Privatsphäre in den EU-Organen

Die Verordnung (EU) 2018/1725 legt die Datenschutzverpflichtungen für die Organe, Einrichtungen und Agenturen der EU fest, wenn sie personenbezogene Daten verarbeiten und neue Strategien entwickeln. Darüber hinaus führt die Verordnung die Pflichten des EDSB auf. Diese umfassen seine Aufgaben als unabhängige Kontrollbehörde für die Organe und Einrichtungen der EU, wenn diese personenbezogene Daten verarbeiten, die Beratung zu politischen Maßnahmen und Rechtsvorschriften, die sich auf den Schutz der Privatsphäre auswirken, und die Zusammenarbeit mit vergleichbaren Behörden zur Gewährleistung eines kohärenten Datenschutzes.

Hier finden sich die EDSB-Dokumente über Privatsphäre und Datenschutz in Bezug auf die Verarbeitung personenbezogener Daten durch die Einrichtungen und Organe der EU, z. B. bei Mitarbeiterbewertung, Akkreditierung externer Besucher oder Zugangskontrolle.

Filters

Filter by Publication Year

Filter by Tags

Filter by Institution

Filter by Publication Type

Nov

2008

Opinions Prior Check and Prior Consultations

Expert database - EFSA

Avis du 11 novembre 2008 sur la notification de contrôle préalable à propos de la base de données d'experts (Dossier 2008-455)

The Notification concerns EFSA’s Expert Database. This database contains professional data of external scientific experts who may be called upon to carry out advisory work for EFSA (and for national authorities in Member States with a similar mandate to EFSA). The Notification also covers EFSA's procedure to select external scientific experts from the database for its specific scientific projects.

The EDPS, in general, was satisfied with the data protection safeguards provided by EFSA. To further improve EFSA's data protection compliance, he recommended that the end-users' attention should be specifically called to the limited nature of the validity check that EFSA carries out, suggesting that they use the database as a pool of applications, rather than as a pool of experts whose skills and reliability have already been carefully checked by EFSA in each case.

To ensure the accuracy and up-to-datedness of the profiles kept in the database, he further recommended that automatic reminders should be sent to experts who failed to update their profiles (or confirm their old profiles) with a warning that failure to respond (after a number of reminders) would entail the automatic deletion of their profiles. EFSA was also requested to provide for an appropriate conservation period for processing data during the selection procedure for specific assignments.

With respect to rights of access, the EDPS recommended that EFSA should provide procedural safeguards to ensure that access rights are granted in a timely manner and without undue constraints (including access to certain internal documents). These may include a time-limit established for response to the request by EFSA, and the obligation for the controller to request the advice of the DPO in case of doubt whether a request can be granted. Finally, as regards information to data subjects, the EDPS noted that certain additional information needed to be provided.

Verfügbare Sprachen: Englisch, Französisch

Topics

Privacy in the EU Institutions

Procurements, Grants, Experts

Nov

2008

Opinions Prior Check and Prior Consultations

Absence owing to illness or accident

Opinion of 11 November 2008 on a notification for prior checking on the procedure in the event of absence owing to illness or accident (Cases 2008-271 et 2008-283)

At the Council, absences owing to illnesses are managed by a specific Medical Absences Management Department, responsible for officials, temporary staff, contract staff and detached national and military experts working at the Council. Various data processing operations are carried out by this department, for the purpose of ensuring compliance with all statutory and other regulations concerning absence owing to illness or accident and to prevent unjustified medical absences (obtaining medical certificates, checking medical absences, etc.).

The EDPS has examined the processing of personal data in the context of the management of absences owing to illness and has concluded that it does not appear to involve any infringement of the provisions of Regulation (EC) No 45/2001 provided that certain recommendations are followed, and in particular that the department responsible for the processing changes the data retention period, puts in place a procedure to be followed in respect of applications for access to or rectification of data and informs data subjects in accordance with Articles 11 and 12 of the Regulation.

Verfügbare Sprachen: Englisch, Französisch

Topics

Privacy in the EU Institutions

Health Data in the Workplace

Nov

2008

Opinions Prior Check and Prior Consultations

Internet monitoring - Court of Auditors

Opinion of 10 November 2008 on a notification for prior checking related to Internt monitoring (Case 2008-284)

The Court of Auditors engages in the monitoring of the Court's of its Internet infrastructure for the following purposes: (i) to ensure the functionality of the network and avoid security breaches and also (ii) to verify whether Court's users employ the Internet in accordance with the allowed uses laid down in the Internet Security Policy.

