Explanatory Memorandum to COM(2011)522 - Administrative cooperation through the Internal Market Information System(‘the IMI Regulation’) - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2011)522 - Administrative cooperation through the Internal Market Information System(‘the IMI Regulation’). |
|---|---|
| source | COM(2011)522  |
| date | 29-08-2011 |
· Grounds for and objectives of the proposal
Member State public administrations responsible for applying EU law are increasingly required by EU law to cooperate with their counterparts in other Member States. To support them in their tasks, the Internal Market Information System (‘IMI’) was designed and developed by the European Commission as a generic, customisable administrative cooperation platform and has been offered as a free service to Member States since 2008. It provides more than 6 000 registered authorities in the 27 Member States and three EEA countries with a fast and secure communication channel for cross-border information exchange with their counterparts, effectively overcoming barriers due to different languages and administrative structures. IMI is currently used for the exchange of information pursuant to Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications (‘the Professional Qualifications Directive’) and Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market (‘the Services Directive’). In 2010, some 2 000 requests for information were exchanged through IMI.
Cross-border administrative cooperation frequently involves processing and exchanging personal data of EU citizens, as is the case under the Services Directive and the Professional Qualifications Directive. From a legal point of view, IMI operates on the basis of a Commission decision, a ‘comitology’ decision, and a Commission recommendation i. The lack of a single legal instrument adopted by the European Parliament and the Council underlying its operations came to be seen as an obstacle to further expansion of IMI. In practice, IMI guarantees a high level of technical and procedural data protection. Thanks to the many procedural and technical privacy-enhancing features that were built into the system following the privacy-by-design principle, the processing of personal data in IMI offers a considerably higher level of protection and security than other methods of information exchange such as mail, telephone, fax or e-mail. In addition, data protection considerations are addressed in the day-to-day use of the system and are included in the training material for IMI users.
According to the Commission Communication ‘Towards a Single Market Act’, extending IMI to other sectors ‘with a view to creating a genuine face-to-face electronic network for European administrations’ is one of the keys to promoting better governance of the single market. The Commission Communication ‘Better governance of the Single Market through greater administrative cooperation: A strategy for expanding and developing the Internal Market Information System (“IMI”)’ (‘the IMI Strategy Communication’) adopted on 21 February 2011 set out plans for future expansion of IMI to other areas of EU law. The Commission Communication ‘A Single Market Act’ stressed the importance of IMI for strengthening cooperation among the actors involved, including at local level, thus contributing to better governance of the single market.
The objectives of the present proposal are to:
Establish a sound legal framework for IMI and a set of common rules to ensure that it functions efficiently;
Provide a comprehensive data protection framework by setting out the rules for the processing of personal data in IMI;
Facilitate possible future expansion of IMI to new areas of EU law; and
Clarify the roles of the different actors involved in IMI.
· General context
In its Decisions C/2006/3606 of 14 August 2006, C/2007/3514 of 25 July 2007 and C/2008/1881 of 14 May 2008, the Commission decided to finance and set up the Internal Market Information System as a project of common interest under the programme on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC). Further financing was provided by Commission Decision C/2007/3514 of 25 July 2007 on the fourth revision of the IDABC Work Programme.
Commission Decision 2008/49/EC laid down the functions, rights and obligations of IMI actors and users, taking the opinion of the Article 29 Working Party i into account. Following the adoption of the Decision, the European Data Protection Supervisor (EDPS) issued an opinion[8] in which it called for the adoption of a legal instrument by the European Parliament and the Council in view of the envisaged expansion of IMI to additional areas of internal market legislation.
Pending the adoption of such a legal instrument, it was agreed to follow a step-by-step approach, starting with the adoption of guidelines for the implementation of data protection rules in IMI drawn up in close consultation with the EDPS[9]. The Commission considered that this step-by-step approach proved effective in ensuring a high level of technical and procedural data protection in IMI[10].
· Existing provisions in the area of the proposal
The processing of personal data in IMI is addressed by the Commission Decisions and Recommendation listed in footnote 3.
