Diese Kommentare des EDSB beziehen sich auf den Entwurf der internen Geschäftsordnung der Europäischen Staatsanwaltschaft (EPPO).

Haftungsausschluss: Bitte beachten Sie, dass Teile dieses Dokuments redigiert wurden, um den internen Entscheidungsprozess der EPPO zu schützen. Der vollständige Text des endgültigen Dokuments, auf das in dieser Stellungnahme Bezug genommen wird und das vom EPPO-Kollegium angenommen wurde, finden Sie unter: https://ec.europa.eu/info/law/cross-border-cases/judicial-cooperation/networks -und-Körperschaften-unterstützende-justizielle-Zusammenarbeit / Europäische-Staatsanwaltschaft-de-Entscheidungen # des-College-of-the-Eppo.

A number of European institutions, agencies and bodies (EUIs) have implemented body temperature checks as part of the health and safety measures adopted in the context of their “return to the office” strategy as an appropriate complementary measure, among other necessary health and safety measures, to help prevent the spread of COVID-19 contamination.

At the same time, systematic body temperature checks of staff and other visitors to filter access to EUIs premises may constitute an interference into individuals’ rights to private life and/or personal data protection. The EDPS observes that body temperature checks can be implemented through a variety of devices and processes that should be subject to careful assessment. The EDPS has decided to issue the present orientations to help EUIs and Data Protection Officers (DPOs) meet the requirements of Regulation (EU) 2018/1725 (the Regulation), where applicable.

Informal consultation from an EU Agency on whether a particular number of data subjects concerned by a processing should be considered as “large scale” in the sense of Article 39(3)(b) of the Regulation.

The EDPS notes that the Regulation itself does not define what constitutes “large-scale”, analyses existing guidance on the matter and concludes that in the case of the processing underlying the informal consultation, the proportion of the relevant population as well as the nature of the personal data processed and possible resulting risks cumulatively advocate for conducting a DPIA in the case at hand.

This paper presents the issues raised by the EDPS’ own-initiative investigation into European institutions’, bodies’, offices’ and agencies’ (‘EU institutions’) use of Microsoft products and services. These findings and recommendations from the investigation are likely to be of wider interest than just of the EU institutions: they may be of particular interest to all public authorities in EU/EEA Member States.

Consultation from an European Institution on the relationship with its contractor for providing travel agency services. The contractor considers that it should be a separate controller; the EDPS analyses the relationship at hand, the consequences of different legal constructions, and concludes that a controller-processor relationship is the most appropriate arrangement. 

EDPS Letter Consultation on agreement for payroll services for local employees in a third country