The EDPS has issued an opinion relating to Court of Auditors Internet monitoring practices which assesses the extent to which such monitoring complies with Regulation 45/2001. The EDPS concludes that the intended data processing activities give rise to doubts about their compatibility with necessity and proportionality principles laid down in Regulation 45/2001. To address this problem, the EDPS recommends, among others, the following:

(i) In the absence of an adequate suspicion, to abstain from monitoring URLs of visited Web sites unless there is a justified reason for such an activity, namely, in case of extremely long URLs, and dangerous sites as specified in SANS, CERT, and similar publications; (ii) To consider using other indicators (volume of data downloaded, time spent, and other off line indicators) to discover abuse.

The Opinion contains other recommendations regarding other aspects of the data processing (provision of information, security, transfers of information, etc).

Verfügbare Sprachen: Englisch, Französisch

Topics

Privacy in the EU Institutions

IT at Work

Nov

2008

Opinions Prior Check and Prior Consultations

Promotion of Officials and Regrading of Temporary Agents - OHIM

Opinion of 7 November 2008 on the notification for prior checking regarding the Internal Promotion of Officials and Regrading of Temporary Agents (Case 2008-095)

The purpose of the processingis to conduct the yearly internal promotion/regrading exercise for members of staff. At the beginning of each yearly exercise, the lists of the staff members eligible for promotion and regrading are published on the OHIM's Intranet. A database of staff members to whom promotion/regrading points may be awarded is set up containing administrative data synchronised from a human resources module. The database is made accessible for the respective Directors for a limited period of time so that they can attribute the promotion/regrading points. The members of the Management Committee have to agree on a proposal of points to be awarded. An individual notification of the proposed points is sent to the staff members concerned who may lodge an appeal against the notification within ten working days to the Joint Evaluation and Promotion Committee (JEPC). Before the Appointing Authority takes a formal decision concerning promotions, the JEPC shall examine and issue an opinion on the list of candidates for promotion. It shall also issue an opinion on the overall awarding of promotion points. Wherever relevant, it shall formulate recommendations to the Appointing Authority. The final promotion/regrading points are awarded by the Appointing Authority and notified to the staff member concerned. The lists of promoted/regraded staff members are published on OHIM's Intranet.

The EDPS examined the procedure and concluded that there is no reason to believe that there is a breach of the provisions of Regulation (EC) 45/2001 provided that certain considerations are taken into account notably that the conservation period be reassessed after the first ten years based on practical experience; the recipients be made aware that they shall process the personal data they receive in the course of the promotions procedure only for that purpose; and that information is provided on categories of data processed, notably in the data base, and the recipients of the data other than the Management Committee and the HRD's Personnel Administration Sector.

Verfügbare Sprachen: Englisch, Französisch

Topics

Privacy in the EU Institutions

Staff Evaluation

Nov

2008

Opinions Prior Check and Prior Consultations

Radiation exposure - Commission

Opinion of 5 November 2008 on the notification for prior checking regarding occupational radiation exposure data (Case 2007-0383)

In order to ensure the legitimate performance of radiological surveillance and the implementation of fundamental principles governing operational protection of exposed workers the DG TREN Health Protection Cell (DG TREN H4) is processing personal data of staff members who are occupationally exposed to ionising radiation in the course of their work. Under special service contracts, approved laboratories deliver the results of occupational protection monitoring concerning staff members classified as occupationally exposed to ionising radiation.

The radiological surveillance and occupational monitoring data are entered manually into the Microsoft ACCESS bases Personal Dosimetry database of DG TREN H4. Data relevant to the personal radiology protection and surveillance are registered in individual radiation pass books. Following an occupational health examination, the medical service of the Commission submits information (yes/no) concerning the individual physical fitness of the staff members.

The EDPS delivered a prior checking opinion considering that there is no reason to believe that there is a breach of the provisions of the Regulation provided notably that the right of access and rectification of personal data of the persons concerned is not conditioned to "specific circumstances"; information is provided on the categories of recipients and right to have recourse to EDPS at any time; individuals receive the information listed in Article 12 (privacy statement) before the processing operation is launched; and that the confidentiality and security of communications is guaranteed when information is transferred between subcontractors and the DG TREN-H4, and between DG TREN-H4 and the national competent authorities.

