Privacy in the EU Institutions

Opinion of 16 September 2008 on the notification for prior checking regarding the "Flexitime interface-PersonaGrata (DGA3) dossier (Case 2008-324)

This prior check by the European Data Protection Supervisor is the first to be based on Article 27(2)(c), which provides for the prior checking of "processing operations allowing linkages not provided for pursuant to national or Community legislation between data processed for different purposes". The purpose of the interface between Flexitime and PersonaGrata at the Council is to make it possible to prevent duplication of the work of encoding data considered as equivalent between the two databases with the dangers of error that that entails, and thus to ensure consistency between the two databases, improve the efficiency of personnel management in the departments and units and to provide more reliable information. As regards the clocking data, the purpose of the interface is to export those data from the Flexitime database to the PersonaGrata system.

The EDPS' main recommendations for the interface between Flexitime and PersonaGrata concern compliance with the rules laid down for the Flexitime case (including those on the provision of information to data subjects and the data storage period), to maintain consistency between these two cases. The EDPS also asks that there should be a specific procedure for saving data in connection with that interface.

Avis du 16 septembre 2008 sur la notification d'un contrôle préalable sur l'accréditation du personnel des firmes externes participant aux réunions du Conseil européen (Dossier 2007-046)

Avis du 16 septembre 2008 sur la notification d'un contrôle préalable sur l'accréditation de journalistes participant aux réunions du Conseil européen (Dossier 2004-259)
 

Answer of 15 September 2008 to a notification for prior checking relating to the DG ENTREPRISE's ("DG ENTR") flexitime interface to TIM (Case 2008-111)

In this notification relating to Flexitime, DG ENTR intends to implement a button interface in working PCs to collect presence data. In his analysis, the EDPS considers that the purpose of the notified treatment by DG ENTR does not fully meet the purpose of flexitime, as derived from the analysis of TIM and opposes the sending of e-mails to a functional mailbox of the Head of Units. However, the EDPS recognises that the idea to have a user friendly interface to store timestamps into TIM without the need to use the graphical user interface of SYSPER2-TIM should not be prevented.

Opinion of 15 September 2008 on a notification for prior checking regarding the processing operations to manage calls for tenders and contracts (Case 2008-346)
The purpose of the data processing operations is to manage calls for tenders and contracts between the EESC and the CoR on one side and third parties on the other side.  The information is used in the context of evaluating tenders.The Opinion concludes by giving some recommendations to data controller towards ensuring full compliance with Regulation (EC) No 45/2001. In particular, it calls upon controllers to consider shortening conservation times and  to ensure that   observers and experts keep confidentially the information submitted to them.