European Data Protection Supervisor Annual Report 2007

8/14/2019 European Data Protection Supervisor Annual Report 2007

1/110


2/110

Annual Report2007

European Data

Protection Supervisor


3/110

Europe Direct is a service to help you fnd answersto your questions about the European Union

Freephone number (*):

00 800 6 7 8 9 10 11

(*) C mb s ss 00 800 umbs s s my b b.

M m Eu U s vb I (://u.u).

Cgug b u s ub.

Luxmbug: Offi Offi Pubs Eu Cmmus, 2008

ISBN 978-92-95030-38-1

Ps: Eu Pm Sk

Eu Cmmus, 2008Ru s us v su s kg.

Printed in Italy

Printed on white chlorine-free paper


4/110

Annual Report 2007

3

Contents

User guide 6

Mission statement 7

Foreword 8

1. Balance and perspectives 9

1.1. General overview of 2007 9

1.2. Results in 2007 10

1.3. Objectives in 2008 11

2. Supervision 12

2.1. Introduction 12

2.2. Data protection officers 12

2.3. Prior checks 142.3.1. Lg bs 142.3.2. Pu 142.3.3. Quv yss 162.3.4. M ssus ex postss 202.3.5. M ssus ks 232.3.6. Csus kg 25

2.3.7. Nfis subj kg 252.3.8. F-u k s 262.3.9. Cuss uu 27

2.4. Complaints 272.4.1. Iu 272.4.2. Css mssb 282.4.3. Css mssb: m ss mssby 312.4.4. Cb Eu Ombusm 312.4.5. Fu k fi ms 32

2.5. Inquiries 32

2.6. Inspection policy 332.6.1. Sg 2007 by 33

2.6.2. D ffis (DPOs) 342.6.3. Ivy ssg s 342.6.4. Ivy kg ss 352.6.5. Fu mm 352.6.6. Cuss 35

2.7. Administrative measures 36

2.8. E-monitoring 38

2.9. Video-surveillance 38

2.10. Eurodac 40

3. Consultation 41


3.2. Policy framework and priorities 42


5/110

Annual Report 2007

4

3.3. Legislative opinions 443.3.1. G mks 443.3.2. Ivu s 45

3.4. Comments 51

3.5. Court interventions 53

3.6. Other activities 53

3.7. New developments 563.7.1. I gy 563.7.2. N vms y gs 58

4. Cooperation 60

4.1. Article 29 Working Party 60

4.2. Council Working Party on Data Protection 61

4.3. Coordinated supervision of Eurodac 62

4.4. Tird pillar 63

4.5. European conference 64

4.6. International conference 65

4.7. London initiative 65

4.8. International organisations 66

5. Communication 67


5.2. Communication features 67

5.3. Speeches 68

5.4. Press service 70

5.5. Requests for information or advice 71

5.6. Online information tools 72

5.7. Media contacts and study visits 73

5.8. Promotional events 73

6. Administration, budget and sta 75

6.1. Introduction: developing the new institution 75

6.2. Budget 75

6.3. Human resources 77

6.3.1. Rum 776.3.2. s gmm 776.3.3. Pgmm s xs 776.3.4. Ogs 786.3.5. g 78

6.4. Administrative assistance and interinstitutional cooperation 78

6.5. Infrastructure 79

6.6. Administrative environment 796.6.1. I sysm u 796.6.2. Sff Cmm 796.6.3. I us 806.6.4. D ffi 806.6.5. Dum mgm 80


6/110

Annual Report 2007

5

6.7. External relations 816.8. Objectives for 2008 81

Annex A Legal ramework 83

Annex B Extract rom Regulation (EC) No 45/2001 85

Annex C List o abbreviations 87

Annex D List o data protection ocers (DPOs) 89

Annex E Prior checking handling time per case and per institution 91

Annex F List o prior check opinions 94

Annex G List o opinions on legislative proposals 101

Annex H Composition o the EDPS Secretariat 103

Annex I List o administrative agreements and decisions 105


7/110

Annual Report 2007

6

User guideA mss sm s by P Husx, Eu D PSuvs (EDPS), s us gu.

Chapter 1 Balance and perspectives ss g vv vs EDPS.Ts s ggs sus v 2007 us m bjvs 2008.

Chapter 2 Supervision xsvy sbs k su m ECsus bs m bgs. A g vv s

by ffis (DPOs) EU ms. Ts us yss ks (b quv subs), ms (ugb Eu Ombusm), qus, s y v msv msus 2007. Mv, us ss -mg v-suv, s s u suvs Eu.

Chapter 3 Consultation s vms EDPS vsy , usg s ssu gsv ss ums, s s m gg umb s. T s s yss z ms ussm g ssus. I sfiy s gs xsg mk uu.

Chapter 4 Cooperation sbs k ky ums su s A 29 WkgPy, j suvsy us , Eu s s I D P C.

Chapter 5 Communication ss EDPS m mmu vs vms, s s k ss sv. I s us ug us ff mmu- s, su s bs, ss, m ms ss-sg vs.

Chapter 6 Administration, budget and staffs m vms EDPSgs, ug bug ssus, um sus quss msv gms.

T s m by umb annexes, v vv v gmk, vss Rgu (EC) N 45/2001, s bbvs yms,

sss gg ks, s DPOs EU sus bs, s s ms EDPS S s msv gms ss by EDPS.

A executive summary s s s vb v vg svs ky vms EDPS vs 2007.

Ts s g u s bu EDPS ug vs u bs ms u ms m mmu (.s.u.u). T bs svs subs u u s.

H s u s s xuv summy my b m EDPS g. C s vb u bs, u C s (1).

(1) ://.s.u.u/EDPSWEB/s/g///12


8/110

Annual Report 2007

7

Mission statementT mss Eu D P Suvs (EDPS) s su umgs ms vus u vy s EUsus bs ss s . T EDPS s ssb :

mg sug vss Rgu (EC) N 45/2001, s s Cmmuy s um gs ms, m

EU sus bs ss s (suvs);vsg EU sus bs ms g ssg s

; s us su ss gs mg vms v m s (su);g suvsy us suvsy bs EU v mvg ssy s (-).

Ag s s, EDPS ms k sgy :

m uu sus bs, by s bu-g mvg g gv;g s s EU gs s, vv;mv quy EU s, v ffv s bs suss.


9/110

Annual Report 2007

8

ForewordI s my su subm u u myvs s Eu D P Suvs(EDPS) Eu Pm, Cu Eu Cmmss, Rgu- (EC) N 45/2001 Eu Pm Cu A 286 EC y.

Ts vs 2007 s u y vy

xs EDPS s suvsyuy, sk sug umgs ms u ss, u vy, g ssg s s by Cmmuy sus bs.

T y Lsb, sg 2007, ms su EU C Fum Rgs b gy bg sus bs Mmb Ss y mmg U. B sums v -

s , ug us suvs.

Ts s m bmk sy Eu U, bu su s b uss g. T um sgus gg s v b v . Ts s sus bs ssg s , bu s yv us s my v m gs ms Eu zs.

Ts ss v u u us 2007 s b subs gss suvs. T mss msug sus s vsms mg - qums ms sus bs. T s s sm ss, buu ffs m u m.

I su, mu mss s b u ss ffv mk , b fis , bu ys ssy sus.

T ss sm m sg vy y s bfis m suv vs EDPS.

L m k s uy, g, k s Eu Pm, Cu Cmmss su u k, my s ff sus bs y ssb y s v -. L m s ug s g gs .

Fy, I xss s ks s b Jqu By Dg, AsssSuvs u mmbs sff. T qus jy sff usg v u bu gy u ffvss.

P Husx

European Data Protection Supervisor


10/110

Annual Report 2007

9

1. Balance and perspectives

1.1. General overview o 2007

T g mk Eu DP Suvs (EDPS) s (2) s su umb sks s, bss b m s. Ts s -u sv s sg ms vs EDPS fl s mss sm:

suvsy , m su Cmmuy sus bs (3) my

xsg g sgus v y -ss s ; suv , vs Cmmuy su-s bs v ms, s-y ss gs v m s ; v , k su-vsy us suvsy bs EU, vvg ju- m ms, v mvg ssy -s .

Ts s b v Cs 2, 3 4

s u , m vs EDPS gss v 2007 -s. T m m m-mu bu s vs uy jusfis s mss mmu C 5.Ms s vs y ffv mgm fi, um sus, s suss C 6.

(2) S vv g mk Ax A x m Rgu(EC) N 45/2001 Ax B.(3) T ms sus bs Rgu (EC) N 45/2001 us ugu . Ts s us Cmmuy gs. F u s, vs g k:://u.u/gs/mmuy_gs/x_.m

T y Lsb, sg 13 Dmb 2007,mk fl , suu ug Eu U. O 12Dmb 2007, sgy vs vs EUC Fum Rgs s sg Ss-bug. Aug s g y, b gy bg EU sus bs Mmb Ss y mmg U . T s, ug suvs,s y vsb b sums s sg v z m. T EDPS sy

vms s uu.

T s , s v Lsb y, s s uy sus s v s . T EDPS s mss m us my EU s u ss-g s , ffv s , s bs vu uyg EU s,su b s s suss. TEDPS u s g s s

s s s fig sg su.

P kg u b m s suvs ug 2007. T sg 2007 s by EDPS msu m Rgu- (EC) N 45/2001 s su mssvs umb fis subm kg, s umb v s ssu by EDPS. umb mssb ms s s ssby. A Cmmuy sus bs,ug y sbs gs, v su m -

ffi (s C 2).


11/110

Annual Report 2007

10

T suv vs u v .G mss s u ss ffv mk , b fis . Hv, s, sus v b ssy. Fu vy Cmmss ss, ubs 2006, EDPS s sgvy y s, su m s,mms vs ff sgs gsv ss. A umb sg u sss s qu (s C 3).

C suvsy us sus A 29 Wkg Py,

su m u-ms sg ssus. T EDPS s y ky suvs Eu. Ts b vu g-s m- sysms. Mu s s b gv mv ms.Fy, EDPS s vs -u L v s sg s ss mk m ffv (sC 4).

1.2. Results in 2007

T 2006 u m gm bjvs b s 2007. Ms s bjvs v b uy y s.

Scope of DPO network

T k ffis (DPOs) s s u s, sus bskg s vs, ug Cmmuygs. T EDPS s u gv sg su

gu vm DPO us, u mss y DPOs.

Continue prior checkingT umb ks g xsg ss-g s s s mkby, bu mssus bs s v sm k mg bgs s . Rsus ks guy s DPOs v s.

Inspections and checksT EDPS s s msug gss m-

m Rgu (EC) N 45/2001 s m

sg 2007. A sus bs v bvv s xs, bu s b gv u s vm. T susv b , b g s by s, summs C 2.

Video-surveillance

T EDPS s m suvys v-suvs b EU v Mmb Ss, ff ss vvg vusus bs. Ts x v bss gus b ubs su- EDPS bs 2008.

Horizontal issues

Os ks ss ms uusy ys z ssus. Tfis s gu sus b-s b ubs 2008. Issus g sv m sy v bsuss us.

Consultation on legislation

T EDPS s u ssu s s-s gs s su qu -

u. T vsy vs subjs s bu sysm vy s s, u su vCmmss svs uy s s y.

Data protection in third pillar

T EDPS s u gv s vm g mk . H s sguy ss xg -s ss bs, uy x Pm y. I b ss, s uu-

y y m m.

Communicating data protection

T EDPS s gv sg su -uvs L v m m-mug mkg m ff-v. Ts vv vs s bs s m sg vm us m ff us u .

Rules of procedure

T us u, vg

ff s vs EDPS, s k


12/110

Annual Report 2007

11

m m x. Hv, vm ff s mus s m ggss. Rus u b ub-s us 2008, g m s s bs.

Resource managementT EDPS s mv mgm fi um sus, by bug su-u, us vu sff vm g y. T mm- sysm -m ffi v b umvms.

1.3. Objectives in 2008

T g m bjvs v b s 2008. T sus v m b x y.

Support of DPO networkT EDPS u gv sg su - ffis, uy y

sbs gs, ug uxg xs bs s mg m.

Role of prior checkingT EDPS s fis kg xs-g ssg s ms sus bs, u mss mm mms. Rsus ks --u b s DPOs vs.

Horizontal guidance

T EDPS v gu v ssusmm ms sus bs (.g. ss-g - , vg ss subjs g v-suv). Gu- b m y vb. A ss sms

b gs s s.

Measuring complianceT EDPS u msu m Rgu (EC) N 45/2001, ff ks ks sus bs, sgyxu ss s. T EDPS subs g s y.

Large-scale systemsT EDPS u v suv-s Eu, g suvsyus, v xs qu suvs g-s sysms, su s SIS II VIS, uu.

