european data protection supervisor annual report 2007
TRANSCRIPT
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
1/110
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
2/110
Annual Report2007
European Data
Protection Supervisor
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
3/110
Europe Direct is a service to help you fnd answersto your questions about the European Union
Freephone number (*):
00 800 6 7 8 9 10 11
(*) C mb s ss 00 800 umbs s s my b b.
M m Eu U s vb I (://u.u).
Cgug b u s ub.
Luxmbug: Offi Offi Pubs Eu Cmmus, 2008
ISBN 978-92-95030-38-1
Ps: Eu Pm Sk
Eu Cmmus, 2008Ru s us v su s kg.
Printed in Italy
Printed on white chlorine-free paper
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
4/110
Annual Report 2007
3
Contents
User guide 6
Mission statement 7
Foreword 8
1. Balance and perspectives 9
1.1. General overview of 2007 9
1.2. Results in 2007 10
1.3. Objectives in 2008 11
2. Supervision 12
2.1. Introduction 12
2.2. Data protection officers 12
2.3. Prior checks 142.3.1. Lg bs 142.3.2. Pu 142.3.3. Quv yss 162.3.4. M ssus ex postss 202.3.5. M ssus ks 232.3.6. Csus kg 25
2.3.7. Nfis subj kg 252.3.8. F-u k s 262.3.9. Cuss uu 27
2.4. Complaints 272.4.1. Iu 272.4.2. Css mssb 282.4.3. Css mssb: m ss mssby 312.4.4. Cb Eu Ombusm 312.4.5. Fu k fi ms 32
2.5. Inquiries 32
2.6. Inspection policy 332.6.1. Sg 2007 by 33
2.6.2. D ffis (DPOs) 342.6.3. Ivy ssg s 342.6.4. Ivy kg ss 352.6.5. Fu mm 352.6.6. Cuss 35
2.7. Administrative measures 36
2.8. E-monitoring 38
2.9. Video-surveillance 38
2.10. Eurodac 40
3. Consultation 41
3.1. Introduction 41
3.2. Policy framework and priorities 42
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
5/110
Annual Report 2007
4
3.3. Legislative opinions 443.3.1. G mks 443.3.2. Ivu s 45
3.4. Comments 51
3.5. Court interventions 53
3.6. Other activities 53
3.7. New developments 563.7.1. I gy 563.7.2. N vms y gs 58
4. Cooperation 60
4.1. Article 29 Working Party 60
4.2. Council Working Party on Data Protection 61
4.3. Coordinated supervision of Eurodac 62
4.4. Tird pillar 63
4.5. European conference 64
4.6. International conference 65
4.7. London initiative 65
4.8. International organisations 66
5. Communication 67
5.1. Introduction 67
5.2. Communication features 67
5.3. Speeches 68
5.4. Press service 70
5.5. Requests for information or advice 71
5.6. Online information tools 72
5.7. Media contacts and study visits 73
5.8. Promotional events 73
6. Administration, budget and sta 75
6.1. Introduction: developing the new institution 75
6.2. Budget 75
6.3. Human resources 77
6.3.1. Rum 776.3.2. s gmm 776.3.3. Pgmm s xs 776.3.4. Ogs 786.3.5. g 78
6.4. Administrative assistance and interinstitutional cooperation 78
6.5. Infrastructure 79
6.6. Administrative environment 796.6.1. I sysm u 796.6.2. Sff Cmm 796.6.3. I us 806.6.4. D ffi 806.6.5. Dum mgm 80
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
6/110
Annual Report 2007
5
6.7. External relations 816.8. Objectives for 2008 81
Annex A Legal ramework 83
Annex B Extract rom Regulation (EC) No 45/2001 85
Annex C List o abbreviations 87
Annex D List o data protection ocers (DPOs) 89
Annex E Prior checking handling time per case and per institution 91
Annex F List o prior check opinions 94
Annex G List o opinions on legislative proposals 101
Annex H Composition o the EDPS Secretariat 103
Annex I List o administrative agreements and decisions 105
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
7/110
Annual Report 2007
6
User guideA mss sm s by P Husx, Eu D PSuvs (EDPS), s us gu.
Chapter 1 Balance and perspectives ss g vv vs EDPS.Ts s ggs sus v 2007 us m bjvs 2008.
Chapter 2 Supervision xsvy sbs k su m ECsus bs m bgs. A g vv s
by ffis (DPOs) EU ms. Ts us yss ks (b quv subs), ms (ugb Eu Ombusm), qus, s y v msv msus 2007. Mv, us ss -mg v-suv, s s u suvs Eu.
Chapter 3 Consultation s vms EDPS vsy , usg s ssu gsv ss ums, s s m gg umb s. T s s yss z ms ussm g ssus. I sfiy s gs xsg mk uu.
Chapter 4 Cooperation sbs k ky ums su s A 29 WkgPy, j suvsy us , Eu s s I D P C.
Chapter 5 Communication ss EDPS m mmu vs vms, s s k ss sv. I s us ug us ff mmu- s, su s bs, ss, m ms ss-sg vs.
Chapter 6 Administration, budget and staffs m vms EDPSgs, ug bug ssus, um sus quss msv gms.
T s m by umb annexes, v vv v gmk, vss Rgu (EC) N 45/2001, s bbvs yms,
sss gg ks, s DPOs EU sus bs, s s ms EDPS S s msv gms ss by EDPS.
A executive summary s s s vb v vg svs ky vms EDPS vs 2007.
Ts s g u s bu EDPS ug vs u bs ms u ms m mmu (.s.u.u). T bs svs subs u u s.
H s u s s xuv summy my b m EDPS g. C s vb u bs, u C s (1).
(1) ://.s.u.u/EDPSWEB/s/g///12
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
8/110
Annual Report 2007
7
Mission statementT mss Eu D P Suvs (EDPS) s su um- gs ms vus u vy s EUsus bs ss s . T EDPS s ssb :
mg sug vss Rgu (EC) N 45/2001, s s Cmmuy s um gs ms, m
EU sus bs ss s (suvs);vsg EU sus bs ms g ssg s
; s us su ss gs mg vms v m s (su);g suvsy us suvsy bs EU v mvg ssy s (-).
Ag s s, EDPS ms k sgy :
m uu sus bs, by s bu-g mvg g gv;g s s EU gs s, vv;mv quy EU s, v ffv s bs suss.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
9/110
Annual Report 2007
8
ForewordI s my su subm u u myvs s Eu D P Suvs(EDPS) Eu Pm, Cu Eu Cmmss, Rgu- (EC) N 45/2001 Eu Pm Cu A 286 EC y.
Ts vs 2007 s u y vy
xs EDPS s suvsyuy, sk sug umgs ms u ss, u vy, g ssg s s by Cmmuy sus bs.
T y Lsb, sg 2007, ms su EU C Fum Rgs b gy bg sus bs Mmb Ss y mmg U. B sums v -
s , ug us suvs.
Ts s m bmk sy Eu U, bu su s b uss g. T um sgus gg s v b v . Ts s sus bs ssg s , bu s yv us s my v m gs ms Eu zs.
Ts ss v u u us 2007 s b subs gss suvs. T mss msug sus s vsms mg - qums ms sus bs. T s s sm ss, buu ffs m u m.
I su, mu mss s b u ss ffv mk , b fis , bu ys ssy sus.
T ss sm m sg vy y s bfis m suv vs EDPS.
L m k s uy, g, k s Eu Pm, Cu Cmmss su u k, my s ff sus bs y ssb y s v -. L m s ug s g gs .
Fy, I xss s ks s b Jqu By Dg, AsssSuvs u mmbs sff. T qus jy sff usg v u bu gy u ffvss.
P Husx
European Data Protection Supervisor
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
10/110
Annual Report 2007
9
1. Balance and perspectives
1.1. General overview o 2007
T g mk Eu DP Suvs (EDPS) s (2) s su umb sks s, bss b m s. Ts s -u sv s sg ms vs EDPS fl s mss sm:
suvsy , m su Cmmuy sus bs (3) my
xsg g sgus v y -ss s ; suv , vs Cmmuy su-s bs v ms, s-y ss gs v m s ; v , k su-vsy us suvsy bs EU, vvg ju- m ms, v mvg ssy -s .
Ts s b v Cs 2, 3 4
s u , m vs EDPS gss v 2007 -s. T m m m-mu bu s vs uy jusfis s mss mmu C 5.Ms s vs y ffv mgm fi, um sus, s suss C 6.
(2) S vv g mk Ax A x m Rgu(EC) N 45/2001 Ax B.(3) T ms sus bs Rgu (EC) N 45/2001 us ugu . Ts s us Cmmuy gs. F u s, vs g k:://u.u/gs/mmuy_gs/x_.m
T y Lsb, sg 13 Dmb 2007,mk fl , suu ug Eu U. O 12Dmb 2007, sgy vs vs EUC Fum Rgs s sg Ss-bug. Aug s g y, b gy bg EU sus bs Mmb Ss y mmg U . T s, ug suvs,s y vsb b sums s sg v z m. T EDPS sy
vms s uu.
T s , s v Lsb y, s s uy sus s v s . T EDPS s mss m us my EU s u ss-g s , ffv s , s bs vu uyg EU s,su b s s suss. TEDPS u s g s s
s s s fig sg su.
P kg u b m s suvs ug 2007. T sg 2007 s by EDPS msu m Rgu- (EC) N 45/2001 s su mssvs umb fis subm kg, s umb v s ssu by EDPS. umb mssb ms s s ssby. A Cmmuy sus bs,ug y sbs gs, v su m -
ffi (s C 2).
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
11/110
Annual Report 2007
10
T suv vs u v .G mss s u ss ffv mk , b fis . Hv, s, sus v b ssy. Fu vy Cmmss ss, ubs 2006, EDPS s sgvy y s, su m s,mms vs ff sgs gsv ss. A umb sg u sss s qu (s C 3).
C suvsy us sus A 29 Wkg Py,
su m u-ms sg ssus. T EDPS s y ky suvs Eu. Ts b vu g-s m- sysms. Mu s s b gv mv ms.Fy, EDPS s vs -u L v s sg s ss mk m ffv (sC 4).
1.2. Results in 2007
T 2006 u m gm bjvs b s 2007. Ms s bjvs v b uy y s.
Scope of DPO network
T k ffis (DPOs) s s u s, sus bskg s vs, ug Cmmuygs. T EDPS s u gv sg su
gu vm DPO us, u mss y DPOs.
Continue prior checkingT umb ks g xsg ss-g s s s mkby, bu mssus bs s v sm k mg bgs s . Rsus ks guy s DPOs v s.
Inspections and checksT EDPS s s msug gss m-
m Rgu (EC) N 45/2001 s m
sg 2007. A sus bs v bvv s xs, bu s b gv u s vm. T susv b , b g s by s, summs C 2.
Video-surveillance
T EDPS s m suvys v-suvs b EU v Mmb Ss, ff ss vvg vusus bs. Ts x v bss gus b ubs su- EDPS bs 2008.
Horizontal issues
Os ks ss ms uusy ys z ssus. Tfis s gu sus b-s b ubs 2008. Issus g sv m sy v bsuss us.
Consultation on legislation
T EDPS s u ssu s s-s gs s su qu -
u. T vsy vs subjs s bu sysm vy s s, u su vCmmss svs uy s s y.
Data protection in third pillar
T EDPS s u gv s vm g mk . H s sguy ss xg -s ss bs, uy x Pm y. I b ss, s uu-
y y m m.
Communicating data protection
T EDPS s gv sg su -uvs L v m m-mug mkg m ff-v. Ts vv vs s bs s m sg vm us m ff us u .
Rules of procedure
T us u, vg
ff s vs EDPS, s k
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
12/110
Annual Report 2007
11
m m x. Hv, vm ff s mus s m ggss. Rus u b ub-s us 2008, g m s s bs.
Resource managementT EDPS s mv mgm fi um sus, by bug su-u, us vu sff vm g y. T mm- sysm -m ffi v b umvms.
1.3. Objectives in 2008
T g m bjvs v b s 2008. T sus v m b x y.
Support of DPO networkT EDPS u gv sg su - ffis, uy y
sbs gs, ug uxg xs bs s mg m.
Role of prior checkingT EDPS s fis kg xs-g ssg s ms sus bs, u mss mm mms. Rsus ks --u b s DPOs vs.
Horizontal guidance
T EDPS v gu v ssusmm ms sus bs (.g. ss-g - , vg ss subjs g v-suv). Gu- b m y vb. A ss sms
b gs s s.
Measuring complianceT EDPS u msu m Rgu (EC) N 45/2001, ff ks ks sus bs, sgyxu ss s. T EDPS subs g s y.
Large-scale systemsT EDPS u v suv-s Eu, g suvsyus, v xs qu suvs g-s sysms, su s SIS II VIS, uu.
