Introduction

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (EC) N°45/2001, of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.

This statement concerns monitoring of news and social media. The Joint Research Centre (JRC) Text and Data Mining Unit performs automatic monitoring of online and social media in order to provide media monitoring services to staff across the EU institutions and to the general public.

Why do we process your data?

Purpose of the processing operation: The head of JRC Unit I.3 (referred to hereafter as Data Controller), collects and uses your personal information to:

  • provide multilingual media and social media monitoring services to EU Institutions to support spokespersons, communications officials, policy officers and decision makers with near real time information on current affairs, emerging topics of current interest and the volume and tonality of articles and posts in predefined categories corresponding to policy areas, high level EU officials etc.;
  • allow searching for historical news articles and support the analysis of trends in reporting over many years; and
  • perform research in text mining, natural language processing and computational linguistics including the identification of places, persons and organisations in text, detection of sentiment and tonality, approaches for clustering and deduplicating related texts and approaches to detect hate speech and related phenomena.

The processing is lawful under Article 5(a) of Regulation 45/2001, which states that personal data may be processed only if "processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof or in the legitimate exercise of official authority vested in the Community institution or body or in a third party to whom the data are disclosed", and, for registered users, under Article 5(d) of Regulation 45/2001, which states that personal data may be processed only if "the data subject has unambiguously given his or her consent".

Art. 1 of Commission Decision 96/282/Euratom entrusts the JRC with a role to "carry out the Community's research programmes and other tasks entrusted to it by the Commission".

Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020) states that "the Joint Research Centre (JRC) shall contribute to the general objective and priorities of Horizon 2020 with the specific objective of providing customer-driven scientific and technical support to Union policies".

Which data do we collect and process?

The personal data collected and further processed are:

  • The personal data collected and further processed are:
  • publicly available information about internet users whose social media posts are analysed.

Any personal information contained in online news reporting from the sources monitored will be collected, indexed and made available for searching by the system, in a similar way to internet search engines. Data fields comprise:

  • Title, first name and family name of recognised public figures, data retrieved from Wikipedia;
  • Quotes from a person and quotes about a person, as extracted from news items;
  • Entities that are co-mentioned in news items;
  • Links to related stories;
  • Organisations which can be identified in the text and are specifically processed; and
  • Social media user identifiers, e.g. in MEDISYS top twitter users, MyNews Twitter analysis.

Furthermore, users of services which require a personal account can register and consent to the storage of their data on servers hosted at JRC. The system provides an address book function which may be used by authorised, registered users to maintain a list of recipients of newsletters and notifications, which may be sent by email or SMS. These recipients are also data subjects.

For all users, the IP address from which the system is accessed and the pages accessed are logged for statistical and debugging purposes.

For registered users the following fields are processed:

  • contact details (E-mail address, first name, surname, address, affiliation, telephone number)
  • topics of interest such as categories (e. g. Ebola, microplastics) or filters (e.g. public health threats during the Olympic Summer Games); and
  • subscription to E-mail alerts, SMS alerts and newsletters.

How long do we keep your data?

The controller only keeps the data for the time necessary to fulfil the purpose of collection or further processing. In particular, the retention times are as follows:

News article text – Data retention time is unlimited for research purposes to study long-term trends of topics of relevance to the European Union, unless the data subjects mentioned in the text request deletion of the record.

Entity entries – Data retention time is unlimited for research purposes to study long-term trends of topics of relevance to the European Union, unless the data subjects requests deletion of the record.

Social media post ids – Data retention time is unlimited for research purposes to study long-term trends of topics of relevance to the European Union, unless the data subjects mentioned in the text request deletion of the record.

For all users the IP address from which the system is accessed and the pages accessed are logged for a retention period of one year in view of building usage statistics.

Data on registered users are retained for one year after the last access, after which the user is requested to confirm their wish to keep the account; if this confirmation is not received, the account and all associated personal data is deleted. The period of one year was chosen to balance the need to remove data quickly.

How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 [C(2006) 3602] concerning the security of information systems used by the European Commission;

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE.

Who has access to your data and to whom is it disclosed?

Data concerning publicly available news articles and social media posts are made available to the general public through internet websites.

Access to your personal data from registered accounts is provided to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

What are your rights and how can you exercise them?

According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:

  • Head of Unit I.3, Text and Data Mining, of the Joint Research Centre of the European Commission
  • Fax number: +39 0332 78 6369
  • JRC-TMA-CC@ec.europa.eu

The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu

The European Data Protection Supervisor (EDPS): edps@edps.europa.eu

Where to find more detailed information?

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link : http://ec.europa.eu/dpo-register This specific processing has been notified to the DPO with the following references: