Étant donné que les données s’écoulent numériquement par-delà les frontières, il est essentiel que la protection des droits fondamentaux soit assurée. Dans son rôle de conseiller du législateur de l’UE, le CEPD continue d’offrir son expertise concernant les propositions d’accords internationaux de l’UE, notamment dans les domaines du commerce, de l’application des lois (par exemple les accords PNR avec des pays tiers) et de la coopération administrative. Les recommandations du CEPD visent à s’assurer que les personnes dans l’UE ne renoncent pas à leurs droits lorsque leurs données à caractère personnel sont transférées hors de l’UE.
Avis sur la proposition de décision du Conseil relative à une position à prendre par l’Union au sein du comité mixte de coopération douanière UE-Japon concernant la reconnaissance mutuelle des programmes relatifs aux opérateurs économiques agréés dans l’Union européenne et au Japon
Observations du CEPD concernant divers accords internationaux, notamment les accords PNR UE-US et UE-AUS, l'accord TFTP UE-US, ainsi que la nécessité d'une approche globale des accords internationaux relatifs à l'échange de données
EDPS Comments on the Recommendation from the Commission to the Council to authorise opening of negotiations between the European Union and the United States of America for an international agreement to make available to the United States Treasury Department financial messaging data to prevent and combat terrorism and terrorist financing
Avis concernant le rapport final du Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations et la protection de la vie privée et des données à caractère personnel, JO C 128, 06.06.2009, p. 1
The opinion relates to the Final Report by the EU-US High Level Contact Group on information sharing and privacy and personal data protection, which was presented by the EU Presidency in June 2008. The Report defines common principles on privacy and data protection as a first step towards the exchange of information between the EU and the US to fight terrorism and serious transnational crime. It also identifies options for a possible instrument that would apply the agreed common principles to data transfers.
The EDPS welcomes the progress achieved by the EU and US authorities to ensure an effective regime for privacy and personal data protection in the exchange of law enforcement information. He however emphasises the need for a careful analysis of the considered ways forward and recommends the development of a road map towards a possible agreement. Such a road map would involve all stakeholders at the different stages of the procedure and contain guidance for the continuation of the work, a timeline, as well as a further elaboration of the data protection principles on the basis of a common understanding on essential issues, such as the scope and nature of an agreement.
The EDPS calls for clarification and concrete provisions regarding the main following aspects:
nature and scope of an instrument on information sharing: for the sake of legal certainty, the EDPS shares the report's preferred option for the adoption of a legally binding instrument. This general instrument would need to be combined with specific agreements on a case by case basis to reflect the many specificities of data processing in the field of security and justice. The scope of application should also be clearly circumscribed and provide for a clear and common definition of law enforcement purposes at stake;
redress mechanisms: as one of the most prominent outstanding issues of the report, the availability of adequate means for redress needs to be properly addressed. Strong redress mechanisms, including administrative and judicial remedies, should be available to all individuals, irrespective of their nationality;
measuresguaranteeing the effective exercise of individuals' rights: further work is needed not only with regard to redress and oversight mechanisms, but also concerning the transparency of data processing and the conditions of access and rectification to personal data.
The EDPS emphasizes that the conclusion of an agreement between the EU and the US should take place under the Lisbon Treaty - depending on its entry into force – to guarantee better legal certainty, full involvement of the European Parliament and judicial control of the European Court of Justice.
Avis sur la proposition de règlement instaurant un code de conduite pour l'utilisation de systèmes informatisés de réservation, JO C 233, 11.09.2008, p. 1
The EDPS issued an opinion on the proposal for a Regulation on a Code of conduct for computerised reservation systems (CRSs).
The objective of the proposal is to update the provisions of the Code of Conduct for Computerized Reservation Systems that was established in 1989 by Regulation 2299/89. The Code would need simplification in order to reinforce competition - while maintaining basic safeguards, and ensuring the provision of neutral information to consumers. A specific article on data protection has been developed in the proposal with a view to complementing the provisions of Directive 95/46/EC which continues to apply as a lex generalis.
The EDPS welcomes the inclusion of such principles in the proposal. He stresses that these provisions could nevertheless be usefully complemented by additional safeguards on three points:
ensuring the fully informed consent of data subjects for the processing of sensitive data;
providing for security measures taking into account the different services offered by CRSs;
protecting marketing information relating to individuals from access by third parties.
With regard to the scope of application of the proposal, the criteria that make the proposal applicable to CRSs established in third countries raise the question of its practical enforcement, taking into account the complexity of the CRS network.
It is deemed as essential to put the CRS question in this global context and to be aware of the implications of having a large amount of personal data, some of them sensitive, processed in a global network practically accessible to third state authorities.
The EDPS considers it as decisive that effective compliance is ensured by competent authorities for enforcement (i.e. the Commission), as foreseen in the proposal, as well as data protection authorities.
