Do you have a private life at your workplace?
|
|
- Ilene Wiggins
- 8 years ago
- Views:
Transcription
1 Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli
2 In the course of his supervisory activities, the EDPS has published positions on a number of matters that illustrate the difficult balance to be struck in the field of Privacy in the Workplace. I would like to briefly touch upon some of the most significant examples, notably in the areas of internet and telephony monitoring, staff productivity and work quality, flexible working and video surveillance. The main data protection legislation that applies to Community institutions and bodies is Regulation (EC) 45/2001 which governs the processing of personal data and the free movement of such data. In addition there are specific provisions on data protection in the electronic communications sector outlined in the e-privacy Directive (2002/58/EC). Regulation (EC) 45/2001 specifies that the independent supervisory authority required under Article 286 EC Treaty is the European Data Protection Supervisor (EDPS). The supervisory tasks of the EDPS are performed through a range of activities such as the prior checking of processing operations presenting specific risks, complaints received from staff members and other data subjects, and consultations received from the DPOs of the EC institutions and bodies. They cover all Community institutions and bodies (as opposed to "Union" institutions and bodies), excluding the Court of Justice acting in its judicial capacity. e-monitoring Perhaps the most illustrative and complicated area in this field is that of the monitoring of communications (otherwise referred to as "e-monitoring") whether these be communications, use of the internet or the use of mobile or fixed telephony. The recitals to Regulation (EC) 45/2001 provide that it may be necessary to monitor the computer networks operated under the control of the Community institutions and bodies for the purposes of prevention of unauthorised use, and that the EDPS should determine whether and under what conditions this should occur. There is therefore recognition that some sort of monitoring is permitted, but that this monitoring must be done in accordance with the rules provided for in the Regulation, notably that of necessity and proportionality. The EDPS has indicated his preference for a preventive approach to the misuse of communication networks rather than a repressive one, and for selective monitoring only in specific well defined cases, rather than for monitoring across the board. In the event of a breach of the usage policy, the EDPS recommends a gradual approach to any investigations, where the identity of persons breaching the rules is only revealed to management when absolutely necessary. Regarding the monitoring of the use of internet, the EDPS considered in a prior checking opinion that, in the absence of adequate suspicion, the monitoring of all the URL's visited by all users is unnecessary and excessive. The EDPS advised institutions to make use of indicators (for example, volume of data downloaded) rather than monitoring all URLs. Only in certain specific circumstances, could it be 2
3 considered necessary for the institution to monitor all the URLs accessed by specific individuals. This is the case, for example, when there is an adequate suspicion that a given user is engaged in criminal behaviour (e.g. downloading paedophilic material). Proportionality also guided the EDPS approach to the monitoring of professional telephone communications where the EDPS considered that targeted monitoring of traffic data could only take place if the costs of the communications were well above the average costs of communications per month. As for the recording of communications at the workplace, Article 36 of Regulation (EC) 45/2001 provides that the Community institutions and agencies must ensure the confidentiality of communications in accordance with the general principles of Community law. These general principles refer to the notion of fundamental rights as laid down by the European Convention on Human Rights. The EDPS therefore advocates that a breach of the confidentiality of communications may only take place in exceptional circumstances where there are no other less invasive or intrusive means available and a number of very strict conditions have been satisfied. Criminal investigations of course remain the competence of the Member States. On the other hand, the EDPS has authorised the recording of certain professional communications by the European Central Bank in the context of standard business transactions for the purposes of proof of the transaction and with the consent of the parties to the communication. The EDPS also considered that the recording of calls to the Helpdesk of an institution could be used for the purposes of solving the IT problem with the consent of the parties involved, but found that further use of the recordings for quality control and training purposes overstepped the acceptable limits of necessity. The EDPS therefore invited the institution concerned to make the data anonymous or to obtain the consent of the parties involved. The recording of communications to an emergency unit was also considered as lawful by the EDPS based on the obligations of the institution according to internal rules or National security provisions (in the case of an agency or institution on a nuclear site, for example). Monitoring staff availability, productivity and work quality There is an increasing trend among Community institutions and bodies to use IT databases to monitor the availability and use of their human resources, and in particular, to monitor the productivity and quality of work, both individually and organisationally. Some agencies have gone as far as setting up IT systems feeding large amounts of data into them precisely for these purposes. For example, one agency set up a system whereby certain managers (senior case workers and some head of units) randomly reviewed selected outputs (decisions, letters, etc) of employees. The results of these reviews (containing, for example, the types of mistakes made by an individual) were then fed into an electronic database. Another agency required staff members to keep detailed timesheets broken down by over 50 specific categories 3
