Search

1 - Statute The CNPD is a collegiate body with three effective members and three substitute members. It operates in the form of a public establishment under the supervision of the Minister whose responsibilities include data protection (currently the Minister for Communications, Mr Jean-Louis Schiltz). It is nevertheless independent in the exercise of its functions. 2 - Rules of Procedure The CNPD’s rules of procedure were published in the Mémorial B (section B of the official gazette) of 28 January 2003. They define the CNPD’s procedures and working methods. They also lay down the rules of procedure applicable within the CNPD, its operating conditions and its internal organisation. 3 - Deliberations The CNPD meets regularly for deliberations. It is convened either by its Chairman or at the request of two of its effective members. 4 - Internal organisation of the CNPD The CNPD has the assistance of: * a department for “keeping the public register, processing notifications (and requests for authorisation), applications and complaints and following up procedures and sanctions”; * a legal affairs and documentation department; * an IT and logistics department; * a “public relations, communication and public information” department; * a “general administration, finances and budget” department.

In addition to its statutory tasks in national terms, the CNPD is also responsible for taking part in implementing and supervising observance of the protection of individuals with regard to automatic processing of personal data at both the European and international levels. The CNPD represents the Grand Duchy of Luxembourg on a number of bodies and working parties including the "Article 29 Working Party", various Council of Europe committees, and the body that supervises application of the Schengen Agreements.

The CNPD is present in the three Joint Supervisory Authorities (JSAs): "Schengen", "Europol" and "Customs".

# "Copland" Judgement (Systematic supervision of personal Internet, e-mail and telephone usage at work) # Compilation of the Judgements of the European Human Rights Court regarding data protection

Consultative Committee under the Data Protection Convention The Consultative Committee was instituted under Article 18 of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108). The Committee makes proposals with a view to facilitating or improving the application of the Convention and proposals for amendment of the Convention, and formulates its opinion on any proposal for amendment of the Convention which is referred to it. It also expresses an opinion on any question concerning application of the Convention. Project Group on Data Protection Until 2004, a second working party - the Project Group on Data Protection - functioned under the auspices of the European Committee on Legal Co-operation (CDCJ). Its main task was to compile reports on data protection in various areas, including biometric data and smart cards. The Project Group was merged with the Consultative Committee under the terms of a decision adopted at the 877th meeting of the Committee of Ministers (24 March 2004).

The Visa Information System Supervision Coordination Group (VIS SCG) pursuant to article 43 of the VIS Regulation 767/2008/CE of 9 July 2008 was established in order to ensure a coordinated supervision of the VIS and the national systems. Composition The VIS

The SIS II Supervision Coordination Group (SIS II SCG) is a platform allowing data protection authorities responsible for monitoring SIS to work together. The SIS II SCG replaced the Schengen Joint Supervisory Authority (JSA) after SIS II's entry into force on 9 April 2013. Composition The SIS (Schengen Information System) II SCG is made up of a representative of every Member State's data protection authority and the European Data Protection Supervisor (EDPS). The SCG SIS II administrative services are provided by the EDPS (European Data Protection Supervisor). Luxembourg is represented by the Article 17 Supervisory Authority. Tasks and duties The SIS II SCG is responsible for monitoring activities and joint inspections, for verifying compliance with the data protection provisions of the SIS II Regulation and the SIS II Decision, for drawing up recommendations for Member States and the central unit. During its regular meetings, participants share experiences, discuss common problems relating to the use of SIS II, and look for solutions. Representatives of the European Commission services and the European Union IT agency (eu-Lisa) also take part in these meetings. What is the second generation Schengen Information System (SIS II)? The SIS II is a large-scale IT system, set up as a compensatory measure for the abolition of internal border checks, and intends to ensure a high level of security within the area of freedom, security and justice of the European Union, including the maintenance of public security and public policy and the safeguarding of security in the territories of the Member States. SIS II centralises two broad categories of information taking the form of alerts on, firstly, persons - who are either wanted for arrest, missing, sought to assist with a judicial procedure, for discreet or specific checks, or third country nationals subject to refusal of entry or stay in the Schengen area, and, secondly, objects - such as vehicles, travel documents, credit cards, for seizure or use as evidence in criminal proceedings, or for discreet or specific checks. When the alert concerns a person, the information must always include the name, surname and any aliases, the sex, a reference to the decision giving rise to the alert and the action to be taken. If available, the alert may also contain information such as any specific, objective, physical characteristics not subject to change; the place and date of birth; photographs; fingerprints; nationality(ies); whether the person concerned is armed, violent or has escaped; reason for the alert; the authority issuing the alert; links to other alerts issued in SIS II in accordance with Article 37 of SIS II Regulation or Article 52 of SIS II Decision. Rights recognized to individuals whose data is processed in the SIS II Persons whose personal data are collected, held or otherwise processed in SIS II are entitled to rights of access, correction of inaccurate data and deletion of unlawfully stored data. In Luxembourg, the right of access can only be exercised through the Article 17 Supervisory Authority (indirect access). The supervisory authority will carry out the appropriate verification and investigations and arrange for any necessary rectifications. The representatives of the Grand Duchy of Luxembourg in the SIS II SCG • Mr Thierry LALLEMANG, member of the Article 17 supervisory authority, commissioner of the CNPD • Ms Tine A. Larsen, member of the Article 17 supervisory authority, president of the CNPD

Direct complaint You can exercise your right of access and rectification at any time by contacting the data controller during the collection, storage, use or processing of the data. You have the right to request details about the personal information