Privacy in the EU Institutions

Opinion of 29 September 2009 on the notification for prior checking on the "Management of the Children's Centre (CPE) - day nursery and study centre: Loustic information system and medical files" (Luxembourg) (Case 2009-089)

The Commission's Office for Infrastructure and Logistics (OIL) is in charge of managing the CPE's day nursery and study centre in Luxembourg. In this context it has set up the manual and automatic processing of administrative data collected with a view to enrolment. It has also sub-contracted the Commission's medical service the management of the medical files of children for whom an application for enrolment has been made. As part of the prior check the EDPS has made the following recommendations: the EDPS recommends that (i) the medical data be transmitted only to persons subject to an obligation of secrecy equivalent to professional secrecy, (ii) access to the automated application by childcare staff and security staff be restricted to information they need to know, (iii) the data storage periods be reviewed according to the specific need for the data and files, (iv) data subjects' rights to obtain a copy of the administrative data concerning them without constraint, without delay and free of charge, and the right to have them rectified on simple request be guaranteed, (vi) parents be allowed to rectify data relating to their child's health upon presentation of medical evidence, and (vii) declarations of confidentiality informing the parents of the data processing be modified and communicated by all possible means in order to ensure that the parents are informed.

Opinion of 28 September 2009 on the notification for prior checking on the "selection of permanent and temporary staff at the General Secretariat of the Council of the European Union" (Case 2009-197)

Guidelines concerning the processing of health data in the workplace by Community institutions and bodies

Opinion of 24 September 2009 on the notification for prior checking regarding FRA's selection and recruitment of its temporary and contractual agents (Case 2008-589)

This Report, which covers 2008 as the fourth full year of activity of the EDPS, concludes the first EDPS mandate and provides an opportunity to take stock of developments since the start.

The report shows that significant progress was achieved both in the EDPS supervisory and advisory tasks. Most Community institutions and bodies are making good progress in ensuring compliance with data protection rules, but there are still great challenges ahead. The EDPS supervision work is therefore putting more emphasis on measuring the level of compliance in practice, in particular through more systematic verifications on the spot, and on monitoring the implementation of recommendations in prior checking.

The EDPS also further improved his performance as an advisor to the European institutions and submitted opinions on an increasing number of legislative proposals. The majority of the EDPS opinions continued to concern issues related to the area of freedom, security and justice. Other subjects, such as e-privacy, public access to documents, the establishment of information systems and access to those systems, cross-border healthcare and new technologies were also quite prominent.

You can obtain a paper version of this Annual Report on EU Bookshop.