Opinions on legislationT EDPS u ssu my s mms ss gs, bss sysm vy v subjs s, su qu -u.
reaty of LisbonT EDPS u vms g Lsb y sy ys ssy vs s m .
Online informationT EDPS s u s m- vb bs u mv s.
Rules of procedureT EDPS ubs us u,vg s ff s vs. Ps s s b vb b-s.
Resource management
T EDPS s u v smvs g fi um sus, k sss. Affi s b qu mm uusff.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
13/110
Annual Report 2007
12
2.1. Introduction
T sk Eu D P Suvs(EDPS) s suvs mssg s u by Cmmuy s-us bs my y s Cmmuy (x Cu Jus g s ju y). Rgu- (EC) N 45/2001 ( gu) sbs gs umb us s b EDPS y u s suvsy sk.
P kg s u b m s suvs ug 2007. Ts sk vvs sg vs sus bs fis
ky s sfi sks sub-js, s fi A 27 gu. Asx b, kg ssg sy , g s bg ,gvs u u ssg s sus bs. T EDPS s k xsg ssg s msv gs. S s b gv su sysms sus
j us by sus bs, v smg smyg us. T EDPSs s ssgs my gu. T EDPSs s ms s ss su s -g ms, qus, ss v msv msus.
As gs s vs EDPS, ug2007 s vus ys, s b , b, s s v mm EDPS mms xss - g s kg ssy ss. T
mss sss ffs m s
. T EDPS s v sysm -u mms.
2.2. Data protection ocers
T gu vs s s sub s ffi (DPO) Cmmuy su by (A 24.1). Smsus v u DPO sss uy DPO. T Cmmss s s DPO Eu A-Fu Offi (OLAF, D-G Cmmss) (DPC) s-g, ss
DG.
2. Supervision
Assistant Supervisor Joaqun Bayo Delgado.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
14/110
Annual Report 2007
13
F umb ys, DPOs v m gu- bss s mm xs suss z ssus. Ts m k sv uv ms b. Ts su ug 2007.
I 2007, DPO Eu s k, sus bsv.
T EDPS mgs b DPOs M 2007 (EMSA, Lsb),
Ju 2007 (Cu, Busss) Ob 2007(Offi Hmz I Mk OHIM, A). Ts mgs g -s EDPS u DPOs s k suss ssus mm s. T EDPS
us s um x suss u ks sm m ssus s mk kg k. I u-, s A 27 s u fi, my
xms su s mmu sys-ms, u sysms vsgs u by DPOs. T mgs s g EDPS uy u gss m -g kg ss gv s sm figs sug m kg
k (s g 2.3).
T EDPS m us DPO mgs v
DPOs m sg 2007 s
xs (s g 2.6.1). T us x-s s x, s mgy s sb g s my u.T DPO mgs s g uy DPOs gv bk m xs
su gy, b EDPS k s u.
A DPO qu ms u DPOs (Cu,Eu Pm, Eu Cmmss OHIM) s s u m g DPO k. T EDPS s sy b
s qu, by gs mgs.
Bk bk Ju mg Busss,
ks DPOs s gs by EDPS b sm x DPOs.T m s gu ys,usg my ssus u DPOs v sks. T m sks DPO s x s sm fi ms, gss fi-s DPO I s.
T kg gu m ms sv , bkg su m sx kgmgs ug 2007. T Asss EDPS sff mmbs s mgs. A
uss k subgu
Data protection ofcers during their 20th meeting in Brussels (8 June 2007).
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
15/110
Annual Report 2007
14
s b b u 2008 by mmbs kg gu s ss su by (I sss, xm).
A um v us m ms bkg s s suss by mm-bs gu.
I mk sg 2007 xs, EDPSu g bg EU su by DPO (s g 2.6.1).
2.3. Prior checks2.3.1. Legal base
General principle: Article 27(1)
A 27(1) gu vs ssg s ky s sfi sks gs ms subjs by vu u, s uss bsubj kg by EDPS. A 27(2) gu s s ssg -s ky s su sks.
Ts s s xusv. O ss mu s sfi sks gs ms subjs jusy kg by EDPS. F xm, y s -ssg us u fi-y, s s u A 36, ms sfi sks jusy kg by EDPS.
A , 2006, s s sm bm gs , s u bms, ssbs -kg
s y s my u ux- / usb sus subjs.
Cases listed in Article 27(2)
A 27(2) ss umb ssg s ky s sfi sks gs ms subjs:
() ssg g sus- ffs, ffs, m vs suy msus (4);
(4) Sret F, .. msus mk g -gs.
(b) ssg s vu -s ss g subj, ugs by, ffiy u;
() ssg s g kgs, v usu Cmmuy gs,b ss ff uss;
() ssg s us xugvus m g, bfi .
T v vus ys u b s vs, b
g fi m DPO s subj kg, vsg su s kg (ss g 2.3.6).
2.3.2. Procedure
Notification/consultation
P ks mus b u by EDPS -g fi m DPO.
Period, suspension and extension
T EDPS mus v s msg fi. Su EDPS mk qus u m, ms s usuy sus u EDPS s b . Ts suss ysus m (my 7 10 ys (5)) gv DPO su/by mms u m fi .
I mxy m s qus, -m my s b x u ms by s EDPS, mus bfi xy -m . I s s bv -m x-s , EDPS s m b vub. U u , s s - s v s.
F ex postss v b 1 Smb 2007, m Augus s xu m usb sus/bs EDPS, kg u ug quy ss (s g 2.3.3).
(5) Wkg ys, y y s.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
16/110
Annual Report 2007
15
Register
A 27(5) gu vs EDPSmus k gs ssg s
s b fi kg. Tsgs mus m
A 25 b ub s.
T bss su gs s fi m b fi by DPOs s EDPS. T u m s us u s mu sssb.
I s sy, m su ub gs (x suymsus m gs) s ub s.
O EDPS s v s , s mub. L , gs m by g EDPS s m summy m. I s y, gs v.O , m gv ss-g s k u , , sy s m .
A s m s bu b m vb bs EDPS, g sum-my s.
Opinions
Pusu A 27(4) gu, fis EDPS ks m , b fi ssg DPO su by .
Os suu s s: s
gs; summy s; g yss;uss.
T g yss ss xm s uy qufis kg. As m- bv, s s s ss s A 27(2), EDPS ssss sfi sk gs ms subj. O s qufis kg, g yss s xm ssg ms vvss gu. W ssy, m-ms m ff sug m-
gu. I us, EDPS
s s my s ssg s sm vv b y vs gu-, v mms ssu k u. Oy s ssu 2007 ( kg ss 2007-373 2007-680, s b), uss ff: ssg s b gu- sm mms b m-m bg m m.
F fis m 2007 gs vusy k s v b fi. A bbvm s b v s ss.
A s mu s b gu, s s, m ks smbss EDPS s -g m yss sgfi m.I vs suu s, bs umu- x s uusy u.I s us ks.
A kfl sysm s mk su mms u s u, b, m ss
m (s g 2.3.7).
Distinction ofex postcases and proper priorchecking cases, and categorisation
T gu m 1 Fbuy 2001.A 50 vs Cmmuy sus bs su ssg s
y u y bug my gu y (.. by 1 Fbuy 2002). T m EDPS Asss EDPS ff 17 Juy 2004.
P ks y s y gss ( ks), bu s ssgs s b 17 Juy 2004 b gu m (ex postks). I su sus, A 27 k u b s ss , bu musb ex postbss. W s gm, EDPS mks su A 50 gu s m ssgs s sfi sks.
I bkg ss ky b
subj kg, EDPS s qus
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
17/110
Annual Report 2007
16
DPOs ys su su -g ssg s s A- 27 s 2004. Fg bu-s m DPOs, s ss subj ex post kg s m subsquy fi.
As su vy, sm gs -
fi ms sus bs u sub m sysm suvs:
(1) m fis (b stricto sensu g- );
(2) sff s (ug s uu sff (u-m));
(3) ffs suss, ug syus;
(4) s svs;(5) -mg.
Ts gs us 2005 2006 s -y gs, bu gv u ff sg 2007 y b ym s us y sysm- . P kg ss v vb subj s gs, s y mus b
b ssg s mm.
2.3.3. Quantitative analysis
Notifications for prior checking
As m b 2005 2006 u
s, EDPS s sy ug DPOs
s umb kg s EDPS.
T sg 2007 s b k by EDPS ex postss s fix g-g Cmmuy sus bs s ffs s m ufi-m fi b-g.
s sgs fis: 132fis b 1 Ju-y 2007 30 Ju 2007,
m 137 u (32 s 2006), us 44 fis ug s 2007. T ff sg2007 s 208 (132 + 32 + 44) fi-s u 313 b 2004 2007.
Opinions on prior checking cases issued in 2007
I 2007, 90 opinions (6) kg fi-s ssu.
Ts 101 ss fis m -s s 77.19 % k kg m 2006. Ts k s
u ub k sg 2007 - (7).
Ou 101 kg ss (90 s), 11 kg ss, .. sus
( ECA, Pm, EPSO,Eu Ombusm, EF, ECB, EIB OLAF Cmmss) uvv kg b mmg ssg :
4 s 11 kg ss ( Cmmss m EF) flxm sysm;
(6) Ou 101 fis, ss u sm ss k, 15 fis OLAF jy u ff s. Ts s y 101 fis su 90 -s.(7) S g 2.3.7 31 ss fis ug 2007.
Supervision team during a meeting.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
18/110
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
19/110
Annual Report 2007
18
Analysis by category
T umb kg ss , bygy, s s s:
Category one (medical fles) 16 cases
Category two (sta appraisal) 41 cases
Category three (oences and suspicions) 14 cases
Category our (social services) 8 cases
Category fve (e-monitoring) 4 cases
Other areas 7 cases
Category one us m fi s sff s (fiv ss), sk v ( ss),vy u ( s), y-uss ( s),skss sms ( s), smy (s) u ss k - . Tsgy s s g (26.5 % ss 2005, 24.6% ss 2006, 17.77 % ss 2007)bu s gv EDPS uy vs m fis. I 2007 EDPS ys s k smy J RsC, b by sm s.
T mj gy m ms second cate-gory, g vu sff (41 fis u 90), vy sb g (56 % ss 2005, 40.4% 2006, 45.55 % 2007). ss k um ( s, s- xs, s ffis, um ECB CPVO), fiv ss k vu, ms, m sff (b kg ss), g fi s us, u flx-m ( kg ss), ym sv vus s ms.
Rgg third category(g ffs sus ffs), sgfi s ss (14s, ss 15.55 % ) k bu su b u s gyus y ss m OLAF (s g2.3.4). Oy s ssu syus s ms sus y fis ss vus ys.
Rgg fourth category(s svs), umb fis s mu by u (gs, ss 8.88 % gbmu s). A mj sus v m-
fis s , s s OHIM.
I s ms gs s ff s ks svs sff.
Rgg fifth category(-mg), y us ssu, s ms fis -mg v b s by EDPS s- kg ss u y s sfi sks (b fiy u
A 27.1 gu, sus ffsu A 27(2)(), vu sss g A 27(2)(b)). Ayss by EDPS, v, umus mms(s g 2.3.7).
Rgg fis bg s gs, EDPS s u ysg fi ms su s PIF (FIgus P Pm Cu Jus-), y g sysm (Pm OLAF) um u (Cu). T ms sk (Cu) suy us (ECB).
imelines of the EDPS and the institutionsand bodies
T s Ax E us ms EDPS Cmmuy sus/bs.Ty umb ys EDPS g s, umb xs ysqu by EDPS umb sussys (m v m m sus bs).
Number of days of the EDPS for drafting opinions: sss s 1.73 %, y ss 2006 (55.5 ys 2005, 57.9 2006 56.9
2007). I s vy ssy figu sg s umbs mxy fi-s s EDPS.
Number of extension days for the EDPS: s ss s 15.74%, y y ss 2006(3.3 ys 2005, 5.4 ys 2006 4.55 ys 2007). Aug mxmum xs ms (A 27.4 gu), sb my ss m.
Number of suspension days: s m-2006, sus suss 7 10 ys mms
u m m DPO fi
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
20/110
Annual Report 2007
19
. I ex post ss v b 1 Sm-b 2007, m Augus s b u u. T s b 2006 (vg 72.8 ys fi) 2007 (vg 75.14 ys fi) s 3.21 %. kg u , 2005, vg s 29.8 ys fi, EDPS s bu gy s by sus/bs m m, sy ss (185, 200 203 ys svy). Iy s, EDPS g ms sus bs bg EDPS v m qus m-, g A 30 gu.
Average by institutions: 2007, s s sm sus bs v s sus-s ys vy sgfiy (su s EuPm, CR, ECA, C sm s ss x, su s ECB Cmmss),
s v su sg m (sus OHIM, EIB, Cu Jus, Cu).
