European Data Protection Supervisor (Controleur europeen de la protection des donnees)

Similar documents
Rhineland Palatinate: Data Protection Commissioner (Landesbeauaftragte fur den Datenschutz Rheinland-Pfalz)

Mecklenburg West Pomerania: Data Protection Commissioner (Landesbeauftragte fiir den Datenschutz Mecklenburg-Vorpommern)

AUSTRALIA: New South Wales: Privacy Commissioner

Northern Territory: Information Commissioner

Saxony-Anhalt: Data Protection Commissioner (Landesbeauftragter far den Datenschutz Sachen-Anhalt)

Hesse: Data Protection Commissioner (Hessische Datenschutzbeauftrage)

(a) national Authority

11th Conference on Data Protection and Data Security - DuD 2009 Berlin, 8 June 2009

Brussels, 7 May 2009 (Case ) 1. Procedure

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

THE LEGAL CONVERGENCE CRITERION AND THE CZECH REPUBLIC

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

1.4. On 15 November 2005 a request for further information was sent to the DPO at the Translation Centre. The DPO replied on 4 December 2005.

ARTICLE 29 Data Protection Working Party

ARTICLE 29 DATA PROTECTION WORKING PARTY

EUROPEAN DATA PROTECTION SUPERVISOR

Independence and powers of independent supervisory authorities

Community legal framework for a

EU Institutions: An overview. Prof Antonino Alì, Elements of EU Law MEIS, School of International Studies, Trento, a.a. 2016/2017

4. EU Charter of Fundamental Rights

DRAFT RULES OF PROCEDURE OF THE JOINT PARLIAMENTARY SCRUTINY GROUP ON EUROPOL (version 6 September 2017) PREAMBLE

GUIDELINES CONCERNING THE PROCESSING OPERATIONS IN THE FIELD OF STAFF RECRUITMENT

DATA PROTECTION POLICY 2016

MODERNISING THE CIVIL SERVICE Francisco Cardona OECD, Sigma Programme

TEXTS ADOPTED. European Parliament resolution of 28 October 2015 on the European Citizens Initiative (2014/2257(INI))

Information Requirements in the Consumer Rights Directive Proposal and in Other Directives

CONFERENCE. Training to Leadership: going to the concrete problems

CNPD Training: Data Protection Basics

EUROPEAN PARLIAMENT. Committee on Civil Liberties, Justice and Home Affairs (8958/2004 C6-0198/ /0813(CNS))

Vacancy for the post of Senior Planning Officer (AD 7) in the European Asylum Support Office (EASO) REF.: EASO/2017/TA/007

External Vacancy Notice in the European Asylum Support Office (EASO) REF.: EASO/2018/TA/011

COMMISSION OF THE EUROPEAN COMMUNITIES. Amended proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Belgium-Brussels: HOME/2015/ISFP/PR/DRUG/0062 Waste water analysis report on the stimulant illicit drug markets in the EU 2016/S

EBA/CP/2013/12 21 May Consultation Paper

This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents

Committee on Rules of Procedure, Immunities and Institutional Affairs

European Commission, Task Force for the Preparation and Conduct of the Negotiations with the United Kingdom under Article 50 TEU

Vacancy for two posts of Programme Manager (Contract Agent FG IV) in the Shift2Rail Joint Undertaking. REF.: Shift2Rail/2016/01.

EDPS - European Data Protection Supervisor CEPD - Contrôleur européen de la protection des données

THE REGULATORY AUTHORITIES

RIGHT TO INFORMATION IN INTERNATIONAL ORGANIZATIONS

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs

MACQUARIE TELECOM GROUP LIMITED CORPORATE GOVERNANCE

LEGAL BASIS COMMON RULES

DATA PROTECTION AUTHORITY IN POLAND

(2007/C 255/02) Having regard to the Treaty establishing the European Community, and in particular its Article 286,

Europol/2017/TA/AD6/307

Guidelines on the management body of market operators and data reporting services providers

JOINT DECLARATION ON COMBATING TERRORISM

Protocol for Consultation with Trade Union Safety representatives.

COMMISSION OF THE EUROPEAN COMMUNITIES. Draft INTERINSTITUTIONAL AGREEMENT. on the operating framework for the European regulatory agencies

EU Charter of Fundamental Rights

Radiation Protection Approach. André-Claude LACOSTE Chairman of ASN

Addendum to the Central Bank of Ireland Fitness and Probity Individual Questionnaire

Roles and functions of Ombudsman and current complaint mechanisms in Pacific Islands

The draft Opinion was sent to the DPO for comments on 24 November These were received on 16 January 2012.

