European Data Protection Supervisor
European Data Protection Supervisor

Search

Search

Publication Access to buildings - Commission

Wednesday, 21 November, 2007
21
Nov
2007

Answer to a notification of prior checking of a processing for the issuing and checking of passes giving access to the European Commission's buildings in Brussels and Luxembourg (Case 2004-235)

Topics:

Publication SECPAC - Commission

Wednesday, 28 November, 2007
28
Nov
2007

Answer to a notification for prior checking concerning "SECPAC" at the Joint Research Centre (Case 2007-381)

Topics:

Publication Participatory surveillance research project - JRC/IPSC

Wednesday, 5 February, 2014
5
Feb
2014

Opinion of 5 February 2014 on a notification for prior checking received from the Data Protection Officer of the European Commission related to the "Participatory surveillance research project with evacuation exercise at the JRC/IPSC institute" (Case 2012-0824)

Publication Database ARDOS - Commission

Monday, 15 December, 2008
15
Dec
2008

Opinion of 15 December 2008 on a notification for prior checking regarding the database ARDOS (Case 2007-380)

The Security Service of the Joint Research Centre (JRC) at Ispra put in place a processing operation called "nulla osta". The purpose of the "nulla osta" procedure is to ascertain and confirm a selected candidate's good conduct. Information collected through this procedure is stored in a database called ARDOS with all documents requested by and presented to the Security Service of the JRC Ispra. It has to be noted that the "nulla osta" processing operation concern the candidates of all JRC sites except Karlsruhe.

The EDPS examined the processing operation and in particular the legal basis provided by the JRC Ispra to conduct such assessment of the candidate's good conduct. The EDPS concluded that the processing operation appears to be in breach of the provisions of Regulation (EC) No 45/2001 unless a clear legal basis is identified, produced or established by the institution. Indeed the processing operation described by the Security Service goes far beyond a checking of the candidate's good conduct, notably by collecting excessive and non relevant data (data quality principle).

The EDPS moreover recommended that in order to ensure compliance with the Regulation, the JRC Ispra should made several amendments to the privacy statement to fully respect the information that should be given to the data subject following Article 12 of the Regulation. The EDPS also insisted on the fact that the retention period foreseen by the institution should be implemented as soon as possible.

Topics:

Register 2012-0824

Register Number Case Number Institution Description Opinion date Opinion
900
2012-0824
Participatory surveillance research project with evacuation exercise at JRC/IPSC Institute
Wed, 05/02/2014
Link

Register 2012-0782

Register Number Case Number Institution Description Opinion date Opinion
895
2012-0782
Security investigations at the JRC Petten
Tue, 19/03/2013
Link