4 and subcategories in much the same way as an international law firm would do for billing purposes. Again, this was fed into a database. We have also seen some efforts to create databases of multi-layered competencies within an organisation, to enable management to have an accurate view of the skill sets of its staff and therefore optimise the use of its human resources. The common aim of all these initiatives is to measure how organizations use their human resources, and to help improve the productivity and overall quality of work. However, there is often an additional, sometimes insufficiently explicit, goal of monitoring individual's productivity or work quality, for purposes of performance evaluation. Such monitoring is then used to inform decisions that may affect these employees, such as the distribution of tasks, temporary staff contract renewals, or promotions. In practice, monitoring for these purposes has a place in a modern administrative culture. However, it is important to carry out this monitoring in a privacy-friendly and data protection compliant manner. Organisations must be very clear on what they wish to accomplish and why. Institutions must bear in mind that there is an obvious relationship between the number of targets, criteria, and checks that are in place to monitor the use of time, productivity, and quality of work, and the amount of stress experienced by staff. As well as undermining trust between an organisation and its employees, such steps could be counter-productive leading to increases in absence rates and staff turnover. Therefore, the EDPS has emphasised the need to always consider whether there is indeed a need for the specific monitoring proposed, whether the monitoring is excessive, and whether there are alternative methods of achieving the same goals. We have also emphasised the need to make monitoring policies explicit, detailing them in formal decisions or manuals written in user-friendly language, and discussing them with staff representatives before adoption of any system. Further, the EDPS has stressed that such procedures must ensure a high level of data accuracy, reliability, and consistency. Even with such safeguards EDPS advises that management must clearly and explicitly recognise the limitations of the data to inform decisions, especially those affecting individual staff. In one case, the EDPS considered that it was legitimate for management in a translation unit to monitor the individual productivity of their staff. However this should not be the sole tool for evaluation and sufficient guarantees must be provided to staff members to rectify inaccurate data or to provide justifications for certain figures. Flexitime Another relevant area in the field of privacy at the workplace is that of monitoring the working hours of staff. Many institutions and agencies have put policies into place to allow staff to adopt flexible working hours (flexitime). The EDPS has reminded institutions that the data recorded by any flexitime system should not be used to monitor attendance at work on a general basis. This approach was highlighted by the objection of the EDPS to the sending of electronic mails to heads of units when a staff member registered his/her working hours on a flexi-system. The EDPS also marked his objection to the use of access control data to check the correct use of the flexitime system on a systematic basis. He ordered that the access control data could only be used as part of a pre-determined administrative procedure enquiring into a specific and well-founded suspicion of fraud of the flexitime system. 4
5 Security investigations Another area of concern regarding privacy in the workplace is that of security enquiries which are performed in some institutions and agencies. The security departments of some of the institutions and bodies are permitted to take certain measures against criminal or unlawful acts against buildings occupied by the institution/body or persons working within these buildings (or having access to them), as well as against any other acts which may prejudice the institution. Here again, the EDPS underlined the importance of the proportionality of such investigations notably the "necessity" of the processing which must be assessed on a case by case basis. From this perspective, the EDPS has underlined that the processing of personal data to be conducted in the context of the investigations has to be proportional not only to the general purpose of the processing operation (investigating criminal offences, protecting people and property, etc) but also to the particular purpose of the processing operation in the context of the case (considering, for instance, the seriousness of the incident