Contents
- RESULTS OF CONSULTATIONS WITH THE INTERESTED PARTIES AND IMPACT ASSESSMENTS
- LEGAL ELEMENTS OF THE PROPOSAL
- BUDGETARY IMPLICATION
- Article 114 TFEU
- Proposed instrument: regulation
- 5. OPTIONAL ELEMENTS
- Choice of the legal basis
- Chapter I (General provisions)
- Chapter II (Functions and responsibilities in relation to IMI)
- Chapter III (Data processing and security)
- Chapter IV (Rights of data subjects and supervision)
- Chapter V (Geographic scope of IMI)
- Chapter VI (Final provisions)
· Consultation of interested parties
Over the past year the Commission informed IMI stakeholders, including national IMI coordinators and authorities using the system, through various fora, about its plans for future IMI expansions. The reactions received showed general support for the Commission’s intention to propose a horizontal legal instrument that would remove any doubts as to the binding nature of the rules for the processing of personal data in the system.
The EDPS was consulted informally at the early stages of the preparation of the proposal, as well as formally during the inter-service consultation, and provided a vital contribution.
· Impact assessment
As already mentioned, the present proposal consolidates the current rules governing IMI within a single horizontal legally binding instrument. Consequently, no alternative policy options need to be considered at this stage. Moreover, the present proposal does not anticipate or preclude any future decisions on possible extension of IMI to new areas of Union law, but will merely facilitate such possible expansion by providing a robust legal framework for the functioning of IMI and a flexible procedure for future expansion decisions, which will be based on the criteria set out in the IMI Strategy Communication mentioned above. For these reasons, the proposal has not been subject to an impact assessment analysis. Any subsequent decisions concerning the expansion of the use of IMI beyond the areas of Union law for which it is currently used will require proportionate impact assessments.
· Summary of the proposed action
The present proposal aims at improving the conditions for the functioning of the internal market by providing an effective and user-friendly tool facilitating the practical implementation of provisions of Union law mandating administrative cooperation and information exchange.
The proposed Regulation also lays down the main principles of data protection through IMI, including the rights of data subjects, in a single legal instrument, thus increasing transparency and enhancing legal certainty. The list of areas of Union acts currently supported by IMI is set out in Annex I. Areas of possible future expansion are listed in Annex II. The procedural and budgetary aspects aimed at facilitating future expansion of IMI are in line with the IMI Strategy Communication mentioned above.
· Legal basis:
· Subsidiarity and proportionality principles
Given the nature of IMI as a centralised communication tool developed and hosted by the Commission, it is necessary to establish a common set of rules applicable to the system and to implement them in a centralised manner. The objectives of IMI, namely the removal of obstacles to cross-border cooperation, such as language barriers, different administrative and working cultures and the lack of established procedures for information exchange, cannot be achieved by the Member States and require action at European Union level. This proposal does not go beyond what is necessary to achieve those objectives.
· Choice of instruments
In view of the above objectives, it is essential to establish a set of common rules for the functioning of IMI. This could not be achieved in a directive which, by its very nature, is only binding as to the result to be achieved, but leaves to the national authorities the choice of form and methods. Yet, in the case of the present proposal, it is necessary to precisely define the form and methods of administrative cooperation through IMI. In terms of useful precedents, it may be pointed out that regulations have also been used for other large IT systems at EU level to address data protection and other issues[11]. In turn, to propose an act to be adopted by the Commission and not by the European Parliament and the Council, such as a Commission decision, would simply emulate the status quo and would not address the concerns about legal certainty towards the citizen expressed in the past by the EDPS.
As the use of IMI is mandatory for Member States under the Services Directive and the recently adopted Directive on the application of patients’ rights in cross-border healthcare[12], it is necessary to ensure that IMI can continue to operate on a permanent basis. For this reason, as well as to allow more efficient management and better control of the budget, it is proposed that the expenditure related to IMI be re-grouped by bringing all costs under the same budget line managed by DG MARKT (12.02.01 Implementation and development of the Internal Market), as explained in the accompanying legislative financial statement.
The present proposal does not have a budgetary impact over and above what is already foreseen in the years to come in the official programming of the Commission and it is without prejudice to the decisions on the post-2013 multi-annual financial framework.
· European Economic Area
The proposed act concerns an EEA matter and should therefore be extended to the European Economic Area.
· Detailed explanation of the proposal
The main objective of the proposal is to improve the conditions for the functioning of the internal market by providing an effective and user-friendly tool which facilitates the practical implementation of those provisions of Union acts which require Member States to cooperate with one another and with the Commission and to exchange information (including, in many instances, personal data). In order to ensure the efficient functioning of IMI, it is necessary to lay down certain common rules related to its governance and use. This includes the obligation to appoint one national IMI coordinator per Member State (Article 7), the obligation on competent authorities to provide an adequate response in a timely manner (Article 8(1)) and the provision that information exchanged via IMI may be used for providing evidence in the same way as similar information obtained within the same Member State (Article 8(2)).