Notifications for prior checking receivedbefore 1 January 2008 and pending
By 2007, 69 prior checking cases ss. O s, 4 fis s 2006 65 fis 2007. O s 69 gss, 25 y fis by Fbuy 2008.
OLAF 4 cases
Parliament 4 cases
Council 9 cases
Commission 23 cases
ECB 1 case
EESC and CoR 3 cases
EIB 3 casesECA 2 cases
Court o Justice 2 cases
Ombudsman 1 case
Cedeop 1 case
CPVO 2 cases
EFSA 1 case
EMCDDA 1 case
EMEA 7 cases
EMSA 2 cases
EPSO 1 case
OHIM 1 case
CdT 1 case
Analysis by institution and body
As s b su sg 2007 ,m gs v s ss yg(C, EMCDDA, EMEA sy svfis EMSA) u s(C, EFSA CPVO). T EDPS ugs gs bs ks.
Cu Cmmss umbs s m.As Cmmss, 16 s 27 m ff J Rs C (JRC) ss my ms smy ss u vy sfi x JRC ( s Rs DG,
g g umy).
Analysis by category
T umb fi kg ss by -gy g 1 Juy 2008 s s s:
Category one (medical fles) 20 cases
Category two (sta appraisal) 25 cases
Category three (oences and suspicions) 4 cases
Category our (social services) NoneCategory fve (e-monitoring) 3 cases
Other areas 17 cases
I category one, ug ss fi-s s g mks:
s gy ss 28.98 % s g bgg 2008;
s, m fi Cmmss, ys su sfi ss (.g.vg m fis);
mg s 20 kg ss, g
m ff JRC ss ff s sus vu m fi ( JRC ss),fis s, sk v, vy -u, g smy;
EDPS ms fis s s bg v m gs sus CPVO EMEA;
EDPS s s g Offi Ams Pym Ivu E-ms (PMO) fi s m vus u .
T second categorym (sff s) s -
ss mjy ss xy . Eg
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
21/110
Annual Report 2007
20
s ss um us (us sv ss EPSO by sus) umus by gs. A g vu -us gs (EMCCDA, CPVO, EMEA,EMSA EFSA). fis flxm (s g 2.3.5). T y 2008 sb fis s EDPS ys fi- g y (Cu 2007-584).
Rgg third category(ffs susffs), EDPS s g OLAF ss sy u msv qu-s C. T EDPS ugs g-s y ss.
Cgcategory four (s svs), EDPSs sus v g fis sgs v x x sg 2007 by (s g 2.6) y vy s ff s ks svs s.
Category five (-mg) s s um. I 2007, EDPS gs svmgs bu -mg s u v
xs bu sg ss s subj. Tuss s xs b summs -uss b ubs 2008.
Other areas (24.63% ss) vv mfis: s s, v-suv ss sysms. T s s um: v-suv b ssu 2008 (s g 2.9) ss s gy ssv subj, smms vvg quy fi (RFID) gy b-ms. I , EDPS v fis -s ssu bu y xsss Eu Ivsm Bk, ms g ssvy.
2.3.4. Main issues in ex postcases
Medical data and other health-related data -ss by sus bs. Ay gy y s -vu u s gy. T, g sk v skss su ms ssubj kg. I s gy s sus vy u, smy us-
s s xm by EDPS.
Ts ff kg ss v gv EDPS s ys ssus g ssg m by Cmmuysus gs. T v sm quss s -mym um vss s b qus by EDPS g us s vss. T vv -mym m xm s b xm- by EDPS, mms s xms , , sk y vv uss
u s subj. T EDPSs s qus quss bu my mm-bs g k s bmv m m quss.
T EDPS ss u m k-usu b s s vv sv, bu ybs s s . Tu m k-us mus my sv y fiss k, ug sfi sg fi s m m y fiss, xm my s xs g-us subss.
Csv s m v s b
bj mms EDPS k-g s g EDPSv Cg Hs Ams- (2006-532) (8). Nby, m ug -um m vs g-u s su y b k s m.
T ssu quy m fi s sb s mk ff k-g ss. T EDPS s u , ug s ffiu sk uy m , quy by s sub-
j qus m y v m s fi su u.
A u ssu g s s s s mk kg mbusm m xss(Cmmss 2004-238). I x su s by A 90(2) Sff Rgu-s Offis Eu Cmmus, EDPS mm mvg fi -
(8) S EDPS 2006 u , .35. S s mm sv s g 2.7 b.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
22/110
Annual Report 2007
21
m smss MgmCmm s s ussy Cm-m v s s.
Recruitments mm ssg sus bs bvus ss. I 2006 su um u u by EPSO s xm gv s - by EDPS (2004-0236). I 2007, P-m ECB fi kg ssg s bu us sEPSO sv ss. OLAF s fi s umu my gs m sfi svss. T y OLAFs y ggsff suy s qus by sgs sff mmbs v ss gy ssfi m bs bCmmuy gs.
T EDPS s k Cmmss -u um s ffis (2007-0193).I s , EDPS s s sub b v ss fi, msg gs ssssm s g m by vus mms m
ssssm. T EDPS s s m- s u; s s sy s mms gs, s s u A6 Ax III Sff Rgus. I
A 20(1)() gu, mks gvby vu mmbs mm su bgv m mg subj
s su b v.
Staff evaluation: T Cmmss Sys 2 m-s s s s ssu mms qus Cmms-s vu m y g
sy u sysm s us suss m xs (9).
T fi s us v -u b s EDPS by vus sus gs. T mms ssu by EDPS by sv s, k-g u g ms sby sm ss.
(9) Fum, m (s 2007-529, s b), EDPS s b b ssu mm g ss ssg, skg m u g ys.
kg s y -m u Cmmss (2006-577) OHIM (2007-575). I s, mm-s sv g ss subj mm ssb mg s ss y m, subj s-s g A 20(1)() gu.T ssy ub sv s
ss qusg y m s s qus- by EDPS.
Lsy, vus s sff vu, sms v b ssu g suy sss k OHIM, s vss, s m-s, bsv s ymxs.
OLAF procedures: T EDPS ssu 12 sg OLAF us ( s u k (u fi sysm, s -g b 2.3.5)). O (j ss
2006-544, 2006-545, 2006-546, 2006-547)
Medical les always contain sensitive data.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
23/110
Annual Report 2007
22
ju, sy, msv fi-u. T u -ssg s - ssg s k
sg OLAF vsgs, s -u s sug mCmmuy / us v m-m msus mm by OLAF. Ig, us my ssbs gu. H-v, EDPS mk sm mmsmy s s ssy -u sysm, bg sbs ssy ss m -v subjs. T EDPS s qus 20-y sv b vu by OLAF
OLAF s 10 ys xs. T EDPSu mms m s su b k b ug OLAF s mu.
A x vsgs s (2007-047, 048, 049, 050 072).Ex vsgs msv vsg-s us Cmmuy gs -m us g u
gu u u g ss ffg fi ss Eu Cmmus.T sus OLAFs x vsgs Cmmuyus ju, msv, gsv fi -u. T EDPS by sk OLAF fi sbsg ssy s s gv s su g ss fi s s s m u. I s s, OLAFs su y s u A 20 gu g ss s -s / g y m su m ssy s s-by-s bss, u s s gv A 20(3)(4) (5) gu. Fum, OLAF mus s fiy sbs ms u-g OLAF x vsgs.
T EDPS s s k ssg v-s u by OLAFs Suvsy Cmm(SC) (2007-0073). T us su ssg s OLAFs by gu m-g mm vsgv u-, s qu by A 11 Rgu (EC) N
1073/99. T EDPS s mm, mg
s, SC mus v ss s m-gm sysm (CMS) fis (gg, s -ss) y s-by-s bss. W suss s qus, su b u CMS fi syg ss jusy v-s ss. Mv, SC mus s A12 gu gg ss ,ug sbs, sss ms.
I sum, EDPS s u ug yss OLAFs ssg vs fi sus ffs, ssu mm-s ssy. Sm u xms g:
u fi sysm (2007-481);
m g -g bss (j ss 2007-027 2007-028);
m sss ss (2007-203);
usms m sysm (2007-177);
-u m sysm (AFIS) (j ss2007-084, 2007-085, 2007-086, 2007-087);
sv (2007-003).
Social services: S sv fis my u sg ffi, subj ssg by EDPS. M-v, ssg by s sv myb vu s ss g subjs.
A umb kg s ssu by EDPS s . T EDPS by m-m s k sss -s mus b y m qu-m my
A 4(1)() gu, my
ss mus b qu, v xs-sv uss y / u ss. Ts mus b m suby s ks ss.
A u mm kgs s svs xm mmus s k
x svs, bus u bg s. T EDPS s sfi g fi mk s
fis by s k by ms g
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
24/110
Annual Report 2007
23
subj gv s v,sy subjv vu s
k u v squs x-s gs s .
E-monitoring: Ds EDPS s y s fi s -mg (sg 2.8 b), sv s s
. s ssu g ECB vsg u us ffis busss mb s (2004-271 2004-272). B s u mm- sv ffi su , , b g sx mssubj sfi xms. ffi b ss ss uss, bu su ssmus b ymus.
T EDPS s ssu gg smg ss mmus OHIM sb Im C(2007-128) sv bss ( ms y) by ssss quy sv -v, s usm ss umyv g sff mmbs. T EDPS
s ssg u b bs A- 5() gu s, , u bs s ssy uss sb,
sm us s g. T EDPS ssss m gu uy su b v.
My ss fi EDPS -m-g -gb kgs my ss bg -fi mgm k sfi sks sus ffs vu (s g2.3.7).
(Rgg v-suv, s g 2.9.)
2.3.5. Main issues in proper prior checks
T EDPS su my gv s s ssg , s s gu gs ms subjs m bgg. Ts s A 27. I - g ex post kg ss,11 ss (10) kg fi EDPS 2007. Amg s 11 ss,
(10) T s, ss g ssg y mm.
m sff u flx-m.
T Eu Cu Aus s s u -u sgs m s sff my bm (s 2006-534). T EDPSyss s my mms -g m mus b v sffmmbs, my sfi -s mmg s Cu, s s sg m ms. T mms g
Eu Pm s (2006-572) m sv s, ug sg m u m us, ssg - s x.
ime management systems v b sgfi 2007. T EDPS v g fim Cmmss (s 2007-063) m m-gm, mu Sys 2 (sff mgmsysm), gs flxm, by s-fi flxms m DGs (s 2007-218 Im Sy M DG s 2007-680 Aguu Ru Dvm DG),
b s ms fi-. Ty gb kg gus As 27(2)() (- ) 27(2)(b) (ssg vu sffiy, m by k).
m mgm Cmmss s k y s s flexitime ,mg s, mms us sff s umb, gu ssy sysm, m s my vuy u g m sff mm-
bs, s m.
T Im Sy M DG flxm mm m RFID g s bg ssy k u.T us su gy flxmsysm s sfi sks y s sysm. I s uss, EDPS qussv mfis sysm ggsuy ss by ug m su,s s g g vy s-m, sm gs msus
subjs .
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
25/110
Annual Report 2007
24
Rgg sfi flxm Aguu Ru Dvm DG, EDPS s ss fi b b Rgu (EC)N 45/2001, s x us ( sv- u m u ssby y bs s m s s s ssb) u b by ss usv ms. Fum, us s by Aguu Ru
Dvm DG u b by -s flxm sysm.
T u s bu m mgm s s byEF (s 2007-209). T m-g bs s v EF mgm m- bu mu m s s m-sm vus sks js by vus vus ms. T m mm-s quy, s vy ffiu su gv y sysm s s u, us m, my m b y us mgm j
vu s.
A k s s ssu g m mgm, my EIBs bu m s m mgm (s2007-373). Iy, s s s su s kg, s vuss (2005-396 M s 2004-306m mgm) EIB s ss ufi skv k m mgm by y-s Ou H C (OHC). Ts
s fis m EDPS ssu bs gs m bj vus k s.
I s , EDPS xss EIBu b b vss gu- (uss ssg, quy -, ssg s gs ) uss sus sff mmbs qus v y gv, umbguus s OHCyss ss gg ufim v. W qusg s, mus bsu sff mmb y uss s b subsquy y m, u y jusfi,
vs squs. I mus s b m vg s m y sv uss v.
Amg kg ss, EDPS us g ss:
EPSO s (2007-088) bu vu y b b k -gug, us mm um by sss;
Ombusm s (2007-134) bu mg-m v, sm mms
- m sub-js;
ECB s (2007-371) bu suy us (-ssg vs ECB -s u x ug suy us s s s gb suy ), xssvss s b v;
OLAF s (2007-481) bu u fi- sysm (b-bs m sysm OLAF s u ubs ss m us fig gs u, u g
vs ffg fi ss
Time management systems reveal data on behaviour and other personal
aspects.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
26/110
Annual Report 2007
25
Cmmuy), u ssus: m ss by m v ms sbs.