under investigation, the sort of data needed to clarify the facts, etc.). In the context of such investigations, the EDPS also reminded institutions that whenever access to personal data appears to be necessary for the purposes of the investigation, such access should respect appropriate guarantees, taking into account any potential risk of inadmissibility of the evidence in a possible future criminal case, which could arise if the fundamental rights to privacy and personal data protection were not respected when the evidence was collected. Particular attention must be paid to respecting these principles when access to files which are manifestly of a private nature seems necessary for the purposes of the investigation. These same principles also apply to processing operations involving the forensic examination of computers. The EDPS considers that specific precautions should be taken regarding access to the contents of a computer belonging to a Community institution, since it may also contain files used by the employee for private purposes (for instance in the folder "My documents", or s marked as "private"), or files which are not relevant to or are excessive for the purposes of the investigation. Forensic examination of computers must be subject to particular authorisation mechanisms. In this respect, the EDPS recommends the adoption of formal procedures for the conduct of forensic examinations of computers, which will also help to ensure that the principle of data quality is respected. Video-surveillance Video-surveillance is another area with a significant impact on privacy in the workplace. We all know that video-surveillance has become a popular tool to tackle security issues. It also has an increasing presence within the European Community institutions and bodies who use this technology to help ensure the security of their buildings, the safety of staff and visitors, as well as to protect property and information located on their premises. 5
6 Despite its popularity and potential benefits, there are fundamental rights at stake, such as the right to privacy in the workplace, the right to be free from discrimination, freedom of speech and freedom of assembly - rights we cherish and all too often take for granted in Europe. Therefore, decisions on whether to install cameras and how to use them should not be made solely on security needs. Rather, security needs must be balanced against respecting the fundamental rights of an individual. In this context and in a climate of increasing concern regarding surveillance, the EDPS is currently working on a set of Video-surveillance Guidelines for Community institutions and bodies. The guidelines are designed to provide practical advice for deciding whether or not to install or use video-surveillance equipment, and when using, how best to address data protection issues. A consultation version of the draft was published in July - I invite you to take a look at it on our website at: We plan to formally publish the guidelines before the end of this year. They focus mainly on video-surveillance for security purposes but they also address the issue of employee monitoring. The compliance framework proposed in the guidelines focuses on the need to move away from a culture of seeing data protection as an administrative burden, to one based on privacy by design, transparency in local decision-making involving all stakeholders, active roles for data protection officers, and institutional accountability. As regards employee monitoring, our strongly held belief is that overly intrusive measures can cause employees unnecessary stress and can also erode trust within an organisation. The use of video-surveillance to monitor how staff members carry out their work should therefore be avoided, apart from in exceptional cases. To determine whether non-security video-surveillance, such as monitoring employees, is permissible, and whether such use requires additional safeguards not provided for in these guidelines, a case-by-case approach is necessary. Therefore, any such proposed video-surveillance should be subject to a privacy and data protection impact assessment by the institution. In this respect, we emphasise accountability and local decision-making. Nevertheless, due to the intrusiveness of employee monitoring, the EDPS also wants to keep a close eye on any such monitoring. Therefore, the institution must also submit its plans to the EDPS for prior checking. Where the institution proposes to use video-surveillance technology to monitor the work of staff, the EDPS will pay special attention to the views and concerns expressed by the institution s staff representatives and whether such views were taken into account. Goals such as managing workplace productivity, ensuring quality control, enforcing the institutions policies, or providing evidence for dispute resolution, alone, do not generally justify the video-surveillance of employees in the context of the work of the institutions. To give you a few simple examples; institutions should not use their existing video-surveillance systems to monitor the efficiency of outsourced cleaning staff carrying out their work in the early morning even if adequate notice were given to them in this regard, and there had been repeated 6
