Management of information sent by OLAF- Commission
Opinion of 23 March 2009 on a notification for prior checking on the management of information sent by OLAF under Memorandum of Understanding (Case 2009-011)
The Memorandum of Understanding (hereinafter MoU) organising the exchange of information between OLAF and the Commission with respect to OLAF internal investigations in the Commission, adopted on 23 July 2003, provides for information to be provided by OLAF to the Commission in the context of internal investigations and communicated, in confidence and on a need-to-know basis, to the responsible Commissioners and Directors-General concerned. This information frequently contains personal data. The Commission does not receive all the data relating to investigations conducted by OLAF only that provided for by Regulation (EC) No 1073/1999 as specified in the MoU adopted in July 2003. This is summary information, in no way detailing all the activities undertaken during the investigations, hearings, evidence etc. OLAF has control of the information it sends to the Commission during an investigation and it generally sends summary information when an investigation is opened and in the course of it.
This enables the Commission (the Commissioner and the relevant department) to have the information necessary to take any precautionary measures justified in the circumstances in order to protect the institution's financial interests and reputation (purpose of the processing).
The proposed processing does not appear to involve breaches of the provisions of Regulation (EC) No 45/2001 provided that the Commission strengthens the principle of data quality, reassesses the data storage period, reviews the content of the information provided and the arrangements for so doing and makes arrangements for exercise of the rights of access and rectification for data subjects.