EUROPEAN PARLIAMENT AND COUNCIL

MANDATORY TRANSPARENCY REGISTER

External Vacancy Notice in the European Asylum Support Office (EASO) REF.: EASO/2019/TA/002

Vacancy for a post of Data Protection Officer (Temporary Agent, AD 5) in the European Asylum Support Office (EASO) REF.

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Senior Policy and Research Officer (Temporary) (Fixed Term)

Vacancy for a post of General Affairs Assistant (Contract Agent, FG III) in the European Asylum Support Office (EASO) REF.

ARTICLE 29 DATA PROTECTION WORKING PARTY

Disciplinary and Dismissal Procedure

Vacancy for a post of HR Assistant (Temporary Agent, AST 3) in the European Asylum Support Office (EASO) REF.: EASO/2017/TA/029

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT

CM1702. Note on the interparliamentary scrutiny of Europol

Vacancy for a post of Communications Assistant (Contract Agent, FG III) in the European Asylum Support Office (EASO) REF.

Global Forum on Competition

ARTICLE 29 Data Protection Working Party

Template of the Statement of Compliance

Statements at the European Council on Denmark (Edinburgh, 11 and 12 December 1992)

EUROPEAN DATA PROTECTION SUPERVISOR

Syntel Human Resources Privacy Statement

Vacancy for a post of HR Officer (Temporary Agent, AD 5) in the European Asylum Support Office (EASO) REF.: EASO/2017/TA/030

European Union Recruitment Privacy Policy

The EESC secretariat employs approximately 700 staff and manages a budget of around EUR 135 million.

DGE 2 EUROPEAN UNION. Brussels, 21 March 2018 (OR. en) 2016/0149 (COD) PE-CONS 69/17

PROJECT AGAINST CORRUPTION IN ALBANIA (PACA) TECHNICAL PAPER ASSESSMENT AND RECOMMENDATIONS CONCERNING DRAFT AMENDMENTS

Comment on the Commission Communication of 27 May 2009 on European financial supervision

Regulation No 170 Rīga Rules of Procedure of the Cabinet of Ministers. I. General Provisions

Vacancy for a post of Senior Officer Executive Support (Temporary Agent, AD 7) in the European Asylum Support Office (EASO) REF.

CALL FOR EXPRESSION OF INTEREST FOR CONTRACT STAFF OFFICE ASSISTANT VACANCY NOTICE

7502/18 1 JUR LIMITE EN

EUROPEAN CENTRAL BANK INDEPENDENCE, TRANSPARENCY AND ACCOUNTABILITY

Whistle-blowing. Policy and Procedure

POLICY ON TRADE UNION RECOGNITION AND FACILITIES AND TIME OFF FOR TRADE UNION REPRESENTATIVES

Consultation Paper. Draft Regulatory Technical Standards

Belgium-Brussels: Provision of cloud services for ECHO 2014/S Contract notice. Services

External Vacancy Notice in the European Asylum Support Office (EASO) REF.: EASO/2019/TA/005

Vacancy for a post of Procurement Officer (Temporary Agent, AD 6) in the European Asylum Support Office (EASO) REF.

HEAD OF FINANCE AND PROCUREMENT UNIT

GRIEVANCE POLICY T H I S P O L I C Y W A S S U M M E R A P P R O V E D : T H I S P O L I C Y W I L L B E R E V I E W E D : S U M M E R

Understanding the European Council in Lisbon and the Reform Treaty. Jean-Dominique Giuliani Chairman of the Robert Schuman Foundation

EUROPEAN PARLIAMENT COUNCIL COMMISSION

EDPS Opinion on safeguards and derogations under Article 89 GDPR in the context of a proposal for a Regulation on integrated farm statistics

UK Law Enforcement and GDPR

EXPLANATORY MEMORANDUM

Data Protection Policy

Transcription:

European Data Protection Supervisor (Controleur europeen de la protection des donnees)