7 complaints regarding their quality of work. Neither should they use video-surveillance footage to check whether employees arrive at work on time or whether their flexitime records correspond to the arrival and departure times recorded on the cameras. As for monitoring triggered by security or health and safety concerns or similar compelling interests in exceptional circumstances, the EDPS will evaluate any such usage on a case-by-case basis. Complex issues also arise as to whether, and if so under what circumstances and subject to what safeguards, video-surveillance footage should be used for internal investigations, such as the investigation of benefit fraud, professional incompetence, employee harassment or procurement fraud. Our general recommendation is that the institutions should clearly state that video-surveillance is not used to control the performance of the employee s work and will also not be used as an investigative tool or evidence in internal investigations or in disciplinary procedures, unless a security incident or criminal behaviour is involved. That said, the guidelines are flexible, and exceptions might be granted, provided that the institutions adequately justify the need and proportionality of the proposed measure in a privacy and data protection impact assessment and a prior checking procedure before the EDPS. Further, practices where an employee is under constant surveillance (continuously in the field of vision of video-surveillance cameras) must be avoided. For example, the institutions should not use video-surveillance cameras to continuously monitor the cashier and the cash register in the canteen during opening hours, even if adequate notice were to be given to the cashier in this regard. One last issue that I would like to mention with regard to video-surveillance in the workplace is that of "covert surveillance". The use of covert surveillance is highly intrusive due to its secretive nature. Further, it has little or no preventive effect and is often merely proposed as a form of entrapment to secure evidence. Therefore, its use should be avoided. Proposed exceptions again must be accompanied by a compelling justification, a privacy and data protection impact assessment and must undergo prior checking by the EDPS who may impose, as necessary, specific data protection safeguards. In principle, the EDPS is unlikely to issue a positive prior checking opinion in this situation unless a number of very strict conditions are satisfied. 7
CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationVideo surveillance at EFSA Implementing rules and technical specifications
Video surveillance at EFSA Implementing rules and technical specifications PUBLIC version 1 Introduction EFSA operates a video surveillance system (hereafter VSS) for the safety and security of its buildings,
More informationThe primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
More informationEuropean Investment Bank Group. Video-surveillance policy
Group TABLE OF CONTENTS 1. Purpose and scope of the video-surveillance policy... 2 2. Respect for privacy, data protection and compliance with the relevant rules... 2 2.1. Compliance status... 2 2.2.
More informationHow To Write A Report On A Recipe Card
Opinion on a notification for Prior Checking received from the Data Protection Officer of the European Investment Bank (EIB) concerning procedures related to "360 Leadership feedback report" Brussels,
More informationCOUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (95) 4 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES
COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (95) 4 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA IN THE AREA OF TELECOMMUNICATION SERVICES, WITH PARTICULAR
More informationEUROPEAN DATA PROTECTION SUPERVISOR
C 47/6 Official Journal of the European Union 25.2.2010 EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission on an Action Plan
More informationVideo surveillance policy (PUBLIC)
29 July 2015 EMA/133708/2015 Administration Division POLICY/0046 POLICY/0046 Effective Date: 01/01/2015 Review Date: 01/01/2018 Supersedes: Version 1 1. Introduction and purpose For the safety and security
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 5401/01/EN/Final WP 55 Working document on the surveillance of electronic communications in the workplace Adopted on 29 May 2002 Comments: * national chapters might
More informationEUROPEAN DATA PROTECTION SUPERVISOR
20.6.2012 Official Journal of the European Union C 177/1 I (Resolutions, recommendations and opinions) OPINIONS EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationEUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL
More informationSTFC Monitoring and Interception policy for Information & Communications Technology Systems and Services
STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationMonitoring and Ensuring Compliance with Regulation (EC) 45/2001. Policy paper. Brussels, 13 December 2010
Monitoring and Ensuring Compliance with Regulation (EC) 45/2001 Policy paper Brussels, 13 December 2010 Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 63 E-mail : edps@edps.europa.eu
More information12th January 2011. Dear Mr. Graham, Complaint: Internet Eyes
12th January 2011 Mr Christopher Graham Information Commissioner The Office of the Information Commissioner, Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF UNITED KINGDOM Dear Mr. Graham, Complaint:
More informationQuick guide to the employment practices code
Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment
More informationHow to Monitor Employee Web Browsing and Email Legally
WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business
More informationValue of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.
