An inspection carried out in August 2018 revealed several security and data protection deficiencies on the main websites of the EU institutions and bodies, the European Data Protection Supervisor (EDPS) said on Monday 3 June.
The EDPS selected ten public websites managed by the European Parliament, the Council of the EU, the European Commission, the Court of Justice of the EU, Europol and the European Banking Authority (EBA). It also inspected the websites of the European Data Protection Board, the 2018 International Conference of Data Protection and Privacy Commissioners and its own website.
Seven of the ten websites inspected did not comply with the regulation on the processing of personal data by EU institutions and bodies, thee-Privacy Directive or the EDPS guidelines on Internet services, it explains.
Among the problems encountered, it cites monitoring by a third party without prior consent, the use of trackers for web analytics without visitors’ prior consent or the submission of personal data collected through web forms using non-encrypted connections.
“The EU institutions responsible for the most important websites have informed us of technical measures that they have implemented to significantly reduce the risks to security and privacy that were detected in our inspection”, explained EDPS Giovanni Buttarelli in a statement.
The EDPS intends to closely monitor the efforts of the inspected institutions and will continue to carry out website inspections in the coming months, focusing on the most visited sites. (Original version in French by Marion Fontana)