processing operations, see EDPS Guidelines in the area of staff evaluation ). This is why the organization needs to comprehensively inform those concerned, grant all data subjects’ rights and ensure the accuracy of the data processed.

13/02/2017
13
Feb
2017

Administrative situation of Accredited Parliamentary Assistants - EP

Prior checking Opinion concerning controls of administrative situation of Accredited Parliamentary Assistants (Confluence) (Case 2016-1060)

09/02/2017
9
Feb
2017

Selection of Director and Deputy - EIB

Prior checking Opinion of 9 February 2017 concerning selection of the Managing Director and the Deputy Managing Director for the European Fund for Strategic Investments (Case 2015-0801)

09/02/2017
9
Feb
2017

Selection of interim - BEREC

Prior checking Opinion of 9 February 2017 concerning the selection of interim workers (Case 2015-1088)

07/02/2017
7
Feb
2017

Whistleblowing Policy - EBA

Prior-check Opinion of 7 February 2017 on Whistleblowing Policy of the European Banking Authority (EBA) (Case 2016-1173)

30/01/2017
30
Jan
2017

Administrative inquiries and disciplinary proceedings - EMCDDA

EDPS prior-check opinion of 30 January 2017 on administrative inquiries and disciplinary proceedings at European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) (Case 2016-0989)

26/01/2017
26
Jan
2017

Development programme for SG middle managers

Opinion on a notification for prior checking regarding the "SG - Development programme for SG middle managers, use of self-perception questionnaire ("PERFORMANSE") and 360° tool of feedback on leadership competencies" (Case 2013-1290)

20/01/2017
20
Jan
2017

360° Programme for managers - ECHA

Prior-checking opinion regarding 360° programme for managers at the European Chemicals Agency (Case 2016-0002)

Pages