Verfügbare Sprachen: Englisch, Französisch

Topics

Privacy in the EU Institutions

Health Data in the Workplace

Access to documents
Administrative and Human Resources
Artikel 7 - Recht auf Achtung des Privat- und Familienlebens
Bindende unternehmensinterne Regeln
Biometrie
Geldwäsche
Intelligente Transportsysteme
Case Management System
EMRK
EuGH
Communication
Computerforensik
Europarat
Vorratsdatenspeicherung
COVID-19
Verletzungen des Schutzes personenbezogener Daten
Informationsrecht
EU-Fluggastdatensystem
Europol
Finance
IT am Arbeitsplatz
IT
Tracking
Management of the EDPS
mHealth
PETs
Physical Security
Public Events
Verordnung (EU) 2018/1725
Safe Harbour
Schengener Informationssystem (SIS)
SIS SCG
Staff Committee
Supervision by EDPS
Surveys
Artikel 8 - Recht auf den Schutz personenbezogener Daten
Auskunftsrecht
Blockchain
Verschlüsselung
Standardvertragsklauseln
Klinische Erprobungen
Übereinkommen 108
Zusammenarbeit in Steuersachen
EGMR
Cybersecurity
Disziplinarverfahren und interne Ermittlungen
eCall
Europäisches Strafregisterinformationssystem (ECRIS)
Fluggastdaten (PNR)
OECD
Profiling
Visa-Informationssystem (VIS)
VIS SCG
Angemessenheitsentscheidungen
Betrugsbekämpfung
Cloud Computing
Europäischer Datenschutzausschuss / Artikel-29-Arbeitsgruppe
Cybercrime Convention
Terrorismusbekämpfung
Drohnen
Recht auf Berichtigung
Eurodac
Eurodac SCG
Steuerflucht
Privacy Shield
Mobile Geräte und Apps
Zollinformationssystem (ZIS)
CIS SCG
Datenschutzrahmenabkommen
Recht auf Löschung
Finanzmärkte
Vereinte Nationen
Personalauswahl
Binnenmarktinformationssystem (IMI)
Open Data
Recht auf Einschränkung der Verarbeitung
Personalbeurteilung
IMI SCG
TTIP
Arbeitsbedingungen
Smart Meters
Recht auf Datenübertragbarkeit
Ein-/Ausreisesystem (EES)
Beschaffungswesen, Fördermittel, Expertenauswahl
Widerspruchtsrecht
Soziale Netzwerke
Automatisierte Entscheidungen im Einzelfall einschließlich Profiling
Gesundheitsdaten am Arbeitsplatz
Anti-Mobbing-Verfahren
Datenschutzbeauftragter
Interessenkonflikte
Sicherheit und Zugangskontrolle
Netzneutralität
Encryption
Künstliche Intelligenz
Ethik
Robotik
Charta der Grundrechte der Europäischen Union
Datenschutz-Grundverordnung
Polizeirichtlinie
Datenschutzrichtlinie für elektronische Kommunikation („e-Datenschutz-Richtlinie“)
Verordnung (EG) Nr. 45/2001
Rechte des Einzelnen
Notwendigkeit und Verhältnismäßigkeit
Datenschutz durch Technikgestaltung
Interoperabilität
Datenschutz durch datenschutzfreundliche Voreinstellungen
Rechenschaftspflicht
Internationale Abkommen
Internationale Standards
Koordinierung der Aufsicht und IT-Großsysteme
Rechtsprechung und Streitsachen
Datenübermittlungen
Koordinierung der Aufsicht
IT-Großsysteme
Informationssicherheit
Big Data und Digital Clearinghouse
Internet der Dinge
Personal Information Management-System
IPEN (Internet Privacy Engineering Network)
eGovernment
Grenzen, Asyl, Migration
Gemeinsame Außen- und Sicherheitspolitik
Wettbewerb
Verbraucher
Finanzen und Wirtschaft
Gesundheit
Binnenmarkt
Digitaler Binnenmarkt
Justizielle Zusammenarbeit
Polizeiliche Zusammenarbeit
Elektronische Kommunikation, Informationsgesellschaft
Forschung und Wissenschaft
Verkehr
Privatsphäre in den EU-Organen
Transparenz
Meldung von Missständen („Whistleblowing“)
Überwachung
Sicherheit
Technologien

