Disziplinarverfahren und interne Ermittlungen

Answer to a notification for prior checking relating to "outside activities of staff" (Case 2008-685)

Opinion of 26 January 2009 on a notification for prior checking concerning "Threats to European Commission interests in the areas of counter-intelligence and counter-terrorism" (Case 2008-0440)
In the context of threat management in the areas of counter-espionage and counter-terrorism, the European Commission has set up the two separate procedures of security investigations and screening procedures in order to protect its interests and those of the Member States. The EDPS has examined the two procedures and issued recommendations including the following: establishment of a more detailed legal basis covering a broader scope spanning all the possibilities for launching a screening procedure and establishment of a procedure ensuring that data are stored no longer than necessary.  The EDPS also recommended revising the screening section of the privacy statement and pro-actively supplying data subjects of screening with the privacy statement.

Opinion of 12 December 2008 on a notification for prior checking on the conduct of investigations by the Security Office (Case 2008-0410)
 

Opinion of 3 November 2008 on the notification for prior checking on "Traffic violations with official vehicles of the Commission managed by the Infrastructure and Logistics Office - Brussels (OIB)" (Case 2008-395)

Within the European Commission, the Mobility and Supplies Unit, which is responsible for managing the car pool, deals with offences against the highway code committed by the drivers of official Commission vehicles managed by the OIB. The purposes of the processing operation are to examine whether, when traffic violations are committed by the drivers of official Commission vehicles, the immunity granted by the Protocol on Privileges and Immunities can be invoked, and to provide administration and follow-up.

The proposed data processing operation complies with Regulation (CE) No 45/2001, if the Commission:

• reminds anyone who receives or processes data in the context of the procedure for handling penalty notices that the data may not be used for other purposes;
• complies with Articles 8 and 9 as regards the transfer of data to the competent authorities;
• as well as publishing the privacy statement on the internet, sends it to all data subjects concerned by this processing operation at the same time as the document on the procedure for forwarding the penalty notice;
• updates the "Information for the attention of drivers of official Commission vehicles" to make the necessary changes (name of the controller and details of the data recipients).

Opinion of 2 October 2008 on a notification for prior checking on security investigations (Case 2007-736)

The ADMIN/DS/RA section of the Commission is empowered to take measures in response to criminal acts concerning the buildings occupied by the Commission, the people who work in or for various reasons have access to those buildings, and any other acts which may be harmful to the institution. This includes collecting and keeping evidence and taking various investigative steps to gather such evidence, technical reporting, and collecting statements from victims, complainants, witnesses and where appropriate the perpetrators of acts.

The EDPS has examined the processing of personal data in the procedure for security investigations, and has concluded that it does not appear to breach the provisions of Regulation (EC) No 45/2001 so long as certain recommendations are followed, in particular that the department responsible should assess the proportionality of its processing activities on a case‑by‑case basis; that it should provide adequate safeguards during its activities; that it should ensure that transfers of data are legal and necessary; that it should improve the procedures relating to the rights of access to and rectification of data, and should provide the requisite information to the data subjects concerned by the investigations.