The protection of the right to privacy and the protection of personal data – as set out in article 8 of the EU Charter on Fundamental Rights – are important concerns for the European External Action Service (EEAS) as a European public administration.
To meet its obligations to citizens, the EEAS frequently needs to collect, process and retain personal data, such as names, office addresses, phone numbers, photos or other data, including more sensitive information through procurements, calls for tenders or conference invitations.
What is personal data?
Personal data is information relating to you only, which makes you identifiable – your name, photo, phone number, birth date, e mail address, car number plate, etc.
How does the EEAS process your personal data?
EU Regulation 45/2001 on the processing of personal data, as implemented in the EEAS by its Decision of 8 December 2011 ensure that your data are:
- processed fairly and lawfully
- collected for limited and explicit purposes
- accurate and kept up-to-date
- kept for no longer than necessary
- not transferred to third parties without adequate precautions
- processed in accordance to your rights as a data subject.
These rules apply to all departments within the EEAS and all EU Delegations that process information identifying individuals. The EEAS Data Protection Office must be notified in advance of any operation involving such data collection, consultation, transmission or organisation. All data of a personal nature provided to the EEAS - namely data which can identify a person directly or indirectly - will be handled with the necessary care.
The EEAS respects the 7 principles for personal data processing set out in the EU Directive 95/46/EC and in the EU Regulation 45/2001:
1. Notice – people whose data is being collected, processed and kept should be informed
2. Purpose – data collected should be used only for the stated purpose(s) and for no other
3. Consent – personal data should not be disclosed or shared with third parties without the consent of the person concerned
4. Security – once collected, personal data should be kept safe and secure from potential abuse, theft, or loss
5. Disclosure – people whose personal data is being collected should be told which party or parties are doing this
6. Access – people should granted access to their personal data and allowed to correct any inaccuracies
7. Accountability – people should be able to hold personal data collectors accountable for following all these principles.
See also: EEAS Data Protection – detailed overview