Le marché intérieur permet aux personnes, aux produits, aux services et aux capitaux de circuler librement dans l’UE, offrant de nouvelles opportunités aux citoyens, aux travailleurs, aux entreprises et aux consommateurs, tout en créant les emplois et la croissance dont l’Europe a besoin. La mise en pratique de ces libertés fondamentales au moyen de règles, notamment, sur les services de paiement, les applications logicielles pour le partage des informations (telles que le système d’information du marché intérieur IMI) implique le traitement de données à caractère personnel.
Deuxième avis relatif au réexamen de la directive 2002/58/CE concernant le traitement des données à caractère personnel et la protection de la vie privée dans le secteur des communications électroniques (directive "vie privée et communications électroniques"), JO C 128, 06.06.2009, p. 28
This Opinion follows upon a first EDPS Opinion, as well as Comments, in which recommendations were made to help ensure that the proposed changes effectively provide for the best possible protection of personal data.
This Second Opinion comes as a response to the Council's Common Position which, on a number of critical points, fails to endorse some of the data protection safeguards proposed by the European Parliament and the European Commission or previously recommended by the EDPS. The recommendations presented in this Opinion aim at streamlining some of the provisions of the Directive, while at the same time ensuring an adequate level of data protection and privacy.
The Opinion particularly focuses on the provisions relating to the setting up of a mandatory security breach notification system for which the Supervisor believes there is still some room for improvement.
EDPS Comments on selected issues that arise from the IMCO report on the review of Directive 2002/22/EC (Universal Service) & Directive 2002/58/EC (ePrivacy)
Answer to the letter of the Commission proposing a way forward towards a more complete implementation of the necessary data protection safeguards for the Internal Market Information System ("IMI"), 14 July 2008
Avis concernant la décision de la Commission du 12 décembre 2007 relative à la protection des données à caractère personnel dans le cadre de la mise en oeuvre du Système d'information du marché intérieur (IMI) (2008/49/CE), JO C 270, 25.10.2008, p. 1
This Opinion is part of the broader EDPS efforts to improve the data protection safeguards for this large-scale IT system operated by the European Commission to facilitate information exchanges between competent authorities in Member States in the area of internal market legislation.
The EDPS supports the establishment of this electronic system for the exchange of information. Nevertheless, establishment of a centralized electronic system also creates certain risks. These include, most importantly, that more data might be shared and more broadly than strictly necessary for the purposes of efficient cooperation, and that data, including potentially outdated and inaccurate data, might remain in the electronic system longer than is necessary. The security of a database accessible in 27 Member States is also a sensitive issue, as the system is only as safe as the weakest link in the network permits it to be.
In the Opinion, the EDPS questions the adequacy of the legal basis chosen for the adoption of the IMI Decision. The EDPS recommends that the Commission replaces the IMI Decision by a legal instrument that fulfils the requirement of legal certainty. As an ultimately most sound solution, the EDPS suggests adopting a separate legal instrument for the IMI-system, at the level of the Council and the European Parliament, similar to the Schengen Information System, Visa Information System and other large-scale IT databases.
Additionally, the Opinion provides for a number of suggestions on the provisions regulating the data protection aspects of IMI. These recommendations relate to transparency and proportionality, joint control and allocation of responsibilities, notice to data subjects, rights of access, objection, and rectification, data retention, security measures and joint supervision.
