THE GENERAL SECRETARIAT OF THE COUNCIL'S
POLICY ON USE OF VIDEO SYSTEMS
Table of contents
1.
Purpose and scope of the Policy......................................................................................3
2.
Compliance with relevant data protection texts ..............................................................3
3.
Areas monitored .............................................................................................................5
4.
Personal data collected and its purpose...........................................................................7
5.
Access to the personal data collected ..............................................................................8
6.
Protecting and safeguarding personal data....................................................................10
7.
Duration of data retention ............................................................................................11
8.
Information to the public...............................................................................................11
9.
Rights of the data subjects.............................................................................................12
10.
Right of remedy.............................................................................................................14
Annex .......................................................................................................................................15
2
The General Secretariat of the Council's Policy on Use of Video Systems
1.
Purpose and scope of the Policy
For the safety and security of its staff, visitors, buildings, assets and information, and for
logistical reasons, the General Secretariat of the Council (GSC) operates a video protection
system on parts of its premises. This Policy on Use of Video Systems describes the GSC's
video system and the safeguards that the GSC takes to protect the personal data, privacy and
other fundamental rights and legitimate interests of individuals viewed by the cameras.
The GSC's Policy on Use of Video Systems does not apply to the recording or broadcasting
of events for the purposes of the press and public communication policy of the Council or of
the European Council. It should also be noted that the camera currently installed in the GSC
medical department (which does not record footage) has undergone a separate notification
procedure.
2.
2.1.
Compliance with relevant data protection texts
The GSC operates its video systems in compliance with Regulation (EC) Nº 45/2001 of the
European Parliament and of the Council on the protection of individuals with regard to the
processing of personal data by Community institutions and bodies and on the free movement
of such data1 and with Council decision 2004/644/EC of 13 September 2004 adopting
implementing rules concerning Regulation (EC) Nº 45/20012. In so doing, it has due regard
for the recommendations set out in the Video Surveillance Guidelines issued by the
European Data Protection Supervisor (the "Guidelines") of 17 March 20103.
1
2
3
OJ L 8 of 12.1.2001, p. 1.
OJ L 296 of 21.9.2004, p. 16
http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Supervision/ Guidelines/10-0317_Video-surveillance_Guidelines_EN.pdf.
3
2.2. The use of the video system is necessary for the good management and functioning of the
Council, in particular for the purpose of security and safety control as described in Section
4.2 below. It is needed to support broader security policies established by Council Decision
2013/488/EU of 23 September 2013 on the security rules for protecting EU classified
information1 and contributes to fulfilling the mandate of the Security Office as set out in
Decision 181/10 of the Secretary-General of the Council on the tasks of the Security Office2.
2.3.
Notification of compliance status. The existing GSC video system was installed following
a risk assessment and a study of the various solutions available and the GSC Data Protection
Officer (DPO) was notified on 15 June 2007 thereof in accordance with Article 25 of
Regulation 45/2001. On 20 June 2007, the system was submitted for ex-post "prior
checking" by the European Data Protection Supervisor (EDPS). Such "prior checking" was
first suspended and subsequently closed by the EDPS pending publication of its Guidelines.
After publication thereof, the GSC established the GSC's policy on Use of Video Systems
and a compliance file.
After adoption, the DPO will notify the EDPS of this policy together with a compliance
status.
2.4.
Contacts with the relevant data protection authority in the Member State. The
competent data protection authority in Belgium, Commission de la Protection de la Vie
Privée ("CPVP"), has been informed that the GSC uses video systems.
2.5.
Decision making process. The GSC has drawn up this policy after concluding, in
consultation with the relevant services, that the current video system continues to be
necessary and proportionate for safety and security purposes. The GSC has consulted the
GSC Staff Committee and the DPO, and their views have been addressed. The policy has
been approved by the Secretary-General.
1
2
OJ L 274, 15.10.2013, page 1.