2.3.6. Consultations on need or prior
checking
Dug 2007, umb sus kg by EDPS s sgfiy:20 sus 2007 m 15 2006.Sv ss bv vusy subjs su, my: M s m
mgm, Fxm Im Sy M DG, D ss by s us,Rym xs, .
O ss v b subj kg su s Au z, Suy vsg-s, F sus, Us EPSO svs, Au EFSA xsbs v y b my fi EDPS g s bk k.
ssg g y
xs ss EIB s s s subj kg s us m -vs suss m ffs.
T Rus gg y OHIM bugs sff s s b sfi ss, y s subj kg, s s b . T us v bg by gy y y vv ssg s y m.
T ssg mgm I-
ss Cu Jus s u b kb. I, m vu- u s b fiy mmus.
O sm gu, y ssg - Cu s s s bg sub-
j kg s vv b fiy mmus.
A sg s s fi s b s Cu Jus -m sysm. Tsysm s subj kg s gu
m mg s b u
msus mssgg sysm. T s ssg vu sss su s by, ffiy u.
Aug v gms ssg - Cu mg vv g , s u b kb. Tus ssg y s m ssg m y ms qus s ss s subj.
2.3.7. Notifcations not subject to priorchecking
I 2007 EDPS s 31 ss u b subj kg(23.48 % ss fis by EDPS). Tsus s b u yss fi.
Nvss, s yss s ms ss smmms EDPS. Ev s ss -mg, flxm, u ss, s s
( gg, y s, x vsqus, s, s g us) vus s su s s vs-gs by DPO m OLAF.
As e-monitoringgy, ms s fi-s(11) v b fi EDPS k-g bss A 27.1 gu.
I su b m mmus b subj kg by EDPS u m ss:
A 27(1) gu subjs kg ssg s ky s sfi sks gs ms subjs by vu u, s uss. C IV gu s u vs fiy mmu (A 36).
W s b fiy m-
(11) Nfis -m sysm y (EESC CR2006-507 2006-508), x suu, k sysm, I sss, s bs, bg(Cmmss, ss 2007-358, 2007-359, 2007-367 2007-374), fixy mb y (Cu Jus, ss 2007-438 2007-439), gs s (EIB, s 2004-302) v-g v us svs GSMs (OLAF, s 2007-204).
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
27/110
Annual Report 2007
26
mu, s sk gs ms subjs my xs, , -, ssg s subj kg by EDPS;
A 27(2) gu s -xusv s ssg s ky s sfi sks. T s us, : ssg g sus
ffs ffs suy msus (A- 27(2)());
ssg s vus ss g subj,ug s by, ffiy -u (A 27(2)(b)).
W msm s m m-mu k uss As 27(2)()/ 27(2)(b) gu, ssgs mus b subm EDPS kg.
Ts ms mmusysms ssy subj kg. I, fiy mmus s
b I suu s us m my u, s s subm mmu sysms kg.
Hvg s , EDPS s vss ssumms s ffi bg , s v by A 37(2) gu, s m b gv subjs,
Rgg access control, fis(12) subm u A 27(2)(b) gu.
A yss, EDPS u s vu s xs. Nvss, -mms m bu x us ssg. T u s (13) s fi u
As 27(2)() 27(2)(), bu s b sfi s. A 27(2)() s y gg u x umss s xuss, bg s u by - ssg , m A 27(2)() b.
(12) Cmmss (2007-375, 2007-376 2007-381).(13) Cmmss (2004-235).
T ss time management(14) s -gb kg s s vu sff bu vu OLAF JRC vs. T ssg m uss mg vs EU su- m b g su - s A 27(2) gu. My mms JRCs m bu us m, quy,m b gv subjs - .
2.3.8. Follow-up o prior check opinions
W EDPS vs k , ss recommendations mus b k u mk ssg my gu usuy v. R-mms s ssu s s ys kg sm ss sv v msus.Su my s m-ms, EDPS my xs sg m u A 47 gu. TEDPS my u m Cm-
muy su by , k u- ss su m. Su ss EDPS b m , s g m Cu Jus u -s v EC y.
A kg ss v mm-s. As x bv (s gs 2.3.4 2.3.5), ms mms m subjs, sv s, usm gs ss fi.Isus bs g smms , u , s b xuv ss. T m m-mg s msus vs m s s.S Ju 2006, EDPS s qus, ms s g s s, s-u m EDPS msus k mm mms ms.
Dug 2007, EDPS s 38 ss, -ss m ub 2006, y u sysm -u mms.
(14) Cmmss m ug sysm JRC (2007-503) OLAF mmgm sysm (2007-300).
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
28/110
Annual Report 2007
27
2.3.9. Conclusions and uture
I s ks, b ex post,v u b mj vy suvssk EDPS. I s sgy m vy bgg ex post A27 gu u b x y mg Eu sus gs s ssg s ms skys, s v b s.
Cuss 2007 b summs s s:
sg 2007 s gv s -mus s fis m myDPOs, sy ug fis sms y, m 42 % s (132 u 313, m 2004 31 Dmb 2007) v;
s s u g mu ssu suvs m EDPS, vy ss-y um, s umb s s m y g k s (ug xs ys)
quy s b s;
s s mu mv s sus gs k s quss u m m EDPS;
sfi y s ex postss, s b sgfi bg s u suy EDPS (m mgm,OLAF ss, su ssg, .);
s vus y, s
us ss b gu m gs b u my us;
mms v u us my , g m g ss.
Fuu ffs g s:
sus su fis ex postfiss gs su mk subsv
s s sm g 2008;
-u mms u k sysmy ug mm , b mb --s ss; s s u u mm fi -ss DPO u m bg yg k ss EDPS b ssg ss;
sm s, su s v-suv, bfim , bs s sg submss kg vgss y;
v s b summsby gy su ssy s gv gu sus bs gg mm us.
2.4. Complaints
2.4.1. Introduction
A 41(2) gu vs EDPS s b ssb mg sug vss sRgu y Cmmuy g um gs ms u ss g ssg s by Cmmuy su- by. P s mg s uby g ms s v
A 46() (15).
Ay u s my g m EDPS, s y s, bss As 32 33 gu(16). Cms s b u bymmbs sff Eu sus
(15) Ag A 46() EDPS s vsg m-s, m subj um sb.(16) Ag A 32(2) vy subj my g m EDPS s ss s gs u A 286 y v b g s su ssg s s by Cmmuy su by. A 33: Ay s my Cmmuy su by my g m EDPSgg g b vss Rgu (EC) N 45/2001,u g ug ffi s.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
29/110
Annual Report 2007
28
gs m Sff Rgus y, bss A 90(b) Sff Rgus (17).
Cms y mssb y m m u s b - us by EU su by ss-g s xs vs, s Cmmuy . As b, umb ms fi EDPS mssb bus y us m EDPS.
Wv EDPS vs m, ss kgm m
u ju mssby s,uss m s y mssb u u xm. EDPS squss m m m ssb s b u, Cu Jus Ombusm ( g ).
I s s mssb, EDPS s qubu s, by by g su/by , by qusg u m
m m. T EDPS s b ss s mssy quy m su/by. H s b gss y mss su-/by s u s vs.
I v g b , EDPS m , mk ss myg b mvg sub-
js. I s, EDPS :
xs gs subj; -
;
, Pm, Cu Cmmss;
18).
(17) Ay s m Sff Rgus y my subm EDPS qus m mg A 90(1) (2), s s m.(18) S A 47(1) Rgu (EC) N 45/2001.
Su s vv msusby su/by, EDPS s s u su/by .
I 2007, EDPS v 65 ms. Ou s 65 ss, 29 mssb uxm by EDPS. A umb s bflyxm b.
2.4.2. Cases declared admissible
Collection of excessive data relating to visitors
T EDPS v m m s vsg Eu Cmmss s vsg gu,g ub ss umb b mmb gu (s2006-0578). A vsg, EDPS u s s xssv s quy A 4(1)(b) 4(1)(). Fg EDPS vsg,su s s EDPS s - ssfi m s u. T EDPSk s m m Cmmss s bg v -
m gu s s s s su ssg .
A m s s v ssg s by Eu P-m g(s 2007-0430). T m s qus v s us g g, su s m b. W su u g, s s sk fi b s s vy s s gs u u-
g mg. A vsg by EDPS, s u su s ssy ssu bgs by suy u P-m bu , , su ssyv b sbu s s
b sy xm uu.
Access to data
T EDPS v m m ju xkg Eu Cmmss g -g s m ss s s fi v- A 13 gu (s 2007-0127).
T m s m bu
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
30/110
Annual Report 2007
29
Cmmss s vus mysu s s, by mg m sus , s g s s by Ex Rs DG Cmmss g k.
A vsgg s, EDPS u ss g ss jusfi bss A 20(1)(), by ssy vus mys. As g svus mys u s s, EDPSu s m ms -
v u s bu s vus mys sg m sg m- v s u, m ,
s sb ssum my u vus s mym fim sms m s . Fy, s gs s m Ex Rs DG Cmmss g, EDPS u s s ssy gm -m sks u by Cmmssg A 7(1) gu.
T m s u m Eu Ombusm. T EDPS ss sus s vsgs Eu- Ombusm s s v u vsg.
A m s v m v svm Cmmss m s g ss procs verbal (PV) sbs g v k s u jb(s 2007-0250). I s x, g sss b us s ss ms
s PV ssssm. A vsgs, EDPS u u PV b sbs, squy s x ssssm v . T g ss u A 13 gu u v u ff. T EDPS s s u-g s g g ms- fi ssssm v/s
s .
A m s g gs Eu Cm-mss g g ss y
ums g bu y s
( mk m u) (s2007-0529). Ass s bss Sff Rgus, kg s -fiy gs juy.
T us EDPS s A 6 Ax III Sff Rgus (sy -gs juy) b jy
A 20(1)() gu. T by s by g ss subj, bu su y kg fib s. Ts -uss vss b m- s ums s b sy s Cmmss s s gv ss m. T EDPS sk bu bu mgm ys ufi As 4(1)() (ss) 12 (-m b gv) gu.
A m s m gs Eu Cu Aus g ss g ssu A 13 sff ssssms -um u su sff s,s s ssb sy s fis (s
2006-597).
A u quss fi su b m, EDPSu ssssm u Eu- Cu Aus ( k by EDPS s 2005-0152) qu y um- su sms m vus. Mv, EDPS fi v sy s fis xs. Fy, gg qus bkg , EDPS s s A 15 gu-
bkg s.
Forwarding and copying of e-mails
A m gs OLAF s v g -m m ss sff mmb OLAF s bss s u uy u(s 2007-0188). T EDPS u , s s -m s s s mssg, mmb OLAF OLAF us.
As squ, m s s
su s b gu.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
31/110
Annual Report 2007
30
T sm m s m ss v m OLAF s b g ss v A 7(1) gu. T EDPS A 7(1)s s ssy gm m skv by m . H-v, k v , s s, s b y jusfi ss u y. Fum, y s mus my vss gu , -u, subj mus b m s gs s (A 11(1)()), s s.
T EDPS s sy kg OLAF v s y .
Requirement of credit card details
A m s g EDPS by mm-bs sff Eu Pm gg qum s busss umb gu bkg msss (s2007-0338). A vsgs by EDPS,
Eu Pm qu ss bkgs s v gy. Hv, s qu umb gu bkg.T y ss Pm s qu su umb s sff mmb s ub bk m fi ms musu ss m v gy byms sv m, us umb. T Pm s, v, s - mv s yg umb m sv m.
As us , s s s vu sff mmb. Ayssg s s umbguus -s sff mmb s gm u A- 5() gu.
Processing of sensitive data
EDPS v m m ECBmy mg m ssg - g mk
mgm sk v (s 2007-0299). T
m s s gy s ms A 10(1) gu b ss u suffigus ssy g A 10(2)(b).
A vg ys s, EDPS u ECB s us x A 10(2)(b). Ts us s bss ssg s -ssy uss myg sfigs bgs fi b mym .
Right of rectification
A m g fi vsv Cmmss s g 2006 (s 2006-0436). I 2007, EDPS v fim m su bu ff m s -s s bkgu (historique de car-rire) Sys2. T Cmmss s x y bkg ms s uv s squ u vyssg ff Sys2, sus, s, ym s sy. T EDPS
s m bu s u x bu ffius Cmmss y bk s Sys2 bs.
A m s v m s m vy s m s sms m 9 Nvmb 2006 s.T vug g us v bks. Subs-qu fig m EDPS, Ps Ams DG fiy s
vy m s sm.
Obligation to provide information
A m s subm by subj gsOLAF (s 2007-0029). T m s m, b m m, , s s s mk OLAF F Cs R, umg m gy (A 12 gu-). T subj s m bss A 13 gu. I, vgqus OLAF v ss s , y
OLAF F Cs R s v, bu
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
32/110
Annual Report 2007
31
s vg b mv, ug s . Fum, m s bv OLAFs F Cs R gv sv us s s bv-u, xs g fi (A 14 gu).
