European Data Protection Supervisor
European Data Protection Supervisor

Search

Search

Publication Selection of the members for the Administrative Board of Review - ECB

Wednesday, 23 April, 2014
23
Apr
2014

Opinion of 23 April 2014 on the notification for prior checking received from the Data Protection Officer of the European Central Bank (ECB) concerning the selection of the members and alternates for the Administrative Board of Review (Single Supervisory Mechanism) (Case 2014-0394)

Publication Insider trading rules - European Central Bank

Monday, 19 February, 2007
19
Feb
2007

Answer to a notification for prior checking on performance of compliance checks concerning insider trading rules of the ECB (Case 2006-582)

Publication Training evaluation - European Central Bank

Wednesday, 1 July, 2009
1
Jul
2009

Opinion of 1 July 2009 on a notification for prior checking regarding training evaluation (Case 2009-220)

The processing of personal data under analysis relates to evaluation of in-house training courses that are delivered by external consultants and evaluation of external training activities attended by ECB staff members at an external institution. The purpose of the processing is to ensure good and constant quality management as well as to control the content of training delivered to ECB staff members.

The EDPS concluded that there was no reason to believe that there is a breach of the provisions of Regulation 45/2001 providing certain recommendations are taken into account. As concerns information to be given to the data subject, a number of information items were missing in order to ensure compliance with the Regulation. As regards the retention of data, the ECB should consider adjusting the existing policy to the duration of the contracts and thus retain the relevant data for a reasonable period of three or four years. With regard to security measures, EDPS suggested that the ECB carries out an assessment on how the implemented security measures for this particular processing through the ERP information system suit the requisites provided in article 22.2 of Regulation (EC) 45/2001.

Publication Use of mobile telephones - European Central Bank

Monday, 26 February, 2007
26
Feb
2007

Opinion of 26 February 2007 on a notification for prior checking on investigation procedures regarding the use of mobile telephones (Case 2004-272)

The rules of the ECB as concerns the use of ECB mobile phones are provided for in an administrative circular. Members of staff may need to make personal calls on their ECB mobile phone; this is accepted as long as such use is restricted to short and urgent calls.
 
On a monthly basis, ECB area heads receive a report informing them about the total net costs of their staff's mobile phone usage. Should a manager wish to query the monthly statistical information on the costs for calls made by an individual staff member via the ECB phone, or require additional information he should follow, he should discuss the issue with the member of staff concerned and resolve discrepancies where possible. If, having assessed the situation, there are grounds to suspect misconduct on the part of a member(s) of staff, the Directorate General Human Resources shall be informed. It will then be up to Directorate Personnel to evaluate the situation and to consult or inform the Legal Service/Directorate Internal Audit if necessary. The manager will then decide together with Directorate Personnel about further actions. This action could possibly lead to a disciplinary action, but this was not the object of the present prior check.
 

The EDPS has issued an opinion on this procedure which concludes that on a general basis the procedure complies with the principles established in the data protection regulation. However the EDPS did make some recommendations mainly as concerns the conservation periods for storing the data and information on the processing of personal data to be included in the administrative circular. The circular is currently in the process of modification and will reflect these recommendations accordingly. The EDPS also recommended that should the data be used for statistical purposes, the reference to the phone number should be removed from the monthly reports.

Publication Staff evaluation procedures - ECB

Monday, 12 January, 2015
12
Jan
2015

Opinion on a notification for prior checking received from the Data Protection Officer of the the European Central Bank (ECB) regarding probation, conversion of fixed-term contracts, annual salary and bonus review as well as additional salary adjustment (Cases 2011-1105, 1106, 1107 and 2014-0774)

Publication Customer satisfaction surveys - European Central Bank

Thursday, 19 February, 2009
19
Feb
2009

Réponse à la notification de contrôle préalable concernant les enquêtes de satisfaction des clients (Dossier 2008-780)

Publication Leave management - ECB

Tuesday, 8 April, 2014
8
Apr
2014

Opinion of 8 April 2014 on the notification for prior checking received from the Data Protection Officer (DPO) of the European Central Bank (ECB) concerning leave management (Case 2013-0413)

Publication Management Skills - European Central Bank

Friday, 7 April, 2006
7
Apr
2006

Opinion of 7 March 2006 on a notification for prior checking on "Assessment of management skills" (Case 2004-273)

Publication Public procurement - ECB

Thursday, 17 July, 2014
17
Jul
2014

Opinion of 17 July 2014 on the notification for prior checking received from the data protection officer (DPO) of the European Central Bank (ECB) concerning public procurement (Case 2013-1408)

Publication Control system by an iris scan - European Central Bank

Thursday, 14 February, 2008
14
Feb
2008

Opinion of 14 February 2008 on a notification for prior checking related to the extension of a pre-existing access control system by an iris scan technology for high secure business areas (Case 2007-501)

The ECB has set up an access control system which, among others, scans the iris of ECB staff members and external individuals accessing highly secured areas within the ECB. The data generated by the access control system are also used to reconstruct events during security related incidents. 
 
