Opinion on the Commission proposal for a Directive of the European Parliament and of the Council amending Directive 2005/36/EC on the recognition of professional qualifications and Regulation [...] on administrative cooperation through the Internal Market Information System, OJ C 137/01 12.05.2012, p1
See also the text of the proposal for a Directive of the European Parliament and of the Council amending the Directive 2005/36/EC on the recognition of professional qualifications and Regulation [...] on administrative cooperation through the Internal Market Information System
The objective of the Proposal is to modernize and amend the existing text of Directive 2005/36/EC (the Professional Qualifications Directive). From the data protection perspective, the two key aspects of the Proposal are (i) the introduction of an alert system and (ii) the introduction on a voluntary basis of a European Professional Card . The processing of personal data in both cases is foreseen to take place via the Internal Market Information System (IMI).
The EDPS welcomes the efforts made in the Proposal to address data protection concerns. The EDPS also welcomes the fact that the use of an existing information system, IMI, is proposed for the administrative cooperation, which already offers, at the practical level, a number of data protection safeguards. Nevertheless, important concerns remain, mainly relating to the alert system, which must remain proportionate.
The EDPS recommends, in particular, that:
With regard to the European Professional Card and the related ‘IMI-file’, the EDPS recommends further clarifications on the conditions under which information concerning disciplinary action or criminal sanctions or any other serious specific circumstances must be included in the file, and the content of the information to be included, and also recommends clear limitation on the retention periods.
Further, the EDPS recommends that in the long term, if and when the use of Professional Cards and IMI will become widespread, the Commission undertake a review of whether the Article 56a alert systems are still necessary and whether they cannot be replaced by a more limited, and thus, from the data protection point of view, less intrusive, system.
Finally, the EDPS further recommends that the EDPS and Article 29 Working Party where national data protection authorities are also represented be consulted before the adoption of delegated acts referred to in Article 56a(5) and of any other delegated acts adopted under Article 58 which may have an impact on data protection. A data protection impact assessment should precede such consultation.