Sicherheit und Zugangskontrolle

Der Bericht führt die wichtigsten Ergebnisse der Aktivitäten des Europäischen Datenschutzbeauftragten (EDSB) im Jahr 2007 auf, insbesondere in Bezug auf die Aufsichts- und Beratungsaufgaben.
Aus dem Bericht geht eine deutliche Zunahme der Anzahl der Vorabkontrollen von Verarbeitungen personenbezogener Daten in Organen und Einrichtungen der Gemeinschaft hervor. Der EDSB hat mit der Veröffentlichung von 12 Stellungnahmen auch die Wirksamkeit seiner Beraterrolle in Bezug auf Vorschläge für neue EU-Rechtsvorschriften, die sich auf den Datenschutz auswirken, ausgebaut.
2007 wurde der Vertrag von Lissabon unterzeichnet, der einen verstärkten Schutz personenbezogener Daten vorsieht und dessen Auswirkungen auf den Datenschutz künftig aufmerksam beobachtet werden.

Eine Druckfassung dieses Jahresberichts ist im EU Bookshop erhältlich.

Opinion of 7 April 2008 on a notification for prior checking on identity and access control system (Case 2007-635)
The Identity and Access Control System is part of the security infrastructure that protects OLAF premises and IT systems. The purpose of the data processing is to ensure that only authorised persons have access to OLAF's premises.  The system is designed to control the identity and permit or deny access of persons entering and exiting from OLAF's premises outside working hours and special secure zones. To do so, OLAF uses a smartcard and the use of fingerprints authentication. Users' biometrics data are stored only on the smartcard which cannot be used for any other purpose. For the EDPS, the processing operation is not in breach of Regulation 45/2001 if OLAF takes into account the following recommendations, for instance regarding a reassessment of the concerned data subjects submitted to enrolment; the development of fallback procedures; the setting of a shorter conservation period of data after the first year of operation of the new system; the amendment of the privacy statement and the reconsideration of the technological taking into consideration the choice of the best available techniques and discussions on future security systems.

Opinion of 14 February 2008 on a notification for prior checking related to the extension of a pre-existing access control system by an iris scan technology for high secure business areas (Case 2007-501)

• Enact a legal instrument providing the legal basis for the processing operations that take place in order to set up an access control system based on the use of biometrics (iris scan);
• Reconsider the decision taken in terms of technological choices through an impact assessment, including a viable timetable to implement changes in technology, i.e. in the current iris scan system. In a first phase, consider introducing a "one to one" search mode by including an additional identification, for example, using ECB standard access badges together with the upgraded IrisAccess 4000. At a later stage, consider changing to a "one to one" search mode where biometric data would be stored in chips rather than in a central database;
• Shorten the deadline for the storage of audit trail data which reveals whether an individual accessed or tried to access the areas controlled by the system; 
• Amend the privacy statement as recommended in the Opinion.

Answer to a notification for prior checking concerning "SECPAC" at the Joint Research Centre (Case 2007-381)

Answer to a notification of prior checking of a processing for the issuing and checking of passes giving access to the European Commission's buildings in Brussels and Luxembourg (Case 2004-235)