Die Verordnung (EU) 2018/1725 legt die Datenschutzverpflichtungen für die Organe, Einrichtungen und Agenturen der EU fest, wenn sie personenbezogene Daten verarbeiten und neue Strategien entwickeln. Darüber hinaus führt die Verordnung die Pflichten des EDSB auf. Diese umfassen seine Aufgaben als unabhängige Kontrollbehörde für die Organe und Einrichtungen der EU, wenn diese personenbezogene Daten verarbeiten, die Beratung zu politischen Maßnahmen und Rechtsvorschriften, die sich auf den Schutz der Privatsphäre auswirken, und die Zusammenarbeit mit vergleichbaren Behörden zur Gewährleistung eines kohärenten Datenschutzes.
Hier finden sich die EDSB-Dokumente über Privatsphäre und Datenschutz in Bezug auf die Verarbeitung personenbezogener Daten durch die Einrichtungen und Organe der EU, z. B. bei Mitarbeiterbewertung, Akkreditierung externer Besucher oder Zugangskontrolle.
Opinion of 28 March 2008 on the notification for prior checking regarding the case "Authorisations to give evidence in court" (Case 2007-721)
Opinion of 21 April 2008 on a notification for prior checking regarding the "Administration of JRC Ispra childcare facilities (crèche / garderie) (Case 2007-544)
The primary purpose of the processing is to admit children to the JRC Ispra Childcare Facilities, i.e. to the Crèche, the Garderie, the "Special Holidays" Garderie and the Halte-Garderie. The secondary purposes of the processing include the verification of the presence of the children, their medical surveillance, as well as the verification of the identity of persons authorised to collect the children.
The EDPS recommendations provided in this opinion aim to ensure the full compliance of the processing with Regulation 45/2001 and concern, in particular, the storage periods, as well as the information to be provided to the data subjects.
Opinion of 14 April 2008 on a notification for prior checking concerning the "Family leave / Compel personnel database / Electronic document management system (EDMS)" (Case 2007-498)
Health-related personal data of family members are being processed in connection with family leave that can be granted upon application in case of medically certified serious illness or handicap of certain family relatives.
The respective medical certificates are being validated by the EMEA Personnel & Budget Sector staff and/or may be reviewed by an UK based external medical contractor.
The EDPS recommendations provided in this opinion aim to ensure the full compliance of the processing with Regulation 45/2001 and concern, in particular, data transfers, the modalities of exercise of rights of access and rectification, as well as the information to be provided to the data subjects.
Opinion of 14 April 2008 on a notification for prior checking on the annual appraisal procedure (Case 2007-403)
The Community Plant Variety Office conducts an appraisal procedure every calendar year for each CPVO staff member concerned. The procedure is aimed at evaluating the staff members efficiency, abilities and conduct in service, identify training needs and is used as a career development tool which justifies the submission of the procedure to prior checking by the EDPS under Article 27 (2) (b) of Regulation 45/2001. The EDPS recommendations to be implemented by the CPVO includes, inter alia,
i) Adopt rules on retention of evaluation reports;
ii) Ensure that recipients are made aware that they shall process personal data only for the purposes they were transmitted for;
iii) Ensure that more specific and accurate information is provided to data subjects regarding the data transfer, right of data subjects, the right of recourse to EDPS and the data retention. The "CPVO appraisal guide" should therefore be amended.
Opinion of 7 April 2008 on a notification for prior checking on identity and access control system (Case 2007-635)
The Identity and Access Control System is part of the security infrastructure that protects OLAF premises and IT systems. The purpose of the data processing is to ensure that only authorised persons have access to OLAF's premises. The system is designed to control the identity and permit or deny access of persons entering and exiting from OLAF's premises outside working hours and special secure zones. To do so, OLAF uses a smartcard and the use of fingerprints authentication. Users' biometrics data are stored only on the smartcard which cannot be used for any other purpose. For the EDPS, the processing operation is not in breach of Regulation 45/2001 if OLAF takes into account the following recommendations, for instance regarding a reassessment of the concerned data subjects submitted to enrolment; the development of fallback procedures; the setting of a shorter conservation period of data after the first year of operation of the new system; the amendment of the privacy statement and the reconsideration of the technological taking into consideration the choice of the best available techniques and discussions on future security systems.