Privacy Statement

PROTECTION OF YOUR PERSONAL DATA 

This privacy statement provides information about  
the processing and the protection of your personal data. 

Processing operation: Digital Platform Supporting the Conference on the Future of Europe  

Data Controller: European Commission, Directorate-General for Communication, Unit COMM.C.3 

Record reference: DPR-EC-07366  

1) Introduction 

The European Commission (hereafter ‘the Commission’) is committed to protecting your personal data and to respecting your privacy. The Commission collects and further processes personal data pursuant to Regulation 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001). 

This privacy statement explains the reasons for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor. 

This privacy statement concerns the processing of personal data by the Commission when managing the Digital Platform Supporting the Conference on the Future of Europe (COFE platform) operated by the Commission, Directorate-General for Communication, Unit COMM.C.3 and by the units responsible for dealing with processing activities related to the Conference on the Future of Europe in the competent Commission department or service. 

2) Why and how do we process your personal data? 

The purpose of the processing operation is to facilitate the operation and management of the digital platform supporting the Conference on the Future of Europe (COFE platform). The Conference on the Future of Europe is a joint initiative of the European Parliament, the Council and the European Commission, which will bring together the stakeholders from all around Europe to jointly debate on the future policy directions of the European Union.  

Specifically, the collection and further processing of personal data is necessary for:  

• facilitating registration procedure and access to the COFE platform; 
  
• providing relevant information to participants about the planned events and to facilitate the participation to online activities organized within the framework of the conference on the Future of Europe; 
  
• communication activities such as sending e-mails and invitations (this entails the management of contact lists for correspondence); 
  
• gathering the outcomes of debates in one place; 
  
• exchange of documents related to the conference on the Future of Europe and sharing information with the other EU institutions (the European Parliament and the Council) for communication and planning purposes, internal overview of events, communicating future events, and statistics; 
  
• documentation of the Conference on the Future of Europe, publication of reports, notices, proceedings, news; 
  
• audio and video recording of speakers, participants and organisers which may be published on the COFE platform/internet/intranet in the context of the activities organised within the framework of conference on the Future of Europe; 
  
• statistical and analytical purposes; 
  
• secure functioning and maintenance of the COFE platform. 

The COFE platform (https://futureu.europa.eu/) is an interactive web user interface, which complements the Conference on the Future of Europe by allowing citizens and organisations to actively participate in the online activities of the conference (e.g. to register to an event, post information about conference (agendas, reports etc.), submit and discuss ideas and endorse or comment on other users’ contributions). The COFE platform is free and publicly available. All users, registered or not, can access and browse the COFE platform (IP address and/ore device ID is required to browse the website). Prior registration is required in order to contribute on the platform. 

The content available via the COFE platform may be processed by an automated system for content analysis used to help analysts understand large volumes of text input, and for detecting potential disinformation and other forms of manipulation of the discussions. In the context of the Conference on the Future of Europe, the content analysis tool will be used for: 

• helping human analysts to understand the content input to COFE (for example by highlighting emerging topics, organising input into categories, understanding emotions and values expressed in the text) to support generating policy and opinion research results as well as for producing statistics;  
  
• detecting and highlighting potentially problematic content posted on the COFE platform (including possible misinformation and other attempts to manipulate COFE discussions and public opinion, and including research into the detection of hate speech and violent extremism);  
  
• training and improving the performance of the content analysis system used for the classification of sentiment, emotion, possible disinformation, and other characteristics of the text, including research into extracting information from large amounts of text in many languages. 
  

The content analysis system will only evaluate the content submitted via the COFE platform. This will include pseudonymised answers to the sociodemographic questionnaire and the other content (posts, comments, endorsements, likes, votes) submitted on the platform (including associated metadata such as the time the input was made). It is important to note that the system will under no means collect personal data necessary for the registration (e.g. name, surname, e-mail address) unless explicitly mentioned in the comments, posts and other public contributions submitted by the users themselves. Each user will be assigned a unique identifier as to prevent possibility for identification of an individual data subject.  

3) On what legal ground(s) do we process your personal data? 

We process your personal data, because: 

1- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (Article 5(1)(a) of Regulation (EU) 2018/1725)  

The processing of personal data is necessary to facilitate the operation and management of the COFE platform. 

In accordance with the general objective of Article 11(1) TEU to foster a major pan-European democratic exercise and to bring the citizens closer to the European Union, as well as the openness, transparency and accessibility obligations laid down by Article 15 TFEU. 

