Privacy in the EU Institutions

Lettre en réponse à une consultation sur l'examen médical préalable à l'embauche des assistants parlementaires

Opinion of 5 June 2009 on a notification for prior checking on documents provided during recruitment (Case 2008-755)

The European Commission obtains and processes various documents when recruiting officials and other staff. Those documents are obtained in order to check that the applicant meets the requirements in terms of the Staff Regulations and of the selection/competition notice; to determine the applicant's ranking; and to determine his or her pay entitlements and create an access badge.

The EDPS has examined the personal data processing involved in the handling of these documents and has concluded that it does not seem to entail any breach of the provisions of Regulation (EC) No 45/2001 provided that certain recommendations are followed, in particular that the department responsible should limit the obtention and storage of criminal record data and should limit the obtention of applicants' birth certificates.

Opinion of 5 June 2009 on the notification for prior checking regarding the "Application for administering traineeships" (Case 2008-485)

The European Commission has a department responsible for administering the procedures for selecting and recruiting Commission trainees.

The EDPS has examined the processing of personal data under these procedures and has concluded that the processing operation does not appear to involve any breach of the provisions of Regulation (EC) No 45/2001, provided that certain recommendations are followed, in particular that the department responsible reassesses the categories of data stored and their respective storage periods, verifies on a case-by-case basis that the data transfer is necessary and that only relevant data are transferred, and guarantees the right of access to evaluations carried out as part of the process for recruiting trainees.

Opinion of 4 May 2009 on a notification for prior checking concerning "ETF annual dialogue" (Case 2009-168)

This notification concerns the processing of personal data in the exercise of yearly evaluation of staff members of ETF.

The EDPS made recommendations in particular relating to data retention period, the right of blocking and the privacy statement to be given to the data subjects

Opinion of 20 May 2009 on the notification for prior checking regarding the management of safety at work at the Joint Research Centre's Institute for Health and Consumer Protection in Ispra (Case 2008-541)

The Notification and the EDPS Opinion concern a dedicated filing system: "Management of Safety at Work" used by the Institute. Personal data with an implication for safety at work are collected and stored in this filing system and consulted when needed. The purpose of the processing is to comply with the employer's obligations on safety at work under Italian laws. The processing operation covers all employees of the Institute.

With regard to data quality and proportionality, the EDPS recommended that the Institute should reconsider whether the safety officer indeed needs direct access to general training data in SYSLOG Formation, as well as training data on languages and e-learning, in addition to training information directly relevant to safety at work. On rights of access, the EDPS recommended that the Institution should establish a minimum set of safeguards to ensure that access requests will be addressed in a timely manner and without restraints. With regard to information to data subjects, the EDPS recommended that notice with respect to certain items under Articles 11 and 12 of the Regulation should be provided in a more specific manner.