A vg vu s, EDPS OLAF s bgs ms by
As 11 12 gu. Fum, EDPS v m v y F Cs R y
ssg s g m u bs, my A 13 gu- (bku ssgs g s s su b v). Fy, EDPS u u vu qus fi ss b v, s mm s submss s g.
Publication in 2005 annual report
O 1 Juy 2005, EDPS v mgs OLAF s vus ssus u gu, by u ssg s
s g m by OLAF, x vs-g s g vvm s bby, us 2002 y 2004 (s2005-0190).
O 1 Dmb 2005, Asss EDPS s m. Aug g EDPS s m m, s s s ssus s Rg-u (EC) N 45/2001, u u u b k by EDPS, u
su uu y. Ts s s bflym 2005 u .
I 2006, m g m Eu Ombusm bu y s m b . I sm, s bj b s s s 2005 u , sg b mu. As sm, EDPS v - u s, ms ms s, s sbv. T fis m s s b Eu-
Ombusm y 2008.
2.4.3. Cases not admissible: mainreasons or inadmissibility
Ou 65 ms v 2007, 36 mssb s y us m EDPS. T vs mjy s ms s ssg by EC su by bu xu-svy ssg v. Sm s ms EDPS -s s k by uy, s us s m. I su
ss, ms m Eu Cmmss u b m s Mmb S s mm Dv 95/46/EC y.
2.4.4. Collaboration with the European
Ombudsman
Ag A 195 EC y, Eu- Ombusm s m v msg ss mms vs Cmmuy sus bs.T Ombusm EDPS v vgms m g ss ss mms my ssg s . T, msg Ombusm my vv - ssus. Lks, ms bug b EDPS my ms v yb, y y, bj s by Ombusm.
I v ussy u su ss b g s-fi ssus s by ms,
mmum usg (MU) s sg Nvmb 2006 b Ombusm EDPS. I , mmum s ususg m b EDPS Ombusm v v. T Ombusms su EDPS ss - ssus sk s m EDPS s ss g ss sb subm EDPS ms. I m s m- s s u m Ombusm, sus quy uby EDPS Ombusm s
s v u vsgs.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
33/110
Annual Report 2007
32
T EDPS vs Ombusm sv m-s g ss ums, - Ps C D MU. Obsvs
s Ombusm u m s ss. Ts ms EDPS
u v s y b bub ss , EDPS Bk-gu P 2005 (ubs bs), ss s ub s ss m. T ms u quss ss s sms Mmbs Pm (MEPs), us MEPs Mmb S xs sm ffi ( Cmmss).
2.4.5. Further work in the feld
o complaints
T EDPS s u kg g mu m g by EDPSsff. T m ms u mm submss ms, g m mssby ms, b m vb EDPS bs uus.
Sff mmbs s us s-g kss Hsk A 2007 Lsb Nvmb2007. Dug s kss, EDPS gv s-
s ub ss ums
EU ms OLAF vsgs s xm mus.
T EDPS s m ms s kss s x g m g-g ssus x.
Amg s, EDPS s ssu mm Mmb Ss Dv2005/60/EC v us fi sysm us my ug s fig v g kg s.
2.5. Inquiries
A 46(b) gu vs EDPS u qus, s s v. TEDPS u umb su qus, sm
m s s (s sg 2.9 v-suv).
OLAF security audit
I 2007, EDPS v umus fism OLAF g -ssg vs u sm I suu. Ts s,
y s by EuCmmss, s OLAF mss mg y by OLAF sff.
I su ss OLAFssuy msus, EDPS u su-y s ys m z y, g x u kg fi. Cug s yss
suy s s bu b g fiy ms s suy msus.
T m bjv s s gs mm mg suy msus, m m qums fi ssss m- g ss.
A vg v gu mvm sysms ug mms, EDPSu s, gy skg, vy ss-
fi suy msus mm by OLAF
Nikioros Diamandouros, Joaqun Bayo Delgado and Peter Hustinx
during an inormal meeting.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
34/110
Annual Report 2007
33
I sysms s u s s-sby.
T ffiy mm s suymsus b ssss 2008 -suy u s by OLAF, EDPS
b ss s bsv.
SWIF
O 1 Fbuy 2007, EDPS ssu s ECB SWIF s (US us
ssg bkg fig gs sm).T us ECB s vs, us ymk.
A sm m, x EU us, EDPSs qus m Cmmuy sus v fis ym sysms us u s SWIF.
O 14 Fbuy 2007, Eu Pm j su ssg m (PNR) SWIF. W g SWIF, Eu-
Pm s EDPS ECB v sus su Eu ym sysms uy my
Eu .
Dug sg 2007, u EDPS quss, ECB s g msusk my s-us v fis g s us ym sys-ms.
O bss m v, EDPSmm v Cmmuy susmsus su y uy my g bgs u Rgu (EC) N 45/2001, u y v suffi m sff mmbs vus vg -u s m.
I b sv, s mmb A29 Wkg Py, EDPS sy gss v s s, su s:
SWIFs s S Hb, v ss mm uss US
g ;
fis ssus v by US suy g ss ss xm, uss, y, suv-s ss msms g ss ssg SWIF u subs; m gs u, gm, u SWIF ym sv-s: g Sz
su -Eu mssgs m Eu g m USs.
I 2008, EDPS, us, s u ug sy m gss s .
2.6. Inspection policy
2.6.1. Spring 2007 and beyond
Ag A 41(2) Rgu (EC) N45/2001, EDPS s ssb mg sug gu. I M2007, EDPS u u msum gu vus su-s gs m ff sg2007 (s g 2.3).
T fis u 2007 k m s ss s su-s gs k sk gssm s vus s EU ms-.
W g mk quss, EDPS
gssv g - gy su.
T fis s ss gs s v s DPO. I, M 2007,10 gs y DPO.Cs s s ssb Cm-mss DGs u ssy v DPO qu sus b b ms/ us.
As su s s, gsv s DPO, ug
gy s m s y vs. Fu-
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
35/110
Annual Report 2007
34
m, Nvmb 2007, EDPS s m m DPO Eu Ivs-m Fu, u b vusym by DPO Eu IvsmBk.
F s sus gs DPO sy ffi, s s A 2007
u gus quss s, myg:
(1) sus DPO;(2) vy ssg s vvg
s ;(3) vy s ssg s
u s A 27 Rgu(EC) N 45/2001;
(4) u mm gu.
A s s s H Ams EDPS, s su s subj Rgu- (EC) N 45/2001, qusg m vy ssg s, vy ssg s subj kg, u mm msus.
2.6.2. Data protection ocers (DPOs)
Appointment of a DPO
As m bv, Cmmuy sus gs v DPO. T bgg su-s v s sss DPO (EuCmmss, Eu Pm, Cu Eu U, Cu Jus). I ms ss, sss ks u-m bss. Sm susv s s ss.
Independence of the DPO
I s s DPOs (19), EDPS u- ms u mms sus DPO sus/gs, my y m (, , s ssb fl - m DPO k) -
(19) S EDPS s R ffis (DPO) sug ffv m Rgu (EC) N 45/2001 (vb EDPS bs u Csu s).
s DPO s /s su .
T g sus (Cmmss, Pm Cu) v u-m DPO. OHIM vsy DPO u-m bss m Fbuy Dmb 2007 s s b b DPO ssus. A sus/gs v -m DPO -u m DPO sks. I ms s ss, DPO s sg vs.
T EDPS s u s ssu s DPO s /s mus . Gus s fi v b v by ms sus gs DPO u s sy-g s k DPO s subm EDPS su.
Adequate staff and resources
T EDPS s u qu sff sus DPO y u s/ us
(I, um sus, g, fi sus).
Ms sus gs v vv m sus sff -v DPO b m/ y u s/ us. I sm ss, sss DPOs v b. I sm ss, DPO bfism sss svs, su s gsv.
As bugy ms, y su sm bug DPO. Smsus, v, u y v vus bugy mmm.
Sm sus/gs m g DPO msy m DPOmgs g ssss gsby EDPS. A umb sus/gs v u y s u I sysm .
2.6.3. Inventory o processing operations
Aug g bg, vy
ssg s u gy
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
36/110
Annual Report 2007
35
su s b s by EDPS s usu msu m gu. T EDPS v sus gs s u su vy s sus EDPS.T EDPS s qus m bg y ssg s DPO.
Ms gs sus v sbs sbsg su vy bgm msu m gu.
2.6.4. Inventory o prior checking cases
I s , EDPS qus vv s m fi kg. TEDPS qus vy ssubj kg sus s ss, qus u sus ssg y s (m fis, sffs, sy us, s svs -mg).
Ms sus gs v sbs su vy bg EDPS msu m- A 27 gu. T ug
sg 2007 s ug s fis ex post ks s mbv (s g 2.3.4). I sm ss, s fi ex postss su. T s s g s sus gs u m EDPS bu sus sm g ss ssg s y s.
2.6.5. Further implementation
T EDPS s qus bk m Cmmuy
sus gs u mm- gu, ug mmg us, sg ss mg sff mmbs. H qus sus gs s ms vysms y usg sk bk g s subjs xs gs.
A 24(8) gu vs ummg us g DPO s b by su by. Ty s u sks, us s
DPO.
Oy g sus/gs v m-mg us s . Fu sus/gs -g s us 2008 gs g s kg m. Ts vs umb sus/gs u y su us.
I s ss, m - s usuy gv ug I
bss, ub gs, -m bus ss. Sm susv s b vy gsg g g sff mmbs vg x us -m su.
Dff vy sms v b by s-us gs vg m As 11 12 gu. Ms ys u ubsg vy sm I, vg m s-s sff s, ug vy s
m g, ug qums ums (.g. s).
As ms by subjs xs gs, s yy u ssby
g DPO sg mssg g mbx ff. SmDPOs s v ms vb sus/gys .
2.6.6. Conclusions
T sg 2007 xs s b EDPS k sk v m sus gs Rgu (EC) N 45/2001. Ag s b ff by EDPS. I s bg gs y
s DPO s sus sff ssy m s/ us.T s s ug sus/g-s y ssg s g -s m s subj kg by EDPS. T gv mus sus gs u bkg ex post kg ss -g ug s ss subm EDPS kg 2007.
T mus b s s s ggxs by EDPS su m
gu, g ssb --s ss
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
37/110
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
38/110
Annual Report 2007
37
bu ss. I s b u su g my xs u A 11(1)() 12(1)() Rgu (EC) N 45/2001, uss x s (s 2007-258).
Internet policy papers
T EDPS s s su by DPO Eu- Cu Aus sus Iy . T EDPS u kg u, , mg us I s sb I suy
y s vu uss u , , su mg s g sus ffs, sumg s, , ky b subj kg u A 27() (b) gu. O my subsv mm-s gv by EDPS s fix m u-g g fis b k mmg mmu s uss I suy y (s 2007-593).
T EDPS m v EuPms DPO g P g
vsgs sus buss us I ss -m. T EDPS u -mg m vsgg susbus I -m s m mm b subm- kg by EDPS u A27 gu. O EDPS mks - g susss bus, v uu vsgs. Mv, m uss, A 20 gu (s u bg m b ) s mm. I s
s m y u vsgs u qus s . I , EDPS u sm gus msv vsgs g (s2007-261).
Implementing rules on data protection
T EDPS v mms m-mg us g Cm-muy Fss C Agy (CFCA). A m ss subsv mfis, EDPS -
m CFCA m m-
mg us DPO, s s A 24(8) gu, bu v m v s s gs subjs(s 2007-651).
A s xuv g m-mg us g Eu- Mm Sy Agy (EMSA) s s sub-m EDPS. T EDPS mm, , s sks, us s DPO, u qus ms, As 11 12 gu (s 2007-395).
I , DPO EMSA sug v j gg us .T EDPS mm sm g gs sk ssy gu (s2007-397).
Registration of national case-law on Portailexterne
T EDPS s su Cu Juss DPO gg gs
s- Portail externe ssquss my ug fi Cm-muy .
T EDPS u , b ub s- Portail externe, s m- m ssy g us b u. T EDPS -mm Cu Jus s m-gy yms u ss,bg m v sy sug.
W m ymus, A 5()
() s s A 12 gu sub k s (s 2007-444).
Applicability of national data protection law
DPO Eu Fu Imvm Lvg Wkg Cs(Euu) subm su gg my y gy. Tssu by Is s s s gy s bs I. I s u ,ug s- gss mmuy Cmmuy sus bs s bsu
my y EU s
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
39/110
Annual Report 2007
38
v u sfi usy, EDPS u s jusfi . O -mms m, su s -s m, sy ffi , s s g mg xgsv, suy mgm (s2007-305).