One of the Commission’s objectives is to promote European democracy and provide the means for the citizens and representative associations to make known and publicly exchange their views in all areas of Union action. Specifically, the horizontal civil dialogues have potential to extend and strengthen the European model of democracy by fostering multilingual democratic debate and contributing to the participation of citizens in the Union’s decision-making process as well as increasing the visibility of the Union’s contribution for citizens.  

These objectives can be best achieved in particular, through digital platforms enabling horizontal exchange and citizens’ participation in the democratic and political activities of the Union. The COFE platform, shall be a place for citizens to share their ideas and send online submissions and act as a hub for all COFE activities and as a new form of multistakeholders public forum, which is best fit for exchanging proposals for citizens and civil society. It is a space for identifying and reflecting and building on the values, principles and objectives of the European project, creating a European public sphere by helping to close the gap between policymakers and citizens and also harnessing the potential for meaningful participation by citizens. 

The Conference on the Future of Europe and the platform were announced among the political priorities set out by the Commission President in her Political Guidelines for the European Commission 2019-2024 (https://ec.europa.eu/info/sites/info/files/political-guidelines-next-commission_en.pdf)  and further defined in the subsequent Communication from the Commission to the European Parliament and the Council on Shaping the Conference on the Future of Europe (COM(2020) 27 final) in January 2020. The Conference on the Future of Europe is a platform to be established on the basis of a cooperation with the European Parliament and the Council of the European Union, as reflected in the European Parliament resolution of 15 January 2020 and the Council’s position 9102/20 agreed on 24 June 2020. 

Last, communication actions linked to specific annual or multiannual communication priorities as per State of the Union Address of the Commission President, are considered as tasks resulting from the Commission’s prerogatives at institutional level, as provided for in Article 58(2) (d) of Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018 on the financial rules applicable to the general budget of the Union, amending Regulations (EU) No 1296/2013, (EU) No 1301/2013, (EU) No 1303/2013, (EU) No 1304/2013, (EU) No 1309/2013, (EU) No 1316/2013, (EU) No 223/ 2014, (EU) No 283/2014, and Decision No 541/2014/EU and repealing Regulation (EU, Euratom) No 966/2012 (OJ L 193, 30.7.2018, p. 1). 

2- The data subject has given consent for the processing of his or her personal data for one or more specific purposes (Article 5(1)(d) of Regulation (EU) 2018/1725)  

For specific processing activities the consent of the data subject is necessary. In compliance with Article 3(15) and Article 7 of Regulation (EU) 2018/1725, the consent must be freely given, specific, informed and unambiguous. 

Your consent is necessary for: 

• registration and access to the COFE platform  
  
• participating in the online activities of the Conference on the Future of Europe (e.g. submitting contributions on the COFE platform).
  
  

We have obtained your consent directly from you in the course of the registration to the COFE platform.

4) Which personal data do we collect and further process? 

Depending on the circumstances and on your activity on the platform, the Data Controller may collect and further process the following categories of data: 

1- Data collected from all users (registered or unregistered): online identifiers (IP address and device ID), collected only for security measures.  

When you enter a European Commission website, the Commission receives as an essential technical requirement the Internet Protocol address (IP address) or the device ID of the device used to access the website.  

Without this processing you will not be able to establish a technical connection between your devices and the server infrastructure maintained by the European Commission and therefore will not be able to access the websites of the European Commission. For more information, please consult the record on processing personal data within europa.eu domain, DPR-EC-00083.  

2- Data collected from all registered users:  

Mandatory

• name (first and last name)  
  
• nickname 
  
• e-mail address 
  

Optional

Personal data necessary for statistical and reporting purposes

• gender 
• nationality 
  
• age bracket 
  
• country of residence 
  
• occupation 
  
• educational and professional background 
  
• subjective urbanisation (rural/metropolitan area) 
  

3- Content published by the registered user (registered users of the platform can in any case provide additional information, some of which may contain personal data): 

• opinions and other contribution(s)* submitted on the COFE platform 
  
• engagement, reach and sentiment (e.g. “likes” of policy proposals, comments, or contributions of other participants)  
  

4- The categories of data processed by the EU Login application (IAMS) are described in the record of DIGIT (DPR-EC-03187) 

* For the purpose of this processing operation, contributions include any idea, comment, opinion, post submitted by the users of the COFE platform in the course of activities falling within the framework of the Conference on the Future of Europe.  

Due to the potential sensitivity of your data, you are invited to be vigilant when contributing on the COFE platform. 

Please note that the Commission does not request nor expect that participants to the Conference on the Future of Europe include (i) special categories of data under Article 10(1) of Regulation 2018/1725 (that is “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation”). However, due to the nature of the Conference, the contributions you submit via the COFE platform may address subjects and topics that directly or indirectly reveal information about your health, political, philosophical or religious convictions and beliefs, political affiliations, sex life or sexual orientation, racial or ethnic origin or even trade union membership. Any inclusion of these types of personal data is the responsibility of the participant. 

