Prior checking Opinion concerning ex-ante product quality audits (Case 2016-0477)
Organisations such as EUIPO ensure the quality of their output in different ways. One such way is checking the quality of decisions before it leaves the organization (ex-ante), recording the error rate and trends in the type and category of errors - and using a database to record this monitoring process.
As staff members remain identifiable in the process and are given feedback at individual level on the basis of this processing operation, this might lead to implications for their performance evaluation(on such processing operations, see EDPS Guidelines in the area of staff evaluation ). This is why the organization needs to comprehensively inform those concerned, grant all data subjects’ rights and ensure the accuracy of the data processed.
Opinion on a notification for prior checking received from the Data Protection Officer of Frontex concerning the Processing of Personal Data for Risk Analysis (PeDRA) (Case 2015-0346)
Accountability on the ground: Guidance on documenting processing operations for EU institutions, bodies and agencies (EUIs). These documents provide provisional guidance for controllers and DPO in the EUIs on how to generate records for their processing operations, how to decide whether they need to carry out data protection impact assessments (DPIAs), how to do DPIAs and when to do prior consultations to the EDPS (Articles 31, 39 and 40 of Regulation (EU) 2018/1725).
A provisional version of this text was published in February 2018. The current version 1.3 was published in July 2019.
As the independent advisor to the EU institutions and bodies under Regulation (EU) 1725/2018 on all matters concerning processing of personal data, the European Data Protection Supervisor (hereinafter, ‘the EDPS’) intends to issue Guidelines for assessing the proportionality of measures that limit the fundamental rights to privacy and to the protection of personal data (hereinafter, ‘the Guidelines’).
The Guidelines complement the EDPS Necessity Toolkit and specify, having regard to the fundamental right to the protection of personal data enshrined under Article 8 of the Charter, the more wide-ranging guidance by the Commission and the Council to check compatibility of legislative measures with the Charter of Fundamental Rights of the European Union.
Through this exercise, the EDPS aims at assisting EU institutions and bodies in the task of ensuring that any limitation of the fundamental right to the protection of personal data is compliant with the requirements of EU primary law.
Before issuing the Guidelines in their final version, the EDPS is launching a stakeholders’ consultation on the draft version of the Guidelines, which you can find hereunder.
The deadline for receiving your input is 4 April 2019. The replies to the consultation should be sent to the Policy and Consultation Unit of the EDPS: POLICY-CONSULT@edps.europa.eu
These EDPS Guidelines explore in greater depth, and provide relevant examples of, issues relating to the impact on the fundamental rights to privacy and the protection of personal data, focusing on and complementing in particular Tool#28 of the Commission Better Regulation Toolbox and the Operational Guidance on taking account of Fundamental Rights in Commission Impact Assessments. The Guidelines also complement the EDPS Necessity Toolkit.
Opinion on the proposal for a Council Decision on the Conclusion of the Anti-Counterfeiting Trade Agreement between the European Union and its Member States, Australia, Canada, Japan, the Republic of Korea, the United Mexican States, the Kingdom of Morocco, New Zealand, the Republic of Singapore, the Swiss Confederation and the United States of America
Opinion on the initiative of 15 Member States with a view to adopting a Council Decision on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, OJ C 169, 21.07.2007, p. 2
The EDPS presented his opinion on the initiative of 15 Member States to make the Treaty of Prüm applicable throughout the EU. The initiative aims to step up cross-border cooperation, particularly for combating terrorism and cross-border crime. The initiative deals with the exchange of biometric data (DNA and fingerprints) and requires member states to set up DNA databases.
Although data protection plays an important role in this Treaty, the provisions on data protection in this initiative are meant as specific ones, on top of a general framework for data protection, which has still not been adopted. Such a framework is needed to give the citizen enough protection, since this decision will make it much easier to exchange DNA and fingerprint data.
Since the Prüm Treaty has already entered into force in three member states, the 15 Member States that took the initiative intend to limit substantial modifications.. Therefore, the EDPS' suggestions mainly serve to improve the text without modifying the system of information exchange itself.