APPLICATION FORM FOR ACCREDITATION As A DATA PROTECTION AUTHORITY Application to the Credentials Committee for accreditation as a data protection authority pursuant to the resolutions adopted at the 23rd International Conference of Data Protection and Privacy Commissioners at Paris on 25th September 2001. : (a) (b) (c) (d) Please complete application in French or English. Please keep answers brief and to the point. Please ensure that all 33 questions are answered If you retype the form, please include the numbered questions with your answers. It is possible to avoid such retyping by getting the electronic application form in French or in English upon request by e m at credentials@privacy.org.nz Details of applicant 1. Name and postal address of authority European Data Protection Supervisor, Rue Wiertz 60, B-1047 Brussels, Belgium 2. Contact person for this application: (a) (b) Name Peter J. Hustinx (or Joaquin Bayo Delgado) Email address (c) Direct telephone number (d) Fax contact c_ Type of application 3. The application is for accreditation as: (a) national Authority (b) sub-national Authority (c) Authority within an international, if yes which one NO NO YES, European Union

Description of applicant Description of Authority (e.g. commissioner, commission, board etc) EDPS (Commissioner) and Assistant EDPS (Assistant Commissioner) 5. Is the Authority a public body? YES 6. Geographical jurisdiction European Union 7. Sectoral coverage (i.e. does the applicant's jurisdiction covet the entire public and private sectors? If only part of a sector or if there are significant activities not covered, please specify) Community institutions and bodies insofar as processing of personal data is carried out in the exercise of activities all or part of which fall within the scope of Community law. This means public sector at international level only, with exception of activities that are fully within "third pillar" (cooperation between member states in the field of security, police and criminal justice). (Article 3 of Regulation 45/2001). 8. Is the tole of the Authority mainly concerned with data protection and privacy? YES Legal basis 9. Title of law under which the Authority is constituted Regulation (EC) No. 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (Official Journal L 8, 12-1-2001, p. 1-22). 10. Is this principally a data protection law? YES 11. Status of the law (e.g. statute, regulation, executive order) Regulation (primary law) provided for in Article 286 of EC Treaty. 12. Which body made the law? European Parliament and Council, acting on proposal from European Commission, according to Article 251 of EC Treaty 13. What body has the power to amend or revoke the law? Same as sub 12. 2

Autonomy and independence 14. Who appoints member(s) of the Authority? (Please explain if a different process applies to the presiding member from other Authority members in this question and in subsequent questions.) EDPS and Assistant EDPS are appointed by European Parliament and Council (Article 42.1 of Regulation 45/2001). 15. What process is followed? Appointment by EP and Council by common accord, on the basis of a list drawn up by Commission following a public call for candidates. Candidates on this list appear in EP for a public hearing. 16. For what term are appointments made? Five years. 17. Does the law under which the Authority operates explicitly state that it acts independently? YES (Article 44 of Regulation 45/2001) 18. May the member(s) be removed before expiry of their teini? YES 19. If yes, who may remove members of the Authority before expiry of their term? Court of Justice of European Communities, at request of European Parliament, Council or Commission (Article 42.5 of Regulation 45/2001). 20. Are there limited reasons specified in the statute, or in another law, providing the permitted grounds for removal? (see 21). 21. What are the grounds for removal? If they no longer fulfil the conditions required for performance of duties, or if they are guilty of serious misconduct (Article 42.5 of Regulation 45/2001). 22. Does the Authority possess the following powers (briefly describe and give statutory references) (a) to initiate an investigation "ex officio": YES details: conduct inquiries on own initiative or on basis of a complaint, and obtain access to information and premises (Article 46.b and 47.2 of Regulation 45/2001). (b) to report to the head of State, head of Government or legislature: YES details: refer the matter if necessary to European Parliament, Council and Commission (Article 47.1.g of Regulation 45/2001) 3