Available on the Security Office intranet site on DOMUS under "DGs and Services - DG A - SSCIS - Security
Office"
4
2.6
Transparency. The Policy on Use of Video Systems is available on the Council's internet
site at www.consilium.europa.eu/contacts/data-protection and on the GSC's intranet site on
DOMUS under "DGs and Services - DG A - SSCIS - Security Office."
2.7.
Periodic reviews. A periodic data protection compliance and assessment review will be
undertaken by the GSC every two years, the first by 31 December 2012. During the periodic
reviews the GSC will, inter alia, re-assess whether:
2.8.
•
the system continues to serve its declared purpose,
•
adequate alternatives are available, and
•
this Policy continues to comply with Regulation Nº 45/2001.
Protection of privacy. To enhance the protection of privacy, the GSC has provided for:
•
image blurring (to render the image either partially or totally unrecognisable, as
appropriate),
•
limitation of storage times of footage in line with security requirements (see point 7
below), and
•
strict management of operators' rights regarding access to the closed circuit television
system ("CCTV").
3.
Areas monitored
Cameras are located at various points of the Justus Lipsius, LEX, crèche and Overijse
buildings, including: the main entrance; the main badge-operated turnstiles; emergency and
fire exits; the entrance to car parks; meeting rooms; secured rooms; corridors; and around
the buildings to protect the outer perimeters.
The location of the cameras has been carefully reviewed to ensure that they minimise the
monitoring of areas that are not relevant for the intended purposes. Monitoring outside the
buildings on the territory of Belgium is limited to the minimum, and the relevant national
authorities have been informed.
5
The GSC does not monitor areas under heightened expectations of privacy, such as offices
or sports centres. Exceptionally, in the case of duly justified security needs, cameras may be
installed in such areas, always after carrying out an impact assessment and after having
informed the DPO. In such cases a specific and clearly visible notice shall be placed on the
premises.
Exceptionally, in the event of duly justified and demonstrable security needs, covert cameras
may be used when necessary for preventing, investigating, detecting or prosecuting criminal
offences. Their use is subject to prior approval by the Director of the Security Office and
systematic notification of the DPO within the framework of an official security investigation
mandated by the Secretary-General. The use of covert cameras is always proportionate to
the seriousness of the suspected offence and in accordance with Article 20 of Regulation
(EC) 45/2001. Each case where covert cameras are used is documented in detail, including:
- a well identified purpose that cannot be achieved by any other alternative way of
investigating which is less intrusive to privacy;
- an impact assessment of the area covered by covert video cameras and the individuals who
may be concerned;
- a strictly limited period of time;
- strictly limited locations;
- strictly limited and well identified recipients;
- immediate erasing as soon as the images are no longer needed for the purpose of the
investigation.
6
4.
4.1.
Personal data collected and its purpose
The video system is a conventional and primarily static system. It records digital images
and is equipped with motion detection. It records defined movement detected by the
cameras in the monitored area, together with the time, date and location. All cameras
operate twenty-four hours a day, seven days a week. When necessary, the image quality
allows identification of individuals in the camera's area of coverage. The cameras are nearly
all fixed, and thus only few may be used by the operators to zoom in on a given situation for
security reasons. Specifically trained operators must abide by privacy settings and access
rights.
The GSC does not use high-tech or intelligent video protection technology, but does
interconnect its video protection systems operating in the buildings listed in Section 3 of the
Policy.
4.2.
Purpose of using the video system. The GSC uses its video system for the sole purposes
of security and safety. The video system helps ensure the security of GSC buildings, the
safety of staff and visitors, as well as property and information located or stored on the
premises.
When necessary, it complements other physical security systems such as access control
systems and physical intrusion control systems. It forms part of the measures to support
broader security policies as established by the Council Decision on the security rules for
protecting EU classified information and helps prevent, deter, and if necessary, investigate
unauthorised physical access, including unauthorised access to secure premises and
protected rooms, IT infrastructure, or operational information.
7
4.3.
