The protection of the right to privacy and consequently the protection of personal data are important concerns of the European External Action Service (EEAS) as a European public administration. The key legal basis for the rights is article 8 of the EU Charter on Fundamental Rights .

What counts as your personal data?

Your name, your car number plate, a photo of you, your office phone number, your birth place, your nationality, your e-mail address are as many examples of personal data as they relate to you and only you and therefore make you identifiable.

Is your personal data processed by the EEAS?

In its everyday business, the EEAS processes numerous personal data, mostly of its staff but also, in some cases, of members of the general public — through procurements, calls for tenders or conference invitations for instance.
Thus, to meet its obligations to citizens, the European External Action Service frequently needs to collect, process and retain personal data, such as names, addresses or other data, at times more sensitive information.

How does the EEAS process your personal data?

All personal data are processed in accordance with EU Regulation 45/2001 on the processing of personal data , as implemented in the EEAS by its Decision of the High Representative of the Union for Foreign Affairs and Security Policy of 8 December 2011 . The aforementioned Regulation and Decision aim to protect the fundamental freedoms and rights of natural persons with regard to the processing of personal data pertaining to them. The objective is to facilitate the free movement of information under rules that guarantee the rights of individuals and their legitimate expectation that their right to privacy is respected.

It means, therefore, that your data are:

• Processed fairly and lawfully
• Collected for limited and explicit purpose(s)
• Accurate and kept up-to-date
• Kept for no longer than necessary
• Secure
• Not transferred to third parties without adequate precautions
• Processed in accordance to your rights as a data subject.

 

These rules concern all departments within the EEAS and all EU Delegations that process information identifying individuals. The Data Protection Office of the EEAS must be notified in advance of any operation involving such data collection, consultation, transmission or organisation. All data of a personal nature provided to the EEAS - namely data which can identify a person directly or indirectly - will be handled with the necessary care.

The EEAS respects the 7 principles set out in EU Directive 94/46/EC and EU Regulation 45/2001 :

• Notice – people whose data is being collected, processed and kept should be given notice of that
• Purpose – data collected should be used only for stated purpose(s) and for no other
• Consent – personal data should not be disclosed or shared with third parties without the consent of the people concerned
• Security – once collected, personal data should be kept safe and secure from potential abuse, theft, or loss
• Disclosure – people whose personal data is being collected should be told which party or parties are doing this
• Access – people should granted access to their personal data and allowed to correct any inaccuracies
• Accountability – people should be able to hold personal data collectors accountable for following all these principles.

 

The EEAS data protection activities are reviewed in the 2011 Annual Report [81 KB] .

See also: EEAS Data Protection – detailed overview [111 KB] .