In this case the processing is not prohibited, as your contributions are provided on a voluntary basis and your personal data is processed on the basis of your explicit consent and it necessary for reasons of substantial public interest, on the basis of Union law (Section 3.1) which is proportionate to the aim pursued, respects the essence of the right to data protection and provides for suitable and specific measures to safeguard your fundamental rights and interests in line with Articles 10(2) (a) and (e) of the Regulation 2018/1725. 

5) How long do we keep your personal data? 

The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection, namely until you unsubscribe from the mailing list. 

1- Personal data necessary for the operation and management of the COFE platform  

Your personal data collected for the purpose of the registration and submitted in the course of the Conference will be kept for maximum period of 2 (two) years after the last day of activity of the Conference on the Future of Europe, after which the data is transferred to the historical archives of the Commission. 

2- Reports, paper and electronic records, including ARES records kept by DG COMM 

All paper and electronic records concerning the day-to-day correspondence, calls for proposals and/or interest together with the resulting contractual/financial files as well as reports containing aggregated data will be archived according to the Common Commission Level Retention List (SEC(2019)900/2) and stored in ARES (Advanced Records System) under the responsibility of Secretariat-General for a period of ten (10) years with the application of sampling and selection techniques (see record DPR-EC-3871 - Management of the European Commission's archives). 

6) How do we protect and safeguard your personal data? 

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored on the servers of the Commission and its contractors. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission. 

The Commission’s contractors are bound by a specific contractual clause for any processing operations of personal data on behalf of the Commission, and by the confidentiality obligations deriving from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). 

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation. 

7) Who has access to your personal data and to whom is it disclosed? 

Access to your personal data is provided to the authorised personnel of the European Commission and its contractors responsible for carrying out this processing operation according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements. 

Mandated staff of the European Commission services involved in the Conference on the Future of Europe have access to personal data collected via the COFE platform for the purpose of the operation of the platform and optimal Conference management as well as for follow-up action that might be necessary for further processing purposes (e.g. to produce Conference reports, to undertake research on public opinion analysis and/archiving). That may include: registration data, online identifiers, sociodemographic data and all contributions submitted in the course of the Conference. It is important to note however, that the data is accessible only on a ‘need-to-know’ basis, specifically: 

• Commission’s IT team will have access to the data that is strictly necessary to provide an appropriate technical and logistical support (e.g. helpdesk, management of access rights, maintenance of the platform)  
  
• Moderators and administrator users will have access to full name and email address, as provided during registration.  
  
• Pseudonymised socio-demographic data provided by the users will be available to mandated JRC staff exclusively for research and opinion analysis  
  

Mandated staff of the Commission processors (incl. external contractors) may be provided with the data relevant for them to provide the required logistical and organizational support (e.g. technical maintenance of the platform) and for performing other obligations set out in the arrangements between the external processors and the Commission. That may include: registration data, online identifiers and all contributions submitted in the course of the Conference. 

The general public will have access to the information displayed on the COFE platform that is publicly available.  

Please note that pursuant to Article 3(13) of Regulation (EU) 2018/1725 public authorities (e.g. Court of Auditors, EU Court of Justice) which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients. The further processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. 

The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law. 

8) What are your rights and how can you exercise them?  

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725. As regards this processing operation, you can exercise the following rights: 

• the right to access your personal data (Article 17 of Regulation (EU) 2018/1725); 
  
• the right to rectification in the case that your personal data is inaccurate or incomplete (Article 18 of Regulation (EU) 2018/1725); 
  
• the right to erasure of your personal data (Article 19 of Regulation (EU) 2018/1725); 
  
• where applicable, the right to restrict the processing of your personal data (Article 20 of Regulation (EU) 2018/1725); 
  
• the right to data portability (Article 22 of Regulation (EU) 2018/1725); 
  
• and the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a). 
  

If you have provided your consent to the Directorate-General for Communication, Unit COMM.C.3 for the present processing operation, you can withdraw it at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn your consent.  

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Section 9. 

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. Record reference(s) as specified under Section 10) in your request. 

9) Contact information 

The Data Controller 

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller, European Commission Directorate-General for Communication, Unit COMM.C.3 (COMM-DGA1-COFE@ec.europa.eu). 

The Data Protection Officer (DPO) of the Commission 

You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725. 

The European Data Protection Supervisor (EDPS) 

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (edps@edps.europa.eu) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller. 

10) Where to find more detailed information? 

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register 

This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-07366