Security investigations - Commission

Opinion of 2 October 2008 on a notification for prior checking on security investigations (Case 2007-736)

The ADMIN/DS/RA section of the Commission is empowered to take measures in response to criminal acts concerning the buildings occupied by the Commission, the people who work in or for various reasons have access to those buildings, and any other acts which may be harmful to the institution. This includes collecting and keeping evidence and taking various investigative steps to gather such evidence, technical reporting, and collecting statements from victims, complainants, witnesses and where appropriate the perpetrators of acts.

The EDPS has examined the processing of personal data in the procedure for security investigations, and has concluded that it does not appear to breach the provisions of Regulation (EC) No 45/2001 so long as certain recommendations are followed, in particular that the department responsible should assess the proportionality of its processing activities on a case‑by‑case basis; that it should provide adequate safeguards during its activities; that it should ensure that transfers of data are legal and necessary; that it should improve the procedures relating to the rights of access to and rectification of data, and should provide the requisite information to the data subjects concerned by the investigations.