*Update 22 January 2025, please find the recording of our conference. Roughly year ago (in December 2023), the Commission asked staff to provide their private mobile phone numbers to create Signal messenger groups where they could be contacted for work purposes. The intended goal was to test business continuity, but it lacked any legal basis and even a basic respect for data-protection (GDPR) principles.
The action took place in a void: it was never discussed with staff representatives and it lacked any legal preparation or justification: there was not even a consultation with the Commission Data Protection Officer (DPO), the same DPO who later confirmed the lack of a legal basis for the exercise.
We would like to present you the situation and the steps taken by the Commission after our complaints. We’d also like to hear from you to define our course of action.
Join us on Tuesday 21 January at 12.30 (CET) for a conference/debate on this topic.
Since we are aware that some colleagues are experiencing issues during the connection, we warmly suggest you to join with the Webex desktop app or to use Firefox Browser.
We will make the presentation and recording (but not the chat) available here after the event.
See you there!
It’s more than just Signal groups
One might think that the Commission is, at the end of the day, a trustable institution, in fact, the very Guardian of the Treaties, and that a mere formal mistake should not create outcry. After all, most of us share gladly their mobile phone number with direct colleagues.
Many of us shared our numbers at the beginning of the pandemic and now find that this has morphed into an almost-obligation to belong to work groups. We fear repercussion if we were to express our perfectly legitimate desire to leave the discussion, particularly when it is ongoing, day and night.
The Commission is gathering a long list of infractions as confirmed by the European Data Protection Supervisor (EDPS). The most recent one, regarding an illegal targeting campaign by the Commission, is public since last December in many internet web sites. Since the EDPS itself has not published it yet in its website, giving two months to the parties to appeal to the Court of Justice, we’ll refrain to provide links to those websites yet.
The EDPS is also busy analysing the massive transfers of staff personal data from the Commission to the Permanent Representations, in what we consider an abuse of what the Commission calls “principle of sincere cooperation”. A Generation 2004 member filed a complaint because these apparently innocent data transfers have resulted in disciplinary measures for staff members expressing their private opinions unpleasant for a particular Permanent Representation.
Under this context, and knowing how much data access the Commission allows itself when you install one of their necessary-for-work applications in your mobile phone, we are reluctant to accept any requests for accessing our private mobile phones. The situation in Delegations, were staff are expected to regularly use their private phone for work needs shows how far can things go.
What has happened since the business continuity abuse?
In the last year, the staff representation has exchanged several notes with HR and the DPO requesting to correct the mistake, for instance by informing managers that staff should be removed from Signal groups created illegally unless a proof of explicit consent is delivered. Staff who shared their number during a global pandemic did not explicitly consent to its expected ongoing inclusion in a 24/7 work chat, a chat which might not have been quiet at any point since the pandemic and to which all staff are expected to dedicate their attention, independent of the time of day, weekend, or leave.
HR has not taken any corrective measure, but has since drafted a Decision to provide legal basis for the access to our mobile phones. Generation 2004 and the other unions and staff associations have been consulted this time (in what is called a ‘social dialogue’).
The most controversial aspect of this draft Decision is that every staff member should provide a private telephone number to be contacted for work-related needs during their disconnection time. The phone would be also used for emergencies and business continuity needs. We’re already ‘gifting’ a disconcerting number of unclaimable days to the Commission, without counting the decisions, requests and tasks distributed via never-ending obligatory chats on our private devices.
Given the context explained above, Generation 2004 and the other unions and staff associations (OSPs) opposed, in a formal note in November 2024, the consolidation in law of this systematic intrusion in our privacy. At the moment of publishing this article, we have not got any reaction from HR regarding our remarks.
As always, we would love to hear from you. Please do not hesitate to get in touch with us or leave a comment below.
If you appreciate our work, please consider becoming a member of Generation 2004.