SDPC, DPA and TIA for the use of personal data processing software by the European Parliament

Currently waiting for a response from Parlamento Europeo, they should respond promptly and normalmente no más tarde de (detalles).

Dear European Parliament,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

1) Indication of whether, which and for what purpose personal data processing services / software of organizations (e.g., as processor / data importer) located outside the EU/EEA are used acutally by the European Parliament.

2) Indication of whether, which and for what purpose such personal data processing services of organizations located within the EU/EEA, but with subcontractors outside the EU/EEA, are actually used by the European Parliament.

3) Per individual of these services with the aforementioned third country references:

a) I request an indication as to whether and which transfers pursuant to Art. 44 et seq. GDPR are triggered by the use of these services.

b) I ask for all contracts concluded with the providers of these services in this respect, which are necessary under data protection law, or for a missing indication if there are no such contracts. In particular, namely: contract for commissioned processing according to Art. 28 DSGVO as well as standard data protection clauses according to Art. 46 GDPR.

c) I request the provision of the documented "Transfer Impact Assessment" required according to clause 14 of the current standard data protection clause sets of the EU Commission or the documented "Transfer Impact Assessment" required according to Art. 46 (1) GDPR in conjunction with the principles from ECJ judgment "Schrems II" regarding the data transfers associated with the use of such services.

It should be possible to find the above information without major effort, in particular by means of corresponding information and links in the official processing directory pursuant to Art. 30 GDPR.

Yours faithfully,

Heiko Roth

AccesDocs, Parlamento Europeo

1 Adjuntos

Our reference: 2022-002

 

Dear Mr Roth,

 

The European Parliament hereby acknowledges receipt of your message, which
was registered on January 13^th, 2022.

 

All applications for public access to documents are treated in compliance
with Regulation (EC) No 1049/2001 of 30 May 2001 regarding public access
to European Parliament, Council and Commission documents.

 

In accordance with the above-mentioned Regulation, your application will
be handled within 15 working days upon registration of your request.

 

Your personal data will be processed in accordance with Regulation (EU)
2018/1725 of 23 October 2018 on the protection of natural persons with
regard to the processing of personal data by the Union institutions,
bodies, offices and agencies and on the free movement of such data. A
detailed privacy statement is available [1]here.

 

The European Parliament reserves the right to ask for additional
information regarding your identity in order to verify compliance with
Regulation (EC) No 1049/2001 and the European Parliament’s implementing
measures.

 

Your attention is drawn to the fact that you have lodged your application
via the AsktheEU.org website, which is a private website not officially
related to the European Parliament. Therefore, the European Parliament
cannot be held accountable for any technical issues or problems linked to
the use of this system.

 

In addition, please note that any personal data that you provide by using
AsktheEU.org website may be disclosed to the general public and visible on
this private website. The European Parliament cannot be held responsible
for such disclosure. Should you need to communicate directly to Parliament
any personal data and would like to avoid public disclosure, you may do so
from your private email address by using the following functional mailbox
address: AccesDocs(at)europarl.europa.eu  

 

 

Best regards,

 

TRANSPARENCY UNIT

 
European Parliament
Directorate-General for the Presidency
Directorate for Interinstitutional Affairs and Legislative Coordination
[2][European Parliament request email]
[3]www.europarl.europa.eu/RegistreWeb

 

 

References

Visible links
1. https://www.europarl.europa.eu/RegistreW...
2. mailto:[European Parliament request email]
3. http://www.europarl.europa.eu/RegistreWeb