(c) make public statements YES details: Powers and duties imply power to make public statements, where appropriate (Articles 44-47 of Regulation 45/2001), in conformity with general principles on transparency. See also publication of special reports mentioned in preamble (sub 25), and annual activities report (Article 48). 23. Does the Authority (and its staff) have immunity from legal suit for actions performed in the course of their duties? Protocol on Privileges and Immunities of European Communities also applies to EDPS. Staff members are subject to relevant Rules and Regulations for EC servants. Decisions of EDPS are subject to jurisdiction of EC Court of Justice (Articles 32, 42.7 and 43.5 of Regulation 45/2001). 24. Applicants may list any other measures set out in the statute or in other laws which guarantee the Authority's independence (for example if the law provides specifically that the Authority's finances are protected). EDPS is new institution with separate budget in Section of EU general budget, and independence in staff matters (Article 43 of Regulation 45/2001). Independent position is comparable to European Ombudsman and members of EC Court of Justice. Consistency with international instruments 25. Does the Authority explicitly implement any international instrument (for example if the law under which the Authority operates specifies that it implements such international instrument)? YES If "yes", which of the following does it principally implement? (a) OECD Guidelines (1980) NO (b) (i) Council of Europe Convention No 108 (1981) NO (ii) Council of Europe Additional Protocol (8 November 2001) NO (c) UN Guidelines (1990) NO (d) EU Directive (1995) YES 26. Does the law instead, or additionally, implement any general or specific international instrument? (If so, list the international body and the instrument) Article 286 EC Treaty as well as Directives 95/46/EC (data protection) and 97/66/EC (communication and privacy). 4

27. Have significant questions been raised about the extent to which the law is consistent with the international instruments which are claimed to be implement in answer to questions 25 and 26? (Applicants should supply further information to assist the Committee including a description of any measures under way to address these inconsistencies.) Not relevant Appropriate functions 28. Does the Authority possess functions in any of the following areas (briefly describe and give statutory references): (a) compliance (e.g. audit, inspection) YES details: conduct inquiries, monitor & ensure application; obtain access to information and premises (Articles 46.b-c and 47.2 of Regulation 45/2001) (b) approvals (e.g. prior-checking, notification) YES details: prior checking in cases of special risks leads to opinion, and where necessary intervention (Articles 27 and 47.1 of Regulation 45/2001). See also specific decisions referred to in Article 46.h of Regulation 45/2001. (c) redress for individuals (e.g. complaints, conciliation enforcement) YES details: complaints by Community staff and other individuals (Articles 32.2 and 33 of Regulation 45/2001), and appropriate redress (Article 47.1.b-h of Regulation). (d) sanctions available to Authority (for example, prosecution and enforcement YES details: different sanctions in Article 47.1 of Regulation 45/2001. See also Article 49 on disciplinary sanctions. (e) guidance (e.g. compliance advice) YES details: advising data subjects and Community institutions and bodies (Articles 46.d and 47.1.a of Regulation 45/2001). (f) public education YES details: implied in general tasks (Articles 41, 46.c and 47.1.a of Regulation 45/2001). See also cooperation with Data Protection Officers (Article 24.1 of Regulation 45/2001). 5

(g) policy advice for government YES details: advising Community institutions and bodies (Articles 28 and 46.d of Regulation 45/2001). (h) studies or research (e.g. into developing technologies, privacy issues) YES details: monitoring new developments (Article 46.e of Regulation 45/2001). Additional comments 29. Applicants are invited to offer any further comments that they wish. EDPS has been active since February 2004. Other materials 30. List any attachments which will accompany the application as an electronic attachment or to follow by post. Not relevant 31. If law under which the Authority operates is accessible on the Internet, please give the reference URL: http://europa.eu.int/comm/internal market/privacy/application en.htm. Also at www.edps.eu.int (in the course of June 2004). 32. If a recent annual report of the Authority (or a similar recent publication outlining typical activities) is available on the Internet, please give the reference First annual report will be published in 2005. However, some additional information is available at www.edps.eu.int (in the course of June 2004). Research use 33. With the consent of applicants, the Committee proposes to make copies of the applications available to appropriate researchers approved by the Committee to facilitate a study on data protection. Please indicate whether you agree to this use: 0 I agree to this application being released to a researcher YES 6

Making the application The application should be emailed to the credentials committee at credentials@privacy.org.nz If sent as an email attachment it should be in M/S Word. If unable to email the application, it should be posted to: Credentials Committee Cl- Privacy Commissioner P 0 Box 466 Auckland New Zealand The Committee needs access to a copy of the law under which the Authority is constituted. This need not be supplied in hard copy if it is available on the Internet and listed at question 31. If the law itself is not in English or French, it will be useful to supply an English or French summary or translation if one exists. Use of information The information in this form will be used for processing the application and will be disclosed to members of the committee and their staff (being the commissioners from New Zealand, France and the United Kingdom) and future committees. It may be also disclosed also to the Data Protection Authorities which participate to the international conference and approved researchers. Any personal data contained in the form is available for access and correction in accordance with the applicable data protection laws of current and future committees. In the first instance it is subject to the New Zealand Privacy Act 1993. 7