Opinions on legislationT EDPS u ssu my s mms ss gs, bss sysm vy v subjs s, su qu -u.

reaty of LisbonT EDPS u vms g Lsb y sy ys ssy vs s m .

Online informationT EDPS s u s m- vb bs u mv s.

Rules of procedureT EDPS ubs us u,vg s ff s vs. Ps s s b vb b-s.

Resource management

T EDPS s u v smvs g fi um sus, k sss. Affi s b qu mm uusff.


13/110

Annual Report 2007

12

2.1. Introduction

T sk Eu D P Suvs(EDPS) s suvs mssg s u by Cmmuy s-us bs my y s Cmmuy (x Cu Jus g s ju y). Rgu- (EC) N 45/2001 ( gu) sbs gs umb us s b EDPS y u s suvsy sk.

P kg s u b m s suvs ug 2007. Ts sk vvs sg vs sus bs fis

ky s sfi sks sub-js, s fi A 27 gu. Asx b, kg ssg sy , g s bg ,gvs u u ssg s sus bs. T EDPS s k xsg ssg s msv gs. S s b gv su sysms sus

j us by sus bs, v smg smyg us. T EDPSs s ssgs my gu. T EDPSs s ms s ss su s -g ms, qus, ss v msv msus.

As gs s vs EDPS, ug2007 s vus ys, s b , b, s s v mm EDPS mms xss - g s kg ssy ss. T

mss sss ffs m s

. T EDPS s v sysm -u mms.

2.2. Data protection ocers

T gu vs s s sub s ffi (DPO) Cmmuy su by (A 24.1). Smsus v u DPO sss uy DPO. T Cmmss s s DPO Eu A-Fu Offi (OLAF, D-G Cmmss) (DPC) s-g, ss

DG.

2. Supervision

Assistant Supervisor Joaqun Bayo Delgado.


14/110

Annual Report 2007

13

F umb ys, DPOs v m gu- bss s mm xs suss z ssus. Ts m k sv uv ms b. Ts su ug 2007.

I 2007, DPO Eu s k, sus bsv.

T EDPS mgs b DPOs M 2007 (EMSA, Lsb),

Ju 2007 (Cu, Busss) Ob 2007(Offi Hmz I Mk OHIM, A). Ts mgs g -s EDPS u DPOs s k suss ssus mm s. T EDPS

us s um x suss u ks sm m ssus s mk kg k. I u-, s A 27 s u fi, my

xms su s mmu sys-ms, u sysms vsgs u by DPOs. T mgs s g EDPS uy u gss m -g kg ss gv s sm figs sug m kg

k (s g 2.3).

T EDPS m us DPO mgs v

DPOs m sg 2007 s

xs (s g 2.6.1). T us x-s s x, s mgy s sb g s my u.T DPO mgs s g uy DPOs gv bk m xs

su gy, b EDPS k s u.

A DPO qu ms u DPOs (Cu,Eu Pm, Eu Cmmss OHIM) s s u m g DPO k. T EDPS s sy b

s qu, by gs mgs.

Bk bk Ju mg Busss,

ks DPOs s gs by EDPS b sm x DPOs.T m s gu ys,usg my ssus u DPOs v sks. T m sks DPO s x s sm fi ms, gss fi-s DPO I s.

T kg gu m ms sv , bkg su m sx kgmgs ug 2007. T Asss EDPS sff mmbs s mgs. A

uss k subgu

Data protection ofcers during their 20th meeting in Brussels (8 June 2007).


15/110

Annual Report 2007

14

s b b u 2008 by mmbs kg gu s ss su by (I sss, xm).

A um v us m ms bkg s s suss by mm-bs gu.

I mk sg 2007 xs, EDPSu g bg EU su by DPO (s g 2.6.1).

2.3. Prior checks2.3.1. Legal base

General principle: Article 27(1)

A 27(1) gu vs ssg s ky s sfi sks gs ms subjs by vu u, s uss bsubj kg by EDPS. A 27(2) gu s s ssg -s ky s su sks.

Ts s s xusv. O ss mu s sfi sks gs ms subjs jusy kg by EDPS. F xm, y s -ssg us u fi-y, s s u A 36, ms sfi sks jusy kg by EDPS.

A , 2006, s s sm bm gs , s u bms, ssbs -kg

s y s my u ux- / usb sus subjs.

Cases listed in Article 27(2)

A 27(2) ss umb ssg s ky s sfi sks gs ms subjs:

() ssg g susffs, ffs, m vs suy msus (4);

(4) Sret F, .. msus mk g -gs.

(b) ssg s vu -s ss g subj, ugs by, ffiy u;

() ssg s g kgs, v usu Cmmuy gs,b ss ff uss;

() ssg s us xugvus m g, bfi .

T v vus ys u b s vs, b

g fi m DPO s subj kg, vsg su s kg (ss g 2.3.6).

2.3.2. Procedure

Notification/consultation

P ks mus b u by EDPS -g fi m DPO.

Period, suspension and extension

T EDPS mus v s msg fi. Su EDPS mk qus u m, ms s usuy sus u EDPS s b . Ts suss ysus m (my 7 10 ys (5)) gv DPO su/by mms u m fi .

I mxy m s qus, -m my s b x u ms by s EDPS, mus bfi xy -m . I s s bv -m x-s , EDPS s m b vub. U u , s s - s v s.

F ex postss v b 1 Smb 2007, m Augus s xu m usb sus/bs EDPS, kg u ug quy ss (s g 2.3.3).

(5) Wkg ys, y y s.


16/110

Annual Report 2007

15

Register

A 27(5) gu vs EDPSmus k gs ssg s

s b fi kg. Tsgs mus m

A 25 b ub s.

T bss su gs s fi m b fi by DPOs s EDPS. T u m s us u s mu sssb.

I s sy, m su ub gs (x suymsus m gs) s ub s.

O EDPS s v s , s mub. L , gs m by g EDPS s m summy m. I s y, gs v.O , m gv ss-g s k u , , sy s m .

A s m s bu b m vb bs EDPS, g sum-my s.

Opinions

Pusu A 27(4) gu, fis EDPS ks m , b fi ssg DPO su by .

Os suu s s: s

gs; summy s; g yss;uss.

T g yss ss xm s uy qufis kg. As m- bv, s s s ss s A 27(2), EDPS ssss sfi sk gs ms subj. O s qufis kg, g yss s xm ssg ms vvss gu. W ssy, m-ms m ff sug m-

gu. I us, EDPS

s s my s ssg s sm vv b y vs gu-, v mms ssu k u. Oy s ssu 2007 ( kg ss 2007-373 2007-680, s b), uss ff: ssg s b gu- sm mms b m-m bg m m.

F fis m 2007 gs vusy k s v b fi. A bbvm s b v s ss.

A s mu s b gu, s s, m ks smbss EDPS s -g m yss sgfi m.I vs suu s, bs umu- x s uusy u.I s us ks.

A kfl sysm s mk su mms u s u, b, m ss

m (s g 2.3.7).

Distinction ofex postcases and proper priorchecking cases, and categorisation

T gu m 1 Fbuy 2001.A 50 vs Cmmuy sus bs su ssg s

y u y bug my gu y (.. by 1 Fbuy 2002). T m EDPS Asss EDPS ff 17 Juy 2004.

P ks y s y gss ( ks), bu s ssgs s b 17 Juy 2004 b gu m (ex postks). I su sus, A 27 k u b s ss , bu musb ex postbss. W s gm, EDPS mks su A 50 gu s m ssgs s sfi sks.

I bkg ss ky b

subj kg, EDPS s qus


17/110

Annual Report 2007

16

DPOs ys su su -g ssg s s A- 27 s 2004. Fg bu-s m DPOs, s ss subj ex post kg s m subsquy fi.

As su vy, sm gs -

fi ms sus bs u sub m sysm suvs:

(1) m fis (b stricto sensu g- );

(2) sff s (ug s uu sff (u-m));

(3) ffs suss, ug syus;

(4) s svs;(5) -mg.

Ts gs us 2005 2006 s -y gs, bu gv u ff sg 2007 y b ym s us y sysm- . P kg ss v vb subj s gs, s y mus b

b ssg s mm.

2.3.3. Quantitative analysis

Notifications for prior checking

As m b 2005 2006 u

s, EDPS s sy ug DPOs

s umb kg s EDPS.

T sg 2007 s b k by EDPS ex postss s fix g-g Cmmuy sus bs s ffs s m ufi-m fi b-g.

s sgs fis: 132fis b 1 Ju-y 2007 30 Ju 2007,

m 137 u (32 s 2006), us 44 fis ug s 2007. T ff sg2007 s 208 (132 + 32 + 44) fi-s u 313 b 2004 2007.

Opinions on prior checking cases issued in 2007

I 2007, 90 opinions (6) kg fi-s ssu.

Ts 101 ss fis m -s s 77.19 % k kg m 2006. Ts k s

u ub k sg 2007 - (7).

Ou 101 kg ss (90 s), 11 kg ss, .. sus

( ECA, Pm, EPSO,Eu Ombusm, EF, ECB, EIB OLAF Cmmss) uvv kg b mmg ssg :

4 s 11 kg ss ( Cmmss m EF) flxm sysm;

(6) Ou 101 fis, ss u sm ss k, 15 fis OLAF jy u ff s. Ts s y 101 fis su 90 -s.(7) S g 2.3.7 31 ss fis ug 2007.

Supervision team during a meeting.


18/110


19/110

Annual Report 2007

18

Analysis by category

T umb kg ss , bygy, s s s:

Category one (medical fles) 16 cases

Category two (sta appraisal) 41 cases

Category three (oences and suspicions) 14 cases

Category our (social services) 8 cases

Category fve (e-monitoring) 4 cases

Other areas 7 cases

Category one us m fi s sff s (fiv ss), sk v ( ss),vy u ( s), y-uss ( s),skss sms ( s), smy (s) u ss k - . Tsgy s s g (26.5 % ss 2005, 24.6% ss 2006, 17.77 % ss 2007)bu s gv EDPS uy vs m fis. I 2007 EDPS ys s k smy J RsC, b by sm s.

T mj gy m ms second cate-gory, g vu sff (41 fis u 90), vy sb g (56 % ss 2005, 40.4% 2006, 45.55 % 2007). ss k um ( s, s- xs, s ffis, um ECB CPVO), fiv ss k vu, ms, m sff (b kg ss), g fi s us, u flx-m ( kg ss), ym sv vus s ms.

Rgg third category(g ffs sus ffs), sgfi s ss (14s, ss 15.55 % ) k bu su b u s gyus y ss m OLAF (s g2.3.4). Oy s ssu syus s ms sus y fis ss vus ys.

Rgg fourth category(s svs), umb fis s mu by u (gs, ss 8.88 % gbmu s). A mj sus v m-

fis s , s s OHIM.

I s ms gs s ff s ks svs sff.

Rgg fifth category(-mg), y us ssu, s ms fis -mg v b s by EDPS s- kg ss u y s sfi sks (b fiy u

A 27.1 gu, sus ffsu A 27(2)(), vu sss g A 27(2)(b)). Ayss by EDPS, v, umus mms(s g 2.3.7).

Rgg fis bg s gs, EDPS s u ysg fi ms su s PIF (FIgus P Pm Cu Jus-), y g sysm (Pm OLAF) um u (Cu). T ms sk (Cu) suy us (ECB).

imelines of the EDPS and the institutionsand bodies

T s Ax E us ms EDPS Cmmuy sus/bs.Ty umb ys EDPS g s, umb xs ysqu by EDPS umb sussys (m v m m sus bs).

Number of days of the EDPS for drafting opinions: sss s 1.73 %, y ss 2006 (55.5 ys 2005, 57.9 2006 56.9

2007). I s vy ssy figu sg s umbs mxy fi-s s EDPS.

Number of extension days for the EDPS: s ss s 15.74%, y y ss 2006(3.3 ys 2005, 5.4 ys 2006 4.55 ys 2007). Aug mxmum xs ms (A 27.4 gu), sb my ss m.

Number of suspension days: s m-2006, sus suss 7 10 ys mms

u m m DPO fi


20/110

Annual Report 2007

19

. I ex post ss v b 1 Sm-b 2007, m Augus s b u u. T s b 2006 (vg 72.8 ys fi) 2007 (vg 75.14 ys fi) s 3.21 %. kg u , 2005, vg s 29.8 ys fi, EDPS s bu gy s by sus/bs m m, sy ss (185, 200 203 ys svy). Iy s, EDPS g ms sus bs bg EDPS v m qus m-, g A 30 gu.

Average by institutions: 2007, s s sm sus bs v s sus-s ys vy sgfiy (su s EuPm, CR, ECA, C sm s ss x, su s ECB Cmmss),

s v su sg m (sus OHIM, EIB, Cu Jus, Cu).

