SDPC, DPA and TIA for the use of personal data processing software by the European Commission

Esta solicitud ha sido retirada por la persona que la realizó. Puede que haya una explicación en los mensajes a continuación.

Dear Data Protection Officer,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

1) Indication of whether, which and for what purpose personal data processing services / software of organizations (e.g., as processor / data importer) located outside the EU/EEA are used acutally by the European Commission.

2) Indication of whether, which and for what purpose such personal data processing services of organizations located within the EU/EEA, but with subcontractors outside the EU/EEA, are actually used by the European Commission.

3) Per individual of these services with the aforementioned third country references:

a) I request an indication as to whether and which transfers pursuant to Art. 44 et seq. GDPR are triggered by the use of these services.

b) I ask for all contracts concluded with the providers of these services in this respect, which are necessary under data protection law, or for a missing indication if there are no such contracts. In particular, namely: contract for commissioned processing according to Art. 28 DSGVO as well as standard data protection clauses according to Art. 46 GDPR.

c) I request the provision of the documented "Transfer Impact Assessment" required according to clause 14 of the current standard data protection clause sets of the EU Commission or the documented "Transfer Impact Assessment" required according to Art. 46 (1) GDPR in conjunction with the principles from ECJ judgment "Schrems II" regarding the data transfers associated with the use of such services.

It should be possible to find the above information without major effort, in particular by means of corresponding information and links in the official processing directory pursuant to Art. 30 GDPR to which, as DPOs, they should already have easy access by law.

Yours faithfully,
Heiko Roth

SG ACCES DOCUMENTS, Responsable de la protección de datos

1 Adjuntos

Link: [1]File-List
Link: [2]Edit-Time-Data
Link: [3]themeData
Link: [4]colorSchemeMapping

Dear Sir,

 

Thank you for your request for access to documents.

 

Unfortunately, you have not indicated your postal address. This is
necessary for registering and handling your request in line with the
procedural requirements.

 

Please send us your full postal address at your earliest convenience.
Pending your reply, we reserve the right to refuse the registration of
your request.

 

Please accept our sincere apologies for the late reaction; your initial
request was discovered in the Junk mail folder of the DPO’s office.

 

Yours faithfully,

 

 

ACCESS TO DOCUMENTS TEAM (GD)

 

[5]cid:image001.png@01D45409.F767C980

European Commission

Secretariat-General

SG C.1

[6][email address]

 

 

 

-----Original Message-----
From: Heiko Roth <[FOI #10517 email]>
Sent: Thursday, January 13, 2022 1:34 PM
To: DATA PROTECTION OFFICER <[DPO request email]>
Subject: access to documents request - SDPC, DPA and TIA for the use of
personal data processing software by the European Commission

 

Dear Data Protection Officer,

 

Under the right of access to documents in the EU treaties, as developed in
Regulation 1049/2001, I am requesting documents which contain the
following information:

 

1) Indication of whether, which and for what purpose personal data
processing services / software of organizations (e.g., as processor / data
importer) located outside the EU/EEA are used acutally by the European
Commission.

 

2) Indication of whether, which and for what purpose such personal data
processing services of organizations located within the EU/EEA, but with
subcontractors outside the EU/EEA, are actually used by the European
Commission.

 

3) Per individual of these services with the aforementioned third country
references:

 

a) I request an indication as to whether and which transfers pursuant to
Art. 44 et seq. GDPR are triggered by the use of these services.

 

b) I ask for all contracts concluded with the providers of these services
in this respect, which are necessary under data protection law, or for a
missing indication if there are no such contracts. In particular, namely:
contract for commissioned processing according to Art. 28 DSGVO as well as
standard data protection clauses according to Art. 46 GDPR.

 

c) I request the provision of the documented "Transfer Impact Assessment"
required according to clause 14 of the current standard data protection
clause sets of the EU Commission or the documented "Transfer Impact
Assessment" required according to Art. 46 (1) GDPR in conjunction with the
principles from ECJ judgment "Schrems II" regarding the data transfers
associated with the use of such services.

 

It should be possible to find the above information without major effort,
in particular by means of corresponding information and links in the
official processing directory pursuant to Art. 30 GDPR to which, as DPOs,
they should already have easy access by law.

 

Yours faithfully,

Heiko Roth

 

-------------------------------------------------------------------

 

This is a request for access to information under Article 15 of the TFEU
and, where applicable, Regulation 1049/2001 which has been sent via the
AsktheEU.org website.

 

Please kindly use this email address for all replies to this request:
[7][FOI #10517 email]

 

If [8][DPO request email] is the wrong address for
information requests to Data Protection Officer, please tell the
AsktheEU.org team on email [9][email address]

 

This message and all replies from Data Protection Officer will be
published on the AsktheEU.org website. For more information see our
dedicated page for EU public officials at
[10]https://urldefense.com/v3/__https://www....

 

Please note that in some cases publication of requests and responses will
be delayed.

 

 

-------------------------------------------------------------------

References

Visible links
1. file:///tmp/cid:filelist.xml@01D82339.82ED2FC0
2. file:///tmp/cid:editdata.mso
3. file:///tmp/~~themedata~~
4. file:///tmp/~~colorschememapping~~
6. mailto:[email address]
7. mailto:[FOI #10517 email]
8. mailto:[DPO request email]
9. mailto:[AsktheEU.org contact email]
10. https://urldefense.com/v3/__https:/www.a...

ocultar partes citadas

Dear SG ACCES DOCUMENTS,

i will repeat my request via https://ec.europa.eu/transparency/regdoc.... Thank you for your support.

Yours sincerely,
HR