Introduction

Creation: 26/10/2018 Keywords
Last update: 26/10/2018 Corporate No
Registration Not yet registered Language English
Status Draft Model no Model
Deleted No EDPS opinion (prior check) No
DG.Unit JRC.I.3 Target Population Citizens
Controller KING Matthew DPC Notes -
Delegate MACMILLAN Charles
DPC NUNEZ BAREZ Laura, SPICAR Premysl

Processing

Name of the processing

Data on users of media monitoring tools

Description

The Joint Research Centre (JRC) Text and Data Mining Unit performs automatic monitoring of online and social media in order to provide media monitoring services to staff across the EU institutions and to the general public. In general, there are two groups of services: those which require registration and those which do not.

Processors

-

Automated / Manual operations

All operations are automatic, except for system configuration and the selection of articles for moderated newsletters which are performed manually.

Storage

The data gathered and generated by the system are stored electronically in files and / or databases on servers at the Joint Research Centre.

Comments

-

Purpose & legal basis

Purposes

The purpose of the processing is to:

  • Provide multilingual media and social media monitoring services to EU Institutions and selected partner organisations to support spokespersons, communications officials, policy officers and decision makers with near real time information on current affairs, emerging topics of current interest and the volume and tonality of articles and posts in predefined categories corresponding to policy areas, high level EU officials etc.
  • Provide newsletters and notifications, related to topics of interest and breaking news, to recipients who have requested them.

Legal basis and Lawfulness

The processing is lawful under Article 5(a) of Regulation 45/2001, which states that personal data may be processed only if "processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof or in the legitimate exercise of official authority vested in the Community institution or body or in a third party to whom the data are disclosed", and under Article 5(d) of Regulation 45/2001, which states that personal data may be processed only if "the data subject has unambiguously given his or her consent". Art. 1 of Commission Decision 96/282/Euratom entrusts the JRC with a role to "carry out the Community's research programmes and other tasks entrusted to it by the Commission". Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020) states that "the Joint Research Centre (JRC) shall contribute to the general objective and priorities of Horizon 2020 with the specific objective of providing customer-driven scientific and technical support to Union policies". Council Decision of 3 December 2013 establishing the specific programme implementing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020); Successive Commission Implementing Decisions on the adoption of multi-annual work programmes under Council Decision 2013/743/EU and Council Regulation (Euratom) No 1314/2013, to be carried out by means of direct actions by the Joint Research Centre, including C(2017) 1288 for the period 2017-2018 and C(2018) 1386 for the period 2018-2019. COM(2018)236, Tackling online disinformation: a European Approach, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. The "communication presents a comprehensive approach that aims at responding to those serious threats by promoting digital ecosystems based on transparency and privileging high-quality information, empowering citizens against disinformation, and protecting our democracies and policy-making processes." The communication also points out that "the Commission will continue its work in this area". Successive specific Administrative Arrangements concluded with DG Communications of the European Commission, with the European Parliament and with the Council for media monitoring services and research.

Data subjects and Data Fields

Data subjects

Anonymous and registered users of the media monitoring tools. The system provides an address book function which may be used by authorised, registered users to maintain a list of recipients of newsletters and notifications, which may be sent by email or SMS. These recipients are also data subjects.

Data fields / Category

For all users the IP address from which the system is accessed and the pages accessed are logged for statistical and debugging purposes.

For registered users the following fields are processed:

  • E-mail address
  • first name
  • surname
  • address
  • affiliation
  • telephone number
  • topics of interest such as categories (e. g. Ebola, Microplastics) or filters (e.g. public health threats during the Olympic
  • subscription to E-mail, SMS alerts and newsletters

Rights of Data Subject

Mandatory Information

See attached privacy statement. List of attachments

Procedure to grant rights

Data subjects can request access to any information held by the controller through the contact details supplied in this notification, in the privacy statement provided on all public websites and mobile applications, and in email notifications and newsletters. Email messages provide a link through which the user is able to unsubscribe directly.

Retention

Logfiles are retained for one year. Data on registered users is retained for one year after the last access, after which the user is requested to confirm their wish to keep the account; if this confirmation is not received the account and all associated personal data is deleted. The period of one year was chosen to balance the need to remove data quickly with providing a good service to occasional users who expect their accounts to be maintained.

Time limit

The controller will reply to all queries from data subjects within 15 working days.

Historical purposes

-

Recipients

Recipients

Data is available to the JRC teams providing, supporting and securing the services requested by the data subjects.

Transfer out of UE/EEA

Not applicable.

Security measures

Technical and organizational measures

Processing and data storage are performed on servers located in secure data centres to which physical access requires specific authorisation. Access to the data is available only to authorised users, checked through login and password.

Complementary information

-