Purpose limitation. The system is not used for any other purpose, such as to monitor the
work of officials or other staff, or to monitor attendance. The system is used as an
investigative tool or evidence in internal investigations or in disciplinary procedures
exclusively for the purpose of investigating a physical security incident, or, in exceptional
cases, in the framework of criminal investigations. These are conducted always under a
specific mandate of the Secretary-General or the Appointing Authority, as appropriate.
4.4.
Ad hoc video use. Where there is a duly justified security need for ad hoc video protection,
such operations are planned beforehand, an impact assessment is drawn up and the DPO is
informed.
4.5.
Webcams. The GSC does not use webcams for video protection purposes.
4.6.
Special categories of data. The GSC's video system does not aim at capturing (e.g. by
zooming in on or discriminately targeting) or otherwise processing (e.g. indexing, profiling)
images which reveal so-called "special categories of data" within the meaning of Section 6.7
of the Guidelines.
5.
5.1.
Access to the personal data collected
Access to recorded and live video is limited to a small number of clearly identifiable
individuals on a need-to-know basis.
5.2.
Access to the footage and/or the technical architecture of the video system is limited to a
small number of clearly identifiable individuals on a need-to-know basis. The GSC
specifies the purpose and extent of their access rights. In particular, it limits who has the
right to: view the footage in real-time; view the recorded footage; copy, download, delete or
alter any footage.
8
5.3.
All personnel with access rights, including external subcontracted security guards, are given
initial data protection training. Training is provided for each new member of staff and
periodic workshops on data protection compliance issues will be carried out at least once
every two years for all staff with access rights.
5.4.
After the training each staff member signs a confidentiality undertaking. This undertaking is
also signed by all external subcontractors and their personnel.
5.5.
All transfers and disclosures outside the Security Office are documented and subject to a
rigorous assessment of the need for such a transfer and the compatibility of the purposes of
the transfer with the initial security purpose of the processing. The register of retention and
transfers may be consulted by the internal audit services of the GSC and the Council's DPO.
No access is given to management or human resources, except in the framework of
disciplinary procedures directly triggered by a physical security incident and under a
mandate from the Appointing Authority.
Local or national police, recognised judicial authorities, anti-fraud EU bodies (such as
OLAF) and security departments of other European institutions or international
organisations concerned may be given access if needed to investigate or prosecute criminal
offences.
No requests for data mining are accommodated1.
Any breach of security regarding cameras is indicated in the investigations register and the
DPO is informed thereof as soon as possible.
1
Data mining: the process of extrapolating patterns from existing databases.
9
6.
Protecting and safeguarding personal data
In order to protect the security of the video system, including personal data, the following
technical and organisational measures have been put in place:
•
Secure premises, protected by physical security measures, host the servers storing the
recorded images; network firewalls protect the logic perimeter of the IT infrastructure;
and the main computer systems holding the data are security hardened.
•
Administrative measures include the obligation of all outsourced personnel with access
to the system (including those maintaining the equipment and the systems) to be
individually security checked.
•
All staff (external and internal) sign non-disclosure and confidentiality agreements.
•
Access rights to users are granted to only those resources which are strictly necessary to
carry out their duties.
•
Only the system administrator specifically appointed by the controller for this purpose is
able to grant, alter or annul access rights of any persons. Any provision, alteration or
annulment of access rights is made pursuant to strict criteria.
•
The GSC keeps an up-to-date list at all times of all persons having access to the system
and describes their access rights in detail;
•
The DPO will be consulted prior to the acquisition or installation of any new video
protection system.
The GSC's Security Policy on Use of Video Systems has been drawn up in accordance with
Section 9 of the EDPS Guidelines.
10
7.
Duration of data retention
The images are retained for 30 days. Thereafter, images are deleted according to the 'firstin-first-out' principle. If a security incident occurs, the relevant footage may be retained
beyond the normal retention periods for as long as it is necessary to further investigate the
security incident. Retention is rigorously documented and the need for retention is
periodically reviewed. The register of retention and transfers may be consulted by the
internal auditing services of the GSC and the Council's DPO.
