|
|
| |
17 June 2013
Credible cyber security strategy in the EU needs to be built on privacy and trust. Please read the EDPS opinion and the press release.
|
|
13 June 2013
EDPS opinion on the notification for prior checking from the Data Protection Officer of the European Ombudsman on PERSEO
|
|
13 June 2013
EDPS formal comments on the Commission Delegated Regulations on "Data and procedures for the provision, where possible, of road safety related minimum universal traffic information free of charge to users" and "Provision of information services for safe and secure parking places for trucks and commercial vehicles"
|
|
10 June 2013
Statement: EDPS following the NSA story
|
|
05 June 2013
EDPS opinion on the notification for prior checking concerning leave management at European Environment Agency
|
|
News
|
|
|
|
|
Eurodac is a large database of fingerprints of applicants for asylum and illegal immigrants found within the EU. The database helps the effective application of the Dublin convention on handling claims for asylum.
Eurodac is set up under specific regulations at the European level, including data protection safeguards. The EDPS supervises the processing of personal data in the database (central unit) and their transmission to the Member States. This was previously ensured by a provisional Joint Supervisory Authority (JSA), which the EDPS replaced in the beginning of 2004. Data protection authorities in the Member States supervise the processing of data by the national authorities, as well as the transmission of these data to the central unit.
In order to ensure a coordinated approach, the EDPS and national authorities meet regularly to discuss common problems relating to the functioning of Eurodac, as well as to recommend common solutions.
The EDPS also frequently meets the European Commission services in charge of the operation of Eurodac in order to exchange information. The EDPS conducted a first inspection of the Eurodac premises in 2005-2006 and conducts complete security audits every four years to ensure that the data are processed in a safe manner by the Commission. The first security audit took place in 2007.
In 2007 and 2009, the Eurodac supervision group issued coordinated inspection reports.
> More information available in the EDPS annual reports.
Regulation establishing Eurodac:
|
Activity Report 2010-2011
Eurodac Central Unit - Inspection Report, June 2012
The EDPS performed a first inspection of the EURODAC Central Unit in 2006, followed by a security audit in 2007. This resulted in a list of recommendations with regard to the security of the Central Unit. The European Commission's DG HOME committed to implement the recommendations in the context of the upgrade to EURODAC plus, which aimed at enhancing performance, quality and security.
The scope of the second inspection was to verify implementation of the EDPS recommendations, and to assess the overall organisational and technical procedures with regard to the protection of personal data and security in EURODAC plus, in accordance with Regulation 45/2001 and the EURODAC Regulation.
The EDPS inspectors found that the overall level of data protection and security of the EURODAC Central Unit is high. Most of the EDPS recommendations made in the 2006-2007 inspection and security audit have been taken into account in EURODAC plus. This being said, there are some elements which need further improvement in order to assure data protection and security of the overall system.
EDPS Inspection Report:
|
![[pdf]](/EDPSWEB/jsp/jahia/templates/mySite/edpsweb_templates/images/icons/pdf.gif) 
|
Executive summary:
|
|
|
|
|
|
|
Eurodac Supervision Coordination Group
Coordinated Inspection Report on advance deletion of data
Under certain circumstances, the fingerprints of persons registered in Eurodac have to be deleted before the normal end of the retention period. This is for example the case when the person acquires citizenship of a Member State. The Eurodac Supervision Coordination Group investigated how this obligation is implemented in the Member States. The report encourages those Member States that do not yet have procedures for advance deletion in force to adopt such procedures, provide better information to data subjects and to improve the keeping of statistics.
|
|
|
|
|
|
|
Eurodac Supervision Coordination Group
Recommendations on the use of DubliNet
|
|
|
|
|
|
|
Activity Report 2008-2009
Second coordinated inspection on information to data subjects and assessment of the age of young asylum seekers
On 24 June 2009, the Eurodac Supervision Coordination Group issued a report on their second coordinated inspection of the large-scale database that contains fingerprints of asylum seekers in order to assist asylum procedures in the European Union. The Supervision Group has investigated how the database has been used in practice over the last two years. Two main issues were scrutinised: the right of information of asylum seekers and the methods for assessing the age of young asylum seekers in view of their registration in the system. The report presents both the findings and the recommendations based on the replies to the questionnaire received from all the Member States. The Group hopes that the report will usefully contribute to the ongoing revision of the Eurodac and Dublin Regulations.
|
|
|
|
|
|
|
Activity Report 2005-2007
The national data protection authorities and EDPS have worked in cooperation during the last years to ensure the supervision of Eurodac. From 2005 on, the Eurodac Supervision Coordination Group has achieved considerable results. It developed both actual supervisory actions and where appropriate, procedural aspects while at the same time keeping abreast of new developments in this area and exchanging relevant information. The Activity Report 2005-2007 presents the work carried out by this Group. Finally, this report also addresses the prospects for future activities in a time of intensive change in the field of Eurodac.
|
|
|
|
|
|
|
Rules of procedure
Initially, the Eurodac Supervision Coordination Group dealt with the coordinated supervision of Eurodac in an informal manner, based on the Eurodac Regulation (mainly Article 20) and the experience in other bodies. The adoption of rules of procedure allows for a more structured approach.
The rules of procedure were adopted on 19 December 2007 and amended on 17 December 2008. You will find below the consolidated version.
|
|
|
|
|
|
|
Security Audit Report
On 9 November 2007, the EDPS delivered the report on the results of a security audit on the EURODAC system to the European Commission.
The report details the findings of an audit team, comprised of one representative from the EDPS, two representatives from BSI, the Federal Office for Information Security in Germany and one representative from DCSSI (Direction centrale de la sécurité des systèmes d'information) in France. The European Networks and Information Security Agency (ENISA) reviewed the quality standards of the report.
While the report is EU Restricted, a short summary is presented here.
|
|
|
|
|
|
|
First coordinated inspection
On 17 July 2007, the Eurodac Supervision Coordination Group issued a report on their first coordinated inspection. The responsible data protection authorities have investigated how the large scale database that contains fingerprints of more than 250.000 asylum seekers and illegal immigrants, has been used over the last 2,5 years. Three main issues - 'special searches', ‘further use’ and ‘data quality’ - were scrutinised. The group concluded that overall, there is no abuse of the Eurodac system. However some aspects, such as information to the people concerned, need to be improved.
|
|
|
|
|
|
|
Inspection of Eurodac Central Unit - Summary Report
|