Value of the EU Data Protection Reform against the Big Data challenges Keynote address 5th European Data Protection Days Berlin, 4.5.2015 Giovanni Buttarelli European Data Protection Supervisor (Check
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,
Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationon the Proposal for a Regulation of the European Parliament and of the Council laying
Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic
More informationOpinion on a notification for prior checking received from the Data Protection Officer of the Court of Auditors related to Internet monitoring
Opinion on a notification for prior checking received from the Data Protection Officer of the Court of Auditors related to Internet monitoring Brussels, 10 November 2008 (Case 2008-284) 1. Proceedings
More informationSURVEILLANCE AND PRIVACY
info sheet 03.12 SURVEILLANCE AND PRIVACY Info Sheet 03.12 March 2012 This Information Sheet applies to Victorian state and local government organisations that are bound by the Information Privacy Act
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 00451/06/EN WP 118 Working Party 29 Opinion 2/2006 on privacy issues related to the provision of email screening services Adopted on 21 February 2006 This Working
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationPrior checking opinion on the European Surveillance System ("TESSy") notified by the European Centre for Disease Prevention and Control ("ECDC
Prior checking opinion on the European Surveillance System ("TESSy") notified by the European Centre for Disease Prevention and Control ("ECDC") on 22 July 2009 Brussels, 3 September 2010 (case 2009-0474)
More informationCCTV CODE OF PRACTICE
CCTV CODE OF PRACTICE Policy area: Operation of CCTV on University Premises Definitions CCTV means Closed Circuit Television. Control Room(s) means those Control Rooms manned by Security staff at the City,
More informationSUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER
SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001 IN RELATION TO THE DATA PROTECTION OFFICER 10 September 2009 page 1 / 8 SUPPLEMENTARY INTERNAL RULES IMPLEMENTING REGULATION (EC) N 45/2001
More informationSPANISH DATA PROTECTION AGENCY
SPANISH DATA PROTECTION AGENCY 21648 INSTRUCTION 1/2006, of 8 November, by the Spanish Data Protection Agency, on processing personal data for surveillance purposes through camera or video-camera systems.
More informationEmployees monitoring of information and communication technologies private usage Guidelines updated in Portugal
COELHO RIBEIRO E ASSOCIADOS SOCIEDADE CIVIL DE ADVOGADOS Employees monitoring of information and communication technologies private usage Guidelines updated in Portugal CRA Coelho Ribeiro e Associados,
More informationOnline Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications
Brussels, October 8 th 2008 Online Security, Traffic Data and IP Addresses Review of the Regulatory Framework for Electronic Communications Francisco Mingorance Senior Director Government Affairs franciscom@bsa.org
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationHow To Protect Your Privacy In The Workplace
Review of the Workplace Surveillance Act 2005 (NSW) Submission to the NSW Attorney- General s Department January 2011 e m a i l: m a i l @ p r i v a c y. o r g. a u w e bsite : w w w. p r i v a c y. o
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More information23/1/15 Version 1.0 (final)
Information Commissioner s Office response to the Cabinet Office s consultation on the proposal to amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( PECR ), to enable the
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationOpinion of the European Data Protection Supervisor
Opinion of the European Data Protection Supervisor on the Commission Proposal for a Regulation of the European Parliament and of the Council on a European network of Employment Services, workers' access
More informationRegulation of Investigatory Powers Act 2000
Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationCouncil of the European Union Brussels, 12 September 2014 (OR. en)
Council of the European Union Brussels, 12 September 2014 (OR. en) Interinstitutional File: 2013/0409 (COD) 13132/14 NOTE From: To: Presidency DROIPEN 104 COPEN 218 CODEC 1799 Working Party on Substantive
More informationGuidelines on data protection in EU financial services regulation
Guidelines on data protection in EU financial services regulation 1 Contents Table of Contents 10-point checklist for analysing data protection and privacy...4 1. Data protection and financial services
More informationDISCIPLINARY, DISMISSAL AND GRIEVANCE PROCEDURES. Guidance for employers
