Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Civil aviation: reporting, analysis and follow-up of occurrences

2012/0361(COD)

Opinion of the European Data Protection Supervisor on the Commission proposal for a Regulation on occurrence reporting in civil aviation and repealing Directive 2003/42/EC, Commission Regulation (EC) No 1321/2007, Commission Regulation (EC) No 1330/2007 and Article 19 of Regulation (EU) No 996/2010.

The proposal builds on Directive 2003/42/EC to improve the existing occurrence reporting systems in civil aviation both at national and European level.

The EDPS acknowledges the fact that the purpose of the Proposal is not to regulate the processing of personal data. However, the information that will be stored, reported and transferred may relate to natural persons who are either directly or indirectly identifiable, such as reporters, third parties involved in the reported occurrence and interested parties applying for access. The information reported might not only involve technical problems but also, for instance, violent passengers, incapacitation of crew or health incidents.

The EDPS welcomes the attention paid to the protection of personal data, particularly through the commitment to ‘disidentify’ a major part of the data processed under occurrence reporting. However, what is provided for amounts at best to partial anonymisation.

Accordingly, the EDPS recommends clarifying the scope of ‘disidentification’. In particular, he proposes the following improvements to the text:

·        clarifying that disidentification in the sense of the proposal is relative and does not correspond to full anonymisation;

·        specifying that data available to independent handlers should also be disidentified or deleted as soon as possible, unless the necessity of storing the data is justified;

·        clarifying the scope of disidentification, by replacing ‘personal data’ by ‘personal details’ and adding a reference to the possibility of identification through technical details;

·        clarifying that personal data contained in the safety information collection and processing systems established by Member States and organisations should also be disidentified;

·        specifying that the information should be anonymised before its publication;

·        specifying that information made available to interested parties listed in Annex III and not relating to their own equipment, operations or field of activity, should not only be aggregated or disidentified, but fully anonymised.

The EDPS advises specifying in the proposal who will be the controller of every database and defining all the categories of data to be processed. It should at least be mentioned that additional information not required by the proposal should not contain sensitive data.

The EDPS also recommends specifying the periods during which data shall be stored in the databases, the rights of data subjects and the security measures to be implemented.

The data protection measures that will apply to the processing of data relating to third parties (e.g., for how long the data will be stored after access has been granted or denied and who has access to these data) should also be specified.

Lastly, the necessity of processing sensitive data should be justified in the Preamble. The EDPS also recommends adopting additional safeguards as regards the processing of sensitive data, such as stricter security measures, the prohibition to disclose the related categories of data to third parties not subject to EU data protection law and the restriction of its disclosure to other interested parties.

In addition, the processing of these categories of data may be subject to prior check by EU national data protection authorities and by the EDPS.