Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions, bodies and agencies when they process personal data and develop new policies. This regulation also defines the obligations of the EDPS, including his role as an independent supervisory authority of EU institutions and bodies when they process personal data, and to advise on policies and legislation which affect privacy and cooperate with similar authorities to ensure consistent data protection.
Answer to a notification for prior checking relating to mission management at the Translation Centre for the Bodies of the European Union (Case 2009-17)
Answer to a notification for prior checking concering spontaneous applications (Case 2008-779)
Opinion of 26 January 2009 on a notification for prior checking concerning "Threats to European Commission interests in the areas of counter-intelligence and counter-terrorism" (Case 2008-0440)
In the context of threat management in the areas of counter-espionage and counter-terrorism, the European Commission has set up the two separate procedures of security investigations and screening procedures in order to protect its interests and those of the Member States. The EDPS has examined the two procedures and issued recommendations including the following: establishment of a more detailed legal basis covering a broader scope spanning all the possibilities for launching a screening procedure and establishment of a procedure ensuring that data are stored no longer than necessary. The EDPS also recommended revising the screening section of the privacy statement and pro-actively supplying data subjects of screening with the privacy statement.
Opinion of 21 January 2009 on a notification for prior checking concerning the report on probation period (Case 2008-604)
The European Parliament has implemented a data processing to evaluate newly recruited officials, temporary and contract agents during the initial period of their employment, which serves as a basis for the confirmation, dismissal or possible extension of the probation period of that person.
Amongst its recommendations, the EDPS in particular asked that the European Parliament ensures that no sensitive data relating to health is processed, that recipients of the data are reminded to use the data only for the purpose for which they were transmitted, and that data subjects are informed about the data retention periods and their rights of access and rectification which can be done by adding the necessary information in the Vade-mecum to newcomers and in the probation report form.
Opinion of 21 January 2009 on a notification for prior checking on the assessment of staff's capacity to work in a third language before first promotion (Case 2008-690)
The European Parliament has implemented a data processing to evaluate the capacity of officials and contractual agents in function group IV to work in a third language. Officials must demonstrate the capacity to work in a third language to be eligible for a first promotion, and contractual agents must prove their ability to work in a third language before the renewal of their contract for an indefinite period.
The EDPS recommends that appropriate data retention periods are defined for the conservation of these assessments, that a procedure is implemented ensuring the exercise by individuals of their right to access and rectify their assessment (in particular access and rectification to the tests organized by EPSO), that specific information concerning the processing of individuals' data for the purpose of the assessment of the capacity to work in a third language is provided to the persons concerned. The EDPS also outlines that the staff processing personal data should be reminded of their duty of confidentiality towards such data.