8.
Information to the public
8.1.
Multi-layer approach. The GSC follows a multi-layer approach comprising the following:
•
a detailed information notice on the use of video systems is posted at each of the
entrances to GSC buildings, including at car park entrances,
•
on-the-spot pictogram notices throughout the buildings to alert the public to the fact that
monitoring takes place and inform them on how to obtain further information, and
•
the Policy on Use of Video Systems is posted on the GSC's internet site and intranet
sites for those wishing to know more about the video practices of the GSC.
Information hand-outs are also available at our building reception desks and from the
Security Office upon request. Information is provided for further enquiries.
Notices are affixed adjacent to the following monitored areas: near the main entrance, the
lifts in the car park and at the entrances to the car parks for instance.
The GSC's on-the-spot notice is included in the Annex.
11
8.2. Specific individual notice. Notwithstanding the rules applicable to investigations,
individuals must also be given individual notice if they are identified on camera (for example,
by security staff in a security investigation) provided that one or more of the following
conditions also applies:
•
their identity is noted in any files/records,
•
the video recording is used against the individual, kept beyond the regular retention
period or transferred outside the Security Office, or
•
if the identity of the individual is disclosed to anyone outside the Security Office.
Provision of notice may be delayed if it is necessary for preventing, investigating, detecting
and prosecuting criminal offences, as provided for in Article 20 of Regulation 45/2001.
The Council’s DPO is consulted in all such cases to ensure that the individual’s rights are
respected, but not in the case of investigations.
9.
Rights of the data subjects
Data subjects have the right to access the personal data that the GSC holds on them and to
correct and complete such data. Any request for access, rectification, blocking and/or
erasing of personal data as a result of video camera use should be directed to the Director of
the Security Office at the Council of the European Union, Rue de la Loi 175, 1048 Brussels
with a copy to the DPO.
12
The Director of the Security Office will send the applicant an acknowledgement of receipt
within five working days of receiving the request. Whenever possible, the Director of the
Security Office responds to a request in substance within 15 calendar days. If this is not
possible, the applicant is informed of the next steps and the reason for the delay within 15
days. Even in the most complex of cases satisfaction must be granted or a final reasoned
response must be provided rejecting the request within three months at the latest. The
Director of the Security Office will do his/her best to respond earlier, especially if the
applicant establishes the urgency of the request.
If specifically requested, a viewing of the images may be arranged. In such cases, applicants
must indicate their identity beyond doubt (e.g. bring identity cards when attending the
viewing) and also specify the date, time, location and circumstances when they were viewed
by the cameras. They must also provide a recent photograph of themselves that allows
security staff to identify them from the images reviewed.
In case of irregularities or of obvious misuse by the data subject in exercising his/her rights,
the Security Office may consult the DPO on the request and/or refer the data subject to the
DPO, who will decide on the eligibility of the request and the appropriate follow-up.
A request to view footage may be refused when an exemption under Article 20(1) of
Regulation 45/2001 applies in a specific case, for example to safeguard the investigation of a
criminal offence. A restriction may also be necessary to protect the rights and freedoms of
others, for example, when other people are also present on the images, and it is not possible
to acquire their consent to disclose their personal data or use image-editing to remedy the
lack of consent.
13
10.
Right of remedy
Every data subject has the right to lodge a complaint with the European Data Protection
Supervisor ([email protected]) if they consider that their rights under
Regulation 45/2001 have been infringed as a result of processing their personal data by the
GSC. Before doing so, it is recommended that individuals first try to obtain remedy by
contacting:
•
the Director of the Security Office (via the Security Centre, available 24/7 on
02 281 8909), Council of the European Union, Rue de la Loi 175, 1048 Brussels, or
[email protected] and/or
•
the GSC's Data Protection Officer at the Council of the European Union, Rue de la Loi
175, 1048 Brussels.
Staff members may also request remedy from the Appointing Authority under Article 90 of
the Staff Regulations.
14
ANNEX
15