Privatsphäre in den EU-Organen

Opinion of 3 July 2009 on a notification for prior checking on the processing of personal data in the hearings of the Commissioners-designate (Case 2009-0332)

On 3 July 2009, the EDPS issued a prior checking opinion focusing on the processing of personal data in the hearings at the European Parliament of the Commissioners-designate.

During the hearings, the appropriate committee or committees shall invite the Commissioner-designate to make a statement and answer questions. The hearings shall be organised in such a way as to enable Commissioners-designate to disclose to Parliament all relevant information. All hearings will be web-streamed on the website of the EP. An indexed video recording of the hearings shall be made available for the public record within twenty-four hours. All CVs and additional documents will be part of the meeting documents of the committee and published on the EP website and available in the meeting room. The period of conservation of the data is five years. The data are subsequently transmitted to the central archives (CARDOC) for indefinite conservation.

In his opinion, the EDPS underlined that data could be kept after the initial conservation period for historical purposes, but that there should be a selection and verification process on the basis of criteria determined at an institutional level so as to only retain data of historical value. Appropriate safeguards must be put into place to ensure that the data kept on the basis of their historical value are not processed for any other purposes or used in support of measures or decisions regarding a particular individual. As for data which, after selection, are not considered as of historical value, they may only be stored for longer than the initial 5 year period of retention, if they are made anonymous or, if this is not possible, with the identity of the data subjects encrypted. Furthermore, although the Commissioners-designate are probably aware of the public nature of the data provided and the fact that the hearings will be made public notably through web-streaming, in order to ensure fairness of the processing further information could be provided on this in the Privacy statement.  The EDPS also invited the Parliament to ensure that the integrity of the data transmitted from the Council is respected.

Opinion of 1 July 2009 on a notification for prior checking regarding training evaluation (Case 2009-220)

Opinion of 30 June 2009 on the call for tender procedures and management of contracts (Case 2009-323)

See EDPS prior checking opinion (2008-346) of 15 September 2008.

Opinion of 22 June 2009 on the notification for prior checking concerning "Time and absence management" (Case 2009-072)
On 22 June 2009, the EDPS adopted an opinion on time and absence management at the European Center for Disease Prevention and Control (ECDC). The EDPS considers that the processing is lawful to the extent that it is limited to the purpose of time and absence management and that it does not lead to monitor on a regular basis the staff to evaluate personal aspects of the data subject, such as his/her ability, efficiency or conduct. Specific guarantees should be implemented as regards the processing of sensitive data, and in particular the ECDC should ensure that certificates containing medical data are sent by data subjects to an external medical service. The EDPS stresses that the right of an individual to access and rectify personal data concerning him or her should be ensured to all data subjects whom data are processed including trainees and family members, whatever the format in which such data are processed. The EDPS insists that ECDC must determine appropriate periods for the conservation of personal data.

Answer to a notification for prior checking concerning the management of medical certificates (Case 2009-201)