Sécurité de l’information

La sécurité de l’information est un moteur essentiel pour la protection de la vie privée et des données à caractère personnel. De plus, la plupart des organisations doivent faire face à un paysage en perpétuelle mutation affectant leurs activités. Les incertitudes engendrées par de tels changements auront une incidence sur la manière dont l'organisation doit réagir afin de s'assurer que ses informations sont dûment protégées. Par conséquent, un cadre spécifique permettant aux responsables de la sécurité de l'information de gérer les incertitudes susceptibles d'affecter, avec le temps, la sécurité des informations de leur organisation est nécessaire. Un tel cadre d'organisation spécifique est qualifié de processus de gestion des risques relatifs à la sécurité des systèmes d'information.

Il existe trois éléments généralement acceptés pour assurer de façon adéquate la sécurité de l’information :

la confidentialité : afin que seules les bonnes personnes aient accès à l’information ;
l’intégrité : afin que seules les bonnes personnes puissent actualiser les informations de façon adéquate ; et
la disponibilité : les informations sont disponibles lorsqu’elles sont nécessaires.

Filters

Filter by Publication Year

Filter by Tags

Filter by Institution

Filter by Publication Type

Mar

2009

Opinions

Transplantation d'organes

Avis sur la proposition de directive relative aux normes de qualité et de sécurité des organes humains destinés à la transplantation, JO C192, 15.08.2009, p. 6

The proposal provides for national quality programmes to advance organs donation and transplantation, including a traceability mechanism to ensure that all organs can be traced from donation to reception and vice versa. The proposed procedure involves the collection and circulation of health data, which are regarded as sensitive and therefore fall under the stricter rules of EU data protection legislation.

The EDPS welcomes the attention given in the proposal to the data protection needs arising both for the donors and the recipient of organs, especially as concerns the requirement for keeping their identities confidential. He however recommends to further emphasize the need for reinforced protection of the donors' and recipients' personal data throughout the organs traceability chain established within the proposal. This can be achieved with the application of strong organisational and technical security measures, both in the national donors and recipients databases, as well as in the cross-border exchange of organs.

Basic principles for national security measures may include the following:
adoption of a specific information security policy;
definition of a confidentiality and access control policy, together with data confidentiality guarantees for the persons involved in the processing;
addressing security mechanisms in the national databases, based on the concept of "privacy by design" (i.e. application of data protection requirements as early as possible in the life cycle of new technological developments);
ensuring regular monitoring and independent audits of the security policies in place.

With regard to the cross-border exchange of organs, the need for harmonizing information security policies among Member States should be further stressed. In addition, special attention should be paid to the possibilities of indirect identification of donors and recipients' data (pseudonymisation). The EDPS also recommends specific consultation with the national data protection authority when organs are exchanged with third countries.

Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish

COM(2008) 218 du 8.12.2008

Langues disponibles: anglais, français

Topics

Sécurité de l’information

Santé

Mar

2008

Opinions

Eléments de sécurité et biométriques des passeports

Avis concernant la proposition de règlement modifiant le règlement (CE) n° 2252/2004 du Conseil établissant des normes pour les éléments de sécurité et les éléments biométriques intégrés dans les passeports et les documents de voyage délivrés par les Etats membres, JO C 200, 06.08.2008, p. 1

On 26 March 2008, the EDPS adopted an opinion on the Commission's proposal aiming at revising the 2004 Council Regulation that sets out minimum standards for security features and biometrics in passports and travel documents.

The EDPS welcomes the introduction of exemptions from giving fingerprints based on the age of the person or his/her inability to provide fingerprints. However, he still considers these exemptions as insufficient to remedy the imperfections of biometrics, such as the impact of misidentification or failure to enrol.
The EDPS' opinion includes the following recommendations:

fingerprints from children: the proposed six-year age limit should be considered as a provisional one, or brought in line with international practice (14 years). After three years, the age limit should be reviewed and defined by an in-depth study which is to identify the accuracy of the systems obtained under real conditions;
fingerprints from the elderly: an age limit for elderly, based on similar experiences already in place (79 years), should be introduced as an additional exemption;
principle of "one person-one passport": this principle should be applied only to children above the relevant age limit;
"breeder" documents: additional measures should be proposed to harmonise the production and the use of documents required in Member States to issue passports (“breeder” documents).

