Le transfert des données à caractère personnel hors de l’UE n’est autorisé que sous certaines conditions telles qu’énoncées dans la directive 95/46/CE ainsi que dans le règlement général sur la protection des données qui sera pleinement applicable à partir de mai 2018. Si un pays est considéré par la Commission européenne comme offrant un niveau de protection adéquat , il sera soumis aux mêmes règles qu’un État membre de l’UE, ce qui signifie que le destinataire des données dans cet État ne sera pas tenu de prendre des mesures spécifiques pour permettre le transfert. Le transfert de données vers un pays sans une décision relative à l’adéquation du niveau de protection des données exige des garanties appropriées, telles que des clauses contractuelles types ou des règles d’entreprise contraignantes. Des dérogations à cette règle peuvent être obtenues dans des cas très spécifiques. Le Comité européen de la protection des données, dont le CEPD est membre, fournira à la Commission des avis sur ce sujet.
EDPS Decision pursuant to Article 9(7) of Regulation (EC) No 45/2001 concerning the transfers of personal data carried out by the European Centre for Disease Prevention and Control (ECDC) to the World Health Organization (WHO) (Case 2017-1120)
The EU High Level Advisers programme in Moldova aims to draw on the experience of expert senior officials in EU Member States to help Moldova meet its commitments related to agreements with the EU. The programme is run by the Commission and the EU Delegation in Moldova. A service provider helps to implement the programme in Moldova. The candidate High Level Advisers are selected by the Commission and the Delegation and after the endorsement by Moldovan authorities are recruited by the service provider. In consultation with the Moldovan authorities, the service provider annually evaluates the High Level Advisers on their performance. Following this, the Delegation decides whether to extend the High Level Advisers' contracts. All this entails the processing of personal data by the Commission, the Delegation, the service provider and Moldovan authorities.
The Commission and the Delegation are the co-controllers for the processing of personal data in the High Level Advisers programme and need to clearly define their respective obligations. They should also set up a framework for exchanging the personal data of candidate and recruited High Level Advisers with the Moldovan authorities. The Delegation needs to clarify their respective data protection obligations with the service provider. The candidate and recruited High Level Advisers need to be properly informed about how their personal data is processed in the EU High Level Advisers programme in Moldova.
In the September 2017 edition of the EDPS Newsletter we cover the EDPS Opinion on the digital single gateway, the investigation of complaints relating to medical data and the latest developments in privacy engineering.
EDPS Opinion on the proposal for a Regulation establishing a single digital gateway and the ‘once-only’ principle
Prior check opinion on the notification of the OIB’s "360° tool - feedback and leadership competencies” (Case 2016-1130 / DPO-3868.1)
The Office for Infrastructure and Logistics in Brussels (OIB) has a development programme for managers using a 360° feedback tool. Managers participate on a voluntary basis in the exercise, in which their staff members, peers and superiors who agree to give feedback get to rate the manager. This allows managers to obtain anonymous feedback on their management and leadership style and to improve their management and leadership skills.
Two external providers cooperate with OIB in this exercise: a subcontractor collects individual evaluation responses per line manager through an online questionnaire and automatically generates reports; the contractor provides for individual coaching sessions to the managers. The specific roles and tasks of these two processors should be are clearly mentioned in the data protection statement. The subcontractor’s data centre is located in the United Kingdom. Forwardlooking, the EDPS highlights that future transfers might come under Article 9 of the Regulation requiring an adequate level of protection within the recipient's legal framework for transfers to third countries. In this issue, see pp.12-13 of EDPS Position paper on transfers to third countries and international organisations by EU institutions and bodies.