7.12.2013   

EN

Official Journal of the European Union

C 358/19

1.

On 18 December 2012, the Commission adopted a Proposal for a Regulation on occurrence reporting in civil aviation and repealing Directive 2003/42/EC, Commission Regulation (EC) No 1321/2007, Commission Regulation (EC) No 1330/2007 and Article 19 of Regulation (EU) No 996/2010 (‘the Proposal’) (1). This Proposal was sent to the EDPS for consultation on 8 January 2013.

2.

The EDPS welcomes the fact that he is consulted by the Commission and that a reference to this Opinion is included in the Preamble of the Proposal. Before the adoption of the Proposal, the EDPS was given the opportunity to provide informal comments to the Commission.

3.

The three instruments to be repealed by the Proposal organise occurence reporting in the following way: Directive 2003/42/EC (2) requires each Member State to set up a mandatory occurrence reporting system (hereinafter ‘MORS’). Under this legislation, aviation professionals are obliged to report occurrences (3) in their daily operational work through the system established by their organisation (4). In addition, Member States are requested to collect, store, protect and disseminate among themselves information on occurrences. Two implementing rules complete this legislation: Commission Regulation (EC) No 1321/2007 (5), which establishes a European Central Repository (ECR) regrouping all civil aviation occurrences collected by Member States, and Commission Regulation (EC) No 1330/2007 (6), which lays down rules regarding the dissemination of the information contained in the ECR.

4.

The Proposal builds on Directive 2003/42/EC to improve the existing occurrence reporting systems in civil aviation both at national and European level. Amongst other changes, it proposes the following:

5.

It follows from the Proposal that occurrences will be reported by employees to their organisations, who will then store them in a database and report them to national designated competent authorities or to the European Aviation Safety Agency (EASA). These authorities, together with EASA and the Commission, will transfer information on civil aviation occurrences to the ECR, managed by the Commission. In addition, the Commission will process data relating to interested parties requesting access to the information stored in the ECR.

6.

The EDPS acknowledges the fact that the purpose of the Proposal is not to regulate the processing of personal data. However, the information that will be stored, reported and transferred may relate to natural persons who are either directly or indirectly identifiable, such as reporters, third parties involved in the reported occurrence and interested parties applying for access (7). The reported information might not only involve technical problems but also, for instance, violent passengers, crew incapacitation or health incidents (8).

7.

Therefore, the present Opinion will analyse the elements of the Proposal which concern the processing of personal data. It builds on a previous EDPS Opinion (9) on one of the Regulations which are being repealed by the Proposal (10).

46.

The EDPS welcomes the attention paid to the protection of personal data, particularly through the engagement taken to ‘disidentify’ a major part of the data processed under occurrence reporting. However, he reminds that the data processed will still be personal data and thus welcomes the references to the applicability of EU data protection legislation. What is provided for amounts at best to partial anonymisation.

47.

The EDPS recommends clarifying the scope of ‘disidentification’. In particular, he proposes the following improvements to the text:

48.

The EDPS advises specifying in the Proposal who will be the controller of every database. He also recommends defining in the Annexes I and II, in Article 5(6) all the categories of data to be processed and clarifying Articles 7(1) and 11(1) accordingly. If it is not possible to specify all the occurrences and data fields to be processed according to Articles 7(1), 5(3), 5(6) and 11(1), these Articles should at least mention that additional information not required by the Proposal should not contain special categories of data as defined by Article 8 of Directive 95/46/EC and Article 10 of Regulation (EC) No 45/2001 (‘sensitive data’).

49.

The EDPS also recommends specifying the periods during which data shall be stored in the databases, the rights of data subjects and the security measures to be implemented.

50.

In case of transfers to third country organisations or international organisations, these should commit to respect adequate safeguards to be provided in a binding instrument. These safeguards could be based on the data protection principles contained in the Standard Contractual Clauses for the transfers of personal data to third countries adopted by the Commission and could be added in the Annex of the Proposal.

51.

As regards the processing of data of interested parties requesting access to the ECR, the EDPS recommends specifying in the Proposal the data protection measures that will apply to the processing of data relating to third parties (e.g., for how long the data will be stored after access has been granted or denied and who has access to these data). In addition, the form contained in Annex IV should include, apart from the notice on access to information (12), a privacy notice.

52.

Finally, the necessity of processing sensitive data for any of the grounds contained in Article 8(2-4) of Directive 95/46/EC and Article 10(2-4) of Regulation (EC) No 45/2001 should be justified in the Preamble. The EDPS also recommends adopting additional safeguards as regards the processing of special categories of data, such as stricter security measures, the prohibition to disclose the related categories of data to third parties not subject to EU data protection law and the restriction of its disclosure to other interested parties. In addition, the processing of these categories of data may be subject to prior check by EU national data protection authorities and by the EDPS.