Surveillance

Avis du 3 septembre 2010 sur la notification d'un contrôle préalable concernant le système européen de surveillance (TESSy) du Centre européen de prévention et de contrôle des maladies (ECDC) (Dossier 2009-0474)

Lignes directrices thématiques du CEPD en matière de vidéo-surveillance

Avis sur les négociations en cours au sein de l’Union européenne pour un accord commercial anti-contrefaçon (ACAC)

The EDPS has adopted an opinion on current negotiations by the European Union of a multilateral Anti-Counterfeiting Trade Agreement (ACTA) aimed at strengthening the enforcement of intellectual property rights and to combat counterfeiting and piracy.

In the light of the information reported about ACTA, the EDPS has concerns about the potential incompatibility between envisaged measures and data protection requirements.

The EDPS makes a number of recommendations in view of providing guidance to the European Commission on the privacy and data protection related aspects that should be considered in the ACTA negotiations. He stresses in particular that:

• the fight against piracy on the Internet should not include large scale monitoring of Internet users through the use of "three strikes Internet disconnection policies" or "graduated response" schemes;
• other less intrusive means to fight piracy on the Internet must be investigated  or, at least, envisaged policies should be performed at a more limited scope, notably through targeted ad hoc monitoring;
• appropriate safeguards must be applied to all international data transfers in the context of ACTA, which should take the form of binding agreements between EU senders and third country recipients;
• a public and transparent dialogue must be established on ACTA.
   

Avis concernant la communication de la Commission sur le plan d'action pour le déploiement de systèmes de transport intelligents en Europe et la proposition de directive du Parlement européen et du Conseil établissant le cadre pour le déploiement de systèmes de transport intelligents dans le domaine du transport routier et d'interfaces avec d'autres modes de transport, JO C 47, 25.02.2009, p. 6

The EDPS has adopted an opinion on the European Commission's proposed deployment plan for intelligent transport systems (ITS) in Europe that was adopted in December 2008 to accelerate and coordinate their deployment in road transport and their connection with other modes of transport. The deployment of ITS  has considerable privacy implications, for instance because these systems make it possible to track a vehicle and to collect a wide variety of data relating to European road users' driving habits.

The EDPS notes that data protection has been taken into consideration in the proposed legal framework and that it is also put forward as a general condition for the proper deployment of ITS. He however underlines that the Commission's proposal is too broad and too general to adequately address the privacy and data protection concerns raised by ITS deployment in the Member States. In particular, it is not clear when the performance of ITS services will lead to the collection and processing of personal data, what are the purposes and modalities for which data processing may take place, or who will be responsible for compliance with data protection obligations.

The EDPS opinion includes the following main recommendations:

• clarification of responsibilities: it is crucial to clarify the roles of the different actors involved in ITS in order to identify who will bear the responsibility of ensuring that systems work properly from a data protection perspective (who is the data controller?);
• safeguards for the use of location technologies: appropriate safeguards should be implemented by data controllers providing ITS services so that the use of location technologies is not intrusive from a privacy viewpoint. This should notably require further clarification as to the specific circumstances in which a vehicle will be tracked, strictly limiting the use of location devices to what is necessary for that purpose, and ensuring  that location data are not disclosed to unauthorized recipients;
• "privacy by design" approach: the EDPS recommends to consider privacy and data protection from an early stage of the design of ITS to define the architecture, operation and management of the systems. Privacy and security requirements should be incorporated within standards, best practices, technical specifications and systems.

Background information
ITS apply information and communication technologies (satellite, computer, telephone, etc.) to transport infrastructure and vehicles with the intention to make transport safer and cleaner and to reduce traffic congestion. ITS applications and services are based on the collection, processing and exchange of a wide variety of data, both from public and private sources, including information on traffic and accidents but also personal data, such as the driving habits and journey patterns of citizens. Their deployment will also rely to a large extent on the use of geolocalisation technologies, such as satellite-positioning and RFID tags. As such, ITS constitute a "data-intensive area" and raise a number of privacy and data protection issues that should be carefully addressed in order to ensure the workability of ITS across Europe.

Le CEPD a publié un premier projet de consultation de ses Recommandations sur la vidéosurveillance. Les délégués à la protection des données des institutions et organes européens, ainsi que d'autres personnes intéressées ont été invitées à commenter ces recommandations jusqu'au 15 septembre 2009. Le CEPD a ensuite organisé un séminaire de travail le 30 septembre afin d'encore récolter des réactions et commentaires qui serviront à améliorer ses Recommandations et à accroître la coopération pour arriver à un meilleur respect des principes de protection des données.