Nos avis portent principalement sur des propositions législatives et sont adressés au législateur de l'UE (le Parlement européen, le Conseil et la Commission européenne), dans le but de signaler les principales préoccupations en matière de protection des données ainsi que nos recommandations.
Ces avis sont rendus en réponse aux demandes de la Commission, qui est légalement tenue de demander notre avis sur toute proposition législative ou projet d'actes d'exécution ou délégués, ainsi que sur les recommandations et propositions au Conseil dans le cadre d'accords internationaux conformément à l'article 42(1) du règlement (UE) 2018/1725 lorsqu'il y a un impact sur la protection des données personnelles.
Nous émettons également des avis d'initiative dans le cadre de notre rôle de conseil sur toutes les questions relatives au traitement de données personnelles.
Avis sur la proposition de règlement établissant les critères et mécanismes de détermination de l'Etat membre responsable de l'examen d'une demande de protection internationale présentée dans l'un des Etats membres par un ressortissant de pays tiers ou un apatride [COM(2008) 820 final)], JO 229, 23.09.2009, p. 1
The primary aim of the Proposal is to increase the efficiency of the Dublin system and to ensure higher standards of protection afforded to applicants for international protection subject to the Dublin procedure. Furthermore, it aims to reinforce the solidarity towards those Member States which are faced with situations of particular migratory pressures.
The EDPS supports the Commission's Proposal for a Regulation and shares the understanding of the reasons to revise the existing system. The EDPS considers that some of the observations made in this opinion can be further developed when seeing the practical implementation of the revised system. In particular, he intends to contribute to the definition of implementing measures concerning the exchange of information through the DubliNet.
Avis sur la proposition de directive faisant obligation aux Etats membres de maintenir un niveau minimal de stocks de pétrole brut et/ou de produits pétroliers, JO C 128, 06.06.2009, p. 42
The current issue serves as a good illustration of the fact that there should be a constant awareness of the rules on data protection. In a situation which concerns Member States and their obligation to hold emergency oil stocks, which are owned mainly by legal entities, the processing of personal data is not very obvious, but, even though it is not envisaged as such, it can still take place. One should in any case consider the likelihood of personal data processing taking place and act accordingly.
Deuxième avis relatif au réexamen de la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 128, 06.06.2009, p. 28
This Opinion follows upon a first EDPS Opinion, as well as Comments, in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.
This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission or previously recommended by the EDPS. The recommendations presented in this Opinion aim at streamlining some of the provisions of the Directive, while at the same time ensuring an adequate level of data protection and privacy.
The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement.
Avis sur la communication de la Commission intitulée "Vers une stratégie européenne en matière d'e-Justice", JO C 128, 06.06.2009, p. 13
The Communication aims to propose an e-Justice Strategy that intends to increase citizens' confidence in the European area of Justice. E-Justice's primary objective should be to help justice to be administered more effectively throughout Europe, for the benefit of the citizens. The EU's action should enable citizens to access information without being hindered by the linguistic, cultural and legal barriers stemming from the multiplicity of systems. A draft action plan and timetable for the various projects are annexed to the Communication.
E-Justice has a very wide-ranging scope, including in general the use of ICT in the administration of justice within the European Union. This covers a number of issues like projects providing litigants with information in a more effective way. This includes online information on judicial systems, legislation and case law, electronic communication systems linking litigants and the courts and the establishment of fully electronic procedures. It covers also European projects like the use of electronic tools to record hearings and projects involving information exchange or interconnection.
The EDPS supports the present proposal to establish e-Justice and recommends taking into account the observations made in his opinion, which includes:
Taking into account the recent Framework decision on the protection of personal data in the field of police and judicial cooperation in criminal matters - including its shortcomings - not only when implementing the measures envisaged in the Communication, but also with a view to starting as soon as possible the reflections on further improvements of the legal framework for data protection in law enforcement;
Including administrative procedures in e-Justice. As part of this new element, e-Justice projects should be initiated to enhance the visibility of data protection rules as well as national data protection authorities, in particular in relation to the kinds of data processed in the framework of e-Justice projects;
Maintaining a preference for decentralized architectures;
Ensuring that the interconnection and interoperability of systems duly takes into account the purpose limitation principle;
Allocating clear responsibilities to all actors processing personal data within the envisaged systems and providing mechanisms of effective coordination between data protection authorities;
Ensuring that processing of personal data for purposes other than those for which they were collected should respect the specific conditions laid down by the applicable data protection legislation;
Clearly defining and circumscribing the use of automatic translations, so as to favour mutual understanding of criminal offences without affecting the quality of the information transmitted;
Clarifying Commission responsibility for common infrastructures, such as the s-TESTA;
With regard to the use of new technologies, ensuring that data protection issues are taken into account at the earliest possible stage ("privacy-by-design") as well as fostering technology tools allowing citizens to be in better control of their personal data even when they move between different Member States.
Avis concernant la proposition de directive relative à l'application des droits des patients en matière de soins de santé transfrontaliers, JO C 128, 06.06.2009, p. 20
The proposal aims at establishing a Community framework for the provision of cross-border healthcare within the EU, for those occasions where the care patients seek is provided in another Member State than in their home country. The implementation of such a scheme requires the exchange of personal data relating to the health of patients between authorized organisations and healthcare professionals of different Member States.
The EDPS welcomes the proposal and expresses his support to the initiatives of improving the conditions for cross-border healthcare. He expresses concerns, however, about the fact that EC healthcare related initiatives are not always well co-ordinated with regard to ICT use, privacy and security, thus hampering the adoption of a universal data protection approach towards healthcare. This is also evident in the proposal where references to data protection are mainly of a general nature and do not adequately reflect the specific privacy-related needs of cross-border healthcare.
The EDPS defines two main areas of concern regarding data protection in cross-border healthcare: a) the different security levels which may be applied by the Member States for the protection of personal data, and b) privacy integration in e-health applications. To this end, the EDPS makes the following recommendations:
Provision of a clear definition for 'health data'.
Introduction of a specific Article on data protection, clearly describing the responsibilities of the Member States and identifying areas for further development.
Adoption of a Community mechanism for the definition of a commonly acceptable security level for health data to be applied by the Member States.
Incorporation of the notion of 'privacy by design' already in the proposed Community template for e-Prescription.
Introduction of a more explicit reference to the specific requirements relating to subsequent use of data concerning health as laid down in Article 8 of Directive 95/46.