Other issues
T sg-u k -ss Eu Pm, s m gs, s s subj su. T EDPS m Pms DPO u su -
k v b vy sv Eu Cm-mss mg mg ssg s , g s yu k (s 2007- 297).
T DPO Eu Mg C Dugs Dug A (EMCDDA) sugv g ss ms k msss m ug Suys,
Suys ub ys, b 22.00 7.00 y flxby gms. I ss, s s mk s us, EDPS u gu . Ts ss msvs s y sfi s(s 2007-725).
2.8. E-monitoring
T us mmu s
EU sus bs gs s , ssg ggs Rgu (EC) N 45/2001. T EDPS s v-g s ssg g by us mmus (, -m,mb , I, .) EU sus bs. A -mg us mg mmus k su mgs DPOs mms s.
Ts mms s k b bg fi um
s ks u vms s
, su s Eu Cu Hum Rgss ug mg mysI us bs um gs (20). T mfi- A 49 EC fi gusmmg us g m s-s u uss sv s b k u fi um.
Issus s fi v s s x EDPS vs suss s s (s g 2.3.4 M ssus ex postss, s -mg, g 2.7 s sus I y s)
2.9. Video-surveillance
I 2007, EDPS u k s v-
suv gus v gu EU sus bs m us usg v-suv sys-ms. Fg suvy u mg vusCmmuy sus bs bu -s 2006, EDPS s u sg 2007 suvy mg EU Mmb Ss,
sss us (DPAs). T suvy v - us v-suv sugu EU.
(20) Cs Coplandvthe United Kingdom, A N 62617/00.
The monitoring o electronic communications must respect data protection
principles.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
40/110
Annual Report 2007
39
M, EDPS s g u x v-suv -us.H u k Eu Pm -u 2006 m gs P-ms v-suv s.
H s vs su quss v-suv v m DPOs sus. A ss vv us v-gy uss suy.
I - s (2006-490), sus v ms s -s (sg I mu us vss). Tg m -s, sg vss k-g k ss, s bs v sus , m - -y. A us s sss-g s m vby s -s. I s y yss, EDPSu ssg s usv, um uss sug v, sg s vby vb ms v s sm uss. T, EDPSmm su us ms
m s -s m vby s.
A su qus, g-by s(2006-510), s s ms g bys sus kgs m vby s g ug. T g u v b vb umm. Ag, EDPS m-m () us ms m vb-y s, , vy,
() sg ms sg su su y ss ug ms u b -fib.
A s (v-s ms) (2007-132)us ms
ssu b gv sk-s / s
fim ug s
s vs gs mss su.
Dug 2007, EDPS s v umb kg fis m Cmmuy su-s bs. W x OLAFs s-u vs (CCV) s, kg fis ex postss.
T Cmmss, JRC Is, Cu, s s CR, jy EESC, v subm su ex post kg fi EDPS. Ts ss sus, g EDPS v-suv gu-s. Hv, OLAFs CCV s, bg sub-
j u kg u, uybg v by EDPS (s 2007-634).
Bug sus suvys, s s s x s , EDPS s fis su s v-su-v gus 2007. Ts fis -su s b fis ubs EDPS bs 2008, vg mms
m s s. T EDPS s s fi gus ssssm mmsv sug u fi mvm gus. T gus us ssus v s Eu- sus bs bu s k s- m s, gus gus EU Mmb Ss.
Data protection saeguards are needed to ensure the sae use o video-surveillance.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
41/110
Annual Report 2007
40
T gus v v sm sus bs vy smv-suv sysms mm us vy, us, my ss, v s subj ssg s EDPS kg.
Hv, m mx, v usvsysms, u s- g- v-suv sysms, m subj kg by EDPS. Av y b g s-by-s bss. A kg, sm ss bbv m, s b qu sys-ms , u sfi um-ss s, ss v m m s mms s EDPS v-suv gus.
2.10. Eurodac
Eu s g bs figs s syum g mmgs u EU. T bs s ffv Dub Cv g ms syum.
Eu s s u u sfi us Eu- v, ug sgus (21).
T EDPS suvss ssg s bs, by C U Cmmss, smss Mm-b Ss. D us MmbSs suvs ssg by us, s s smss s C U. I su , EDPS us mguy suss mm bms g ug Eu, s s mm m-m sus. Ts suv-s s s b vy ffv (s g 4.3b).
I 2005, EDPS u s su-y msus C U.
(21) Cu Rgu (EC) N 2725/2000 11 Dmb 2000 -g sbsm Eu ms figs ffv Dub Cv, OJ L 316, 15.12.2000, . 1.
I s , ssu Fbuy 2006, EDPS m ss mms m mv-g sysm.
As s s, - suy u su, s Smb 2006. I ssss
mm suy msus my qums fi by b us sg suy y EuCmmss. I u ssss s suymsus s my bs u s. Tfi u s s Nvmb2007.
Ag gm b EDPS Eu Nk Im Suy
Agy (ENISA), gy v s x gss, v v mgy suy u. T u m
s ms svs m EDPS, Gm F Offi Im Suy (BSI) DCSSI (D su ssysms m) m F. ENISA v quy ss . W s EU s, s summy s m vb
EDPS bs (22
).
T EDPS s uss mm-s. T m us s suy ms-us y mm s Eu y y v b m u-g fis u ys vy v v v . Hv, sm s sysms gs suy ssm ksss v b ss Eu uy my bs s mm bs vb -qus.
T EDPS v mm -u msus, b b bss . H xs s sb k u VIS, SIS II -mg g-s EU sysms.
(22) S Suvs s, u Eu.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
42/110
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
43/110
Annual Report 2007
42
suv sy. Ts vms sb b.
I m, suy jus, mjs u. Ag, sums ssbs m us , s xg s v b
s, u fig gs -sm gs m.
T m gy vy bms m m vsb. Ts us bms vm RFID qu sfi .
T gg m fls ys b y v uy v by EU s, gv ms s.
As kg ms EDPS, 2007 s fis y EDPS kg s
ub um, my Ivy 2007, s ubs EDPS
bs Dmb 2006.
T uu ms umb s ssuss sms ssb s, s m
2006: 12 s v b ssu 2007;11 2006. T EDPS s m m us sums v, su s mms( s ubs bs, bu Official Journal of the European Union). Ts sum mus b s s suu
s .
Fy, s y k bk vsv 2007, bu s k by sbg v-ms gy, s s gs.
3.2. Policy rameworkand priorities
T y T
EDPS s vs Cm-muy sus s-s gs ums (27) b s- s sg u m sg EDPS s
su.
T us ms: s vsy sk EDPS, subs -vs, /kg ms. Tsy s ssu M 2005 sv b s bss vs EDPS.
Ts bss s u b fi 2007.T EDPS s fi bjv s - EU gsv ss s vym gsv msus y b k u s m msus vy . T m ssss-ms u by Cmmss mus gv - vy . I, ss mus ys b bs ss m .
Fum, s sss EDPS ss mms s v by EDPS ssuv vs, m,suy jus. Ts mus b s s u- s mg ss , s ss m ffvss. A s sg, EDPS s y m s m, suy jus bu gm sm v u b s
(27) Avb EDPS bs u Csu s.
Part o the consultation team discussing a legislative opinion.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
44/110
Annual Report 2007
43
vy EDPS. T bm y 2008.
As gs kg ms, 2007v b y s. Csu EDPS us vs ffsgs gsv u s bm m s u, v us ss v my v m .
Te inventory
T yy vy mus b s s y mk EDPS. T v-y sss s:
u vg s yss x sfi s v s y;
x ss v Cmmssss ( ums) myqu m EDPS; m su x s Cmmss gsv
k gmm.
T Ivy 2007 s g s EDPS. Gy skg, EDPS s mg s s s. kg s k ff s, g uss b .
T x Ivy 2007 s 16 mums (m s ) EDPS ssu . Ts us s g su:
Opinion issued 8 documents
No EDPS opinionbut support
to opinion WP 29
1 document(PNR-US agreement)
EDPS opinions
postponed to 2008
2 documents
Commission proposal
postponed to 2008
5 documents
Fum, s 22 ums ssm EDPS, EDPS ssby ssu , y jus sy y vms
.
Priority 1: T sg xg -m m, suy
jus s g b vy EDPS 2007 ( m s s g s EU gs us u mss g sums mfi xsg sums s ).
Priority 2: T mmu Cm-mss uu Dv 95/46/ECs xsv EDPS ,
sk s s uugs.
Priority 3: T vms kg m sy v b sy - mm . RFID s bm; EDPS s b vv mfi Dv 2002/58/EC (- y 2008).
Priority 4: As y ug ub- s ss EDPS,
mu gss s b m, my u v gsv ssv b 2007. Ts subj m y 2008.
Priority 5: My vs v b myg OLAF. Sfi s b gv xg s
Eu ( EDPS Eu s) xg us. T s - suvs EDPS ssg by OLAF.
Priority 6: As sy, vsy v-s v b s sv jugm Cu Fs Is Bavarian Lager (v 8 Nvmb2007). A s mfi Rgu- (EC) N 1049/2001 s s sg 2008.
Priority 7 and 8: Hz ms vs (g kg m): -sb gss s b m.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
45/110
Annual Report 2007
44
T s y 2007 ss vsmg.
EDPS continuous attention
(research programmes,
general issues/subjects
such as immigration
or public health)
8 documents
EDPS involvement in 2007
(comments or inormal
action)
4 documents (spam,
cybercrime, terrorism,
publicprivate partnership)
Deleted rom list without
urther action by EDPS
5 documents
Commission activity
postponed to 2008
2 documents
Upgraded to red issue
in Inventory 2008
3 documents
Inventory 2008
I Dmb 2007, Ivy 2008 ( syy vy) s ubs bs. I -s m s s s u Ivy 2007.T s g sgy ff y: Ivy 2008 y ss six priorities,
. I 2008, y s b gv y Lsby, s s x ss g s us.
T x vy ss s vy EDPS vs g -y s. T ss s 13 ffCmmss svs (Ps AmsDG, Emym, S Affs Equ O-us DG, Es Iusy DG, Eus,Im Sy M DG, Jus, Fm
Suy DG, I Mk Svs DG,OLAF, Ex Rs DG, H CsumP DG, Sy-G, x Cus-ms U DG, Egy s DG).
T s s s umb s-s s x. T x ms 67s v g g s:
34 s flgg s , vg g y;33 s mk s y ums, v-g ums ss m EDPS
EDPS s ssby ;
29 s b fi s gsv ss
stricto sensu ( gus, vs, ss
mk ss); 38 s -gsv ums; s us Cm-mss mmus, mms, kgmms, s s ums g gms b EU us.
Ts s umb ss s x s y u x s bs Cmmss gsv k gmm,
ss sy s s s ms. T 34 s v b g ys ssy m umb EDPSs g gy.
3.3. Legislative opinions
3.3.1. General remarks
Opinions on third pillar issues
T EDPS 12 gsv s 2007.As vus ys, subs s m, suy jus.Hv, s ss sm ss 50 % gsv s (my 5 u 12).
A fiv s ums fi ju m ms( ) u um v-ms, s m sv -. Ts s s fis s Cu mk s s ss m-
k ju mms. T s s Eu s, vs ss-b (ssg Pm y s
mmg gm EU v) s Eu ssg m (PNR)sysm.
I , mj s ss g sg by xg m b mus, u ssssm ff-vss xsg g sums. N sums sg b xsg sums v by mm. Ts bm s uv ss Pmy EU v Eu PNR
sysm.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
46/110
Annual Report 2007
45
A bm y -s EDPS g ssus s k msv g mk -. Ms ss u sm sfi v-ss mg sg u gmk. Hv, ssy g mks y b u .
A ssu sk s EU us mk my Mmb Ss sbs us sks, bu v m s s ug sus. Ts ms xg mb Mmb Ss ffs g -y subj s sb us ff Mmb Ss.
T xg m us m uss s s ssu, suss ff EDPS s. T EDPS s bu k ms, s s k gus suug ssg by u-s, g s s .
Opinions on communications
s ssu g mCmmss mmus g uumk . I s mm v(28), EDPS fi fiv svs gg x, bg gy. Ng vms v m qums ffv g mk . A m g vm sRFID, subj s EDPS (29).
T s s Cmmss mmu-
s gv EDPS uy fl uu svs gv mus susss m-
k uu; su susss bmg ug (s g 3.7 uuvms).
(28) O 25 Juy 2007 mmu m Cmmss Eu Pm Cu -u kgmm b mm v,OJ C 255, 27.10.2007, . 1.(29) O 20 Dmb 2007 mmu m Cm-mss Eu Pm, Cu, Eu Em S Cmm Cmm Rgs quy (RFID) Eu: ss s y mk(COM(2007) 96).
