Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Tachographs in road transport

2011/0196(COD)

Opinion of the European Data Protection Supervisor on the proposal for a Regulation of the European Parliament and of the Council amending Council Regulation (EEC) No 3821/85 on recording equipment in road transport and amending Regulation (EC) No 561/2006 of the European Parliament and the Council.

The EDPS welcomes being consulted on a proposal which impinges on the privacy of professional drivers in a very visible manner. He particularly welcomes the insertion of a dedicated provision on data protection in Article 34 of the proposal, which clearly underlines the responsibility of owners of vehicles and/or transport undertakings, as data controllers, to comply with applicable data protection law. Amongst other things, this will require them to inform professional drivers about the processing of their data in tachographs, grant drivers access to their data and rectify incorrect or incomplete data.

The EDPS notes however that this provision alone cannot tackle all the data protection issues raised by the measures put forward in the Proposal. Additional guarantees are therefore required in the Proposal and in the complementary measures described in the Communication entitled “Digital Tachograph: Roadmap for future activities”.

1) The proposal lacks clarity and certainty on the modalities of the processing: this should be clarified to ensure that these measures respect the proportionality principle set out in Directive 95/46/EC. The EDPS considers that the general modalities of the processing in tachographs should be set out in the proposal itself and not in annexes to the Regulation. The main aspects of the processing should be described in the proposal itself, such as the types of data recorded in tachographs and through geolocation equipment, the recipients, and the time periods for retention. The annexes of the Regulation should only provide purely technical details of general principles that have been set out in the Regulation itself.

2) Outdated annexes: the EDPS notes that the existing annexes are outdated, which might lead to discrepancies in how tachographs are developed by industry. The proposal introduces many technological updates, for which no relevant technical specifications are set out in the existing annexes to the Regulation. There is a risk that privacy-unfriendly frameworks will be developed by industry for as long as the update of the annexes to the Regulation is pending. The EDPS urges the Commission to update the annexes of the Regulation as soon as possible.

3) Provision on the level of security to be achieved at all stages of development and use of tachographs: the EDPS recommends introducing a dedicated provision on the level of security to be achieved emphasising the following:

·        appropriate security measures must be adopted to preserve the confidentiality of the data, to ensure data integrity and to prevent fraud and unlawful manipulation;

·        the whole chain of processing, which includes not only the recording equipment and the cards themselves but also the system of remote communication and the use of GNSS equipment, must respect the security requirements of Directive 95/46/EC ;

·        for purposes of accountability, the way independent evaluators will perform their work should be clarified;

·        privacy impact assessments should be carried out before introducing any technological update.

4) Proportionality on geolocation: the EDPS recommends clarifying the specific and legitimate purposes for which constant geolocation will be carried out. It should be clearly specified in the proposal that the installation and use of devices for the direct and principal purpose of allowing employers to monitor remotely and in real time the actions or whereabouts of their employees is not permitted.

5) Remote control by control authorities: the EDPS considers that it is not sufficiently clear which data can be exchanged through remote communications and recommends defining in Article 5(3) an exhaustive list of data that can be exchanged with control authorities and ensure that remote controls do not lead to automatic sanctions.

6) Cross-border exchanges of data: in the current version of the proposal, there is no indication of any international exchange of tachograph data. It should be clarified whether there will be any cross-border data exchanges with control authorities in third countries, and if so adopt adequate data protection safeguards to ensure compliance with Directive 95/46/EC.

7) Further use of the data in context of Intelligent Transport Systems: the legislation must require data controllers to ensure that the further processing of the data recorded in tachographs for use in ITS applications is done in compliance with Directive 95/46/EC, in particular that professional drivers give their express and free consent to this and that such further processing is not incompatible with the original purpose of collection. Furthermore, it should be emphasised in Article 6(3) that access to the data stored in the tachograph equipment shall be restricted only to those strictly necessary for the processing in the ITS application.

8) Driver cards: the integration of the driver card with the driving licence raises data protection concerns, in particular in view of the purpose limitation principle and of the proportionality principle. Furthermore, the EDPS notes that the role of the Commission in the interconnection of the electronic registers lacks sufficient clarity.

The EDPS recommends:

·        providing in Article 27 that the merging of the driver cards with driving licences should only be envisaged after a privacy and security impact assessment has been carried out ;

·        clarifying further the role of the Commission in the exchange of information on driver cards through national electronic registers and the modalities of exchange.

The EDPS calls on Member States to consult data protection supervisory authorities before adopting national measures for tachographs, in particular those measures on the use of geolocation equipment, remote communications, ITS interfaces and TACHOnet.

Lastly, to ensure appropriate consideration of data protection requirements in further complementary actions by the Commission, the EDPS wishes to be included in the list of participants in the Tachograph Forum and to be consulted on the update of Annex IB and on the Proposal to amend Directive 2001/126/EC on driving licences.