Privacy in the EU Institutions

Opinion of 26 February 2009 on a notification for prior checking regarding ETF - Flexitime procedure (Case 2008-697)

The European Training Foundation (ETF) has implemented a Flexitime system using RFID technology to ensure equal and fair treatment on a flexible working approach with a view to supporting staff to better conciliate work and private life. The procedure is implemented in a guide to Flexitime of the Agency.

The Flexitime system is not to be confused with any access control system. Although one common badge is used both for the entry to the building and for Flexitime, the Flexitime readers and the access control readers are separate machines. The Flexitime system is based on a Lotus database and is linked to other applications such as SIC Leave and SIC Mission.

There is no reason to believe that there is a breach of the provisions of Regulation (EC) No 45/2001, given that the ETF implements specific recommendations. These deal, among others, with the modification of the conservation period for data relating to audit trail, the introduction of a procedure by which the blocking of data could be ensured in case of complaint, the introduction of stronger security measures on the card and the reconsideration by ETF of its technological choice in terms of security.

Opinion of 23 February 2009 on the notification for prior checking on the "Staff Guidance and Reinstatement Group" (Case 2008-746)

The Council has set up a multidisciplinary group composed of the medical officer, examining doctor, welfare officer, psychologist, a member of the Careers and Development of Competencies Unit, a member of the Staffing and Mobility Unit and the Head of the Social Unit in order to prevent conflicts in the workplace and resolve individual professional problems at the written request of a member of staff.

The Supervisor, having examined how the Group operates in relation to the protection of personal data, has concluded that the provisions of Regulation (EC) No 45/2001 are complied with provided that the Council reviews the period of data storage, checks the appropriateness of transfer of data outside the Group on a case by case basis, ensures that only relevant data are transferred, gives fuller information to data subjects and, if necessary, informs other persons whose data are being processed.

Opinion of 20 February 2009 on a notification for prior checking regarding the engagement and use of temporary agents (Case 2008-315)

The CPVO engages long term and short-term temporary agents (TAs) for certain tasks. Personal data of applicants are used and processed during the recruitment procedure of temporary agents in order to evaluate and select the candidates for vacant TA posts. According to the internal Decision on TAs, the selection procedure for recruiting TAs for vacant posts in the CPVO can be carried out in two ways: firstly, upon request of the CPVO, the European Personnel Selection Office (EPSO) organises a selection procedure following the same standards as for competitions for officials, and secondly the CPVO itself can also organise the selection procedure. In the second case, the CPVO requests the candidates to submit the application form and various supporting documents and sets up a Selection Committee to assess the competences and knowledge of the candidates.

As a result of scrutinising the selection process from a data protection perspective, the EDPS made a number of recommendations, among those on the handling of personal information collected in the application process, on the data retention period, revision of the text and display of privacy statement.

Réponse à la notification de contrôle préalable concernant les enquêtes de satisfaction des clients (Dossier 2008-780)

Opinion of 18 February 2009 on a notification for prior checking on the procedure for early retirement without reduction of pension rights (Case 2008-748)

The European Parliament has implemented a procedure allowing officials and temporary agents who meet the eligibility conditions to file an application in order to benefit from early retirement without reduction of their pension rights.

The EDPS finds that there is a breach of Articles 11 and 12 of Regulation (EC) No 45/2001, in particular in view of the fact that no specific notice containing all the relevant data protection information is provided to the members of the staff concerned concerning the data processing that is taking place. The EDPS further makes recommendations to the European Parliament with respect to the need to also inform third parties concerned whom data are processed (e.g. in cases of requests for early retirement for family reasons) about the data processing and their right to access, correct and block their own data.