Opinions on first pillar legislation
T fiv s s by EDPS 2007 v u y s sus usms, sss, s, guu s suy. T m mm m s u fiv s suss ss - xg b Mmb Ssus ( usms, s ssuy). O ssus v u ssu m bfis Cmmuy u-g, ss fiy, b sfi us g mk.
T ss fl m g . Im- xg b Mmb Ss ugxg s s s s msum vm m-k. Bs u b k y by g xg, by uy usg ssbs - ks. Smms s s Cmmss s ssb m vby suu. Is ss, EDPS s s s suvsy
uy.
I g, s qus s m EDPS, su ssy sgus gus subj k u,s sums g xg s . I s s, s s ss subj xs s gs sm y.
3.3.2. Individual opinions
European Police Office (Europol)
I 1995, Eu s bss v- b Mmb Ss. Ts v s svg ms flxby ffvsss mfis mus b fi by MmbSs, ss my k ys s msby xs s.
T bjv s Cu sg v (30), EDPS
(30) Ps Cu s, 20 Dmb 2006, sbsg Eu P Offi (Eu) (COM(2006) 817 fi).
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
47/110
Annual Report 2007
46
ssu 16 Fbuy 2007 (31), s mj g m vs Eu, bu my sss vg Eu
m flxb g bss. T ss s subsv gs, s s umv Eus ug. I xs m- Eu ys sv vss,mg u k Eu, s gg xg bEu bs EC/EU, su sOLAF. T s s s sfi us suy, g g mk s y b .
T EDPS us Cu -s su b b mk su v .
Mv, suggss m mvmssu s:
sug m mmvs u;yg s s gus
bss k;msg us , mg xs, subjs g ss;ug gus Eus ffi ( ysus u ssg s );sug suvs EDPS ss-g g sff Eu.
Correct application of the law on customsand agricultural matters
O 22 Fbuy 2007, EDPS vs Cm-
mss s gu ss ug vus I sysms gs . T m s s sg b Mmb Ss Cmmss v bs usms g-uu gs (32). T I sysms u
(31) O 16 Fbuy 2007 s Cu ssbsg Eu P Offi (Eu) (COM(2006) 817 fi),OJ C 255, 27.10.2007, . 13.(32) Ps gu Eu Pm Cu-, 22 Dmb 2006, mg Cu Rgu (EC) N 515/97 muu sss b msv us MmbSs b Cmmss su usms guu ms(COM(2006) 866 fi).
Eu y, usms msysm (CIS) usms fis fi -bs (FIDE).
I s (33), EDPS suggss vus m-ms s su ssv mby xsg g mk ffv -vus s . Amg s, EDPS sug-gs g:
Cmmss su y u ssss-m gg Eu y; Eu y s , gu- su v m-my msv us sg sfimsus su fiy -m; m vus vss gs EDPS suvsy gg CIS FIDE; suv-s CIS u u us EDPS.
Coordination of social security systems
O 6 M 2007, EDPS vs Cmms-s s g mmg msus s suy sysms. T svs vs g s s suy (ss,bfis s my, vy, umy-m, .) (34). I ms msg smyg xsg us by sgg mvg ms xg b ssuy sus ff Mmb Ss.
T EDPS m s x
ms vug mvm zs mvg s vg s mym s mvg U (35).
(33) O 22 Fbuy 2007 s gu m-g Rgu (EC) N 515/97 muu sss b msvus Mmb Ss b Cmmss su usms guu ms (COM(2006) 866 fi), OJ C 94, 28.4.2007, . 3.(34) Ps gu Eu Pm Cu-, 31 Juy 2006, yg u mmg Rgu- (EC) N 883/2004 s suy sysms(COM(2006) 16 fi).(35) O 6 M 2007 s gu yg u mmg Rgu (EC) N 883/2004 - s suy sysms (COM(2006) 16 ), OJ C 91,26.4.2007, . 15.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
48/110
Annual Report 2007
47
W s u s suy u xsu xg ff ks s, s s u g v s s ssy. Bg s m, EDPSvs :
y ums bs s su s us m s sy ss, bs u-s ss s;su s msm s-g smss s s ybs sfi g gus;v ss v -m ssg s ;b subjs xs gs ff-vy s-b x.
Cross-border cooperation (Prm reaty)
O 4 A 2007, EDPS s v 15 Mmb Ss mk y Pm b ugu EU, ug b su s s (36).
T v ms s u ss-b -
, uy mbg sm ss-b m. T v s xg bm (DNA figs) qusMmb Ss s u DNA bss (37).
Aug ys m s v, vss m s sfi s g mk ,
s s b . Su mks gv zs ug , s ss mk mu s xg DNA fig .
S Pm y s y sm Mmb Ss, EDPS suggss mysv mv x u myg sys-m m xg s. I u, s :
g ff ks -s s g: m ssv , m m uss y bus m m ss s;
(36) O 4 A 2007 v 15 Mmb Ss v g Cu s sg u ss-b, uy mbg sm ss-b m,OJ C 169, 21.7.2007, . 2.(37) Pm v, OJ C 71, 28.3.2007, . 35.
Cu su u m ssssm vu us u -; sysm b smumb sy g Mmb Ss s umy b us EU- s;
v s sy gs ss b u DNA bss s m .
Financing of the common agricultural policy
T ys s ms ufig qu-m ub m bfi-s Cmmuy us. I mm Eu sy v, Cu Rgu(EC, Eum) N 1995/2006 13 Dmb2006 (38), s s subj EDPS, s s qum figu.
T m s ys by EDPS s 10 A 2007 s Mmb Sssu su u ex postub b-fis mu v bfiyu Eu us, m bug Eu Cmmus.
(38) Cu Rgu (EC, Eum) N 1995/2006 13 Dmb2006 mg Rgu (EC, Eum) N 1605/2002 figu b g bug Eu Cmmus,OJ L 390, 30.12.2006, . 126.
The Prm decision relies on making use o DNA material.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
49/110
Annual Report 2007
48
I s , EDPS sus us sy us -v gs subjs sub . Fum, s v u ss mg subjs b-, m s , s b m ub, sug subjs g ss g bj s.
Mv, EDPS suggss ug sfivs, my A 12 Rgu (EC) N 45/2001. T m s m subjs bu ssg s by ug vsgg sus bs.
Data protection in the third pillar (third EDPSopinion)
O 20 A 2007, Gm Psy su Eu Pm vs s Cu mk s (39). T m v-s s s u gs Cu mv . T
EDPS s subsv gs - vs s, s s s m, , s ssu 27 A2007 (40). I s vus s subj, EDPS sss g mk m, suy
jus ju s qug gg v.
I s , EDPS ks s-, mmg mk ssu b u sgfi mv-ms, u g g
ssus:xs s s u ms ssg, s zs quy y xg Mmb S;mg uss s my b u ss, v g bs s Cv 108;
(39) Cu Dum 7315/07 13 M 2007.(40) T 27 A 2007 s Cu mks s ss mk ju m ms, OJ C 139, 23.6.2007, . 1.
qug qu v xgs us g m-m EU s;sug quy, by sgusg bu s , s s b g-s ss, su s sss, v -ss, .
Fum, EDPS vs Cu gsgg ssus s s xg s s ssg byEu Eujus, s s sbsg
j suvsy uy sm ss ms s u b su-fiy ss.
Communication on the implementationof the data protection directive
T Cmmsss mmu m-m v s m Dv 95/46/EC s ms s susss v s mm (41). T us mmu s v
su b m. T mm v su b u mv by ms y sums, msy -bgu.
T EDPS 25 Juy 2007 sus us Cmmss. Ag m, s m, gy s bs s mvms mm -v (42). I g m, v, gs v sm uvb. T EDPS sks v ss g sugs su y b s . Su u
gv v s kg bu uug. Fuu g s m s, msvgms.
T sgs u fiv svs uug: u mm v,
(41) Cmmu m Cmmss 7 M 2007 EuPm Cu -u k gmm bmm v (COM(2007) 87 fi).(42) O 25 Juy 2007 mmu m Cmmss Eu Pm Cu -u kgmm b mm v,OJ C 255, 27.10.2007, . 1.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
50/110
Annual Report 2007
49
gy, gb vy jus, m, m Lsb y.
As sv u mm, EDPSs Cmmss s ss m-ms u u:
ss, sfi gsv EUv; usu b mm vug gm us; us sum v mmu- g ssus: s , fi ss, m b , us m mb us, g gus ssg,sy g umbguus s b ss; us -bg sums ugsums bug vyby sg; submss A 29 Wk-g Py gvg s vs s b Cmmss kgy.
Community statistics on health
O 5 Smb 2007, EDPS s gu Eu P-m Cu Cmmuy sss ub sy k (43).
T s ms sbsg mk u sb vs fi ub- sy k sss - u by Eus, ss sus us ssb v-
s ffi sss s s.
T m mms EDPS ssy ss ffs b ss fiy, my s sfi . Mv, ssu ss s uss s sv s ss s ys.
(43) O 5 Smb 2007 s gu Eu Pm Cu Cmmuy sss ub sy k (COM(2007) 46 fi), OJ C 295,7.12.2007, . 1.
Fg suss b svs Eus EDPS, s mm v sss u Eus g
vu s ss uss ub u u kg.
Road transport operators
O 12 Smb 2007, EDPS ssu s s gu Eu P-m Cu sbsg mm usg s b m u-su u s (44).
T gu sbss s g gu, fi sg ss m- s ms v ssy.T s us gss v b b Mm-b Ss, g xg mb Mmb Ss. I s sfi v-s (45).
T EDPS vss s gu s
m :su g fi ms su s gu;y mbgus u-s;su qums Dv 95/46/EC s.
Implementing rules of the Prm initiative
O 19 Dmb 2007, EDPS s s - Gm v sbsg mm-g us ssy ug
Cu s Pm (46) ( EDPS yssu v s s 4 A 2007).
T mmg us x v sfim s y fi u ss s xgs ss su
(44) O 12 Smb 2007 s gu sbs-g mm us g s b m usu u s , OJ C 14, 19.1.2008, . 1.(45) COM(2007) 263 fi 6.7.2007.(46) O 19 Dmb 2007 v F Rub Gmy, v g Cu s mm- Ds 2007//JHA sg u ss-b -, uy mbg sm ss-b m.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
51/110
Annual Report 2007
50
gus ss. Fum, u k g EU mk ugu ms m s s sfi sus.
I u, EDPS mms : mb g vss sfi us su sub gs zs ffiy m us s s ; uy ss mss DNAfis figs su b uy k u sy m, s g g s xg; us su b u s- y y u suvsy vsy ugu ff sgs mm.
Communication on radio frequencyidentification (RFID)
O 20 Dmb 2007, EDPS ssu s
Cmmsss mmu -quy fi (RFID) (47) Eu ss M 2007. T s gg us RFID s sum us s ffg vus.
T EDPS ms Cmmsss mmu- RFID s sss m ssus sgm ym RFID gy k-g u vy s-s. T EDPS gs Cmmss s fis s v m s-guy sums. Hv, gs-
v msus my b ssy gu RFID usg vy .
T EDPS us RFID sysms u y ky vm Eu -m sy bu RFIDgs su b by bfis ss sgus. S-gu my b ug m g. Lg
(47) O 20 Dmb 2007 mmu m Cm-mss Eu Pm, Cu, Eu Em S Cmm Cmm Rgs quy (RFID) Eu: ss s y mk(COM(2007) 96).
sums my b qu gu sus mms sks vy . I, xsg v s suffi - vy fis s. Hv, umk su b ffvy. T s gg s, bu s- us my b qu su qusus.
M sfiy, EDPS s Cmmss s g mms:
vs gu, s - v sks, y u g mk RFID v-m; Cmmuy gs gug m ssus RFID usg s ffvmm xsg g mks;su msus su by y - s s s u-b g bg; fi bs vb qus
y sv y
vy-by-sg .
Internet o things: a tagged environment will have to be a privacy riendly
environment.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
52/110
Annual Report 2007
51
Council framework decision on the useof passenger name record (PNR) data for lawenforcement purposes
T s Cu mk s -ss bgs s sm bu ssgs flgs m EU MmbS, us mbg sm gs m (48).
I s 20 Dmb 2007 (49), EDPSmsss mj m s u v vy gs ssgs.
W kgg fig gs sms gm us, EDPS ss ssy y s suffiy sbs. I , EDPS ks s k y vus ss s, u -b g mk, y s s , s s us.
T uss u ky ssus s g uss:
gmy ssg: s s v suffi ms jusfi su ms gmy ssg ;b g mk: sgfi k g y s s gs - gm b svv ssg s ; y s: s s sy y s s, s ss vu gus s s v;s us: s ss
s s PNR us b subj msv .
Fy, EDPS vss sb Lsb ys y , s y gsv u s
(48) Ps Cu mk s 6 Nvmb 2007 us ssg m (PNR) m uss(COM(2007) 654 fi).(49) O 20 Dmb 2007 s Cu mks us ssg m (PNR) muss.
by y Eu Pm s uyvv.
