
Internet monitoring - Court of Auditors


Internet monitoring - Court of Auditors

Opinion of 10 November 2008 on a notification for prior checking related to Internt monitoring (Case 2008-284)

The Court of Auditors engages in the monitoring of the Court's of its Internet infrastructure for the following purposes: (i) to ensure the functionality of the network and avoid security breaches and also (ii) to verify whether Court's users employ the Internet in accordance with the allowed uses laid down in the Internet Security Policy.

The EDPS has issued an opinion relating to Court of Auditors Internet monitoring practices which assesses  the extent to which such monitoring  complies with Regulation 45/2001.  The EDPS concludes that the intended data processing activities give rise to doubts about their compatibility with necessity and proportionality principles laid down in Regulation 45/2001. To address this problem, the EDPS recommends, among others, the following:

(i) In the absence of an adequate suspicion, to abstain from monitoring URLs of visited Web sites unless there is a justified reason for such an activity, namely, in case of extremely long URLs, and  dangerous sites as specified in SANS, CERT, and similar publications; (ii) To consider using other indicators (volume of data downloaded, time spent, and other off line indicators) to discover abuse.

The Opinion contains other recommendations regarding other aspects of the data processing (provision of information, security, transfers of information, etc).

Available languages: English, French