Privatsphäre in den EU-Organen

Comments on the Court of Auditors's internet security policy

Opinion of 22 October 2007 on the notification for prior checking regarding the "Promotion of permanent staff" (Case 2007-407)

Le CEPD a examiné le traitement de données à caractère personnel et en a conclu que celui-ci ne paraît pas entraîner de violations des dispositions du règlement (CE) 45/2001 pour autant que certaines recommandations soient suivies,  en particulier: qu'un délai raisonnable soit fixé pendant lequel les données relatives à la procédure de promotion peuvent être conservées ; qu'une consigne de vigilance soit ajoutée en ce qui concerne les notes circonstanciées d'évaluation, afin de veiller à ce que les données introduites dans ces notes répondent aux exigences de l'article 4.1.c. ; que la personne concernée doit être informée au moment de la collecte des données de l'identité du responsable du traitement, de ses finalités, des catégories et de l'origine de données concernées, des destinataires, de son droit d'accès et de rectification, de la base juridique du traitement, du délai de conservation des données et de son droit de saisir à tout moment le CEPD ; que si des données sensibles au sens de l'article 10 du règlement n°45/2001 sont traitées, le traitement doit être prévu par l'une des exceptions de l'article 10.2 du règlement 45/2001.

Opinion of 22 November 2007 on a notification for prior checking on the procedure for early retirement without reduction of pension rights (Case 2007-575)

The EDPS issued an opinion on the processing of personal data in this procedure in which he concluded that there is no reason to believe that the processing of personal data in the procedure for early retirement at OHIM presents a breach of the provisions of Regulation 45/2001 provided certain recommendations are taken into account notably that OHIM reassesses the conservation period for applications; that OHIM justifies the necessity of keeping data relating to selected candidates available via the intranet for a period of 5 years and that access to the decisions of the Management Committee should be granted to data subjects regarding data relating to them subject to certain limitations based on Article 20§1(c).

Opinion of 21 November 2007 on a notification for prior checking on information and intelligence data pool and intelligence databases (Joint cases 2007-27 and 2007-28)

Information and Intelligence Data Pool” is the description given to all data held within the remit of Operational Intelligence Unit C4 in OLAF, including the Intelligence Databases.

Operational Information and Intelligence support are essential aspects of OLAF’s mandate to fight fraud, corruption, and any other illegal activity affecting the financial interests of the European Community, and serious matters relating to the discharge of professional duties - as established in Article 1 of Regulation (EC) n° 1073/1999 and Commission Decision 1999/352/EC Article 2 (5).

The purpose of the processing under analysis is then to further OLAF intelligence/analysis and operational activity. It also aims to support specific case requests, operations and investigations with a view to ensuring the optimum accuracy and relevance of information received, disseminated and otherwise processed for intelligence, financial, administrative, disciplinary and judicial use. This support may be provided throughout the various stages of OLAF investigation and operational activities, over all sectors and is recorded within the CMS (Case Management System) where applicable.

OLAF’s operational intelligence role also includes supporting the control, intelligence and enforcement activities in Member States, for OLAF partners and Operational DGs. Chapter 2.4.3 of the OLAF Manual further explains the role of OLAF's operational intelligence.

In his prior checking Opinion, the EDPS issued the main following recommendations:

• to acknowledge in the intelligence files when any restriction based on Article 20 of the Regulation is operated;
• to respect the confidentiality of the identity of whistleblowers during OLAF intelligence activities and in the later stages when appropriate;
• to provide the information (Article 12 of the Regulation) to the data subjects whose names appear in the documentation under analysis, but who are not persons concerned, witnesses, whistleblowers or informants, unless such activity would be impossible or would involve a disproportionate effort, in which case the obligation to provide directly the information could only be replaced by the indirect provision through the privacy statement published on the OLAF website. The same principle should be applied when intelligence activities are conducted independently of an investigation;
• to supplement the publication on the website with personalised information notices addressed to individuals (unless such activity would be impossible or would involve a disproportionate effort). The EDPS therefore calls upon OLAF to develop practices in providing personalised information to the individuals concerned to the degree it is appropriate in the context of intelligence activities and inform the EDPS about such guidelines.

Answer to a notification for prior checking on the administration of external activities (Case 2007-417)