Agency for the Cooperation of Energy Regulators (ACER)
Body of European Regulators for Electronic Communications (BEREC)
Clean Sky Joint Undertaking (CSJU)
Committee of the Regions (CoR)
Community Plant Variety Office (CPVO)
Consumers, Health and Food Executive Agency (CHAFEA)
Council of the European Union
Court of Justice of the European Union (CJEU)
ECSEL Joint Undertaking (ECSEL)
eu-LISA
European Agency for Safety and Health at Work (EU-OSHA)
European Anti-Fraud Office (OLAF)
European Asylum Support Office (EASO)
European Aviation Safety Agency (EASA)
European Banking Authority (EBA)
European Border and Coast Guard Agency (FRONTEX)
European Central Bank (ECB)
European Centre for Desease Prevention and Control (ECDC)
European Centre for the Development of Vocational Training (Cedefop)
European Chemicals Agency (ECHA)
European Climate, Infrastructure and Environment Executive Agency (CINEA)
European Commission
European Court of Auditors (ECA)
European Data Protection Board (EDPB)
European Data Protection Supervisor (EDPS)
European Defence Agency (EDA)
European Economic and Social Committee (EESC)
European Education and Culture Executive Agency (EACEA)
European Environment Agency (EEA)
European External Action Service (EEAS)
European Fisheries Control Agency (EFCA)
European Food Safety Authority (EFSA)
European Foundation for the Improvement of Living and Working Conditions (Eurofound)
European GNSS Agency (GSA)
European Health and Digital Executive Agency (HaDEA)
European Innovation Council and SMEs Executive Agency (EISMEA)
European Institute for Gender Equality (EIGE)
European Institute of Innovation and Technology (EIT)
European Insurance and Occupations Pensions Authority (EIOPA)
European Investment Bank (EIB)
European Investment Fund (EIF)
European Labour Authority (ELA)
European Maritime Safety Agency (EMSA)
European Medicines Agency (EMA)
European Ombudsman (Ombudsman)
European Parliament
European Personnel Selection Office (EPSO)
European Police College (CEPOL)
European Police Office (EUROPOL)
European Public Prosecutor's Office (EPPO)
European Research Council Executive Agency (ERCEA)
European Research Executive Agency (REA)
European Securities and Markets Authority (ESMA)
European Systemic Risk Board (ESRB)
European Training Foundation (ETF)
European Union Agency for Fundamental Rights (FRA)
European Union Agency for Network and Information Security (ENISA)
European Union Agency for Railways (ERA)
European Union Drugs Agency
European Union Institute for Security Studies (EUISS)
European Union Intellectual Property Office (EUIPO)
European Union Satellite Centre (EUSC)
Fuel Cells & Hydrogen Joint Undertaking (FCHJU)
Fusion for Energy (F4E)
Innovative Medicines Initiative Joint Undertaking (IMI JU)
Joint Research Centre (JRC)
Office for Harmonisation in the Internal Market (OHIM)
Other
SESAR Joint Undertaking (SESAR JU)
Single Resolution Board (SRB)
The European Union's Judicial Cooperation Unit (EUROJUST)
Translation Centre for the Bodies of the European Union (CdT)

Administrative Hinweise
Gemeinsame Stellungnahmen von EDSB und EDSA
Book
Data Protection Notices
DPO Meetings and Trainings
Internationale Übermittlungen
TechDispatch
Memorandum of Understanding
Resolutions
Reference Library
European Conferences
DPO News
Events
International Conferences
Legislation
Reports
Priorities
Press Releases
Vorabkontrolle
Other Documents
Papers
SCG Documents
Speeches & Articles
Strategy
Opinions Non Prior Check
Stellungnahmen des EDSB
Code of Conducts
Formelle Kommentare
Supervisory Opinions
Call for Tenders
Brochures
Annual Activity Reports
Annual Reports
Gerichtsverfahren
Untersuchungen
Inspektionen
Newsletters
Leitlinien
Forms
Ethical Framework
Factsheets
Konsultationen durch Behörden