The EDPS recalls that exemptions should in no way stigmatize or discriminate individuals who will be exempt, because of their age as a precautionary principle or because they present obviously unreadable fingerprints

COM(2007) 619 final du 18.10.2007

Langues disponibles: anglais, français

Topics

Sécurité de l’information

Technologies

Données biométriques

Feb

2007

Opinions

Office européen de police

Avis sur la proposition de décision du Conseil portant création de l'Office européen de police (Europol) (COM(2006) 817 final), JO C 255, 27.10.2007, p. 13

The objective of the proposal is not a major change in the mandate or the activities of Europol, but mainly to provide Europol with a new and more flexible legal basis. The proposal also contains substantive changes, so as to further improve Europol's functioning. It extends the mandate of Europol and it contains several new provisions, aiming to further facilitate the work of Europol, for instance on the exchange of data between Europol and other bodies of the EC/EU, like Olaf.. The proposal contains specific rules on data protection and data security, additional to the general legal framework on data protection for the third pillar that has not yet been adopted. Other changes will bring the position of Europol more in line with other bodies of the EU.

The EDPS-opinion suggests a number of improvements and concludes moreover that the Council Decision should not be adopted before the adoption by Council of a framework on data protection, guaranteeing an appropriate level of data protection.

COM(2006) 817 final du 20.12.2006

Langues disponibles: anglais, français

Topics

Délégué à la protection des données

Interopérabilité

Sécurité de l’information

Coopération policière

Oct

2006

Opinions

Titres de séjour

Avis sur la proposition modifiée de règlementdu Conseil modifiant le règlement (CE) no 1030/2002 établissant un modèle uniforme de titre de séjour pour les ressortissants de pays tiers, JO C 320, 28.12.2006, p. 21

Following the introduction of biometric features in European passports and Schengen visas, this proposal is the third one to rely on biometric data. The EDPS supports the proposal but stresses that the residence permit should not be seen as a travel document. Also, he underlines that the highest security standards need to be adopted.

If the safeguards recommended in the opinion are implemented, the EDPS does not oppose the use of biometric data which are justified by the enhancement of the security level and by facilitating the fight against illegal immigration and illegal residence. The EDPS welcomes the progress to have better respect for the principle of purpose limitation, but is concerned by the definition of authorities which have access to the data stored.

The EDPS supports the equal treatment of European citizens and third country residents whereby they have access to electronic services, such as e-government services. However, he recommends postponing the insertion of an additional chip for such services until a complete impact assessment study has been conducted.

Langues disponibles: Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Dutch, Polish, Portuguese, Slovak, Slovenian, Finnish, Swedish

Topics

Sécurité de l’information

Frontières, asile, migration

Technologies

Données biométriques

First page
Previous page
…
6
7
8
9
10

Access to documents
Administrative and Human Resources
AI Supervision by EDPS
Article 7 - droit à la vie privée
Règles d'entreprise contraignantes
Données biométriques
Blanchiment d'argent
Systèmes de transport intelligent
Case Management System
CEDH
CJUE
Communication
Recherche de preuves informatiques
Conseil de l'Europe
Conservation des données
COVID-19
Violation de données à caractère personnel
Droit d'information
Système PNR de l'UE
Europol
Finance
Informatique au travail
IT
Localisation
Management of the EDPS
Santé mobile
Technologies renforçant la protection de la vie privée
Physical Security
Public Events
Règlement (UE) 2018/1725
Safe Harbour
Système d’information Schengen
SIS SCG
Staff Committee
Supervision by EDPS
Surveys
Article 8 - Droit à la protection des données
Droit d'accès
Chaîne de blocs
Chiffrement
Clauses contractuelles types
Essais cliniques
Convention 108
Coopération fiscale
CrEDH
Cybersécurité
Discipline, Enquêtes
eCall
Système européen d'information sur les casiers judiciaires
PNR
OCDE
Profilage
Système d’information sur les visas
VIS SCG
Adequacy Decision
Anti-fraude
Informatique en nuage
Comité européen de la protection des données - Groupe de travail «Article 29»
Convention sur la cybercriminalité
Lutte contre le terrorisme
Drones
Droit de rectification
Eurodac
Eurodac SCG
Evasion fiscale
Privacy Shield
Appareils mobiles et applications
Système d’information douanier
CIS SCG
Umbrella Agreement
Droit à l'effacement
Marchés financiers
Nations Unies
Recrutement
Système d’information du marché intérieur
Données ouvertes
Droit à la limitation du traitement
Évaluation du personnel
IMI SCG
TTIP
Conditions de travail
Compteurs intelligents
Droit à la portabilité des données
Système d'entrée/sortie
Marchés, Subventions, Experts
Droit d'opposition
Réseaux sociaux
Prise de décision individuelle automatisée
Données concernant la santé au travail
Anti-harcèlement
Délégué à la protection des données
Conflits d'intérêts
Sécurité et accès aux locaux
Neutralité du réseau
Encryption
Intelligence artificielle
Etique
Robotique
Charte des droits fondamentaux de l’Union européenne
Règlement général sur la protection des données
Directive sur la police
Directive «vie privée et communications électroniques»
Règlement (CE) n° 45/2001
Droits de l'individu
Nécessité et Proportionalité
Protection des données dès la conception
Interopérabilité
Protection des données par défaut
Responsabilité du responsable du traitement
Accords internationaux
Normes internationales
Coopération internationale
Jurisprudence et litiges
Transferts de données
Coordination de la Supervision
Systèmes Informatiques à Grande échelle
Sécurité de l’information
Digital Clearinghouse 2.0
Internet des objets
Système de gestion des informations personnelles
IPEN (Réseau d'ingénierie de la vie privée sur Internet)
Administration en ligne
Frontières, asile, migration
Politique étrangère et de sécurité commune
Concurrence
Consommateurs
Finance et économie
Santé
Marché intérieur
Marché unique numérique
Coopération judiciaire
Coopération policière
Communications électroniques, société de l’information
Recherche et science
Transports
Respect de la vie privée dans les institutions de l'UE
Transparence
Lancement d'alerte
Surveillance
Sécurité
Technologies

