Privacy in the EU Institutions

Opinion of 5 June 2009 on a notification for prior checking regarding the "Handling of annual and specific declarations of interest" (Case 2008-737)

The European Food Safety Authority (EFSA) pursues a policy of screening potential conflict of interests. To this end, different categories of data subjects are requested to submit an annual and/or specific declaration of interests. The standard forms for declaring interests request diverse pieces of information. Failing to meet this obligation can lead to further consequences regarding the concerned person.

After carefully examining the information describing the processing operation, the EDPS advises EFSA, among others, to reconsider the data retention period, to ensure the right of access and rectification also regarding the paper files, to display the data protection notice not only in the Guidance Document but also in the first letter communicating with the expert and to improve further its security policy.

Lettre en réponse à une consultation sur l'examen médical préalable à l'embauche des assistants parlementaires

Opinion of 5 June 2009 on a notification for prior checking on documents provided during recruitment (Case 2008-755)

The European Commission obtains and processes various documents when recruiting officials and other staff. Those documents are obtained in order to check that the applicant meets the requirements in terms of the Staff Regulations and of the selection/competition notice; to determine the applicant's ranking; and to determine his or her pay entitlements and create an access badge.

The EDPS has examined the personal data processing involved in the handling of these documents and has concluded that it does not seem to entail any breach of the provisions of Regulation (EC) No 45/2001 provided that certain recommendations are followed, in particular that the department responsible should limit the obtention and storage of criminal record data and should limit the obtention of applicants' birth certificates.

Opinion of 5 June 2009 on the notification for prior checking regarding the "Application for administering traineeships" (Case 2008-485)

The European Commission has a department responsible for administering the procedures for selecting and recruiting Commission trainees.

The EDPS has examined the processing of personal data under these procedures and has concluded that the processing operation does not appear to involve any breach of the provisions of Regulation (EC) No 45/2001, provided that certain recommendations are followed, in particular that the department responsible reassesses the categories of data stored and their respective storage periods, verifies on a case-by-case basis that the data transfer is necessary and that only relevant data are transferred, and guarantees the right of access to evaluations carried out as part of the process for recruiting trainees.

Opinion of 4 May 2009 on a notification for prior checking concerning "ETF annual dialogue" (Case 2009-168)

This notification concerns the processing of personal data in the exercise of yearly evaluation of staff members of ETF.

The EDPS made recommendations in particular relating to data retention period, the right of blocking and the privacy statement to be given to the data subjects