Notifications for prior checking receivedbefore 1 January 2008 and pending

By 2007, 69 prior checking cases ss. O s, 4 fis s 2006 65 fis 2007. O s 69 gss, 25 y fis by Fbuy 2008.

OLAF 4 cases

Parliament 4 cases

Council 9 cases

Commission 23 cases

ECB 1 case

EESC and CoR 3 cases

EIB 3 casesECA 2 cases

Court o Justice 2 cases

Ombudsman 1 case

Cedeop 1 case

CPVO 2 cases

EFSA 1 case

EMCDDA 1 case

EMEA 7 cases

EMSA 2 cases

EPSO 1 case

OHIM 1 case

CdT 1 case

Analysis by institution and body

As s b su sg 2007 ,m gs v s ss yg(C, EMCDDA, EMEA sy svfis EMSA) u s(C, EFSA CPVO). T EDPS ugs gs bs ks.

Cu Cmmss umbs s m.As Cmmss, 16 s 27 m ff J Rs C (JRC) ss my ms smy ss u vy sfi x JRC ( s Rs DG,

g g umy).

Analysis by category

T umb fi kg ss by -gy g 1 Juy 2008 s s s:

Category one (medical fles) 20 cases

Category two (sta appraisal) 25 cases

Category three (oences and suspicions) 4 cases

Category our (social services) NoneCategory fve (e-monitoring) 3 cases

Other areas 17 cases

I category one, ug ss fi-s s g mks:

s gy ss 28.98 % s g bgg 2008;

s, m fi Cmmss, ys su sfi ss (.g.vg m fis);

mg s 20 kg ss, g

m ff JRC ss ff s sus vu m fi ( JRC ss),fis s, sk v, vy -u, g smy;

EDPS ms fis s s bg v m gs sus CPVO EMEA;

EDPS s s g Offi Ams Pym Ivu E-ms (PMO) fi s m vus u .

T second categorym (sff s) s -

ss mjy ss xy . Eg


21/110

Annual Report 2007

20

s ss um us (us sv ss EPSO by sus) umus by gs. A g vu -us gs (EMCCDA, CPVO, EMEA,EMSA EFSA). fis flxm (s g 2.3.5). T y 2008 sb fis s EDPS ys fi- g y (Cu 2007-584).

Rgg third category(ffs susffs), EDPS s g OLAF ss sy u msv qu-s C. T EDPS ugs g-s y ss.

Cgcategory four (s svs), EDPSs sus v g fis sgs v x x sg 2007 by (s g 2.6) y vy s ff s ks svs s.

Category five (-mg) s s um. I 2007, EDPS gs svmgs bu -mg s u v

xs bu sg ss s subj. Tuss s xs b summs -uss b ubs 2008.

Other areas (24.63% ss) vv mfis: s s, v-suv ss sysms. T s s um: v-suv b ssu 2008 (s g 2.9) ss s gy ssv subj, smms vvg quy fi (RFID) gy b-ms. I , EDPS v fis -s ssu bu y xsss Eu Ivsm Bk, ms g ssvy.

2.3.4. Main issues in ex postcases

Medical data and other health-related data -ss by sus bs. Ay gy y s -vu u s gy. T, g sk v skss su ms ssubj kg. I s gy s sus vy u, smy us-

s s xm by EDPS.

Ts ff kg ss v gv EDPS s ys ssus g ssg m by Cmmuysus gs. T v sm quss s -mym um vss s b qus by EDPS g us s vss. T vv -mym m xm s b xm- by EDPS, mms s xms , , sk y vv uss

u s subj. T EDPSs s qus quss bu my mm-bs g k s bmv m m quss.

T EDPS ss u m k-usu b s s vv sv, bu ybs s s . Tu m k-us mus my sv y fiss k, ug sfi sg fi s m m y fiss, xm my s xs g-us subss.

Csv s m v s b

bj mms EDPS k-g s g EDPSv Cg Hs Ams- (2006-532) (8). Nby, m ug -um m vs g-u s su y b k s m.

T ssu quy m fi s sb s mk ff k-g ss. T EDPS s u , ug s ffiu sk uy m , quy by s sub-

j qus m y v m s fi su u.

A u ssu g s s s s mk kg mbusm m xss(Cmmss 2004-238). I x su s by A 90(2) Sff Rgu-s Offis Eu Cmmus, EDPS mm mvg fi -

(8) S EDPS 2006 u , .35. S s mm sv s g 2.7 b.


22/110

Annual Report 2007

21

m smss MgmCmm s s ussy Cm-m v s s.

Recruitments mm ssg sus bs bvus ss. I 2006 su um u u by EPSO s xm gv s - by EDPS (2004-0236). I 2007, P-m ECB fi kg ssg s bu us sEPSO sv ss. OLAF s fi s umu my gs m sfi svss. T y OLAFs y ggsff suy s qus by sgs sff mmbs v ss gy ssfi m bs bCmmuy gs.

T EDPS s k Cmmss -u um s ffis (2007-0193).I s , EDPS s s sub b v ss fi, msg gs ssssm s g m by vus mms m

ssssm. T EDPS s s m- s u; s s sy s mms gs, s s u A6 Ax III Sff Rgus. I

A 20(1)() gu, mks gvby vu mmbs mm su bgv m mg subj

s su b v.

Staff evaluation: T Cmmss Sys 2 m-s s s s ssu mms qus Cmms-s vu m y g

sy u sysm s us suss m xs (9).

T fi s us v -u b s EDPS by vus sus gs. T mms ssu by EDPS by sv s, k-g u g ms sby sm ss.

(9) Fum, m (s 2007-529, s b), EDPS s b b ssu mm g ss ssg, skg m u g ys.

kg s y -m u Cmmss (2006-577) OHIM (2007-575). I s, mm-s sv g ss subj mm ssb mg s ss y m, subj s-s g A 20(1)() gu.T ssy ub sv s

ss qusg y m s s qus- by EDPS.

Lsy, vus s sff vu, sms v b ssu g suy sss k OHIM, s vss, s m-s, bsv s ymxs.

OLAF procedures: T EDPS ssu 12 sg OLAF us ( s u k (u fi sysm, s -g b 2.3.5)). O (j ss

2006-544, 2006-545, 2006-546, 2006-547)

Medical les always contain sensitive data.


23/110

Annual Report 2007

22

ju, sy, msv fi-u. T u -ssg s - ssg s k

sg OLAF vsgs, s -u s sug mCmmuy / us v m-m msus mm by OLAF. Ig, us my ssbs gu. H-v, EDPS mk sm mmsmy s s ssy -u sysm, bg sbs ssy ss m -v subjs. T EDPS s qus 20-y sv b vu by OLAF

OLAF s 10 ys xs. T EDPSu mms m s su b k b ug OLAF s mu.

A x vsgs s (2007-047, 048, 049, 050 072).Ex vsgs msv vsg-s us Cmmuy gs -m us g u

gu u u g ss ffg fi ss Eu Cmmus.T sus OLAFs x vsgs Cmmuyus ju, msv, gsv fi -u. T EDPS by sk OLAF fi sbsg ssy s s gv s su g ss fi s s s m u. I s s, OLAFs su y s u A 20 gu g ss s -s / g y m su m ssy s s-by-s bss, u s s gv A 20(3)(4) (5) gu. Fum, OLAF mus s fiy sbs ms u-g OLAF x vsgs.

T EDPS s s k ssg v-s u by OLAFs Suvsy Cmm(SC) (2007-0073). T us su ssg s OLAFs by gu m-g mm vsgv u-, s qu by A 11 Rgu (EC) N

1073/99. T EDPS s mm, mg

s, SC mus v ss s m-gm sysm (CMS) fis (gg, s -ss) y s-by-s bss. W suss s qus, su b u CMS fi syg ss jusy v-s ss. Mv, SC mus s A12 gu gg ss ,ug sbs, sss ms.

I sum, EDPS s u ug yss OLAFs ssg vs fi sus ffs, ssu mm-s ssy. Sm u xms g:

u fi sysm (2007-481);

m g -g bss (j ss 2007-027 2007-028);

m sss ss (2007-203);

usms m sysm (2007-177);

-u m sysm (AFIS) (j ss2007-084, 2007-085, 2007-086, 2007-087);

sv (2007-003).

Social services: S sv fis my u sg ffi, subj ssg by EDPS. M-v, ssg by s sv myb vu s ss g subjs.

A umb kg s ssu by EDPS s . T EDPS by m-m s k sss -s mus b y m qu-m my

A 4(1)() gu, my

ss mus b qu, v xs-sv uss y / u ss. Ts mus b m suby s ks ss.

A u mm kgs s svs xm mmus s k

x svs, bus u bg s. T EDPS s sfi g fi mk s

fis by s k by ms g


24/110

Annual Report 2007

23

subj gv s v,sy subjv vu s

k u v squs x-s gs s .

E-monitoring: Ds EDPS s y s fi s -mg (sg 2.8 b), sv s s

. s ssu g ECB vsg u us ffis busss mb s (2004-271 2004-272). B s u mmsv ffi su , , b g sx mssubj sfi xms. ffi b ss ss uss, bu su ssmus b ymus.

T EDPS s ssu gg smg ss mmus OHIM sb Im C(2007-128) sv bss ( ms y) by ssss quy sv -v, s usm ss umyv g sff mmbs. T EDPS

s ssg u b bs A- 5() gu s, , u bs s ssy uss sb,

sm us s g. T EDPS ssss m gu uy su b v.

My ss fi EDPS -m-g -gb kgs my ss bg -fi mgm k sfi sks sus ffs vu (s g2.3.7).

(Rgg v-suv, s g 2.9.)

2.3.5. Main issues in proper prior checks

T EDPS su my gv s s ssg , s s gu gs ms subjs m bgg. Ts s A 27. I - g ex post kg ss,11 ss (10) kg fi EDPS 2007. Amg s 11 ss,

(10) T s, ss g ssg y mm.

m sff u flx-m.

T Eu Cu Aus s s u -u sgs m s sff my bm (s 2006-534). T EDPSyss s my mms -g m mus b v sffmmbs, my sfi -s mmg s Cu, s s sg m ms. T mms g

Eu Pm s (2006-572) m sv s, ug sg m u m us, ssg - s x.

ime management systems v b sgfi 2007. T EDPS v g fim Cmmss (s 2007-063) m m-gm, mu Sys 2 (sff mgmsysm), gs flxm, by s-fi flxms m DGs (s 2007-218 Im Sy M DG s 2007-680 Aguu Ru Dvm DG),

b s ms fi-. Ty gb kg gus As 27(2)() (- ) 27(2)(b) (ssg vu sffiy, m by k).

m mgm Cmmss s k y s s flexitime ,mg s, mms us sff s umb, gu ssy sysm, m s my vuy u g m sff mm-

bs, s m.

T Im Sy M DG flxm mm m RFID g s bg ssy k u.T us su gy flxmsysm s sfi sks y s sysm. I s uss, EDPS qussv mfis sysm ggsuy ss by ug m su,s s g g vy s-m, sm gs msus

subjs .


25/110

Annual Report 2007

24

Rgg sfi flxm Aguu Ru Dvm DG, EDPS s ss fi b b Rgu (EC)N 45/2001, s x us ( sv- u m u ssby y bs s m s s s ssb) u b by ss usv ms. Fum, us s by Aguu Ru

Dvm DG u b by -s flxm sysm.

T u s bu m mgm s s byEF (s 2007-209). T m-g bs s v EF mgm m- bu mu m s s m-sm vus sks js by vus vus ms. T m mm-s quy, s vy ffiu su gv y sysm s s u, us m, my m b y us mgm j

vu s.

A k s s ssu g m mgm, my EIBs bu m s m mgm (s2007-373). Iy, s s s su s kg, s vuss (2005-396 M s 2004-306m mgm) EIB s ss ufi skv k m mgm by y-s Ou H C (OHC). Ts

s fis m EDPS ssu bs gs m bj vus k s.

I s , EDPS xss EIBu b b vss gu- (uss ssg, quy -, ssg s gs ) uss sus sff mmbs qus v y gv, umbguus s OHCyss ss gg ufim v. W qusg s, mus bsu sff mmb y uss s b subsquy y m, u y jusfi,

vs squs. I mus s b m vg s m y sv uss v.

Amg kg ss, EDPS us g ss:

EPSO s (2007-088) bu vu y b b k -gug, us mm um by sss;

Ombusm s (2007-134) bu mg-m v, sm mms

- m sub-js;

ECB s (2007-371) bu suy us (-ssg vs ECB -s u x ug suy us s s s gb suy ), xssvss s b v;

OLAF s (2007-481) bu u fi- sysm (b-bs m sysm OLAF s u ubs ss m us fig gs u, u g

vs ffg fi ss

Time management systems reveal data on behaviour and other personal

aspects.


26/110

Annual Report 2007

25

Cmmuy), u ssus: m ss by m v ms sbs.