DISCIPLINARY, DISMISSAL AND GRIEVANCE PROCEDURES Guidance for employers Contents Foreword...1 Chapter 1: Disciplinary and dismissal procedures...2 Communicating your disciplinary and grievance procedures...2
More informationMonitoring Employee Communications: Data Protection and Privacy Issues
Monitoring Employee Communications: Data Protection and Privacy Issues By Anthony Sakrouge, Kate Minett, Daniel Preiskel and Jose Saras Reprinted from Computer and Telecommunications Law Review Issue 8,
More informationCommon position of national authorities within the CPC Network
Common position of national authorities within the CPC Network Assessment of proposals made by Apple, Google and relevant trade associations regarding in-app purchases in online games By letter dated 9
More informationClosed Circuit Television (CCTV) code of practice. Based on the publication A Code of Practice for CCTV www.ico.gov.uk
Closed Circuit Television (CCTV) code of practice Based on the publication A Code of Practice for CCTV www.ico.gov.uk Owner: Ian Heywood Last reviewed: July 2011 Contents 1.0 Introduction... 4 2.0 CCTV
More informationTechnical non-paper on open Internet provisions and related end-user rights (3/6/2015)
Technical non-paper on open Internet provisions and related end-user rights (3/6/2015) This non-paper has been prepared as technical assistance upon the co-legislators' request on 2/6 and shall not be
More informationPhotography and filming in schools Code of Practice
Photography and filming in schools Code of Practice Data Protection compliance September 2010 Photography and filming in schools September 2010 1 Contents 1. About this code 3 2. Complying with the Data
More information2010THE LEGISLATIVE ASSEMBLY FOR THEAUSTRALIAN CAPITAL TERRITORY. WORKPLACE PRIVACY BILL 2010EXPLANATORY STATEMENT Circulated by Amanda Bresnan MLA
2010THE LEGISLATIVE ASSEMBLY FOR THEAUSTRALIAN CAPITAL TERRITORY WORKPLACE PRIVACY BILL 2010EXPLANATORY STATEMENT Circulated by Amanda Bresnan MLA OVERVIEW The objects of this Bill are to ensure that employers
More information4-column document Net neutrality provisions (including recitals)
4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationAMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM
AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationOpinion 04/2012 on Cookie Consent Exemption
ARTICLE 29 DATA PROTECTION WORKING PARTY 00879/12/EN WP 194 Opinion 04/2012 on Cookie Consent Exemption Adopted on 7 June 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is
More informationFormal response to the Consultation Paper: Monitoring and Regulation of Migration
WITHOUT PREJUDICE Formal response to the Consultation Paper: Monitoring and Regulation of Migration 1 October 2004 1. Introduction 1.1. The role of the Office of the Data Protection Registrar ( the Registrar
More informationSelf assessment tool. Using this tool
Self assessment tool How well does your organisation comply with the 12 guiding principles of the surveillance camera code of practice? Complete this easy to use self assessment tool to find out if you
More informationPublic Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner
Submission of the Office of the Data Protection Commissioner (DPC) on the data-sharing and Governance Bill: - Policy Proposals (dated the 1 st of August 2014) Public Consultation regarding Data Sharing
More informationLawlink NSW: Guide to the Workplace Video Surveillance Act
Guide to the Workplace Video Surveillance Act A Guide to the Workplace Video Surveillance Act 1998 (NSW) Privacy NSW February 2002 CONTENTS The Workplace Video Surveillance Act 1998 Coverage of the Act
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 00658/13/EN WP 204 Explanatory Document on the Processor Binding Corporate Rules Adopted on 19 April 2013 This Working Party was set up under Article 29 of Directive
More informationHaving regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof,
Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the encouragement of
More informationCOUNCIL OF EUROPE COMMITTEE OF MINISTERS
COUNCIL OF EUROPE COMMITTEE OF MINISTERS Recommendation Rec(2006)8 of the Committee of Ministers to member states on assistance to crime victims (Adopted by the Committee of Ministers on 14 June 2006 at
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.9.2005 COM(2005) 438 final 2005/0182 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the retention of data processed
More informationGARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS
[doc. web n. 1589969] Spamming: How to Lawfully Email Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof.
