Disziplinarverfahren und interne Ermittlungen

Opinion of 23 March 2009 on a notification for prior checking on the management of information sent by OLAF under Memorandum of Understanding (Case 2009-011)

The Memorandum of Understanding (hereinafter MoU) organising the exchange of information between OLAF and the Commission with respect to OLAF internal investigations in the Commission, adopted on 23 July 2003, provides for information to be provided by OLAF to the Commission in the context of internal investigations and communicated, in confidence and on a need-to-know basis, to the responsible Commissioners and Directors-General concerned.  This information frequently contains personal data.  The Commission does not receive all the data relating to investigations conducted by OLAF only that provided for by Regulation (EC) No 1073/1999 as specified in the MoU adopted in July 2003.  This is summary information, in no way detailing all the activities undertaken during the investigations, hearings, evidence etc.  OLAF has control of the information it sends to the Commission during an investigation and it generally sends summary information when an investigation is opened and in the course of it.
This enables the Commission (the Commissioner and the relevant department) to have the information necessary to take any precautionary measures justified in the circumstances in order to protect the institution's financial interests and reputation (purpose of the processing).

The proposed processing does not appear to involve breaches of the provisions of Regulation (EC) No 45/2001 provided that the Commission strengthens the principle of data quality, reassesses the data storage period, reviews the content of the information provided and the arrangements for so doing and makes arrangements for exercise of the rights of access and rectification for data subjects.

Answer to a notification for prior checking relating to "outside activities of staff" (Case 2008-685)

Opinion of 26 January 2009 on a notification for prior checking concerning "Threats to European Commission interests in the areas of counter-intelligence and counter-terrorism" (Case 2008-0440)
In the context of threat management in the areas of counter-espionage and counter-terrorism, the European Commission has set up the two separate procedures of security investigations and screening procedures in order to protect its interests and those of the Member States. The EDPS has examined the two procedures and issued recommendations including the following: establishment of a more detailed legal basis covering a broader scope spanning all the possibilities for launching a screening procedure and establishment of a procedure ensuring that data are stored no longer than necessary.  The EDPS also recommended revising the screening section of the privacy statement and pro-actively supplying data subjects of screening with the privacy statement.

Opinion of 12 December 2008 on a notification for prior checking on the conduct of investigations by the Security Office (Case 2008-0410)
 

Opinion of 3 November 2008 on the notification for prior checking on "Traffic violations with official vehicles of the Commission managed by the Infrastructure and Logistics Office - Brussels (OIB)" (Case 2008-395)

Within the European Commission, the Mobility and Supplies Unit, which is responsible for managing the car pool, deals with offences against the highway code committed by the drivers of official Commission vehicles managed by the OIB. The purposes of the processing operation are to examine whether, when traffic violations are committed by the drivers of official Commission vehicles, the immunity granted by the Protocol on Privileges and Immunities can be invoked, and to provide administration and follow-up.

The proposed data processing operation complies with Regulation (CE) No 45/2001, if the Commission:

• reminds anyone who receives or processes data in the context of the procedure for handling penalty notices that the data may not be used for other purposes;
• complies with Articles 8 and 9 as regards the transfer of data to the competent authorities;
• as well as publishing the privacy statement on the internet, sends it to all data subjects concerned by this processing operation at the same time as the document on the procedure for forwarding the penalty notice;
• updates the "Information for the attention of drivers of official Commission vehicles" to make the necessary changes (name of the controller and details of the data recipients).