Die EU insgesamt und ihre einzelnen Mitgliedstaaten sehen sich neuen, vielfältigen und komplexen Sicherheitsbedrohungen gegenüber, die zunehmend internationalen und grenzüberschreitenden Charakter haben. Zur Bekämpfung von Terrorismus und grenzüberschreitendem Verbrechen wurden mehrere rechtliche und praktische Instrumente eingerichtet. Insbesondere wurden der Informationsaustausch und die operative Zusammenarbeit zwischen den Strafverfolgungsbehörden ausgebaut.
Stellungnahme vom 15. Mai 2014 zur Meldung des Datenschutzbeauftragten des Europäischen Parlaments für eine Vorabkontrolle über die Verarbeitung personenbezogener Daten im Zusammenhang mit der biometrischen Kontrolleinrichtung des Parlaments (Fall 2014-1110)
EDPS comments on the Communication from the Commission to the European Parliament and the Council on a European Terrorist Finance Tracking System (TFTS) and on the Commission Staff Working Document - Impact Assessment accompanying the Communication from the Commission to the European Parliament and the Council on a European Terrorist Finance Tracking System (TFTS)
In October 2013, the EDPS was notified of a data security breach involving unauthorised access to an EU Agency database which is operated by an external contractor. This database contained the names and email addresses of approximately 70 individuals. The Agency asked the EDPS for advice on how best to handle this breach, and has now implemented all our suggested remedial measures. These included carrying out a full investigation with the contractor, implementing amendments to the contract, and notifying affected data subjects.
Some EU institutions may already have their own rules in place about reporting security breaches to the relevant internal departments. Whilst we welcome this type of proactive approach, we are presently unable to provide a direct or definitive instruction on any obligations to notify security breaches to the controller or the EDPS, under current data protection law. However, the contractual changes that the Agency has implemented in this particular case indicate a positive and practical approach to data breach management, by obligating contractors to promptly notify any such breaches to the controller. This will enable the Agency to deal with any future incident in a timely and effective manner.
Stellungnahme zur Mitteilung der Kommission an den Rat und das Europäische Parlament „Schusswaffen und die innere Sicherheit der EU: Schutz der Bürger und Unterbindung des illegalen Handels“
Opinion of 5 February 2014 on a notification for prior checking received from the Data Protection Officer of the European Commission related to the "Participatory surveillance research project with evacuation exercise at the JRC/IPSC institute" (Case 2012-0824)