European Data Protection Supervisor
European Data Protection Supervisor

Privacy in the EU Institutions

Privacy in the EU Institutions

Regulation (EC) No 45/2001 - which will be adapted in 2017, in order to be brought in line with the General Data Protection Regulation - lays down the data protection obligations for the EU institutions and bodies when they process personal data and develop new policies. The Regulation also sets out the duties of the EDPS including its role as an independent supervisory authority of the EU institutions and bodies when they process personal data and for advising on policies and legislation that affect privacy and cooperating with similar authorities to ensure consistent data protection.

Here you will find EDPS documents about privacy and data protection concerning the processing of personal data by the EU institutions and bodies, such as staff evaluation, accreditation of external visitors, access control.

Filters

Pages

13/10/2017
13
Oct
2017

Video-surveillance system - EESC and CoR

Prior-checking Opinion regarding the video-surveillance system of the European Economic Social Committee and the Committee of the Regions (Case 2017-0662)

The Opinion regards the rather sophisticated video-surveillance system of the European Economic Social Committee and the Committee of the Regions. In the light of the EDPS Guidelines on Video-surveillance and against the background of a data protection impact assessment conducted, it contains recommendations on covert surveillance (concealed cameras), the collection of special categories of data and applicable retention periods.

Tags:
Wednesday, 27 September, 2017
27
Sep
2017

Newsletter (N°
53
)

In the September 2017 edition of the EDPS Newsletter we cover the EDPS Opinion on the digital single gateway, the investigation of complaints relating to medical data and the latest developments in privacy engineering.
21/09/2017
21
Sep
2017

Recruitment for the selection of staff - CEPOL

Prior-checking Opinion regarding recruitment for the selection of staff at European Union Agency for Law Enforcement Training (CEPOL) (Case 2017-0187)

Tags:
18/09/2017
18
Sep
2017

Enterprise Portfolio Management Tool - Council

Letter concerning Article 27(3) consultation concerning the “Enterprise Portfolio Management Tool” (Case 2014-0173)

08/08/2017
8
Aug
2017

Automated vehicle license plate recognition - ECB

Prior check opinion regarding automated vehicle license plate recognition at the European Central Bank (Case 2016-0695)

Tags:
07/08/2017
7
Aug
2017

Whistleblowing Policy - EIOPA

Prior-check Opinion on EIOPA’s Whistleblowing Policy (Case 2017-0466)

28/07/2017
28
Jul
2017

Selection procedure - FRA

Prior check opinion regarding selection procedure of the members of the Advisory Panel at the Fundamental Rights Agency (Case 2017-0427)

Tags:
26/07/2017
26
Jul
2017

360° feedback exercise - EASME

Prior-checking Opinion regarding 360° feedback exercise for managers in the Executive Agency for Small and Medium-sized Enterprises (Case 2017-0588)

Tags:
11/07/2017
11
Jul
2017

Whistleblowing Procedure - EP

Prior-checking Opinion on the European Parliaments Whistleblowing Procedure (EDPS case 2017-0379)

27/06/2017
27
Jun
2017

Probation periods - EIF

Prior-checking Opinion regarding probation periods and the e-probation tool at the European Investment Fund (Case 2015-1107)

During the probation evaluation of a staff member and the adoption of the probation report, the EIF processes personal data of that staff member. To ensure transparency and fairness, information on this processing should be provided to the concerned individuals through a specific data protection notice. This notice should be made available on the Intranet. A link to the notice should also be added to the respective forms, reports and/or to the messages sent to the staff members in the different stages of probation evaluation. The notice should also clearly set out the procedures for granting individuals' rights, including also information on within which time limit a reaction can be expected from the EIF to the requests of the individuals. Staff members should be granted access to all their data kept in their personal file and in the electronic database, even after the end of employment. While letters containing probation decisions would need to be kept throughout the career of a staff member, probation reports may not necessarily remain relevant during the whole career. The retention of probation reports up to five years after the end of a particular appraisal procedure would be considered appropriate.

Tags:
21/06/2017
21
Jun
2017

Whistleblowing procedure - EDA

Prior check opinion on EDA’s Whistleblowing procedure (Case 2017-0381)

Tuesday, 20 June, 2017
20
Jun
2017

Newsletter (N°
52
)

In the June 2017 edition of the EDPS Newsletter we introduce you to our new-look Newsletter and cover the EDPS Opinion on ePrivacy, our continuing work on data ethics and the launch of our 2016 Annual Report, as well as many other EDPS activities.
12/06/2017
12
Jun
2017

Selection, recruitment and administrative management of contract agents - EEAS

Prior-checking Opinion regarding selection, recruitment and administrative management of contract agents in EU Delegations (Case 2016-0770)

Tags:
12/05/2017
12
May
2017

Newsletter Nr. 51

The May 2017 edition of the EDPS Newsletter covers recently adopted Opinions on data protection and the EU institutions, digital content and the European Travel Information and Authorisation System (ETIAS), as well as many other EDPS activities.

Tags:
10/05/2017
10
May
2017

Staff Regulations - EEAS

Letter concerning "Article 24 and Article 90 of the Staff Regulations" at the European External Action Service (Case 2017-0262)

Tags:
04/05/2017
4
May
2017

2016 Annual Report - The state of privacy 2017: EDPS provides mid-mandate report

The new EU data protection framework consists of much more than just the GDPR. New rules for the EU institutions and ePrivacy are yet to be finalised, and remain a key focal point for EDPS work. As well as providing advice to the legislator on these new rules, the EDPS has started working with the EU institutions and bodies to prepare them for the changes to come. A particular focus of his efforts in 2016 was on promoting accountability, a central pillar of the GDPR which it is safe to assume will also be integrated into the new rules for EU institutions and bodies.

In 2016, the EDPS also made a considerable effort to help move the global debate on data protection and privacy forward and mainstream data protection into international policies. He advised the EU legislator on the Umbrella agreement and the Privacy Shield and engaged with data protection and privacy commissioners from every continent. He also continued to pursue new initiatives, such as the Ethics Advisory Group, through which he intends to stimulate global debate on the ethical dimension of data protection in the digital era.

The EDPS aims to make data protection as simple and effective as possible for all involved. This requires ensuring that EU policy both reflects the realities of data protection in the digital era and encourages compliance through accountability.

Full text of the Annual Report:PDF icon
E-book (e-pub):File
04/05/2017
4
May
2017

The state of privacy 2017: EDPS provides mid-mandate report

As we approach the mid-point of the current EDPS mandate and continue the countdown to the General Data Protection Regulation (GDPR), the EU must build on current momentum to reinforce its position as the leading force in the global dialogue on data protection and privacy in the digital age, the European Data Protection Supervisor (EDPS) said today to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE), as he presented his 2016 Annual Report.

04/05/2017
4
May
2017

The state of privacy 2017: mid-mandate report

The state of privacy 2017: mid-mandate report, Speech by Giovanni Buttarelli for the presentation of the 2016 EDPS Annual Report to the LIBE Committee, European Parliament

04/04/2017
4
Apr
2017

360° tool - feedback and leadership competencies - EC/OIB

Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)

The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.

Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.

Tags:
04/04/2017
4
Apr
2017

Internal mobility - EIF

Prior-checking opinion regarding internal mobility at the European Investment Fund (Case 2015-1102)

Tags:

Pages