6
May
2009
Personal data transfers by OLAF
Analysis of the EDPS on a consultation on questions concerning the treatment of personal data transfers by OLAF
Print
Transferts de données
Le transfert des données à caractère personnel hors de l’UE n’est autorisé que sous certaines conditions telles qu’énoncées dans la directive 95/46/CE ainsi que dans le règlement général sur la protection des données qui sera pleinement applicable à partir de mai 2018. Si un pays est considéré par la Commission européenne comme offrant un niveau de protection adéquat , il sera soumis aux mêmes règles qu’un État membre de l’UE, ce qui signifie que le destinataire des données dans cet État ne sera pas tenu de prendre des mesures spécifiques pour permettre le transfert. Le transfert de données vers un pays sans une décision relative à l’adéquation du niveau de protection des données exige des garanties appropriées, telles que des clauses contractuelles types ou des règles d’entreprise contraignantes. Des dérogations à cette règle peuvent être obtenues dans des cas très spécifiques. Le Comité européen de la protection des données, dont le CEPD est membre, fournira à la Commission des avis sur ce sujet.
Filters
4
Mar
2009
Politique commune de la pêche
Avis sur la proposition de règlement du Conseil instituant un régime communautaire de contrôle afin d'assurer le respect des règles de la politique commune de la pêche, JO C 151, 03.07.2009, p. 11
There are different reasons why data protection provisions in the context of this proposal are relevant. First, the proposal foresees the processing of various data, which in certain cases, can be considered as personal data. Moreover, the proposal also foresees transfers of these data and exchanges of information, both between Member States and with the Commission or the Community Fisheries Control Agency. The EDPS also notes that the proposal foresees the use of aggregated data in certain circumstances. All these aspects require respecting the data protection legal framework.
The EDPS welcomes that reference to privacy and data protection is made within the current proposal. However, some amendments are needed in order to provide clear requirements, both for the Member States and for the Commission to address the data protection aspects of the system.
Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
COM(2008) 721 du 14.11.2008
Langues disponibles: anglais, français
12
Dec
2008
11
Nov
2008
Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations
Avis concernant le rapport final du Groupe de contact à haut niveau UE/Etats-Unis sur le partage d'informations et la protection de la vie privée et des données à caractère personnel, JO C 128, 06.06.2009, p. 1
The opinion relates to the Final Report by the EU-US High Level Contact Group on information sharing and privacy and personal data protection, which was presented by the EU Presidency in June 2008. The Report defines common principles on privacy and data protection as a first step towards the exchange of information between the EU and the US to fight terrorism and serious transnational crime. It also identifies options for a possible instrument that would apply the agreed common principles to data transfers.
The EDPS welcomes the progress achieved by the EU and US authorities to ensure an effective regime for privacy and personal data protection in the exchange of law enforcement information. He however emphasises the need for a careful analysis of the considered ways forward and recommends the development of a road map towards a possible agreement. Such a road map would involve all stakeholders at the different stages of the procedure and contain guidance for the continuation of the work, a timeline, as well as a further elaboration of the data protection principles on the basis of a common understanding on essential issues, such as the scope and nature of an agreement.
The EDPS calls for clarification and concrete provisions regarding the main following aspects:
- nature and scope of an instrument on information sharing: for the sake of legal certainty, the EDPS shares the report's preferred option for the adoption of a legally binding instrument. This general instrument would need to be combined with specific agreements on a case by case basis to reflect the many specificities of data processing in the field of security and justice. The scope of application should also be clearly circumscribed and provide for a clear and common definition of law enforcement purposes at stake;
- redress mechanisms: as one of the most prominent outstanding issues of the report, the availability of adequate means for redress needs to be properly addressed. Strong redress mechanisms, including administrative and judicial remedies, should be available to all individuals, irrespective of their nationality;
- measures guaranteeing the effective exercise of individuals' rights: further work is needed not only with regard to redress and oversight mechanisms, but also concerning the transparency of data processing and the conditions of access and rectification to personal data.
The EDPS emphasizes that the conclusion of an agreement between the EU and the US should take place under the Lisbon Treaty - depending on its entry into force – to guarantee better legal certainty, full involvement of the European Parliament and judicial control of the European Court of Justice.
Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
11
Apr
2008
Systèmes informatisés de réservation
Avis sur la proposition de règlement instaurant un code de conduite pour l'utilisation de systèmes informatisés de réservation, JO C 233, 11.09.2008, p. 1
The EDPS issued an opinion on the proposal for a Regulation on a Code of conduct for computerised reservation systems (CRSs).
The objective of the proposal is to update the provisions of the Code of Conduct for Computerized Reservation Systems that was established in 1989 by Regulation 2299/89. The Code would need simplification in order to reinforce competition - while maintaining basic safeguards, and ensuring the provision of neutral information to consumers.
A specific article on data protection has been developed in the proposal with a view to complementing the provisions of Directive 95/46/EC which continues to apply as a lex generalis.
The EDPS welcomes the inclusion of such principles in the proposal. He stresses that these provisions could nevertheless be usefully complemented by additional safeguards on three points:
- ensuring the fully informed consent of data subjects for the processing of sensitive data;
- providing for security measures taking into account the different services offered by CRSs;
- protecting marketing information relating to individuals from access by third parties.
With regard to the scope of application of the proposal, the criteria that make the proposal applicable to CRSs established in third countries raise the question of its practical enforcement, taking into account the complexity of the CRS network.
It is deemed as essential to put the CRS question in this global context and to be aware of the implications of having a large amount of personal data, some of them sensitive, processed in a global network practically accessible to third state authorities.
The EDPS considers it as decisive that effective compliance is ensured by competent authorities for enforcement (i.e. the Commission), as foreseen in the proposal, as well as data protection authorities.
Langues disponibles: Bulgarian, Czech, Danish, allemand, Estonian, Greek, anglais, Spanish, français, Italian, Latvian, Lithuanian, Hungarian, Maltese, Dutch, Polish, Portuguese, Romanian, Slovak, Slovenian, Finnish, Swedish
COM(2007) 709 final du 15.11.2007
Langues disponibles: anglais, français