Opinion of 19 July 2007 on a notification for prior checking on regular monitoring of the implementation of the investigative function (Case 2007-73)
Opinion of 21 November 2007 on a notification for prior checking on information and intelligence data pool and intelligence databases (Joint cases 2007-27 and 2007-28)
Information and Intelligence Data Pool” is the description given to all data held within the remit of Operational Intelligence Unit C4 in OLAF, including the Intelligence Databases.
Operational Information and Intelligence support are essential aspects of OLAF’s mandate to fight fraud, corruption, and any other illegal activity affecting the financial interests of the European Community, and serious matters relating to the discharge of professional duties - as established in Article 1 of Regulation (EC) n° 1073/1999 and Commission Decision 1999/352/EC Article 2 (5).
The purpose of the processing under analysis is then to further OLAF intelligence/analysis and operational activity. It also aims to support specific case requests, operations and investigations with a view to ensuring the optimum accuracy and relevance of information received, disseminated and otherwise processed for intelligence, financial, administrative, disciplinary and judicial use. This support may be provided throughout the various stages of OLAF investigation and operational activities, over all sectors and is recorded within the CMS (Case Management System) where applicable.
OLAF’s operational intelligence role also includes supporting the control, intelligence and enforcement activities in Member States, for OLAF partners and Operational DGs. Chapter 2.4.3 of the OLAF Manual further explains the role of OLAF's operational intelligence.
In his prior checking Opinion, the EDPS issued the main following recommendations:
Opinion of 26 March 2007 on "follow-up" data processing operations (disciplinary, administrative, judicial, financial) (Cases 2006-544, 2006-545, 2006-546, 2006-547)
The four data processing operations concern the processing of personal data that takes place within the third stage of OLAF investigations, the so called "follow-up phase". In this phase, OLAF's follow-up team carries out various activities entailing the processing of persona data which are designed to ensure that the competent Community and/or national authorities have executed the measures recommended by OLAF. The nature of the measures may be administrative, disciplinary, financial or judicial.
Opinion of 6 June 2007 on a notification for prior checking on a free phone service (Case 2007-74)
Opinion of 11 July 2007 on a notification for prior checking on monitoring cases (Case 2006-548)
The EDPS has issued an opinion on the processing of personal data in the context of OLAF's Monitoring cases. The Opinion concludes that on a general basis the data processing complies with the principles established in the data protection Regulation. However the EDPS did make some recommendations. Among others, the EDPS asked OLAF to ensure that individuals whose data are processed by OLAF are informed of the data processing that takes place in the context of Monitoring cases. It also suggested some amendments to the privacy statement and asked OLAF to conduct a preliminary evaluation of the necessity of the 20 years conservation period vis-à-vis the purpose of such conservation.
Opinion of 18 December 2007 on a notification for prior checking on the fraud notification service (Case 2007-481)
Opinion of 7 April 2008 on a notification for prior checking on identity and access control system (Case 2007-635)
The Identity and Access Control System is part of the security infrastructure that protects OLAF premises and IT systems. The purpose of the data processing is to ensure that only authorised persons have access to OLAF's premises. The system is designed to control the identity and permit or deny access of persons entering and exiting from OLAF's premises outside working hours and special secure zones. To do so, OLAF uses a smartcard and the use of fingerprints authentication. Users' biometrics data are stored only on the smartcard which cannot be used for any other purpose. For the EDPS, the processing operation is not in breach of Regulation 45/2001 if OLAF takes into account the following recommendations, for instance regarding a reassessment of the concerned data subjects submitted to enrolment; the development of fallback procedures; the setting of a shorter conservation period of data after the first year of operation of the new system; the amendment of the privacy statement and the reconsideration of the technological taking into consideration the choice of the best available techniques and discussions on future security systems.
Opinion of 24 July 2007 on a notification for prior checking on the Custom Information System (Case 2007-177)
The CIS is a database containing personal information managed by OLAF which is accessible by each Member State and by OLAF. It is used to assist national authorities in preventing, investigating and prosecuting operations which are in breach of customs or agricultural provisions.
Opinion of 3 February 2012 on the notifications for prior checking regarding new OLAF investigative procedures (internal investigations, external investigations, dismissed cases and incoming information of no investigative interest, coordination cases and implementation of OLAF recommendations), European Anti-Fraud Office (OLAF) (Cases 2011-1127, 2011-1129, 2011-1130, 2011-1131, 2011-1132)