2.3.6. Consultations on need or prior

checking

Dug 2007, umb sus kg by EDPS s sgfiy:20 sus 2007 m 15 2006.Sv ss bv vusy subjs su, my: M s m

mgm, Fxm Im Sy M DG, D ss by s us,Rym xs, .

O ss v b subj kg su s Au z, Suy vsg-s, F sus, Us EPSO svs, Au EFSA xsbs v y b my fi EDPS g s bk k.

ssg g y

xs ss EIB s s s subj kg s us m -vs suss m ffs.

T Rus gg y OHIM bugs sff s s b sfi ss, y s subj kg, s s b . T us v bg by gy y y vv ssg s y m.

T ssg mgm I-

ss Cu Jus s u b kb. I, m vu- u s b fiy mmus.

O sm gu, y ssg - Cu s s s bg sub-

j kg s vv b fiy mmus.

A sg s s fi s b s Cu Jus -m sysm. Tsysm s subj kg s gu

m mg s b u

msus mssgg sysm. T s ssg vu sss su s by, ffiy u.

Aug v gms ssg - Cu mg vv g , s u b kb. Tus ssg y s m ssg m y ms qus s ss s subj.

2.3.7. Notifcations not subject to priorchecking

I 2007 EDPS s 31 ss u b subj kg(23.48 % ss fis by EDPS). Tsus s b u yss fi.

Nvss, s yss s ms ss smmms EDPS. Ev s ss -mg, flxm, u ss, s s

( gg, y s, x vsqus, s, s g us) vus s su s s vs-gs by DPO m OLAF.

As e-monitoringgy, ms s fi-s(11) v b fi EDPS k-g bss A 27.1 gu.

I su b m mmus b subj kg by EDPS u m ss:

A 27(1) gu subjs kg ssg s ky s sfi sks gs ms subjs by vu u, s uss. C IV gu s u vs fiy mmu (A 36).

W s b fiy m-

(11) Nfis -m sysm y (EESC CR2006-507 2006-508), x suu, k sysm, I sss, s bs, bg(Cmmss, ss 2007-358, 2007-359, 2007-367 2007-374), fixy mb y (Cu Jus, ss 2007-438 2007-439), gs s (EIB, s 2004-302) v-g v us svs GSMs (OLAF, s 2007-204).


27/110

Annual Report 2007

26

mu, s sk gs ms subjs my xs, , -, ssg s subj kg by EDPS;

A 27(2) gu s -xusv s ssg s ky s sfi sks. T s us, : ssg g sus

ffs ffs suy msus (A- 27(2)());

ssg s vus ss g subj,ug s by, ffiy -u (A 27(2)(b)).

W msm s m m-mu k uss As 27(2)()/ 27(2)(b) gu, ssgs mus b subm EDPS kg.

Ts ms mmusysms ssy subj kg. I, fiy mmus s

b I suu s us m my u, s s subm mmu sysms kg.

Hvg s , EDPS s vss ssumms s ffi bg , s v by A 37(2) gu, s m b gv subjs,

Rgg access control, fis(12) subm u A 27(2)(b) gu.

A yss, EDPS u s vu s xs. Nvss, -mms m bu x us ssg. T u s (13) s fi u

As 27(2)() 27(2)(), bu s b sfi s. A 27(2)() s y gg u x umss s xuss, bg s u by - ssg , m A 27(2)() b.

(12) Cmmss (2007-375, 2007-376 2007-381).(13) Cmmss (2004-235).

T ss time management(14) s -gb kg s s vu sff bu vu OLAF JRC vs. T ssg m uss mg vs EU su- m b g su - s A 27(2) gu. My mms JRCs m bu us m, quy,m b gv subjs - .

2.3.8. Follow-up o prior check opinions

W EDPS vs k , ss recommendations mus b k u mk ssg my gu usuy v. R-mms s ssu s s ys kg sm ss sv v msus.Su my s m-ms, EDPS my xs sg m u A 47 gu. TEDPS my u m Cm-

muy su by , k u- ss su m. Su ss EDPS b m , s g m Cu Jus u -s v EC y.

A kg ss v mm-s. As x bv (s gs 2.3.4 2.3.5), ms mms m subjs, sv s, usm gs ss fi.Isus bs g smms , u , s b xuv ss. T m m-mg s msus vs m s s.S Ju 2006, EDPS s qus, ms s g s s, s-u m EDPS msus k mm mms ms.

Dug 2007, EDPS s 38 ss, -ss m ub 2006, y u sysm -u mms.

(14) Cmmss m ug sysm JRC (2007-503) OLAF mmgm sysm (2007-300).


28/110

Annual Report 2007

27

2.3.9. Conclusions and uture

I s ks, b ex post,v u b mj vy suvssk EDPS. I s sgy m vy bgg ex post A27 gu u b x y mg Eu sus gs s ssg s ms skys, s v b s.

Cuss 2007 b summs s s:

sg 2007 s gv s -mus s fis m myDPOs, sy ug fis sms y, m 42 % s (132 u 313, m 2004 31 Dmb 2007) v;

s s u g mu ssu suvs m EDPS, vy ss-y um, s umb s s m y g k s (ug xs ys)

quy s b s;

s s mu mv s sus gs k s quss u m m EDPS;

sfi y s ex postss, s b sgfi bg s u suy EDPS (m mgm,OLAF ss, su ssg, .);

s vus y, s

us ss b gu m gs b u my us;

mms v u us my , g m g ss.

Fuu ffs g s:

sus su fis ex postfiss gs su mk subsv

s s sm g 2008;

-u mms u k sysmy ug mm , b mb --s ss; s s u u mm fi -ss DPO u m bg yg k ss EDPS b ssg ss;

sm s, su s v-suv, bfim , bs s sg submss kg vgss y;

v s b summsby gy su ssy s gv gu sus bs gg mm us.

2.4. Complaints

2.4.1. Introduction

A 41(2) gu vs EDPS s b ssb mg sug vss sRgu y Cmmuy g um gs ms u ss g ssg s by Cmmuy suby. P s mg s uby g ms s v

A 46() (15).

Ay u s my g m EDPS, s y s, bss As 32 33 gu(16). Cms s b u bymmbs sff Eu sus

(15) Ag A 46() EDPS s vsg m-s, m subj um sb.(16) Ag A 32(2) vy subj my g m EDPS s ss s gs u A 286 y v b g s su ssg s s by Cmmuy su by. A 33: Ay s my Cmmuy su by my g m EDPSgg g b vss Rgu (EC) N 45/2001,u g ug ffi s.


29/110

Annual Report 2007

28

gs m Sff Rgus y, bss A 90(b) Sff Rgus (17).

Cms y mssb y m m u s b - us by EU su by ss-g s xs vs, s Cmmuy . As b, umb ms fi EDPS mssb bus y us m EDPS.

Wv EDPS vs m, ss kgm m

u ju mssby s,uss m s y mssb u u xm. EDPS squss m m m ssb s b u, Cu Jus Ombusm ( g ).

I s s mssb, EDPS s qubu s, by by g su/by , by qusg u m

m m. T EDPS s b ss s mssy quy m su/by. H s b gss y mss su-/by s u s vs.

I v g b , EDPS m , mk ss myg b mvg sub-

js. I s, EDPS :

xs gs subj; -

;

, Pm, Cu Cmmss;

18).

(17) Ay s m Sff Rgus y my subm EDPS qus m mg A 90(1) (2), s s m.(18) S A 47(1) Rgu (EC) N 45/2001.

Su s vv msusby su/by, EDPS s s u su/by .

I 2007, EDPS v 65 ms. Ou s 65 ss, 29 mssb uxm by EDPS. A umb s bflyxm b.

2.4.2. Cases declared admissible

Collection of excessive data relating to visitors

T EDPS v m m s vsg Eu Cmmss s vsg gu,g ub ss umb b mmb gu (s2006-0578). A vsg, EDPS u s s xssv s quy A 4(1)(b) 4(1)(). Fg EDPS vsg,su s s EDPS s - ssfi m s u. T EDPSk s m m Cmmss s bg v -

m gu s s s s su ssg .

A m s s v ssg s by Eu P-m g(s 2007-0430). T m s qus v s us g g, su s m b. W su u g, s s sk fi b s s vy s s gs u u-

g mg. A vsg by EDPS, s u su s ssy ssu bgs by suy u P-m bu , , su ssyv b sbu s s

b sy xm uu.

Access to data

T EDPS v m m ju xkg Eu Cmmss g -g s m ss s s fi v- A 13 gu (s 2007-0127).

T m s m bu


30/110

Annual Report 2007

29

Cmmss s vus mysu s s, by mg m sus , s g s s by Ex Rs DG Cmmss g k.

A vsgg s, EDPS u ss g ss jusfi bss A 20(1)(), by ssy vus mys. As g svus mys u s s, EDPSu s m ms -

v u s bu s vus mys sg m sg m- v s u, m ,

s sb ssum my u vus s mym fim sms m s . Fy, s gs s m Ex Rs DG Cmmss g, EDPS u s s ssy gm -m sks u by Cmmssg A 7(1) gu.

T m s u m Eu Ombusm. T EDPS ss sus s vsgs Eu- Ombusm s s v u vsg.

A m s v m v svm Cmmss m s g ss procs verbal (PV) sbs g v k s u jb(s 2007-0250). I s x, g sss b us s ss ms

s PV ssssm. A vsgs, EDPS u u PV b sbs, squy s x ssssm v . T g ss u A 13 gu u v u ff. T EDPS s s u-g s g g ms- fi ssssm v/s

s .

A m s g gs Eu Cm-mss g g ss y

ums g bu y s

( mk m u) (s2007-0529). Ass s bss Sff Rgus, kg s -fiy gs juy.

T us EDPS s A 6 Ax III Sff Rgus (sy -gs juy) b jy

A 20(1)() gu. T by s by g ss subj, bu su y kg fib s. Ts -uss vss b m- s ums s b sy s Cmmss s s gv ss m. T EDPS sk bu bu mgm ys ufi As 4(1)() (ss) 12 (-m b gv) gu.

A m s m gs Eu Cu Aus g ss g ssu A 13 sff ssssms -um u su sff s,s s ssb sy s fis (s

2006-597).

A u quss fi su b m, EDPSu ssssm u Eu- Cu Aus ( k by EDPS s 2005-0152) qu y um- su sms m vus. Mv, EDPS fi v sy s fis xs. Fy, gg qus bkg , EDPS s s A 15 gu-

bkg s.

Forwarding and copying of e-mails

A m gs OLAF s v g -m m ss sff mmb OLAF s bss s u uy u(s 2007-0188). T EDPS u , s s -m s s s mssg, mmb OLAF OLAF us.

As squ, m s s

su s b gu.


31/110

Annual Report 2007

30

T sm m s m ss v m OLAF s b g ss v A 7(1) gu. T EDPS A 7(1)s s ssy gm m skv by m . H-v, k v , s s, s b y jusfi ss u y. Fum, y s mus my vss gu , -u, subj mus b m s gs s (A 11(1)()), s s.

T EDPS s sy kg OLAF v s y .

Requirement of credit card details

A m s g EDPS by mm-bs sff Eu Pm gg qum s busss umb gu bkg msss (s2007-0338). A vsgs by EDPS,

Eu Pm qu ss bkgs s v gy. Hv, s qu umb gu bkg.T y ss Pm s qu su umb s sff mmb s ub bk m fi ms musu ss m v gy byms sv m, us umb. T Pm s, v, s - mv s yg umb m sv m.

As us , s s s vu sff mmb. Ayssg s s umbguus -s sff mmb s gm u A- 5() gu.

Processing of sensitive data

EDPS v m m ECBmy mg m ssg - g mk

mgm sk v (s 2007-0299). T

m s s gy s ms A 10(1) gu b ss u suffigus ssy g A 10(2)(b).

A vg ys s, EDPS u ECB s us x A 10(2)(b). Ts us s bss ssg s -ssy uss myg sfigs bgs fi b mym .

Right of rectification

A m g fi vsv Cmmss s g 2006 (s 2006-0436). I 2007, EDPS v fim m su bu ff m s -s s bkgu (historique de car-rire) Sys2. T Cmmss s x y bkg ms s uv s squ u vyssg ff Sys2, sus, s, ym s sy. T EDPS

s m bu s u x bu ffius Cmmss y bk s Sys2 bs.

A m s v m s m vy s m s sms m 9 Nvmb 2006 s.T vug g us v bks. Subs-qu fig m EDPS, Ps Ams DG fiy s

vy m s sm.

Obligation to provide information

A m s subm by subj gsOLAF (s 2007-0029). T m s m, b m m, , s s s mk OLAF F Cs R, umg m gy (A 12 gu-). T subj s m bss A 13 gu. I, vgqus OLAF v ss s , y

OLAF F Cs R s v, bu


32/110

Annual Report 2007

31

s vg b mv, ug s . Fum, m s bv OLAFs F Cs R gv sv us s s bv-u, xs g fi (A 14 gu).

