Investigations

Opinion of 17 October 2007on the notification for prior checking regarding the "disciplinary proceedings and administrative investigations" dossier (Case 2007-413)

The European Ombudsman has adopted general implementing provisions (GIP) governing disciplinary proceedings and administrative investigations relating to disciplinary proceedings and they became applicable as from 1 May 2004.

The EDPS has examined the personal data processing and has concluded that it does not appear to involve any infringement of the provisions of Regulation (EC) No 45/2001 provided that a number of recommendations are taken into account, specifically that: a general instruction is adopted to ensure that only adequate and necessary data are processed in the course of administrative investigations and disciplinary proceedings; a procedure is clearly established for the conduct of any tapping of electronic communications; anyone receiving and processing data in the context of an administrative investigation or disciplinary proceedings within the European Ombudsman's Office processes them solely within the framework of administrative investigations or disciplinary proceedings; the period of storage of data in the personal file and in the disciplinary file is reviewed in the light of Article 4(1)(e) of the Regulation; right of access and right of rectification are also granted to all persons mentioned in the investigation report or disciplinary file, within the limits of the exemptions set out in Article 20; and provision is made for the supply of general information on the processing of personal data in the context of administrative investigations and disciplinary proceedings and for the supply of specific information on the processing of data in the context of a specific administrative investigation or specific proceedings within the limits of Article 20 of Regulation No 45/2001.

Opinion of 12 October 2007 on a notification for prior checking on criminal assistance cases (Case 2007-203)

Opinion of 4 October 2007 on five notifications for prior checking on external investigations (Cases 2007-47, 2007-48, 2007-49, 2007-50, 2007-72)

The European Anti-Fraud Office (OLAF) conducts external investigations outside the Community organs. Those investigations are performed for the purpose of detecting fraud or other irregular conduct of legal and natural persons affecting the financial interests of the European Communities. OLAF carries out on-the-spot inspections and checks on economic operators in the Member States and in third countries, and is empowered to request oral information, to ask any person for information and to make written requests for information. OLAF collects personal data of individuals during external investigations, uses those data for the assessment of the behaviour of the individual(s) concerned and further transfers or stores those data.

After analysing the data processing activities, the EDPS made a number of recommendations to OLAF.  These concern for example: ensuring the right of access and rectification as a main rule to data subjects, and that any restriction on those rights should meet a necessity test and be applied only on a case-by-case basis; respecting the confidentiality of whistleblowers and informants; drafting of standard letters/clauses with including the appropriate information to the data subjects.

Opinion of 3 October 2007 on a notification for prior checking on non-cases and prima facie non-cases (Case 2007-205)

Opinion of 24 July 2007 on a notification for prior checking on the Custom Information System (Case 2007-177)