Agency for the Cooperation of Energy Regulators (ACER)
Body of European Regulators for Electronic Communications (BEREC)
Clean Sky Joint Undertaking (CSJU)
Committee of the Regions (CoR)
Community Plant Variety Office (CPVO)
Consumers, Health and Food Executive Agency (CHAFEA)
Council of the European Union
Court of Justice of the European Union (CJEU)
ECSEL Joint Undertaking (ECSEL)
eu-LISA
European Agency for Safety and Health at Work (EU-OSHA)
European Anti-Fraud Office (OLAF)
European Asylum Support Office (EASO)
European Aviation Safety Agency (EASA)
European Banking Authority (EBA)
European Border and Coast Guard Agency (FRONTEX)
European Central Bank (ECB)
European Centre for Desease Prevention and Control (ECDC)
European Centre for the Development of Vocational Training (Cedefop)
European Chemicals Agency (ECHA)
European Climate, Infrastructure and Environment Executive Agency (CINEA)
European Commission
European Court of Auditors (ECA)
European Data Protection Board (EDPB)
European Data Protection Supervisor (EDPS)
European Defence Agency (EDA)
European Economic and Social Committee (EESC)
European Education and Culture Executive Agency (EACEA)
European Environment Agency (EEA)
European External Action Service (EEAS)
European Fisheries Control Agency (EFCA)
European Food Safety Authority (EFSA)
European Foundation for the Improvement of Living and Working Conditions (Eurofound)
European GNSS Agency (GSA)
European Health and Digital Executive Agency (HaDEA)
European Innovation Council and SMEs Executive Agency (EISMEA)
European Institute for Gender Equality (EIGE)
European Institute of Innovation and Technology (EIT)
European Insurance and Occupations Pensions Authority (EIOPA)
European Investment Bank (EIB)
European Investment Fund (EIF)
European Labour Authority (ELA)
European Maritime Safety Agency (EMSA)
European Medicines Agency (EMA)
European Ombudsman (Ombudsman)
European Parliament
European Personnel Selection Office (EPSO)
European Police College (CEPOL)
European Police Office (EUROPOL)
European Public Prosecutor's Office (EPPO)
European Research Council Executive Agency (ERCEA)
European Research Executive Agency (REA)
European Securities and Markets Authority (ESMA)
European Systemic Risk Board (ESRB)
European Training Foundation (ETF)
European Union Agency for Fundamental Rights (FRA)
European Union Agency for Network and Information Security (ENISA)
European Union Agency for Railways (ERA)
European Union Drugs Agency
European Union Institute for Security Studies (EUISS)
European Union Intellectual Property Office (EUIPO)
European Union Satellite Centre (EUSC)
Fuel Cells & Hydrogen Joint Undertaking (FCHJU)
Fusion for Energy (F4E)
Innovative Medicines Initiative Joint Undertaking (IMI JU)
Joint Research Centre (JRC)
Office for Harmonisation in the Internal Market (OHIM)
Other
SESAR Joint Undertaking (SESAR JU)
Single Resolution Board (SRB)
The European Union's Judicial Cooperation Unit (EUROJUST)
Translation Centre for the Bodies of the European Union (CdT)

Avis administratifs
AI Act
Avis conjoints EDPS-EDPB
Book
Data Protection Notices
DPO Meetings and Trainings
Institutional Agenda
Transferts internationaux
TechDispatch
Memorandum of Understanding
Resolutions
Reference Library
European Conferences
DPO News
Events
International Conferences
Legislation
Reports
Priorities
Press Releases
Avis de contrôle préalable et consultations préalables
Other Documents
Papers
SCG Documents
Speeches & Articles
Strategy
Opinions Non Prior Check
Avis du CEPD
Code of Conducts
Commentaires formels
Supervisory Opinions
Call for Tenders
Brochures
Annual Activity Reports
Annual Reports
Court Cases
Enquêtes
Inspections
Newsletters
Lignes directrices
Forms
Ethical Framework
Factsheets
Consultations Administratives