3.4. Comments
Security and privacy
O 11 Ju 2007, EDPS s s P-ugus Mss Jus I. H umg sy su suffis ms b
Cu vs . T EDPS xsss umb gms -s msus b u u uysg m um gs.
T EDPS u mssgs su s g vy u suy gu vg m suggsg umgs ms uxuy suy ff. H xss s su gv vu vy gs vs k usg mk um gs, s ys ssy - msus mb m sm.
Ts s gs sss bu bus um gs m g -sm Eus bs v s 50 ys.T su b ub ffv -msus b m bus u-m gs. I s, xms b u ff s Eu u um gs s sv s su uus su sy sby.
I ff, EDPS s su - s g s gmy s suss y v s fi, ms bfis ffv suy mss Eu.
T EDPS fiy ug Cu jus k Eu Cmmss mk us s vb-y s vs ms g s ssg. A g EDPS v Cmmss EU sums fis s s su mv gs b
ms gmy ffiy.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
53/110
Annual Report 2007
52
Ts s suss mg b EDPS Pugus Ms Jus 17 Smb 2007, fim smmm s vy um gs v gs.
Lisbon reaty
I s Igvm C(IGC) sy 23 Juy 2007, EDPS sk sm sfi s b u vss y v
mvg x y EuU y Fug Eu U, s s D -s s ju m ms. Uuy, IGC sy s suggss EDPS.
Developments on data protection frameworkdecision
Fu s , EDPS sy v-
ms b s u gs. T EDPS Pugus Ps-y s s v v sm ss -ms s. O 16 Ob 2007, EDPS s ssu mms m bum s su b vk sg fis Cu mks.
I u, EDPS mm :
k u mm v v by Cv 108, sy
g ssg ssv ;y s b m uss s ssby m us us m ss mbuss;
su u g ss s , s-y s um ss;
gu vsy us, s ug um EU v s us u vy.
T EDPS s s v s s s
Eu Pms Cmm Cv Lb-
s, Jus Hm Affs (LIBE). I 2008, EDPS k mg s s m vb v u v.
Control of the acquisition and possessionof weapons
I 31 Ob 2007 s EuPms Ru ssu, EDPS vms gsvu s v gug qus ssss -s (50).
Ts vms s m ssu , my s squ mmu Rus . Ts mmus m mus s -fig sysm Mmb S, sv b s ss 20 ys.
I s , EDPS s s sv sg m sysm Dv95/46/EC.
Rome II regulation on the law applicableto non-contractual obligations
O 28 Fbuy 2007, EDPS s ss Cu, Cmmss Pm xssg sm ubs s s A 7 (vs vy gs g sy) EuPm gsv su Cu m-m s v gu- Eu Pm Cu b -u bgs
(Rm II).
I, s u v -sss Dv 95/46/EC. I fis , s my s s v vs g us ssg s s v -v sums, s xs mg v b s. x A 7 u v vs
(50) L s v mg Cu Dv91/477/EEC qus ssss s,31 Ob 2007.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
54/110
Annual Report 2007
53
g us s v, s k ff m A 4 v s b .
I s , umb m s s y A 7
xy m s. I s s g uv v ssg g y by bs. Mv, x g 3 -s sm mg sss v.
T EDPS suggs m u su b k umg gsv ss v v ms s x mg v xs-g gs, s v bms b bfly sb .
O 11 Juy 2007, gu s (51).A 7 s . A vs us s u A 30.2 syg suy su fi b -u
bgs sg u vs vy gs g sy su b subm by Cmmss 31 Dmb 2008.
3.5. Court interventions
A sum EDPS uss gvg ff s s vs EU sus s v s bug b Cu
Jus Eu Cmmus, u A47(1)() Rgu (EC) N 45/2001. Ts su-m us vs b Cu FsIs Cv Sv bu (ug ss m s y b us by EDPS).T s s sum s fi by Cu Jus s s 17 M 2005 PNRss.
O 12 Smb 2007, s Cu Jus s C-73/07 (Satakunnan
Markkinaprssi and Satamedia) fi m- EDPS s x myug gs. T EDPS s sk v
(51) OJ L 199, 31.7.2007, . 40.
v s s g mg ssg s u sy ju-s uss Dv 95/46/EC.
O 8 Nvmb 2007, Cu Fs Isgv s jugm s -194/04 (Bavarian LagervCommission), ss gg s b ub ss ums EDPS v 2006. T jugm ss m m-s bs s b.
T Cu Fs Is u Cmms-ss s us u ss mus mg gs by Cmmss, ug ms s mg. T Cu Fs Is ssu ms -svs v by u js vy gy.
T EDPS v s su ss s s subs fim by Cu FsIs. I Juy 2008, Cmmss ssu Cu Jus.
A s g g bss Dv 2006/24 (s C-301/06, IrelandvCouncil and Parliament), EDPS qus v 2006, s s g b Cu Jus. I 2007, EDPS ssu submsss.
Fy, Dmb 2007, EDPS qus v b Cu Fs Is s-374/07 (PachtitisvCommission and EPSO). Ts s bu ss s qussu m s ss k m su sv s u-m by Eu sus.
3.6. Other activities
Te USPNR agreement
T EDPS s b sy vv ssg gm b EU U Ss ssu PNR, s s vus-u vs us
gm Juy 2007.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
55/110
Annual Report 2007
54
I fis , EDPS s mm gs m, s uy sg fiy. I s , s vy vs A 29 WkgPy, sgy ssgs gs k-s Eu Pm m sgss ff ss gm. Hs gv s v s gm sv- ss, s by gvg ( ) v Eu U Cmm Hus Ls.
Fg us gm, EDPSs k , g mmbs
A 29 Wkg Py, yss gm. I by kg y 17 Augus 2007, s xss
sgus gm bk m vus gm.
I u, umb quy s-, g umb s, k y g us b us s v sysm
fi s sg sfi . S kg y uy fl v EDPS, bs m sg EDPS.
Bfig m v u EDPS,
kg y s s b kg s
m ssgs y buy flgk. A 15 Fbuy 2007 (52)gvs v ms vm by , s I.M m s v b - s m, mk su m- v s ss ss EU.
Implementing measures for SIS II
T g sums Sg msysm (SIS II) s Cmmss sbs mmg msus, ug - S mu SIS II.
Ts mu vs sm us ssy ug SIS II b xus-vy v by g sums bus u, v gu u. Ts us m g m-
k. S s msus v m u-m gs, EDPS s my su.
I s mms s Cmmss 7 Sm-b 2007, EDPS ss vus ssus su s:
mmu u m:fi s s uss u m v k mmu x S mu;suy msus: EDPS k s- g v suy qus by A10(1) g sums, m svsuggss s suy quss,sy s s I suy s ; s, ug: vg , um - , g us ,quss ss fi ,
kg s, us v A 25 Sg Cv sss.
T m mms y sus b by EDPS. Hv, m mms suss SIS-VISCmm 12 Smb 2007. Ty k u sb x. T mms k b su b sussg, v ssssg ssby u-
(52) O 2/2007 Wkg Py Im Pssgsbu s PNR US Aus (WP 132).
Passenger data: not only used or ying, but also or nding criminals.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
56/110
Annual Report 2007
55
g m vs vs mmgmsus.
owards use of statistics
T EDPS 5 Smb 2007 s g Cmmuy sss ub sy k (s -g 3.3.2). I s uss, EDPS u mm v sss u Eus g vu s ss uss su b u my kg.
I EDPS v, s mm v su -ss yss mmum s qu ssg yss ssg s mm Eus.S , sv s v b m v ms Eus u s mm v. O 4/2007 A 29 Wkg Py -s b us s bkgu um s x.
A sm m, EDPS s bg su s gu Eu Pm Cu Eu sss. Ts -su s x u mmv, s EDPS b b guss us sss.
Consumer protection cooperation systemand internal market information system
T EDPS s u ff ss g-s I sysms xg m b Mmb Ss: sum
sysm (CPCS) - mk m sysm (IMI).
T CPCS s bs by Eu Cmmss xg m- mg sum us Mm-b Ss Cmmss usu v-ss Rgu (EC) N 2006/2004 sum (53).
(53) Rgu (EC) N 2006/2004 Eu Pm Cu 27 Ob 2004 b usssb m sum s ( gu sum ), OJ L 364, 9.12.2004, . 1.
T IMI s g-s I sysm by Eu Cmmss mxgs b m us MmbSs mk gs. F mm, m xgs IMI k usu Dv 2005/36/EC (ss
qufis v) (54) Dv 2006/123/EC (svs v) (55) y.
T EDPS fis k subgu A 29 Wkg Py, su kg y s CPCS IMI (56). T EDPS sv s Ru CPCS. Subsquy, uum 2007, EDPS s sy vv - :
Cmmss s mg mm-g us CPCS; Cmmss s ss IMI.
T EDPS su sbsm sysms xg m. Su sm- sysms my y ffiy , bu y my s su m- b s. Ty my
(54) Dv 2005/36/EC Eu Pm Cu 7 Smb 2005 g ss qufis,s x ubs OJ L 271, 16.10.2007, . 18.(55) Dv 2006/123/EC Eu Pm Cu 12 Dmb 2006 svs mk, OJ L 376,27.12.2006, . 36.(56) WP 139 WP 140 20 Smb 2007, ubs bs kg y.
Statistics can include personal inormation.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
57/110
Annual Report 2007
56
s by vg mk -m b xg, m, u
s.
Nvss, sbsm s sysm s s sks. Ts u, msmy, m mg b s mby sy ssy uss ffi- , , ug yu u , mg m sysm g s ssy. T suy bs ssb 27 Mmb Ss s s ssv ssu, s sysm s y s s s k-s k k ms b. T, EDPS mm ssu b ss msvy b v gy bg Cmmssss sysm.
RFID stakeholder group
I My 2007, EDPS s v by EuCmmss j, s bsv, RFID x sk gu u ys. T ms-s gu s sss Cmmss :
g mm, s b sm vy 2007;
vg gus RFID ssu ;ssssg u gsv ss;
ysg u ffs ggmv s I gs;
sug Cmmsss v mss mgs.
T EDPS vy fiv mgs gs 2007 v su-
v yss susss gu. T EDPS u u gu 2008, sygg g I gs gv ssus RFID.
Data retention expert group
T EDPS vus mgs x gu . T 14 Dv 2006/24 gss -gs g mmus gg y gm qums m us my vv. I
b v ug sg x
bs s ms, Cmmsss sbs gu ms MmbSs m us, sss mmus usy, svs Eu Pm us, including the European Data ProtectionSupervisor.
T gu b my sbs 2008, bus y v 2007 ssss .
3.7. New developments
T fiv svs uu g ( gy, m Lsb y, m, gb vy jus, umm v), s fi EDPS mmu m-m v, svs g uu vs EDPS.
3.7.1. Interaction with technology
I 2005 u , EDPS gg g s m sy usgy y u s vm:
(1) vyy vm m u ubqu-us k ss s;
(2) ms um b; (3) ss sg y.
S s sm, s mgg gs v s u sm v-ms b sy s y
x v v m EU - mk. Sm m s b.
rends
I 1984, Wm Gbs (57) sb ybss vuy vm m sy. M 20 ys m sy g b s s bu s gg, gs g y ms vy -vu.
(57) Neuromancer, Wm Gbs, A , Juy 1984.
-
8/14/2019 European Data Protection Supervisor Annual Report 2007
58/110
Annual Report 2007
57
As s Firstmonday(58), -v ju I, us/vus s s m u sug s- b 2.0 s s u by s/ s g s busss s v s.
Te increase in social computing applications
T s vus s sgy gsug us-v s by ms s . Ts s,
gv s b-bs s ks, bu suss umb uss ,
u fig s fis us by s bvus .
T EDPS ss s m s g vm s x v mj m . I ms b s
xsg Eu g mk v suffi . S-fi s b gv - ( mg s s v uss m s ssg ), by gu sgy v ss. T EDPS ms fis s ssu 2007 by EuNk Im Suy Agy (ENISA)
ss sm suy ssus suggss -
(58) ://.fismy.g/ISSUES/ssu12_3/su/
mms s m-ug s (59).
S mug s -ks s fi us bus-ss vm v by vm m -s sg y su- by ug s sv ms g s- u (60).
Data centres, virtualisation andremote data storage
Su by mg s fi
vusy mk vm ssb, s my u sk
, m sfiy s , vb ss u . Rm sg
b s y mgg, bu mk s s s b su. Jus s
s ks, ss fi s sbu mug sus bmsgy bm.
W ssg s , s -- sg s, s s v u mu-g, mm Eu mk fi sgyu s uyg s -y.
As u s mm
v (61), EDPS s-s g s g v-ms sv vs s s s busss ms, gs v sm uvb, kg s s. O msv gmsmg b , ffv k sy, mms msv ss