More informationParliamentary Security Camera Policy
Parliamentary Security Camera Policy Introduction 1) Security cameras are employed in various parts of the Palace of Westminster and its surrounding estate. They are a vital part of the security system
More informationThe Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper
The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 11601/EN WP 90 Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC Adopted on 27 February 2004 This Working
More informationUniversity of Birmingham. Closed Circuit Television (CCTV) Code of Practice
University of Birmingham Closed Circuit Television (CCTV) Code of Practice University of Birmingham uses closed circuit television (CCTV) images to provide a safe and secure environment for students, staff
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationROMANIA Constitutional Court. DECISION no.1258 1 from 8 October 2009
ROMANIA Constitutional Court DECISION no.1258 1 from 8 October 2009 Regarding the unconstitutionality exception of the provisions of Law no.298/2008 regarding the retention of the data generated or processed
More informationFreedom of information guidance Exemptions guidance Section 41 Information provided in confidence
Freedom of information guidance Exemptions guidance Section 41 Information provided in confidence 14 May 2008 Contents Introduction 2 What information may be covered by this exemption? 3 Was the information
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3
COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationAct on the Protection of Privacy in Working Life (759/2004)
NB: Unofficial translation Ministry of Labour, Finland Chapter 1 - General provisions Section 1 Purpose of the act Act on the Protection of Privacy in Working Life (759/2004) The purpose of this Act is
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationSurveillance Camera Code of Practice. June 2013
Surveillance Camera Code of Practice June 2013 Surveillance Camera Code of Practice Presented to Parliament Pursuant to Section 30 (1) (a) of the Protection of Freedoms Act 2012 June 2013 London: The Stationery
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationPolicy Group: Disputes Resolution. Disciplinary Procedure
Policy Group: Disputes Resolution Disciplinary Procedure Issue details Title: Issue and version number: Officer/Panel Controlling Procedure: Authorisation Level: Authorisation Date: Agreed by SSCF SSDC
More informationAC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010
AC&E Insurance Services Pty Ltd Privacy Statement Effective: 1 August, 2010 AC&E means AC&E Insurance Services Pty Ltd (ABN 69 137 720 757). AC&E has always valued the privacy of personal information.
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationRules for the use of the IT facilities. Effective August 2015 Present
Rules for the use of the IT facilities Effective August 2015 Present INFORMATION MANAGEMENT GUIDE RULES FOR THE USE OF THE UNIVERSITY S IT FACILITIES ( The Rules ) 1. Introduction 2. Interpretation 3.
More informationCorporate Code of Conduct
1. Background Corporate Code of Conduct 1.1. For over a century, the Swire group of companies has been recognised as acting responsibly in the course of achieving its commercial success. Our reputation
More informationCouncil of the European Union Brussels, 26 June 2015 (OR. en)
Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More informationPUBLIC CONSULTATION ON POSTAL SERVICES
EUROPEAN COMMISSION PUBLIC CONSULTATION ON POSTAL SERVICES PART 2 CONSULTATION ENDS JAN 27 2006 NOV 2005 V1.9 Page 1 of 9 PART 2 CONSULTATION ON POSTAL SERVICES Part 2 asks more detailed questions on a
More informationOpinion 03/2013 on purpose limitation
ARTICLE 29 DATA PROTECTION WORKING PARTY 00569/13/EN WP 203 Opinion 03/2013 on purpose limitation Adopted on 2 April 2013 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an
More informationDelegations will find attached a set of Presidency drafting suggestions concerning Articles 1-3 of the above proposal, as well as the Recitals.
COUNCIL OF THE EUROPEAN UNION Brussels, 11 February 2010 6092/10 Interinstitutional File: 2008/0140 (CNS) SOC 75 JAI 108 MI 39 NOTE from : The Presidency to : The Working Party on Social Questions on :
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More information