How are signatories' data protected?
Throughout the procedure, all parties involved must comply with the legislation in force on protection of personal data resulting from Directive 95/46/EC. In particular, before collecting statements of support, organisers may be required to notify the data protection authority(ies) in the EU country(ies) where the data will be processed.
Furthermore, the Regulation on the citizens' initiative includes more specific provisions on data protection.
- take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing;
- ensure that personal data collected are not used for any purpose other than supporting that specific initiative;
- destroy all statements of support and any copies no later than one month after submitting their initiative to the Commission or 18 months after its date of registration, whichever is the earlier*.
Likewise national authorities must:
- use the personal data only for the purpose of verifying the statements of support;
- destroy all statements of support and any copies no later than one month after certifying the number of valid statements of support*.
* Statements of support may be retained beyond these time limits if necessary for the purpose of legal or administrative proceedings relating to the initiative. In this event, organisers must destroy all statements of support and copies no later than one week after the date of conclusion of said proceedings by a final decision.