A vg vu s, EDPS OLAF s bgs ms by

As 11 12 gu. Fum, EDPS v m v y F Cs R y

ssg s g m u bs, my A 13 gu- (bku ssgs g s s su b v). Fy, EDPS u u vu qus fi ss b v, s mm s submss s g.

Publication in 2005 annual report

O 1 Juy 2005, EDPS v mgs OLAF s vus ssus u gu, by u ssg s

s g m by OLAF, x vs-g s g vvm s bby, us 2002 y 2004 (s2005-0190).

O 1 Dmb 2005, Asss EDPS s m. Aug g EDPS s m m, s s s ssus s Rg-u (EC) N 45/2001, u u u b k by EDPS, u

su uu y. Ts s s bflym 2005 u .

I 2006, m g m Eu Ombusm bu y s m b . I sm, s bj b s s s 2005 u , sg b mu. As sm, EDPS v - u s, ms ms s, s sbv. T fis m s s b Eu-

Ombusm y 2008.

2.4.3. Cases not admissible: mainreasons or inadmissibility

Ou 65 ms v 2007, 36 mssb s y us m EDPS. T vs mjy s ms s ssg by EC su by bu xu-svy ssg v. Sm s ms EDPS -s s k by uy, s us s m. I su

ss, ms m Eu Cmmss u b m s Mmb S s mm Dv 95/46/EC y.

2.4.4. Collaboration with the European

Ombudsman

Ag A 195 EC y, Eu- Ombusm s m v msg ss mms vs Cmmuy sus bs.T Ombusm EDPS v vgms m g ss ss mms my ssg s . T, msg Ombusm my vv - ssus. Lks, ms bug b EDPS my ms v yb, y y, bj s by Ombusm.

I v ussy u su ss b g s-fi ssus s by ms,

mmum usg (MU) s sg Nvmb 2006 b Ombusm EDPS. I , mmum s ususg m b EDPS Ombusm v v. T Ombusms su EDPS ss - ssus sk s m EDPS s ss g ss sb subm EDPS ms. I m s m- s s u m Ombusm, sus quy uby EDPS Ombusm s

s v u vsgs.


33/110

Annual Report 2007

32

T EDPS vs Ombusm sv m-s g ss ums, - Ps C D MU. Obsvs

s Ombusm u m s ss. Ts ms EDPS

u v s y b bub ss , EDPS Bk-gu P 2005 (ubs bs), ss s ub s ss m. T ms u quss ss s sms Mmbs Pm (MEPs), us MEPs Mmb S xs sm ffi ( Cmmss).

2.4.5. Further work in the feld

o complaints

T EDPS s u kg g mu m g by EDPSsff. T m ms u mm submss ms, g m mssby ms, b m vb EDPS bs uus.

Sff mmbs s us s-g kss Hsk A 2007 Lsb Nvmb2007. Dug s kss, EDPS gv s-

s ub ss ums

EU ms OLAF vsgs s xm mus.

T EDPS s m ms s kss s x g m g-g ssus x.

Amg s, EDPS s ssu mm Mmb Ss Dv2005/60/EC v us fi sysm us my ug s fig v g kg s.

2.5. Inquiries

A 46(b) gu vs EDPS u qus, s s v. TEDPS u umb su qus, sm

m s s (s sg 2.9 v-suv).

OLAF security audit

I 2007, EDPS v umus fism OLAF g -ssg vs u sm I suu. Ts s,

y s by EuCmmss, s OLAF mss mg y by OLAF sff.

I su ss OLAFssuy msus, EDPS u su-y s ys m z y, g x u kg fi. Cug s yss

suy s s bu b g fiy ms s suy msus.

T m bjv s s gs mm mg suy msus, m m qums fi ssss m- g ss.

A vg v gu mvm sysms ug mms, EDPSu s, gy skg, vy ss-

fi suy msus mm by OLAF

Nikioros Diamandouros, Joaqun Bayo Delgado and Peter Hustinx

during an inormal meeting.


34/110

Annual Report 2007

33

I sysms s u s s-sby.

T ffiy mm s suymsus b ssss 2008 -suy u s by OLAF, EDPS

b ss s bsv.

SWIF

O 1 Fbuy 2007, EDPS ssu s ECB SWIF s (US us

ssg bkg fig gs sm).T us ECB s vs, us ymk.

A sm m, x EU us, EDPSs qus m Cmmuy sus v fis ym sysms us u s SWIF.

O 14 Fbuy 2007, Eu Pm j su ssg m (PNR) SWIF. W g SWIF, Eu-

Pm s EDPS ECB v sus su Eu ym sysms uy my

Eu .

Dug sg 2007, u EDPS quss, ECB s g msusk my s-us v fis g s us ym sys-ms.

O bss m v, EDPSmm v Cmmuy susmsus su y uy my g bgs u Rgu (EC) N 45/2001, u y v suffi m sff mmbs vus vg -u s m.

I b sv, s mmb A29 Wkg Py, EDPS sy gss v s s, su s:

SWIFs s S Hb, v ss mm uss US

g ;

fis ssus v by US suy g ss ss xm, uss, y, suv-s ss msms g ss ssg SWIF u subs; m gs u, gm, u SWIF ym sv-s: g Sz

su -Eu mssgs m Eu g m USs.

I 2008, EDPS, us, s u ug sy m gss s .

2.6. Inspection policy

2.6.1. Spring 2007 and beyond

Ag A 41(2) Rgu (EC) N45/2001, EDPS s ssb mg sug gu. I M2007, EDPS u u msum gu vus su-s gs m ff sg2007 (s g 2.3).

T fis u 2007 k m s ss s su-s gs k sk gssm s vus s EU ms-.

W g mk quss, EDPS

gssv g - gy su.

T fis s ss gs s v s DPO. I, M 2007,10 gs y DPO.Cs s s ssb Cm-mss DGs u ssy v DPO qu sus b b ms/ us.

As su s s, gsv s DPO, ug

gy s m s y vs. Fu-


35/110

Annual Report 2007

34

m, Nvmb 2007, EDPS s m m DPO Eu Ivs-m Fu, u b vusym by DPO Eu IvsmBk.

F s sus gs DPO sy ffi, s s A 2007

u gus quss s, myg:

(1) sus DPO;(2) vy ssg s vvg

s ;(3) vy s ssg s

u s A 27 Rgu(EC) N 45/2001;

(4) u mm gu.

A s s s H Ams EDPS, s su s subj Rgu- (EC) N 45/2001, qusg m vy ssg s, vy ssg s subj kg, u mm msus.

2.6.2. Data protection ocers (DPOs)

Appointment of a DPO

As m bv, Cmmuy sus gs v DPO. T bgg su-s v s sss DPO (EuCmmss, Eu Pm, Cu Eu U, Cu Jus). I ms ss, sss ks u-m bss. Sm susv s s ss.

Independence of the DPO

I s s DPOs (19), EDPS u- ms u mms sus DPO sus/gs, my y m (, , s ssb fl - m DPO k) -

(19) S EDPS s R ffis (DPO) sug ffv m Rgu (EC) N 45/2001 (vb EDPS bs u Csu s).

s DPO s /s su .

T g sus (Cmmss, Pm Cu) v u-m DPO. OHIM vsy DPO u-m bss m Fbuy Dmb 2007 s s b b DPO ssus. A sus/gs v -m DPO -u m DPO sks. I ms s ss, DPO s sg vs.

T EDPS s u s ssu s DPO s /s mus . Gus s fi v b v by ms sus gs DPO u s sy-g s k DPO s subm EDPS su.

Adequate staff and resources

T EDPS s u qu sff sus DPO y u s/ us

(I, um sus, g, fi sus).

Ms sus gs v vv m sus sff -v DPO b m/ y u s/ us. I sm ss, sss DPOs v b. I sm ss, DPO bfism sss svs, su s gsv.

As bugy ms, y su sm bug DPO. Smsus, v, u y v vus bugy mmm.

Sm sus/gs m g DPO msy m DPOmgs g ssss gsby EDPS. A umb sus/gs v u y s u I sysm .

2.6.3. Inventory o processing operations

Aug g bg, vy

ssg s u gy


36/110

Annual Report 2007

35

su s b s by EDPS s usu msu m gu. T EDPS v sus gs s u su vy s sus EDPS.T EDPS s qus m bg y ssg s DPO.

Ms gs sus v sbs sbsg su vy bgm msu m gu.

2.6.4. Inventory o prior checking cases

I s , EDPS qus vv s m fi kg. TEDPS qus vy ssubj kg sus s ss, qus u sus ssg y s (m fis, sffs, sy us, s svs -mg).

Ms sus gs v sbs su vy bg EDPS msu m- A 27 gu. T ug

sg 2007 s ug s fis ex post ks s mbv (s g 2.3.4). I sm ss, s fi ex postss su. T s s g s sus gs u m EDPS bu sus sm g ss ssg s y s.

2.6.5. Further implementation

T EDPS s qus bk m Cmmuy

sus gs u mm- gu, ug mmg us, sg ss mg sff mmbs. H qus sus gs s ms vysms y usg sk bk g s subjs xs gs.

A 24(8) gu vs ummg us g DPO s b by su by. Ty s u sks, us s

DPO.

Oy g sus/gs v m-mg us s . Fu sus/gs -g s us 2008 gs g s kg m. Ts vs umb sus/gs u y su us.

I s ss, m - s usuy gv ug I

bss, ub gs, -m bus ss. Sm susv s b vy gsg g g sff mmbs vg x us -m su.

Dff vy sms v b by s-us gs vg m As 11 12 gu. Ms ys u ubsg vy sm I, vg m s-s sff s, ug vy s

m g, ug qums ums (.g. s).

As ms by subjs xs gs, s yy u ssby

g DPO sg mssg g mbx ff. SmDPOs s v ms vb sus/gys .

2.6.6. Conclusions

T sg 2007 xs s b EDPS k sk v m sus gs Rgu (EC) N 45/2001. Ag s b ff by EDPS. I s bg gs y

s DPO s sus sff ssy m s/ us.T s s ug sus/g-s y ssg s g -s m s subj kg by EDPS. T gv mus sus gs u bkg ex post kg ss -g ug s ss subm EDPS kg 2007.

T mus b s s s ggxs by EDPS su m

gu, g ssb --s ss


37/110


38/110

Annual Report 2007

37

bu ss. I s b u su g my xs u A 11(1)() 12(1)() Rgu (EC) N 45/2001, uss x s (s 2007-258).

Internet policy papers

T EDPS s s su by DPO Eu- Cu Aus sus Iy . T EDPS u kg u, , mg us I s sb I suy

y s vu uss u , , su mg s g sus ffs, sumg s, , ky b subj kg u A 27() (b) gu. O my subsv mm-s gv by EDPS s fix m u-g g fis b k mmg mmu s uss I suy y (s 2007-593).

T EDPS m v EuPms DPO g P g

vsgs sus buss us I ss -m. T EDPS u -mg m vsgg susbus I -m s m mm b subm- kg by EDPS u A27 gu. O EDPS mks - g susss bus, v uu vsgs. Mv, m uss, A 20 gu (s u bg m b ) s mm. I s

s m y u vsgs u qus s . I , EDPS u sm gus msv vsgs g (s2007-261).

Implementing rules on data protection

T EDPS v mms m-mg us g Cm-muy Fss C Agy (CFCA). A m ss subsv mfis, EDPS -

m CFCA m m-

mg us DPO, s s A 24(8) gu, bu v m v s s gs subjs(s 2007-651).

A s xuv g m-mg us g Eu- Mm Sy Agy (EMSA) s s sub-m EDPS. T EDPS mm, , s sks, us s DPO, u qus ms, As 11 12 gu (s 2007-395).

I , DPO EMSA sug v j gg us .T EDPS mm sm g gs sk ssy gu (s2007-397).

Registration of national case-law on Portailexterne

T EDPS s su Cu Juss DPO gg gs

s- Portail externe ssquss my ug fi Cm-muy .

T EDPS u , b ub s- Portail externe, s m- m ssy g us b u. T EDPS -mm Cu Jus s m-gy yms u ss,bg m v sy sug.

W m ymus, A 5()

() s s A 12 gu sub k s (s 2007-444).

Applicability of national data protection law

DPO Eu Fu Imvm Lvg Wkg Cs(Euu) subm su gg my y gy. Tssu by Is s s s gy s bs I. I s u ,ug s- gss mmuy Cmmuy sus bs s bsu

my y EU s


39/110

Annual Report 2007

38

v u sfi usy, EDPS u s jusfi . O -mms m, su s -s m, sy ffi , s s g mg xgsv, suy mgm (s2007-305).

