Binnenmarkt

Stellungnahme des Europäischen Datenschutzbeauftragten zum Vorschlag der Kommission für eine Richtlinie des Europäischen Parlaments und des Rates zur Änderung der Richtlinie 2005/36/EG über die Anerkennung von Berufsqualifikationen und der Verordnung […] über die Verwaltungszusammenarbeit mithilfe des Binnenmarktinformationssystems, OJ C 137/01 12.05.2012, p1

Siehe auch den Text des Vorschlags für eine Richtlinie des Europäischen Parlaments und des Rates zur Änderung der Richtlinie 2005/36/EG über die Anerkennung von Berufsqualifikationen und der Verordnung über die Verwaltungszusammenarbeit mithilfe des Binnenmarktinformationssystems

The objective of the Proposal is to modernize and amend the existing text of Directive 2005/36/EC (the Professional Qualifications Directive). From the data protection perspective, the two key aspects of the Proposal are (i) the introduction of an alert system and (ii) the introduction on a voluntary basis of a European Professional Card . The processing of personal data in both cases is foreseen to take place via the Internal Market Information System (IMI).

The EDPS welcomes the efforts made in the Proposal to address data protection concerns. The EDPS also welcomes the fact that the use of an existing information system, IMI, is proposed for the administrative cooperation, which already offers, at the practical level, a number of data protection safeguards. Nevertheless, important concerns remain, mainly relating to the alert system, which must remain proportionate.

The EDPS recommends, in particular, that:

• the Proposal should specify unambiguously in which concrete cases alerts can be sent, more clearly define what personal data can be included in alerts, and limit the processing to the minimum that is necessary, taking into account proportionality and balancing of rights and interests;
• in this respect, the Proposal should unambiguously specify that alerts can only be sent after a decision has been made by a competent authority or a court in a Member State prohibiting an individual to pursue his or her professional activities in its territory;
• specify that the content of the alert must not contain more specific information regarding the circumstances and reasons for the prohibition;
• clarify and limit to the minimum strictly necessary, the period for which alerts are retained; and
• ensure that alerts are only sent to competent authorities in Member States and that these authorities shall keep alert information received confidential and not further distribute or publish it, unless the data were made public in accordance with the law of the sending Member State.

With regard to the European Professional Card and the related ‘IMI-file’, the EDPS recommends further clarifications on the conditions under which information concerning disciplinary action or criminal sanctions or any other serious specific circumstances must be included in the file, and the content of the information to be included, and also recommends clear limitation on the retention periods.

Further, the EDPS recommends that in the long term, if and when the use of Professional Cards and IMI will become widespread, the Commission undertake a review of whether the Article 56a alert systems are still necessary and whether they cannot be replaced by a more limited, and thus, from the data protection point of view, less intrusive, system.

Finally, the EDPS further recommends that the EDPS and Article 29 Working Party where national data protection authorities are also represented be consulted before the adoption of delegated acts referred to in Article 56a(5) and of any other delegated acts adopted under Article 58 which may have an impact on data protection. A data protection impact assessment should precede such consultation.

Brief zum Thema des von der Kommission am 25. Oktober 2011 angenommenen Pakets „Verantwortungsbewusste Unternehmen“

Stellungnahme zum Vorschlag für eine Verordnung des Europäischen Parlaments und des Rates über die Verwaltungszusammenarbeit mithilfe des Binnenmarkt-Informationssystems ('IMI'), OJ C 48/02, 18.02.2012, p.2

Lesen Sie auch "Vorschlag für eine Verordnung des Europäischen Parlaments und des Rates über die
Verwaltungszusammenarbeit mithilfe des Binnenmarkt-Informationssystems ('IMI-Verordnung')".

In this Opinion the European Data Protection Supervisor (EDPS) provides a series of recommendations to further strengthen the data protection framework for the Internal Market Information System ('IMI'). The EDPS supports a consistent approach to data protection in establishing an electronic system for the exchange of information, including relevant personal data.

The EDPS welcomes the fact that the Commission has proposed a horizontal legal instrument for IMI in the form of a Parliament and Council Regulation (*), which aims at comprehensively highlighting the most relevant data protection issues for IMI. The EDPS cautions that establishment of a single centralized electronic system for multiple areas of administrative cooperation also creates risks. With regard to the legal framework for IMI to be established in the proposed Regulation, the EDPS calls attention to two key challenges: the need to ensure consistency, while respecting diversity, and the need to balance flexibility and legal certainty.

The EDPS acknowledges the need for flexibility to cover administrative cooperation in different policy areas but insists that this flexibility should be accompanied by legal certainty. Against this background, the EDPS recommends that functionalities of IMI that are already foreseeable should be further clarified and that the inclusion of new functionalities should require appropriate procedural safeguards, such as preparation of a data protection impact assessment and consultation of the EDPS and national data protection authorities.

The Opinion also calls for further strengthening of data subjects´ rights and for reconsideration of the extension of the currently applicable 6-months retention period unless adequate justifications are provided.

Finally, the EDPS welcomes the provisions on coordinated supervision and recommends that these should be further strengthened in order to guarantee effective and active cooperation among the data protection authorities involved.

Background information

IMI is an online application that allows national, regional and local authorities in European Union Member States to communicate quickly and easily with their counterparts in other European countries. IMI helps users find the right authority to contact in another country and communicate with them using pre-translated sets of standard questions and answers. IMI is designed as a flexible system that can be used for many pieces of single market legislation. Currently, it covers the following instruments: the Professional Qualifications Directive (2005/36/EC) and the Services Directive (2006/123/EC).

Stellungnahme über Netzneutralität, Verkehrsmanagement und Schutz der Privatsphäre und personenbezogener Daten, OJ C 34/01, 08.02.2012, p.1

Stellungnahme zum Vorschlag für eine Richtlinie des Europäischen Parlaments und des Rates über Wohnimmobilienkreditverträge, OJ C 377/02, 23.12.2011, p.5