À mesure que de nouvelles technologies voient le jour et sont intégrées dans nos vies (l’internet des objets, par exemple), les nouvelles utilisations des données à caractère personnel évoluent. Avec la croissance des capacités informatiques et de détection, dans le domaine de la biométrie, par exemple, ces évolutions suscitent des préoccupations légitimes au sujet de la protection de la vie privée et des données à caractère personnel.
Le rapport annuel présente les éléments les plus significatifs des activités du CEPD en 2007. Il révèle l'accroissement notable du nombre de contrôles préalables des opérations de traitement des données personnelles dans les institutions et organes européens. Dans son rôle de conseiller sur les nouvelles propositions législatives européennes ayant un impact sur la protection des données, le CEPD a publié 12 avis. L'année 2007 a été celle de la signature du traité de Lisbonne qui prévoit une amélioration de la protection des données personnelles, et dont l'impact sera suivi de près par le CEPD.
Avis sur la proposition de règlement instaurant un code de conduite pour l'utilisation de systèmes informatisés de réservation, JO C 233, 11.09.2008, p. 1
The EDPS issued an opinion on the proposal for a Regulation on a Code of conduct for computerised reservation systems (CRSs).
The objective of the proposal is to update the provisions of the Code of Conduct for Computerized Reservation Systems that was established in 1989 by Regulation 2299/89. The Code would need simplification in order to reinforce competition - while maintaining basic safeguards, and ensuring the provision of neutral information to consumers. A specific article on data protection has been developed in the proposal with a view to complementing the provisions of Directive 95/46/EC which continues to apply as a lex generalis.
The EDPS welcomes the inclusion of such principles in the proposal. He stresses that these provisions could nevertheless be usefully complemented by additional safeguards on three points:
ensuring the fully informed consent of data subjects for the processing of sensitive data;
providing for security measures taking into account the different services offered by CRSs;
protecting marketing information relating to individuals from access by third parties.
With regard to the scope of application of the proposal, the criteria that make the proposal applicable to CRSs established in third countries raise the question of its practical enforcement, taking into account the complexity of the CRS network.
It is deemed as essential to put the CRS question in this global context and to be aware of the implications of having a large amount of personal data, some of them sensitive, processed in a global network practically accessible to third state authorities.
The EDPS considers it as decisive that effective compliance is ensured by competent authorities for enforcement (i.e. the Commission), as foreseen in the proposal, as well as data protection authorities.
Avis concernant la proposition de règlement modifiant le règlement (CE) n° 2252/2004 du Conseil établissant des normes pour les éléments de sécurité et les éléments biométriques intégrés dans les passeports et les documents de voyage délivrés par les Etats membres, JO C 200, 06.08.2008, p. 1
On 26 March 2008, the EDPS adopted an opinion on the Commission's proposal aiming at revising the 2004 Council Regulation that sets out minimum standards for security features and biometrics in passports and travel documents.
The EDPS welcomes the introduction of exemptions from giving fingerprints based on the age of the person or his/her inability to provide fingerprints. However, he still considers these exemptions as insufficient to remedy the imperfections of biometrics, such as the impact of misidentification or failure to enrol. The EDPS' opinion includes the following recommendations:
fingerprints from children: the proposed six-year age limit should be considered as a provisional one, or brought in line with international practice (14 years). After three years, the age limit should be reviewed and defined by an in-depth study which is to identify the accuracy of the systems obtained under real conditions;
fingerprints from the elderly: an age limit for elderly, based on similar experiences already in place (79 years), should be introduced as an additional exemption;
principle of "one person-one passport": this principle should be applied only to children above the relevant age limit;
"breeder" documents: additional measures should be proposed to harmonise the production and the use of documents required in Member States to issue passports (“breeder” documents).
The EDPS recalls that exemptions should in no way stigmatize or discriminate individuals who will be exempt, because of their age as a precautionary principle or because they present obviously unreadable fingerprints