Other issues

T sg-u k -ss Eu Pm, s m gs, s s subj su. T EDPS m Pms DPO u su -

k v b vy sv Eu Cm-mss mg mg ssg s , g s yu k (s 2007- 297).

T DPO Eu Mg C Dugs Dug A (EMCDDA) sugv g ss ms k msss m ug Suys,

Suys ub ys, b 22.00 7.00 y flxby gms. I ss, s s mk s us, EDPS u gu . Ts ss msvs s y sfi s(s 2007-725).

2.8. E-monitoring

T us mmu s

EU sus bs gs s , ssg ggs Rgu (EC) N 45/2001. T EDPS s v-g s ssg g by us mmus (, -m,mb , I, .) EU sus bs. A -mg us mg mmus k su mgs DPOs mms s.

Ts mms s k b bg fi um

s ks u vms s

, su s Eu Cu Hum Rgss ug mg mysI us bs um gs (20). T mfi- A 49 EC fi gusmmg us g m s-s u uss sv s b k u fi um.

Issus s fi v s s x EDPS vs suss s s (s g 2.3.4 M ssus ex postss, s -mg, g 2.7 s sus I y s)

2.9. Video-surveillance

I 2007, EDPS u k s v-

suv gus v gu EU sus bs m us usg v-suv sys-ms. Fg suvy u mg vusCmmuy sus bs bu -s 2006, EDPS s u sg 2007 suvy mg EU Mmb Ss,

sss us (DPAs). T suvy v - us v-suv sugu EU.

(20) Cs Coplandvthe United Kingdom, A N 62617/00.

The monitoring o electronic communications must respect data protection

principles.


40/110

Annual Report 2007

39

M, EDPS s g u x v-suv -us.H u k Eu Pm -u 2006 m gs P-ms v-suv s.

H s vs su quss v-suv v m DPOs sus. A ss vv us v-gy uss suy.

I - s (2006-490), sus v ms s -s (sg I mu us vss). Tg m -s, sg vss k-g k ss, s bs v sus , m - -y. A us s sss-g s m vby s -s. I s y yss, EDPSu ssg s usv, um uss sug v, sg s vby vb ms v s sm uss. T, EDPSmm su us ms

m s -s m vby s.

A su qus, g-by s(2006-510), s s ms g bys sus kgs m vby s g ug. T g u v b vb umm. Ag, EDPS m-m () us ms m vb-y s, , vy,

() sg ms sg su su y ss ug ms u b -fib.

A s (v-s ms) (2007-132)us ms

ssu b gv sk-s / s

fim ug s

s vs gs mss su.

Dug 2007, EDPS s v umb kg fis m Cmmuy su-s bs. W x OLAFs s-u vs (CCV) s, kg fis ex postss.

T Cmmss, JRC Is, Cu, s s CR, jy EESC, v subm su ex post kg fi EDPS. Ts ss sus, g EDPS v-suv gu-s. Hv, OLAFs CCV s, bg sub-

j u kg u, uybg v by EDPS (s 2007-634).

Bug sus suvys, s s s x s , EDPS s fis su s v-su-v gus 2007. Ts fis -su s b fis ubs EDPS bs 2008, vg mms

m s s. T EDPS s s fi gus ssssm mmsv sug u fi mvm gus. T gus us ssus v s Eu- sus bs bu s k s- m s, gus gus EU Mmb Ss.

Data protection saeguards are needed to ensure the sae use o video-surveillance.


41/110

Annual Report 2007

40

T gus v v sm sus bs vy smv-suv sysms mm us vy, us, my ss, v s subj ssg s EDPS kg.

Hv, m mx, v usvsysms, u s- g- v-suv sysms, m subj kg by EDPS. Av y b g s-by-s bss. A kg, sm ss bbv m, s b qu sys-ms , u sfi um-ss s, ss v m m s mms s EDPS v-suv gus.

2.10. Eurodac

Eu s g bs figs s syum g mmgs u EU. T bs s ffv Dub Cv g ms syum.

Eu s s u u sfi us Eu- v, ug sgus (21).

T EDPS suvss ssg s bs, by C U Cmmss, smss Mm-b Ss. D us MmbSs suvs ssg by us, s s smss s C U. I su , EDPS us mguy suss mm bms g ug Eu, s s mm m-m sus. Ts suv-s s s b vy ffv (s g 4.3b).

I 2005, EDPS u s su-y msus C U.

(21) Cu Rgu (EC) N 2725/2000 11 Dmb 2000 -g sbsm Eu ms figs ffv Dub Cv, OJ L 316, 15.12.2000, . 1.

I s , ssu Fbuy 2006, EDPS m ss mms m mv-g sysm.

As s s, - suy u su, s Smb 2006. I ssss

mm suy msus my qums fi by b us sg suy y EuCmmss. I u ssss s suymsus s my bs u s. Tfi u s s Nvmb2007.

Ag gm b EDPS Eu Nk Im Suy

Agy (ENISA), gy v s x gss, v v mgy suy u. T u m

s ms svs m EDPS, Gm F Offi Im Suy (BSI) DCSSI (D su ssysms m) m F. ENISA v quy ss . W s EU s, s summy s m vb

EDPS bs (22

).

T EDPS s uss mm-s. T m us s suy ms-us y mm s Eu y y v b m u-g fis u ys vy v v v . Hv, sm s sysms gs suy ssm ksss v b ss Eu uy my bs s mm bs vb -qus.

T EDPS v mm -u msus, b b bss . H xs s sb k u VIS, SIS II -mg g-s EU sysms.

(22) S Suvs s, u Eu.


42/110


43/110

Annual Report 2007

42

suv sy. Ts vms sb b.

I m, suy jus, mjs u. Ag, sums ssbs m us , s xg s v b

s, u fig gs -sm gs m.

T m gy vy bms m m vsb. Ts us bms vm RFID qu sfi .

T gg m fls ys b y v uy v by EU s, gv ms s.

As kg ms EDPS, 2007 s fis y EDPS kg s

ub um, my Ivy 2007, s ubs EDPS

bs Dmb 2006.

T uu ms umb s ssuss sms ssb s, s m

2006: 12 s v b ssu 2007;11 2006. T EDPS s m m us sums v, su s mms( s ubs bs, bu Official Journal of the European Union). Ts sum mus b s s suu

s .

Fy, s y k bk vsv 2007, bu s k by sbg v-ms gy, s s gs.

3.2. Policy rameworkand priorities

T y T

EDPS s vs Cm-muy sus s-s gs ums (27) b s- s sg u m sg EDPS s

su.

T us ms: s vsy sk EDPS, subs -vs, /kg ms. Tsy s ssu M 2005 sv b s bss vs EDPS.

Ts bss s u b fi 2007.T EDPS s fi bjv s - EU gsv ss s vym gsv msus y b k u s m msus vy . T m ssss-ms u by Cmmss mus gv - vy . I, ss mus ys b bs ss m .

Fum, s sss EDPS ss mms s v by EDPS ssuv vs, m,suy jus. Ts mus b s s u- s mg ss , s ss m ffvss. A s sg, EDPS s y m s m, suy jus bu gm sm v u b s

(27) Avb EDPS bs u Csu s.

Part o the consultation team discussing a legislative opinion.


44/110

Annual Report 2007

43

vy EDPS. T bm y 2008.

As gs kg ms, 2007v b y s. Csu EDPS us vs ffsgs gsv u s bm m s u, v us ss v my v m .

Te inventory

T yy vy mus b s s y mk EDPS. T v-y sss s:

u vg s yss x sfi s v s y;

x ss v Cmmssss ( ums) myqu m EDPS; m su x s Cmmss gsv

k gmm.

T Ivy 2007 s g s EDPS. Gy skg, EDPS s mg s s s. kg s k ff s, g uss b .

T x Ivy 2007 s 16 mums (m s ) EDPS ssu . Ts us s g su:

Opinion issued 8 documents

No EDPS opinionbut support

to opinion WP 29

1 document(PNR-US agreement)

EDPS opinions

postponed to 2008

2 documents

Commission proposal

postponed to 2008

5 documents

Fum, s 22 ums ssm EDPS, EDPS ssby ssu , y jus sy y vms

.

Priority 1: T sg xg -m m, suy

jus s g b vy EDPS 2007 ( m s s g s EU gs us u mss g sums mfi xsg sums s ).

Priority 2: T mmu Cm-mss uu Dv 95/46/ECs xsv EDPS ,

sk s s uugs.

Priority 3: T vms kg m sy v b sy - mm . RFID s bm; EDPS s b vv mfi Dv 2002/58/EC (- y 2008).

Priority 4: As y ug ub- s ss EDPS,

mu gss s b m, my u v gsv ssv b 2007. Ts subj m y 2008.

Priority 5: My vs v b myg OLAF. Sfi s b gv xg s

Eu ( EDPS Eu s) xg us. T s - suvs EDPS ssg by OLAF.

Priority 6: As sy, vsy v-s v b s sv jugm Cu Fs Is Bavarian Lager (v 8 Nvmb2007). A s mfi Rgu- (EC) N 1049/2001 s s sg 2008.

Priority 7 and 8: Hz ms vs (g kg m): -sb gss s b m.


45/110

Annual Report 2007

44

T s y 2007 ss vsmg.

EDPS continuous attention

(research programmes,

general issues/subjects

such as immigration

or public health)

8 documents

EDPS involvement in 2007

(comments or inormal

action)

4 documents (spam,

cybercrime, terrorism,

publicprivate partnership)

Deleted rom list without

urther action by EDPS

5 documents

Commission activity

postponed to 2008

2 documents

Upgraded to red issue

in Inventory 2008

3 documents

Inventory 2008

I Dmb 2007, Ivy 2008 ( syy vy) s ubs bs. I -s m s s s u Ivy 2007.T s g sgy ff y: Ivy 2008 y ss six priorities,

. I 2008, y s b gv y Lsby, s s x ss g s us.

T x vy ss s vy EDPS vs g -y s. T ss s 13 ffCmmss svs (Ps AmsDG, Emym, S Affs Equ O-us DG, Es Iusy DG, Eus,Im Sy M DG, Jus, Fm

Suy DG, I Mk Svs DG,OLAF, Ex Rs DG, H CsumP DG, Sy-G, x Cus-ms U DG, Egy s DG).

T s s s umb s-s s x. T x ms 67s v g g s:

34 s flgg s , vg g y;33 s mk s y ums, v-g ums ss m EDPS

EDPS s ssby ;

29 s b fi s gsv ss

stricto sensu ( gus, vs, ss

mk ss); 38 s -gsv ums; s us Cm-mss mmus, mms, kgmms, s s ums g gms b EU us.

Ts s umb ss s x s y u x s bs Cmmss gsv k gmm,

ss sy s s s ms. T 34 s v b g ys ssy m umb EDPSs g gy.

3.3. Legislative opinions

3.3.1. General remarks

Opinions on third pillar issues

T EDPS 12 gsv s 2007.As vus ys, subs s m, suy jus.Hv, s ss sm ss 50 % gsv s (my 5 u 12).

A fiv s ums fi ju m ms( ) u um v-ms, s m sv -. Ts s s fis s Cu mk s s ss m-

k ju mms. T s s Eu s, vs ss-b (ssg Pm y s

mmg gm EU v) s Eu ssg m (PNR)sysm.

I , mj s ss g sg by xg m b mus, u ssssm ff-vss xsg g sums. N sums sg b xsg sums v by mm. Ts bm s uv ss Pmy EU v Eu PNR

sysm.


46/110

Annual Report 2007

45

A bm y -s EDPS g ssus s k msv g mk -. Ms ss u sm sfi v-ss mg sg u gmk. Hv, ssy g mks y b u .

A ssu sk s EU us mk my Mmb Ss sbs us sks, bu v m s s ug sus. Ts ms xg mb Mmb Ss ffs g -y subj s sb us ff Mmb Ss.

T xg m us m uss s s ssu, suss ff EDPS s. T EDPS s bu k ms, s s k gus suug ssg by u-s, g s s .

Opinions on communications

s ssu g mCmmss mmus g uumk . I s mm v(28), EDPS fi fiv svs gg x, bg gy. Ng vms v m qums ffv g mk . A m g vm sRFID, subj s EDPS (29).

T s s Cmmss mmu-

s gv EDPS uy fl uu svs gv mus susss m-

k uu; su susss bmg ug (s g 3.7 uuvms).

(28) O 25 Juy 2007 mmu m Cmmss Eu Pm Cu -u kgmm b mm v,OJ C 255, 27.10.2007, . 1.(29) O 20 Dmb 2007 mmu m Cm-mss Eu Pm, Cu, Eu Em S Cmm Cmm Rgs quy (RFID) Eu: ss s y mk(COM(2007) 96).

