|Registration||Not yet registered||Language||English|
|Deleted||No||EDPS opinion (prior check)||No|
|Controller||KING Matthew||DPC Notes||-|
|DPC||NUNEZ BAREZ Laura, SPICAR Premysl|
Name of the processing
Data on users of media monitoring tools
The Joint Research Centre (JRC) Text and Data Mining Unit performs automatic monitoring of online and social media in order to provide media monitoring services to staff across the EU institutions and to the general public. In general, there are two groups of services: those which require registration and those which do not.
Automated / Manual operations
All operations are automatic, except for system configuration and the selection of articles for moderated newsletters which are performed manually.
The data gathered and generated by the system are stored electronically in files and / or databases on servers at the Joint Research Centre.
Purpose & legal basis
The purpose of the processing is to:
- Provide multilingual media and social media monitoring services to EU Institutions and selected partner organisations to support spokespersons, communications officials, policy officers and decision makers with near real time information on current affairs, emerging topics of current interest and the volume and tonality of articles and posts in predefined categories corresponding to policy areas, high level EU officials etc.
- Provide newsletters and notifications, related to topics of interest and breaking news, to recipients who have requested them.
Legal basis and Lawfulness
The processing is lawful under Article 5(a) of Regulation 45/2001, which states that personal data may be processed only if "processing is necessary for the performance of a task carried out in the public interest on the basis of the Treaties establishing the European Communities or other legal instruments adopted on the basis thereof or in the legitimate exercise of official authority vested in the Community institution or body or in a third party to whom the data are disclosed", and under Article 5(d) of Regulation 45/2001, which states that personal data may be processed only if "the data subject has unambiguously given his or her consent". Art. 1 of Commission Decision 96/282/Euratom entrusts the JRC with a role to "carry out the Community's research programmes and other tasks entrusted to it by the Commission". Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020) states that "the Joint Research Centre (JRC) shall contribute to the general objective and priorities of Horizon 2020 with the specific objective of providing customer-driven scientific and technical support to Union policies". Council Decision of 3 December 2013 establishing the specific programme implementing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020); Successive Commission Implementing Decisions on the adoption of multi-annual work programmes under Council Decision 2013/743/EU and Council Regulation (Euratom) No 1314/2013, to be carried out by means of direct actions by the Joint Research Centre, including C(2017) 1288 for the period 2017-2018 and C(2018) 1386 for the period 2018-2019. COM(2018)236, Tackling online disinformation: a European Approach, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. The "communication presents a comprehensive approach that aims at responding to those serious threats by promoting digital ecosystems based on transparency and privileging high-quality information, empowering citizens against disinformation, and protecting our democracies and policy-making processes." The communication also points out that "the Commission will continue its work in this area". Successive specific Administrative Arrangements concluded with DG Communications of the European Commission, with the European Parliament and with the Council for media monitoring services and research.
Data subjects and Data Fields
Anonymous and registered users of the media monitoring tools. The system provides an address book function which may be used by authorised, registered users to maintain a list of recipients of newsletters and notifications, which may be sent by email or SMS. These recipients are also data subjects.
Data fields / Category
For all users the IP address from which the system is accessed and the pages accessed are logged for statistical and debugging purposes.
For registered users the following fields are processed:
- E-mail address
- first name
- telephone number
- topics of interest such as categories (e. g. Ebola, Microplastics) or filters (e.g. public health threats during the Olympic
- subscription to E-mail, SMS alerts and newsletters
Rights of Data Subject
See attached privacy statement. List of attachments
Procedure to grant rights
Data subjects can request access to any information held by the controller through the contact details supplied in this notification, in the privacy statement provided on all public websites and mobile applications, and in email notifications and newsletters. Email messages provide a link through which the user is able to unsubscribe directly.
Logfiles are retained for one year. Data on registered users is retained for one year after the last access, after which the user is requested to confirm their wish to keep the account; if this confirmation is not received the account and all associated personal data is deleted. The period of one year was chosen to balance the need to remove data quickly with providing a good service to occasional users who expect their accounts to be maintained.
The controller will reply to all queries from data subjects within 15 working days.
Data is available to the JRC teams providing, supporting and securing the services requested by the data subjects.
Transfer out of UE/EEA
Technical and organizational measures
Processing and data storage are performed on servers located in secure data centres to which physical access requires specific authorisation. Access to the data is available only to authorised users, checked through login and password.