Opinion of 9 November 2009 on the notification for prior checking regarding the EESC internal administrative investigations and disciplinary proceedings dossier (Case 2008-569)
On the basis of Article 2(3) of Annex IX to the Staff Regulations, General Implementing Provisions governing disciplinary procedures and administrative investigations were adopted by the European Economic and Social Committee on 7 December 2005.
The EDPS has formulated recommendations, in particular as regards data quality, time-limits for data storage (in relation specifically to the personal file but also to traffic data and hearings), rights of access and rectification and the confidentiality declaration to be provided to data subjects.
Opinion of 23 March 2009 on a notification for prior checking on the management of information sent by OLAF under Memorandum of Understanding (Case 2009-011)
The Memorandum of Understanding (hereinafter MoU) organising the exchange of information between OLAF and the Commission with respect to OLAF internal investigations in the Commission, adopted on 23 July 2003, provides for information to be provided by OLAF to the Commission in the context of internal investigations and communicated, in confidence and on a need-to-know basis, to the responsible Commissioners and Directors-General concerned. This information frequently contains personal data. The Commission does not receive all the data relating to investigations conducted by OLAF only that provided for by Regulation (EC) No 1073/1999 as specified in the MoU adopted in July 2003. This is summary information, in no way detailing all the activities undertaken during the investigations, hearings, evidence etc. OLAF has control of the information it sends to the Commission during an investigation and it generally sends summary information when an investigation is opened and in the course of it. This enables the Commission (the Commissioner and the relevant department) to have the information necessary to take any precautionary measures justified in the circumstances in order to protect the institution's financial interests and reputation (purpose of the processing).
The proposed processing does not appear to involve breaches of the provisions of Regulation (EC) No 45/2001 provided that the Commission strengthens the principle of data quality, reassesses the data storage period, reviews the content of the information provided and the arrangements for so doing and makes arrangements for exercise of the rights of access and rectification for data subjects.
Opinion of 26 January 2009 on a notification for prior checking concerning "Threats to European Commission interests in the areas of counter-intelligence and counter-terrorism" (Case 2008-0440) In the context of threat management in the areas of counter-espionage and counter-terrorism, the European Commission has set up the two separate procedures of security investigations and screening procedures in order to protect its interests and those of the Member States. The EDPS has examined the two procedures and issued recommendations including the following: establishment of a more detailed legal basis covering a broader scope spanning all the possibilities for launching a screening procedure and establishment of a procedure ensuring that data are stored no longer than necessary. The EDPS also recommended revising the screening section of the privacy statement and pro-actively supplying data subjects of screening with the privacy statement.