Opinions on first pillar legislation

T fiv s s by EDPS 2007 v u y s sus usms, sss, s, guu s suy. T m mm m s u fiv s suss ss - xg b Mmb Ssus ( usms, s ssuy). O ssus v u ssu m bfis Cmmuy u-g, ss fiy, b sfi us g mk.

T ss fl m g . Im- xg b Mmb Ss ugxg s s s s msum vm m-k. Bs u b k y by g xg, by uy usg ssbs - ks. Smms s s Cmmss s ssb m vby suu. Is ss, EDPS s s s suvsy

uy.

I g, s qus s m EDPS, su ssy sgus gus subj k u,s sums g xg s . I s s, s s ss subj xs s gs sm y.

3.3.2. Individual opinions

European Police Office (Europol)

I 1995, Eu s bss v- b Mmb Ss. Ts v s svg ms flxby ffvsss mfis mus b fi by MmbSs, ss my k ys s msby xs s.

T bjv s Cu sg v (30), EDPS

(30) Ps Cu s, 20 Dmb 2006, sbsg Eu P Offi (Eu) (COM(2006) 817 fi).


47/110

Annual Report 2007

46

ssu 16 Fbuy 2007 (31), s mj g m vs Eu, bu my sss vg Eu

m flxb g bss. T ss s subsv gs, s s umv Eus ug. I xs m- Eu ys sv vss,mg u k Eu, s gg xg bEu bs EC/EU, su sOLAF. T s s s sfi us suy, g g mk s y b .

T EDPS us Cu -s su b b mk su v .

Mv, suggss m mvmssu s:

sug m mmvs u;yg s s gus

bss k;msg us , mg xs, subjs g ss;ug gus Eus ffi ( ysus u ssg s );sug suvs EDPS ss-g g sff Eu.

Correct application of the law on customsand agricultural matters

O 22 Fbuy 2007, EDPS vs Cm-

mss s gu ss ug vus I sysms gs . T m s s sg b Mmb Ss Cmmss v bs usms g-uu gs (32). T I sysms u

(31) O 16 Fbuy 2007 s Cu ssbsg Eu P Offi (Eu) (COM(2006) 817 fi),OJ C 255, 27.10.2007, . 13.(32) Ps gu Eu Pm Cu-, 22 Dmb 2006, mg Cu Rgu (EC) N 515/97 muu sss b msv us MmbSs b Cmmss su usms guu ms(COM(2006) 866 fi).

Eu y, usms msysm (CIS) usms fis fi -bs (FIDE).

I s (33), EDPS suggss vus m-ms s su ssv mby xsg g mk ffv -vus s . Amg s, EDPS sug-gs g:

Cmmss su y u ssss-m gg Eu y; Eu y s , gu- su v m-my msv us sg sfimsus su fiy -m; m vus vss gs EDPS suvsy gg CIS FIDE; suv-s CIS u u us EDPS.

Coordination of social security systems

O 6 M 2007, EDPS vs Cmms-s s g mmg msus s suy sysms. T svs vs g s s suy (ss,bfis s my, vy, umy-m, .) (34). I ms msg smyg xsg us by sgg mvg ms xg b ssuy sus ff Mmb Ss.

T EDPS m s x

ms vug mvm zs mvg s vg s mym s mvg U (35).

(33) O 22 Fbuy 2007 s gu m-g Rgu (EC) N 515/97 muu sss b msvus Mmb Ss b Cmmss su usms guu ms (COM(2006) 866 fi), OJ C 94, 28.4.2007, . 3.(34) Ps gu Eu Pm Cu-, 31 Juy 2006, yg u mmg Rgu- (EC) N 883/2004 s suy sysms(COM(2006) 16 fi).(35) O 6 M 2007 s gu yg u mmg Rgu (EC) N 883/2004 - s suy sysms (COM(2006) 16 ), OJ C 91,26.4.2007, . 15.


48/110

Annual Report 2007

47

W s u s suy u xsu xg ff ks s, s s u g v s s ssy. Bg s m, EDPSvs :

y ums bs s su s us m s sy ss, bs u-s ss s;su s msm s-g smss s s ybs sfi g gus;v ss v -m ssg s ;b subjs xs gs ff-vy s-b x.

Cross-border cooperation (Prm reaty)

O 4 A 2007, EDPS s v 15 Mmb Ss mk y Pm b ugu EU, ug b su s s (36).

T v ms s u ss-b -

, uy mbg sm ss-b m. T v s xg bm (DNA figs) qusMmb Ss s u DNA bss (37).

Aug ys m s v, vss m s sfi s g mk ,

s s b . Su mks gv zs ug , s ss mk mu s xg DNA fig .

S Pm y s y sm Mmb Ss, EDPS suggss mysv mv x u myg sys-m m xg s. I u, s :

g ff ks -s s g: m ssv , m m uss y bus m m ss s;

(36) O 4 A 2007 v 15 Mmb Ss v g Cu s sg u ss-b, uy mbg sm ss-b m,OJ C 169, 21.7.2007, . 2.(37) Pm v, OJ C 71, 28.3.2007, . 35.

Cu su u m ssssm vu us u -; sysm b smumb sy g Mmb Ss s umy b us EU- s;

v s sy gs ss b u DNA bss s m .

Financing of the common agricultural policy

T ys s ms ufig qu-m ub m bfi-s Cmmuy us. I mm Eu sy v, Cu Rgu(EC, Eum) N 1995/2006 13 Dmb2006 (38), s s subj EDPS, s s qum figu.

T m s ys by EDPS s 10 A 2007 s Mmb Sssu su u ex postub b-fis mu v bfiyu Eu us, m bug Eu Cmmus.

(38) Cu Rgu (EC, Eum) N 1995/2006 13 Dmb2006 mg Rgu (EC, Eum) N 1605/2002 figu b g bug Eu Cmmus,OJ L 390, 30.12.2006, . 126.

The Prm decision relies on making use o DNA material.


49/110

Annual Report 2007

48

I s , EDPS sus us sy us -v gs subjs sub . Fum, s v u ss mg subjs b-, m s , s b m ub, sug subjs g ss g bj s.

Mv, EDPS suggss ug sfivs, my A 12 Rgu (EC) N 45/2001. T m s m subjs bu ssg s by ug vsgg sus bs.

Data protection in the third pillar (third EDPSopinion)

O 20 A 2007, Gm Psy su Eu Pm vs s Cu mk s (39). T m v-s s s u gs Cu mv . T

EDPS s subsv gs - vs s, s s s m, , s ssu 27 A2007 (40). I s vus s subj, EDPS sss g mk m, suy

jus ju s qug gg v.

I s , EDPS ks s-, mmg mk ssu b u sgfi mv-ms, u g g

ssus:xs s s u ms ssg, s zs quy y xg Mmb S;mg uss s my b u ss, v g bs s Cv 108;

(39) Cu Dum 7315/07 13 M 2007.(40) T 27 A 2007 s Cu mks s ss mk ju m ms, OJ C 139, 23.6.2007, . 1.

qug qu v xgs us g m-m EU s;sug quy, by sgusg bu s , s s b g-s ss, su s sss, v -ss, .

Fum, EDPS vs Cu gsgg ssus s s xg s s ssg byEu Eujus, s s sbsg

j suvsy uy sm ss ms s u b su-fiy ss.

Communication on the implementationof the data protection directive

T Cmmsss mmu m-m v s m Dv 95/46/EC s ms s susss v s mm (41). T us mmu s v

su b m. T mm v su b u mv by ms y sums, msy -bgu.

T EDPS 25 Juy 2007 sus us Cmmss. Ag m, s m, gy s bs s mvms mm -v (42). I g m, v, gs v sm uvb. T EDPS sks v ss g sugs su y b s . Su u

gv v s kg bu uug. Fuu g s m s, msvgms.

T sgs u fiv svs uug: u mm v,

(41) Cmmu m Cmmss 7 M 2007 EuPm Cu -u k gmm bmm v (COM(2007) 87 fi).(42) O 25 Juy 2007 mmu m Cmmss Eu Pm Cu -u kgmm b mm v,OJ C 255, 27.10.2007, . 1.


50/110

Annual Report 2007

49

gy, gb vy jus, m, m Lsb y.

As sv u mm, EDPSs Cmmss s ss m-ms u u:

ss, sfi gsv EUv; usu b mm vug gm us; us sum v mmu- g ssus: s , fi ss, m b , us m mb us, g gus ssg,sy g umbguus s b ss; us -bg sums ugsums bug vyby sg; submss A 29 Wk-g Py gvg s vs s b Cmmss kgy.

Community statistics on health

O 5 Smb 2007, EDPS s gu Eu P-m Cu Cmmuy sss ub sy k (43).

T s ms sbsg mk u sb vs fi ub- sy k sss - u by Eus, ss sus us ssb v-

s ffi sss s s.

T m mms EDPS ssy ss ffs b ss fiy, my s sfi . Mv, ssu ss s uss s sv s ss s ys.

(43) O 5 Smb 2007 s gu Eu Pm Cu Cmmuy sss ub sy k (COM(2007) 46 fi), OJ C 295,7.12.2007, . 1.

Fg suss b svs Eus EDPS, s mm v sss u Eus g

vu s ss uss ub u u kg.

Road transport operators

O 12 Smb 2007, EDPS ssu s s gu Eu P-m Cu sbsg mm usg s b m u-su u s (44).

T gu sbss s g gu, fi sg ss m- s ms v ssy.T s us gss v b b Mm-b Ss, g xg mb Mmb Ss. I s sfi v-s (45).

T EDPS vss s gu s

m :su g fi ms su s gu;y mbgus u-s;su qums Dv 95/46/EC s.

Implementing rules of the Prm initiative

O 19 Dmb 2007, EDPS s s - Gm v sbsg mm-g us ssy ug

Cu s Pm (46) ( EDPS yssu v s s 4 A 2007).

T mmg us x v sfim s y fi u ss s xgs ss su

(44) O 12 Smb 2007 s gu sbs-g mm us g s b m usu u s , OJ C 14, 19.1.2008, . 1.(45) COM(2007) 263 fi 6.7.2007.(46) O 19 Dmb 2007 v F Rub Gmy, v g Cu s mm- Ds 2007//JHA sg u ss-b -, uy mbg sm ss-b m.


51/110

Annual Report 2007

50

gus ss. Fum, u k g EU mk ugu ms m s s sfi sus.

I u, EDPS mms : mb g vss sfi us su sub gs zs ffiy m us s s ; uy ss mss DNAfis figs su b uy k u sy m, s g g s xg; us su b u s- y y u suvsy vsy ugu ff sgs mm.

Communication on radio frequencyidentification (RFID)

O 20 Dmb 2007, EDPS ssu s

Cmmsss mmu -quy fi (RFID) (47) Eu ss M 2007. T s gg us RFID s sum us s ffg vus.

T EDPS ms Cmmsss mmu- RFID s sss m ssus sgm ym RFID gy k-g u vy s-s. T EDPS gs Cmmss s fis s v m s-guy sums. Hv, gs-

v msus my b ssy gu RFID usg vy .

T EDPS us RFID sysms u y ky vm Eu -m sy bu RFIDgs su b by bfis ss sgus. S-gu my b ug m g. Lg

(47) O 20 Dmb 2007 mmu m Cm-mss Eu Pm, Cu, Eu Em S Cmm Cmm Rgs quy (RFID) Eu: ss s y mk(COM(2007) 96).

sums my b qu gu sus mms sks vy . I, xsg v s suffi - vy fis s. Hv, umk su b ffvy. T s gg s, bu s- us my b qu su qusus.

M sfiy, EDPS s Cmmss s g mms:

vs gu, s - v sks, y u g mk RFID v-m; Cmmuy gs gug m ssus RFID usg s ffvmm xsg g mks;su msus su by y - s s s u-b g bg; fi bs vb qus

y sv y

vy-by-sg .

Internet o things: a tagged environment will have to be a privacy riendly

environment.


52/110

Annual Report 2007

51

Council framework decision on the useof passenger name record (PNR) data for lawenforcement purposes

T s Cu mk s -ss bgs s sm bu ssgs flgs m EU MmbS, us mbg sm gs m (48).

I s 20 Dmb 2007 (49), EDPSmsss mj m s u v vy gs ssgs.

W kgg fig gs sms gm us, EDPS ss ssy y s suffiy sbs. I , EDPS ks s k y vus ss s, u -b g mk, y s s , s s us.

T uss u ky ssus s g uss:

gmy ssg: s s v suffi ms jusfi su ms gmy ssg ;b g mk: sgfi k g y s s gs - gm b svv ssg s ; y s: s s sy y s s, s ss vu gus s s v;s us: s ss

s s PNR us b subj msv .

Fy, EDPS vss sb Lsb ys y , s y gsv u s

(48) Ps Cu mk s 6 Nvmb 2007 us ssg m (PNR) m uss(COM(2007) 654 fi).(49) O 20 Dmb 2007 s Cu mks us ssg m (PNR) muss.

by y Eu Pm s uyvv.

