Privatsphäre in den EU-Organen

Opinion of 20 June 2008 on the notification for prior checking concerning the staff recruitment (Case 2008-157)

Opinion of 20 June 2008 on a notification for prior checking  on the management of leave and flexitime (Case 2008-158)
The EMCDDA records all leave taken by its staff on an in-house database "Sic Congés". The system is designed to enable every member of staff to enter, amend or cancel data necessary for a leave application as well as to enable managers (head of units, director) to monitor leave and leave administrators (HR staff) to manage leave entitlements. When doing so, personal data concerning health are revealed in order to justify medical absences. In his opinion the EDPS scrutinised the steps of the procedure which deserve close attention from a data protection point of view and made recommendations on several points, including the storage of data, handling of medical certificates, procedure for rectification of data and information of the concerned staff members.

Answer to a notification for prior checking concerning Email system log files & Firewall - Monitoring of internet connections (Cases 2008-269 and 2008-270)

Opinion of 20 June 2008 on a notification for prior checking on the "Day care centre" case (Case 2008-193)
CEDEFOP’s day care centre (DCC) is a facility offered by CEDEFOP to its employees. The purpose of the data processing is to admit the staff's children to the DCC and make the medical records (vaccination and allergies record) available to the DCC staff. The purpose is also to calculate each month the financial contribution to be paid by the parents of children enrolled at the DCC and to know whom to contact in case of an emergency. The DCC shall offer a safe environment and stimulating pedagogical programme to children who are attending the services of the ‘nursery’ and ‘after-school care’. 

The main recommendations issued by the EDPS in the framework of his opinion relating to DCC are dealing with quality of data, retention period, transfer and information given to data subjects.

Opinion of 19 June 2008 on the notification for prior checking regarding EMEA's "Access" recruitment database and selection and recruitment procedures (Case 2007-422)

This opinion concerns the selection and recruitment organized at the EMEA. The recommendations of the EDPS include the following:

Regarding proportionality, the questions relating to past convictions should be limited in time to those which actually appear on the applicant's criminal record at the time of applying for the position. As for optional data entries, EMEA should more clearly indicate on the application form the provision of what information is optional. Concerning psychometric testing, should EMEA continue to use psychometric testing as part of its selection procedures, it should submit this aspect of the recruitment procedure for prior checking by the EDPS. As regards the conservation of the data, EMEA should reconsider the conservation periods to ensure that data are kept no longer than necessary for the purposes initially contemplated. In particular, when data are conserved for budgetary discharge, control and audit purposes, personal data contained in supporting documents shall be deleted where possible when those data are not necessary for these purposes. Special attention should be paid to highly sensitive data such as information regarding disability and criminal records. As for rights of access, EMEA should revise its procedures to ensure that no access request is turned down merely because it is not submitted on the form specified. Further, EMEA should reconsider the restrictions it has put in place in order to preserve the confidentiality of the deliberations of the selection panel in view of reconciling this interest with the candidates’ right of access. Regarding information to data subjects, specific notice should be provided with respect to all items under Article 11 and 12 of the Regulation in a specific and clear manner, in addition to the availability of EMEA's general “Data Protection Declaration”.