Print

Privacy in the EU Institutions

Regulation (EU) 2018/1725 lays down the data protection obligations for the EU institutions, bodies and agencies when they process personal data and develop new policies. This regulation also defines the obligations of the EDPS, including his role as an independent supervisory authority of EU institutions and bodies when they process personal data, and to advise on policies and legislation which affect privacy and cooperate with similar authorities to ensure consistent data protection.

 

 

 

Filters

10
Sep
2007
Opinions Prior Check and Prior Consultations

Medical service - Commission

Opinion of 10 September 2007 on the notification for prior checking on the "Management of the activities of the Medical Service in Brussels and Luxembourg, in particular via the SERMED computer application" (Case 2004-232)

The Medical Services in Brussels and Luxembourg use the SERMED database for the day-to-day management of their activities. This database supports the management of medical activities in the fields of preventive and occupational medicine as well as medical check-ups. SERMED can be used to record certain information necessary for the procedures which the Medical Service must carry out: medical examinations, the management of medical absences and check-ups, invalidity procedures and occupational accidents. This information is sorted into lists over a certain period of time (the "reporting" module). As well as SERMED, the Medical Service in Brussels uses another application (DREC) to follow up requests for the reimbursement of additional tests and other medical expenses.

The EDPS concluded in his prior checking that the proposed processing operation does not appear to involve any infringement of the provisions of Regulation (EC) No 45/2001 provided account is taken of the comments made below. In particular, this implies that the Commission:

  • having regard to the particularly sensitive nature of the information included in SERMED, should remind persons having access to SERMED of the confidentiality requirement;
  • should point out to SERMED users that the field "comment" must contain only administrative data;
  • should remove the reference to the doctor's specialisation as indicated on the medical certificate in SERMED;
  • should keep the EDPS informed of the introduction of the module facilitating access to information relating to the person concerned.
Available languages: English, French
Topics
Privacy in the EU Institutions
Health Data in the Workplace
7
Sep
2007
Opinions Prior Check and Prior Consultations

Security clearance - European Central Bank

Opinion of 7 September 2007 on a notification for prior checking related to the application of the security clearance rules (Case 2007-371)

This prior check concerns the data processing activities which the ECB carries out in the context of running security clearance procedures in order to ascertain whether or not a person is eligible for a security clearance. Towards this end, the ECB collects and further processes the legal/criminal history related to those who are subject to such procedures which include those selected for employment at the ECB, non-staff members and unescorted visitors who have to move within the premises of the ECB. 
 
In his opinion, the EDPS concluded that the ECB has substantially followed all the principles of the Regulation. Nevertheless the EDPS recommended that the ECB:
  • Redefines the nomenclature (mainly with respect to the "certificate of good conduct"), and its definition in order to prevent the collection of information that goes beyond the recollection of criminal convictions.
  • Includes a limit in the first question of the self-declaration form so that individuals are not required to provide information on crimes that would not be included in a criminal record. Also, in this question, delete the reference to imprisonments and consider rephrasing the question as suggested in this Opinion.
  • Amends the self-declaration form so that traffic offences are excluded from the scope of the question (which asks whether there are criminal cases pending against the individualSets up a system to ensure the effective application of the rectification right and data quality and conservation principles as far as the certificates of good conduct are concerned.
  • Amends the privacy statement as recommended in the Opinion.
Available languages: English, French
Topics
Privacy in the EU Institutions
Security & Access to Premises
4
Sep
2007
Opinions Prior Check and Prior Consultations

Assessment of the third language - EPSO

Opinion of 4 September 2007 on the notification for prior checking on the "Assessment of the ability to work in a third language (application of Article 45(2) of the Staff Regulations" (Case 2007-88)

Article 45(2) of the Staff Regulations, which entered into force on 1 May 2004, provided for a process of assessment of staff's ability to work in a third language before the first promotion after recruitment. "Officials shall be required to demonstrate before their first promotion the ability to work in a third language among those referred to in Article 314 of the EC Treaty. The institutions shall adopt common rules by agreement between them for implementing this paragraph (…)."  The common rules laying down the procedure for implementing Article 45(2) of the Staff Regulations were adopted by all institutions at the end of December 2006. The assessment, based on tests or on certificates/diplomas, is carried out by EPSO in conjunction with assessment committees or by processors.

The EDPS made a number of recommendations in his opinion on EPSO's assessment of the ability to work in a third language; these chiefly concern the transfer -of data, the wording of contracts between EPSO and processors, and reviewing automated individual decisions.

Available languages: English, French
Topics
Privacy in the EU Institutions
Staff Evaluation