What are EASA’s obligations with regard to the confidentiality of data it receives?
As an official public body of the EU, EASA works within a strict legal framework which provides the highest confidentiality standards with regard to the use and dissemination of the information submitted in the framework of its institutional tasks. As such, EASA can and will only use the data within its mandate, as defined by Regulation (EU) 2018/1139, which sets out its tasks and responsibilities in relation to aviation safety within the EU.
In addition, as a body of the EU, several legal obligations on confidentiality and discretion are specifically imposed on EASA, as well as on its staff members, as prescribed by Article 17 of the EU Staff Regulations. These obligations apply to staff during their employment with EASA and also after their employment has come to an end. This means that unauthorised disclosure of information received in the line of duty is prohibited on a perpetual basis.
Without prejudice to the application of Regulation (EC) No 1049/2001 on public access to documents, Article 4 of this regulation provides for specific cases in which the Agency shall refuse disclosure of documents. In particular, EASA has to refuse access to documents whenever such disclosure would undermine the commercial interest of a natural or legal person, including intellectual property. This means that EASA has a specific obligation, imposed by law, to protect certain interests when handling requests for disclosure of documents.
In light of the above, all information shared with EASA provided within the scope of the cooperation will be afforded the appropriate level of data confidentiality.