The EDPS recommendations to be implemented by the ECB include, inter alia,
  • Enact a legal instrument providing the legal basis for the processing operations that take place in order to set up an access control system based on the use of biometrics (iris scan);
  • Reconsider the decision taken in terms of technological choices through an impact assessment, including a viable timetable to implement changes in technology, i.e. in the current iris scan system. In a first phase, consider introducing a "one to one" search mode by including an additional identification, for example, using ECB standard access badges together with the upgraded IrisAccess 4000. At a later stage, consider changing to a "one to one" search mode where biometric data would be stored in chips rather than in a central database;
  • Shorten the deadline for the storage of audit trail data which reveals whether an individual accessed or tried to access the areas controlled by the system; 
  • Amend the privacy statement as recommended in the Opinion.

Publication Absences - European Central Bank

Friday, 23 September, 2005
23
Sep
2005

Opinion of 23 September 2005 on a notification for prior checking on recording the absences of ECB staff members unable to work because of illness or accident (Case 2004-277)

Publication Use of office telephones - European Central Bank

Tuesday, 13 February, 2007
13
Feb
2007

Opinion of 13 February 2007 on a notification for prior checking on Investigation procedures regarding the use of office telephones (Case 2004-271)

The rules of the ECB as concerns the use of the telephone and fax equipment are provided for in an administrative circular. Members of staff are entitled to make personal calls but these must be declared for billing according to a system of call charging facility by introducing a PIN code. The circular establishes a procedure for investigation procedures on the use of office phones (Call Charging Facility Investigation Procedures) which can be triggered either when there is a disagreement with the content of itemised private call listing or disagreement with content of business calls statistics.If, having assessed the situation, there are grounds to suspect misconduct on the part of a member(s) of staff, further disciplinary measures can be taken, but these were not the object of the present prior check.
 

The EDPS has issued an opinion on this procedure which concludes that on a general basis the procedure complies with the principles established in the data protection regulation. However the EDPS did make some recommendations mainly as concerns the conservation periods for storing the data and information on the processing of personal data to be included in the administrative circular. The circular is currently in the process of modification and will reflect these recommendations accordingly.

Publication The use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras - ECB

Monday, 1 February, 2016
1
Feb
2016

Prior-checking Opinion regarding the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (case 2015-0938)

This case marks the first prior-checking Opinion involving the assessment of a data protection impact assessment (DPIA).

The Opinion regards the use of thermal imaging cameras and the auto-track functionality of pan-tilt cameras at the European Central Bank (ECB). Under the EDPS Video-surveillance Guidelines such "high-tech video-surveillance tools" are subject to prior checking and permissible only subject to a DPIA. The DPIA conducted by the ECB allowed the EDPS to assess the permissibility of the technique used by the ECB.

The EDPS concluded that, because of the comprehensiveness of the information provided in the notification, of the outcome of the assessment and of the circumstances driving the ECB to apply these measures, operations may start before certain additionally recommended data protection safeguards have been implemented.

Publication Staff appraisal - European Central Bank

Wednesday, 20 April, 2005
20
Apr
2005

Opinion of 20 April 2005 on the notification for prior checking relating to the Staff Appraisal procedure (Case 2004-274)

Publication Administrative inquiries - European Central Bank

Tuesday, 27 December, 2005
27
Dec
2005

Opinion of 22 December 2005 on a notification for prior checking on Internal Administrative Inquiries (Case 2005-290)

Publication Automated vehicle license plate recognition - ECB

Tuesday, 8 August, 2017
8
Aug
2017

Prior check opinion regarding automated vehicle license plate recognition at the European Central Bank (Case 2016-0695)

Publication Disciplinary cases - European Central Bank

Wednesday, 8 March, 2006
8
Mar
2006

Opinion of 8 March 2006 on a notification for prior checking on "Disciplinary cases (including related administrative reviews of complaints and grievances, Ombudsman and Court cases)" (Case 2004-270)

Publication Telephone monitoring - European Central Bank

Friday, 5 May, 2006
5
May
2006

Opinion of 5 May 2006 on a notification for prior checking on the recording, storing and listening of telephone conversations in DG-M and DG-P (Case 2005-376)

Publication Recruitment procedure - European Central Bank

Monday, 4 June, 2007
4
Jun
2007

Opinion of 4 June 2007 on a notification for prior checking on recruitment procedure (Case 2007-3)
Le CEPD a procédé au contrôle préalable du traitement des données à caractère personnel dans le cadre de la procédure de recrutement de la Banque centrale européenne, où un système de recrutement en ligne est mis en place. Tout candidat ayant déposé son dossier de candidature définitif devient une "personne concernée" par la protection des données à caractère personnel. Le CEPD a examiné le formulaire de candidature ainsi que la procédure de candidature en ligne, la durée de conservation des données tout comme les moyens dont les personnes concernées disposent pour exercer leurs droits ainsi que les informations qu'elles reçoivent. Les recommandations du CEPD portent essentiellement sur les informations qui doivent être communiquées aux candidats dans la déclaration de confidentialité et dans le guide du candidat, sur la conservation des actes de candidatures et autres documents et sur le contenu des contrats conclus avec les sous-traitants pour ce qui est des obligations en matière de protection des données.

Publication Selection of the Chair of the Supervisory Board - ECB

Friday, 20 September, 2013
20
Sep
2013

Opinion of 20 September 2013 concerning a notification for prior checking pursuant to Article 27(4) of Regulation (EC) 45/2001 concerning the selection of the Chair of the Supervisory Board to the EDPS (Case 2013-1007)

Pages