Print

Respect de la vie privée dans les institutions de l'UE

Le règlement (UE) 2018/1725 établit les obligations en matière de protection des données pour les institutions, organes et agences de l'UE lorsqu'ils traitent des données à caractère personnel et élaborent de nouvelles politiques. Ce règlement définit également les obligations du CEPD, y compris son rôle en tant qu’autorité indépendante de surveillance des institutions et organes de l’UE lorsqu’ils traitent des données à caractère personnel et pour formuler des conseils sur les politiques et la législation qui ont une incidence sur la vie privée et coopérer avec des autorités similaires afin d’assurer une protection des données cohérente.

Filters

14
Feb
2008
Opinions Prior Check and Prior Consultations

Control system by an iris scan - European Central Bank

Opinion of 14 February 2008 on a notification for prior checking related to the extension of a pre-existing access control system by an iris scan technology for high secure business areas (Case 2007-501)

The ECB has set up an access control system which, among others, scans the iris of ECB staff members and external individuals accessing highly secured areas within the ECB. The data generated by the access control system are also used to reconstruct events during security related incidents. 
 
The EDPS recommendations to be implemented by the ECB include, inter alia,
  • Enact a legal instrument providing the legal basis for the processing operations that take place in order to set up an access control system based on the use of biometrics (iris scan);
  • Reconsider the decision taken in terms of technological choices through an impact assessment, including a viable timetable to implement changes in technology, i.e. in the current iris scan system. In a first phase, consider introducing a "one to one" search mode by including an additional identification, for example, using ECB standard access badges together with the upgraded IrisAccess 4000. At a later stage, consider changing to a "one to one" search mode where biometric data would be stored in chips rather than in a central database;
  • Shorten the deadline for the storage of audit trail data which reveals whether an individual accessed or tried to access the areas controlled by the system; 
  • Amend the privacy statement as recommended in the Opinion.
Langues disponibles: anglais
Topics
Respect de la vie privée dans les institutions de l'UE
Sécurité et accès aux locaux
13
Feb
2008
Opinions Prior Check and Prior Consultations

Administrative enquiries and disciplinary proceedings - CEDEFOP

Opinion of 13 February 2008 on a notification for prior checking on the data processing carried out in the framework of administrative enquiries and disciplinary proceedings (Case 2007-582)

Langues disponibles: anglais
Topics
Respect de la vie privée dans les institutions de l'UE
Discipline, Enquêtes
Évaluation du personnel
Conflits d'intérêts
6
Feb
2008
Opinions Prior Check and Prior Consultations

Candidats au télétravail - Commission

Avis du 6 février 2008 sur la notification de contrôle préalable à propos du dossier "Sélection du personnel candidat au télétravail" (Dossier 2007-720)

Langues disponibles: anglais, français
Topics
Respect de la vie privée dans les institutions de l'UE
Conditions de travail
6
Feb
2008
Opinions Prior Check and Prior Consultations

Dossiers médicaux individuels au CCR - Commission

Avis du 6 février 2008 sur une notification de contrôle préalable concernant le traitement des dossiers médicaux individuels au Centre commun de recherche à Ispra et à Séville (Dossier 2007-329)

Langues disponibles: anglais, français
Topics
Respect de la vie privée dans les institutions de l'UE
Données concernant la santé au travail
6
Feb
2008
Opinions Prior Check and Prior Consultations

Identity Management Service - Commission

Opinion of 6 February 2008 on a notification for prior checking realted to the Identity Management Service (Case 2007-349)

DIGIT provides the Identity Management Service (IMS), a service used primarily to manage user populations and their rights in the context of information services. In particular, IMS facilitates the authentication and access control of users to different Commission information services, which are managed by different Directorates General. In doing so, IMS customizes user's interfaces according to user's individual characteristics. IMS is used for Commission staff as well as for personnel of other organizations and members of the public. 
 
The EDPS recommendations to be implemented by DIGIT include, inter alia,
 
(i) obtain users' consent to process data processed through IMS for customization purposes (interactively and on screen, for example, using the technique of a "pop up" window). 
(ii) consider shortening the data retention deadlines for log files
(iii) put in place a system that ensures the accuracy of personal information of non Commission staff members who have been registered in IMS by third parties such as their employers. 
(iv) amend the privacy statement and ensure its display before the use of IMS as well as the possibility to consult it at any time
Langues disponibles: anglais
Topics
Respect de la vie privée dans les institutions de l'UE
Informatique au travail