ACCREDITATION OF DATA PROTECTION AUTHORITY CHECKLIST FOR THE CREDENTIALS SUB-GROUP 1 Name of Authority European Data Protection Supervisor, European Union 2 Does the authority have clear and wide ranging data protection functions covering a broad area of economic activity (eg not just an advising body or a body operating in a narrow field such as medical privacy)? No Don't know This is arguable either way. Although it covers only EU institutions and bodies, these are numerous (not a single international organisation but approaching 20 at least) ranging from the European Commission to the European Central Bank and it covers all DP aspects affecting them. These bodies such as the European Court of Justice and the ECB have very different functions so there is breadth in the subject matter covered, but this falls short of saying the whole of the public sector is covered but is much wider than the Council of Europe or sectorally focussed international cooperation bodies such as Interpol or Europol. I agree. 3 Legal Basis. Is the authority a public body established on an appropriate legal basis (eg by statute or regulation)? EU Regulation 45/2001 under Article 286 of EC Treaty No Don't know 4 Autonomy and Independence? Is the authority guaranteed on appropriate degree of autonomy and independence to perform its functions (eg the power to make public statements and protection from removal from office)? Art. 44 guarantees independence. It is required to make reports and there is appropriate protection in the mechanisms for removal from office No

Don't know 5 Consistency with International Instruments. Is the law under which the authority operates compatible with at least one of the international instruments dealing with data protection and privacy (eg EU Directive, OECD Guidelines, Council of Europe Convention)? EU Directive No Don't know 6 Appropriate Functions. Does the authority have an appropriate range of functions with the legal powers necessary to perform those functions (eg the power to receive and investigate complaints from individuals without seeking peimission)? Full range of functions including enforcement via ability to ban processing I agree. No Don't know 7 Does the Sub-group recommend accreditation? No 8 If accreditation is recommended what is the accreditation as? National authority (within the UN criteria) Authority within a limited sub-national territory Authority within an international or supranational body 9 If accreditation is as an authority within an international/supranational body does the recommendation include voting rights? Voting Rights No Voting Rights The European Union and its institutions operates at supra national level within the EU member states. It has its own legal system, and parliament. This is not clear cut. The EDPS essentially covers the whole of the European Union civil service, judicial, parliamentary, regulatory and other diverse functions undertaken by numerous bodies. It is not concentrated on a single or small

number of narrowly focussed bodies. Its range of competence covers not only the Commission but the Parliament, ECJ and European central financial institutions such as the ECB and many smaller EU institutions. This range could equate to substantial portion of the public sector activities. On balance voting rights seem appropriate I agree. The conference rules anticipate that sometimes a vote might be conferred upon a supranational DPA. I can't think of a stronger candidate now or in the foreseeable future. See my additional notes below. 10 If accreditation is not recommended does the Sub Group recommend that accreditation is refused or is more infoimation needed before a decision can be made? Refusal More Information 11 If accreditation is not recommended and the application is from an authority with narrow functions does the Sub Group recommend that, at the discretion of the conference host, observer status is granted? Not Applicable Not

Additional notes on voting rights: I agree that we could recommend voting rights for the EDPS. I think we ought, if possible, offer some guide to the conference as to what we think is an appropriate approach. Drawing out the EDPS qualities, and our misgivings over the narrow focus of last year's applicants, perhaps we might emphasise: 1. The international or supranational body should itself cover a significant number of countries (pre-empting any bilateral or similar small groupings where we wouldn't want to hand out votes) 2. The DPA should not be too narrowly focused in its activities, it should cover a broad range of institutions and/or data processing activities 3. The case for accreditation should be strong on all accreditation principles (i.e. not a borderline case on, say, legal basis, compatibility with international instruments, range of functions or independence). A further (and unrelated) thought on granting the EDPS the vote. Will the EDPS have to exercise the vote in conjunction with the other EU DPAs already accredited (i.e. the Customs, Schengen and Europol JSAs) or does this cause difficulty between ft/2nd and 3rd pillar institutions? Does the Credentials Committee have to address the issue or leave it for the bodies concerned to sort out? Signed on behalf of the Subgroup: Jonathan Bamford Date: 3/06/04 Blair Stewart Date: 18 June 2004 Date: Note: 2 signatures required for recommendations for accreditation. 3 signatures required for recommendations for refusal

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback