In a report issued today, the European Data Protection Supervisor (EDPS) highlights his overall satisfaction with the video-surveillance systems of four Luxembourg-based EU bodies that were inspected on 9 and 10 July 2013.
Giovanni Buttarelli, Assistant EDPS, says: "Since we issued our video-surveillance Guidelines in 2010, the EDPS has been monitoring the compliance of EU institutions and bodies. The positive results of our most recent inspections in Luxembourg indicate that our advice has been taken seriously and EU bodies are working hard to implement the necessary changes to ensure compliance."
The four inspections were carried out at the Translation Centre for the Bodies of the European Union, the European Investment Bank, the European Court of Auditors and the Court of Justice of the European Union. These thematic inspections were one of the measures announced in the EDPS' Follow-up Report of February 2012, which outlined the level of compliance at the EU institutions and bodies with the 2010 EDPS video-surveillance Guidelines. The inspections were similar to those that the EDPS carried out in Brussels on the premises of 13 institutions and bodies in 2012.
In the report, which is not published, the EDPS welcomes the way in which his previous recommendations have been taken on board. However, he outlines further recommendations in the report on improving the way in which information about video-surveillance is provided to the general public.
The EDPS is very satisfied that on-the-spot notices are available at all the inspected institutions and bodies, although two are yet to include a link to the online policy. It is also recommended that the notices should be available in as many languages as necessary, to ensure they are understood by the majority of staff and by frequent visitors.
The EDPS is generally satisfied that, with one exception, a data protection notice could be made available on request. Two out of the four institutions and bodies could still make improvements in terms of the express requirements of the Guidelines, which outline the need for clear and unambiguous language, format and content.
The EDPS welcomes that three out of the four institutions and bodies have made a version of their video-surveillance policy available online for the public and that the content, format and language is in accordance with the Guidelines.
The EDPS is satisfied with the way in which privacy-by-design measures have been implemented by some of the institutions and bodies. These measures include camera viewing angles and the pixilation or blurring of images.
Article 28(1) of Regulation (EC) No 45/2001 obliges EU institutions and bodies to inform the EDPS when drawing up administrative measures which relate to the processing of personal information. Article 46(d) of the Regulation imposes a duty upon the EDPS to advise all institutions and bodies, either on his or her own initiative or in response to a consultation, on all matters concerning the processing of personal information, in particular before they draw up internal rules relating to the protection of fundamental rights and freedoms with regard to the processing of personal information.
Personal information or data: Any information relating to an identified or identifiable natural (living) person. Examples include names, dates of birth, photographs, e‑mail addresses and telephone numbers. Other details such as health data, data used for evaluation purposes and traffic data on the use of telephone, email or internet are also considered personal data.
Privacy: The right of an individual to be left alone and in control of information about his or herself.
The right to privacy or private life is enshrined in the Universal Declaration of Human Rights (Article 12), the European Convention of Human Rights (Article 8) and the European Charter of Fundamental Rights (Article 7). The Charter also contains an explicit right to the protection of personal data (Article 8).
Video‑surveillance: The 2010 EDPS Guidelines on video‑surveillance define video‑surveillance as the monitoring of a specific area, event, activity, or person by means of an electronic device or system for visual monitoring.
CCTV systems: Closed Circuit Television systems comprising of a set of cameras monitoring a specific protected area, with additional equipment used for transferring, viewing and/or storing and further processing the CCTV footage.
EU institutions and bodies / EU administration: All institutions, bodies, offices or agencies operating for the European Union (e.g. European Commission, European Parliament, Council of the
European Union, European Central Bank, specialised and decentralised EU agencies).
Accountability: Under the accountability principle, EU institutions and bodies put in place all those internal mechanisms and control systems that are required to ensure compliance with their data protection obligations and be able to demonstrate this compliance to supervisory authorities such as the EDPS.
Our factsheet on CCTV is available on the EDPS website.