3.4. Comments

Security and privacy

O 11 Ju 2007, EDPS s s P-ugus Mss Jus I. H umg sy su suffis ms b

Cu vs . T EDPS xsss umb gms -s msus b u u uysg m um gs.

T EDPS u mssgs su s g vy u suy gu vg m suggsg umgs ms uxuy suy ff. H xss s su gv vu vy gs vs k usg mk um gs, s ys ssy - msus mb m sm.

Ts s gs sss bu bus um gs m g -sm Eus bs v s 50 ys.T su b ub ffv -msus b m bus u-m gs. I s, xms b u ff s Eu u um gs s sv s su uus su sy sby.

I ff, EDPS s su - s g s gmy s suss y v s fi, ms bfis ffv suy mss Eu.

T EDPS fiy ug Cu jus k Eu Cmmss mk us s vb-y s vs ms g s ssg. A g EDPS v Cmmss EU sums fis s s su mv gs b

ms gmy ffiy.


53/110

Annual Report 2007

52

Ts s suss mg b EDPS Pugus Ms Jus 17 Smb 2007, fim smmm s vy um gs v gs.

Lisbon reaty

I s Igvm C(IGC) sy 23 Juy 2007, EDPS sk sm sfi s b u vss y v

mvg x y EuU y Fug Eu U, s s D -s s ju m ms. Uuy, IGC sy s suggss EDPS.

Developments on data protection frameworkdecision

Fu s , EDPS sy v-

ms b s u gs. T EDPS Pugus Ps-y s s v v sm ss -ms s. O 16 Ob 2007, EDPS s ssu mms m bum s su b vk sg fis Cu mks.

I u, EDPS mm :

k u mm v v by Cv 108, sy

g ssg ssv ;y s b m uss s ssby m us us m ss mbuss;

su u g ss s , s-y s um ss;

gu vsy us, s ug um EU v s us u vy.

T EDPS s s v s s s

Eu Pms Cmm Cv Lb-

s, Jus Hm Affs (LIBE). I 2008, EDPS k mg s s m vb v u v.

Control of the acquisition and possessionof weapons

I 31 Ob 2007 s EuPms Ru ssu, EDPS vms gsvu s v gug qus ssss -s (50).

Ts vms s m ssu , my s squ mmu Rus . Ts mmus m mus s -fig sysm Mmb S, sv b s ss 20 ys.

I s , EDPS s s sv sg m sysm Dv95/46/EC.

Rome II regulation on the law applicableto non-contractual obligations

O 28 Fbuy 2007, EDPS s ss Cu, Cmmss Pm xssg sm ubs s s A 7 (vs vy gs g sy) EuPm gsv su Cu m-m s v gu- Eu Pm Cu b -u bgs

(Rm II).

I, s u v -sss Dv 95/46/EC. I fis , s my s s v vs g us ssg s s v -v sums, s xs mg v b s. x A 7 u v vs

(50) L s v mg Cu Dv91/477/EEC qus ssss s,31 Ob 2007.


54/110

Annual Report 2007

53

g us s v, s k ff m A 4 v s b .

I s , umb m s s y A 7

xy m s. I s s g uv v ssg g y by bs. Mv, x g 3 -s sm mg sss v.

T EDPS suggs m u su b k umg gsv ss v v ms s x mg v xs-g gs, s v bms b bfly sb .

O 11 Juy 2007, gu s (51).A 7 s . A vs us s u A 30.2 syg suy su fi b -u

bgs sg u vs vy gs g sy su b subm by Cmmss 31 Dmb 2008.

3.5. Court interventions

A sum EDPS uss gvg ff s s vs EU sus s v s bug b Cu

Jus Eu Cmmus, u A47(1)() Rgu (EC) N 45/2001. Ts su-m us vs b Cu FsIs Cv Sv bu (ug ss m s y b us by EDPS).T s s sum s fi by Cu Jus s s 17 M 2005 PNRss.

O 12 Smb 2007, s Cu Jus s C-73/07 (Satakunnan

Markkinaprssi and Satamedia) fi m- EDPS s x myug gs. T EDPS s sk v

(51) OJ L 199, 31.7.2007, . 40.

v s s g mg ssg s u sy ju-s uss Dv 95/46/EC.

O 8 Nvmb 2007, Cu Fs Isgv s jugm s -194/04 (Bavarian LagervCommission), ss gg s b ub ss ums EDPS v 2006. T jugm ss m m-s bs s b.

T Cu Fs Is u Cmms-ss s us u ss mus mg gs by Cmmss, ug ms s mg. T Cu Fs Is ssu ms -svs v by u js vy gy.

T EDPS v s su ss s s subs fim by Cu FsIs. I Juy 2008, Cmmss ssu Cu Jus.

A s g g bss Dv 2006/24 (s C-301/06, IrelandvCouncil and Parliament), EDPS qus v 2006, s s g b Cu Jus. I 2007, EDPS ssu submsss.

Fy, Dmb 2007, EDPS qus v b Cu Fs Is s-374/07 (PachtitisvCommission and EPSO). Ts s bu ss s qussu m s ss k m su sv s u-m by Eu sus.

3.6. Other activities

Te USPNR agreement

T EDPS s b sy vv ssg gm b EU U Ss ssu PNR, s s vus-u vs us

gm Juy 2007.


55/110

Annual Report 2007

54

I fis , EDPS s mm gs m, s uy sg fiy. I s , s vy vs A 29 WkgPy, sgy ssgs gs k-s Eu Pm m sgss ff ss gm. Hs gv s v s gm svss, s by gvg ( ) v Eu U Cmm Hus Ls.

Fg us gm, EDPSs k , g mmbs

A 29 Wkg Py, yss gm. I by kg y 17 Augus 2007, s xss

sgus gm bk m vus gm.

I u, umb quy s-, g umb s, k y g us b us s v sysm

fi s sg sfi . S kg y uy fl v EDPS, bs m sg EDPS.

Bfig m v u EDPS,

kg y s s b kg s

m ssgs y buy flgk. A 15 Fbuy 2007 (52)gvs v ms vm by , s I.M m s v b - s m, mk su m- v s ss ss EU.

Implementing measures for SIS II

T g sums Sg msysm (SIS II) s Cmmss sbs mmg msus, ug - S mu SIS II.

Ts mu vs sm us ssy ug SIS II b xus-vy v by g sums bus u, v gu u. Ts us m g m-

k. S s msus v m u-m gs, EDPS s my su.

I s mms s Cmmss 7 Sm-b 2007, EDPS ss vus ssus su s:

mmu u m:fi s s uss u m v k mmu x S mu;suy msus: EDPS k s- g v suy qus by A10(1) g sums, m svsuggss s suy quss,sy s s I suy s ; s, ug: vg , um - , g us ,quss ss fi ,

kg s, us v A 25 Sg Cv sss.

T m mms y sus b by EDPS. Hv, m mms suss SIS-VISCmm 12 Smb 2007. Ty k u sb x. T mms k b su b sussg, v ssssg ssby u-

(52) O 2/2007 Wkg Py Im Pssgsbu s PNR US Aus (WP 132).

Passenger data: not only used or ying, but also or nding criminals.


56/110

Annual Report 2007

55

g m vs vs mmgmsus.

owards use of statistics

T EDPS 5 Smb 2007 s g Cmmuy sss ub sy k (s -g 3.3.2). I s uss, EDPS u mm v sss u Eus g vu s ss uss su b u my kg.

I EDPS v, s mm v su -ss yss mmum s qu ssg yss ssg s mm Eus.S , sv s v b m v ms Eus u s mm v. O 4/2007 A 29 Wkg Py -s b us s bkgu um s x.

A sm m, EDPS s bg su s gu Eu Pm Cu Eu sss. Ts -su s x u mmv, s EDPS b b guss us sss.

Consumer protection cooperation systemand internal market information system

T EDPS s u ff ss g-s I sysms xg m b Mmb Ss: sum

sysm (CPCS) - mk m sysm (IMI).

T CPCS s bs by Eu Cmmss xg m- mg sum us Mm-b Ss Cmmss usu v-ss Rgu (EC) N 2006/2004 sum (53).

(53) Rgu (EC) N 2006/2004 Eu Pm Cu 27 Ob 2004 b usssb m sum s ( gu sum ), OJ L 364, 9.12.2004, . 1.

T IMI s g-s I sysm by Eu Cmmss mxgs b m us MmbSs mk gs. F mm, m xgs IMI k usu Dv 2005/36/EC (ss

qufis v) (54) Dv 2006/123/EC (svs v) (55) y.

T EDPS fis k subgu A 29 Wkg Py, su kg y s CPCS IMI (56). T EDPS sv s Ru CPCS. Subsquy, uum 2007, EDPS s sy vv - :

Cmmss s mg mm-g us CPCS; Cmmss s ss IMI.

T EDPS su sbsm sysms xg m. Su sm- sysms my y ffiy , bu y my s su m- b s. Ty my

(54) Dv 2005/36/EC Eu Pm Cu 7 Smb 2005 g ss qufis,s x ubs OJ L 271, 16.10.2007, . 18.(55) Dv 2006/123/EC Eu Pm Cu 12 Dmb 2006 svs mk, OJ L 376,27.12.2006, . 36.(56) WP 139 WP 140 20 Smb 2007, ubs bs kg y.

Statistics can include personal inormation.


57/110

Annual Report 2007

56

s by vg mk -m b xg, m, u

s.

Nvss, sbsm s sysm s s sks. Ts u, msmy, m mg b s mby sy ssy uss ffi- , , ug yu u , mg m sysm g s ssy. T suy bs ssb 27 Mmb Ss s s ssv ssu, s sysm s y s s s k-s k k ms b. T, EDPS mm ssu b ss msvy b v gy bg Cmmssss sysm.

RFID stakeholder group

I My 2007, EDPS s v by EuCmmss j, s bsv, RFID x sk gu u ys. T ms-s gu s sss Cmmss :

g mm, s b sm vy 2007;

vg gus RFID ssu ;ssssg u gsv ss;

ysg u ffs ggmv s I gs;

sug Cmmsss v mss mgs.

T EDPS vy fiv mgs gs 2007 v su-

v yss susss gu. T EDPS u u gu 2008, sygg g I gs gv ssus RFID.

Data retention expert group

T EDPS vus mgs x gu . T 14 Dv 2006/24 gss -gs g mmus gg y gm qums m us my vv. I

b v ug sg x

bs s ms, Cmmsss sbs gu ms MmbSs m us, sss mmus usy, svs Eu Pm us, including the European Data ProtectionSupervisor.

T gu b my sbs 2008, bus y v 2007 ssss .

3.7. New developments

T fiv svs uu g ( gy, m Lsb y, m, gb vy jus, umm v), s fi EDPS mmu m-m v, svs g uu vs EDPS.

3.7.1. Interaction with technology

I 2005 u , EDPS gg g s m sy usgy y u s vm:

(1) vyy vm m u ubqu-us k ss s;

(2) ms um b; (3) ss sg y.

S s sm, s mgg gs v s u sm v-ms b sy s y

x v v m EU - mk. Sm m s b.

rends

I 1984, Wm Gbs (57) sb ybss vuy vm m sy. M 20 ys m sy g b s s bu s gg, gs g y ms vy -vu.

(57) Neuromancer, Wm Gbs, A , Juy 1984.


58/110

Annual Report 2007

57

As s Firstmonday(58), -v ju I, us/vus s s m u sug s- b 2.0 s s u by s/ s g s busss s v s.

Te increase in social computing applications

T s vus s sgy gsug us-v s by ms s . Ts s,

gv s b-bs s ks, bu suss umb uss ,

u fig s fis us by s bvus .

T EDPS ss s m s g vm s x v mj m . I ms b s

xsg Eu g mk v suffi . S-fi s b gv - ( mg s s v uss m s ssg ), by gu sgy v ss. T EDPS ms fis s ssu 2007 by EuNk Im Suy Agy (ENISA)

ss sm suy ssus suggss -

(58) ://.fismy.g/ISSUES/ssu12_3/su/

mms s m-ug s (59).

S mug s -ks s fi us bus-ss vm v by vm m -s sg y suby ug s sv ms g s- u (60).

Data centres, virtualisation andremote data storage

Su by mg s fi

vusy mk vm ssb, s my u sk

, m sfiy s , vb ss u . Rm sg

b s y mgg, bu mk s s s b su. Jus s

s ks, ss fi s sbu mug sus bmsgy bm.

W ssg s , s -- sg s, s s v u mu-g, mm Eu mk fi sgyu s uyg s -y.

As u s mm

v (61), EDPS s-s g s g v-ms sv vs s s s busss ms, gs v sm uvb, kg s s. O msv gmsmg b , ffv k sy, mms msv ss

European Data Protection Supervisor Annual Report 2007

Documents