At the same time, a high level of data protection should be ensured in the implementation of IMI.
A number of provisions of Union acts require Member States to cooperate with one another and with the Commission by exchanging information. As an example, the Professional Qualifications Directive mandates administrative cooperation and the exchange of certain information, including personal data, among Member States’ administrations. Since 2008, Member States have agreed to use IMI for such cooperation and exchanges for a range of professions that has been expanded gradually with a view to covering all regulated professions. The Services Directive assigns mutual assistance obligations to Member States, including the obligation to supply information by electronic means (Article 28(6)). Commission Decision 2009/739/EC of 2 October 2009 sets out the practical arrangements for the exchange of information between Member States under the Services Directive.
Since 16 May 2011, authorities across the EU that deal with posted workers are able to exchange information through IMI on a pilot basis[13]. Moreover, the recently adopted Directive on the application of patients’ rights in cross-border healthcare makes the use of IMI obligatory for exchanging information on the right to practise of health professionals[14]. The accompanying document to the ‘IMI Strategy Communication’ lists further areas that could benefit from IMI. Furthermore, synergies between IMI and other IT tools used by the Commission, including in the area of problem solving, should be explored.
The provisions of Articles 1, 2 and 3 aim to establish the purpose and scope of IMI.
The proposed mechanism for expanding IMI to new Union acts (Article 4) aims at providing the necessary flexibility for the future while ensuring a high level of legal certainty and transparency, in particular for data subjects. To that end, Union acts currently supported by IMI are set out in Annex I. In addition, Annex II lists areas of possible future expansion of IMI. Following an assessment of technical feasibility, cost-efficiency, user-friendliness and overall impact on the system, as well as the results of a possible test phase, as appropriate, the Commission will be empowered to update the list of areas in Annex I accordingly, adopting a delegated act.
The provisions of this chapter are crucial for the efficient functioning of the system (e.g. the respective roles of the national IMI coordinator, Article 7, and competent authorities, Article 8). In particular, competent authorities should not be allowed to question the evidentiary value of a document received from another Member State solely because it was received by means of IMI and should treat it in the same way as similar documents originating in their Member State. The provisions also reflect the flexibility offered by IMI to the Member States in allocating the different roles within the system in line with their national administrative structure.
Article 9 clarifies the role of the Commission. For the types of administrative cooperation currently covered by IMI, this remains limited to ensuring the security, availability, maintenance and development of the software and IT infrastructure for IMI. However, the Commission could also take an active part in IMI workflows, for instance for notification procedures, on the basis of legal provisions or other arrangements underlying the use of IMI in a given area of the internal market.
Article 10 on access rights is central to ensuring effective protection for the personal data processed in the system. It specifies in particular that access to personal data processed in IMI must be limited to the IMI users taking part in the procedure in question.
Processing of personal data by means of IMI will continue to be based on pre-defined workflows, question sets and other procedures (Article 12). This constitutes an additional guarantee of transparency for data subjects.
Personal data processed by means of IMI should not remain accessible for longer than necessary. It is therefore important to establish maximum retention periods, following which the data should be blocked, i.e. rendered inaccessible to IMI users via the normal interface and then automatically deleted from the system five years after the closure of an administrative cooperation procedure (Article 13). The option of blocking data after 18 months (rather than immediate deletion) is preferable to ensure that data subjects are able to effectively exercise their rights, for example by obtaining evidence that an exchange of information through IMI took place in order to appeal against a decision based on such an exchange. This approach is also in line with the Court of Justice ruling in Case C-553/07 Rijkeboer.
The processing of personal data of IMI users (e.g. employees of national administrations using IMI) should be possible for purposes related to the functioning of IMI, such as ensuring the proper functioning of the system by IMI coordinators and the Commission or gathering information related to administrative cooperation in the internal market via surveys (Article 14).
Article 15 reflects the fact that already today, under the Professional Qualifications and Services Directives, IMI is used to exchange data of a sensitive nature, including e.g. information about disciplinary or criminal sanctions.
It is important to clarify that — since IMI is developed, maintained and hosted centrally by the Commission — the applicable data security rules are those set out in Regulation (EC) No 45/2001 (Article 16).
Given the diversity of competent authorities using IMI (more than 6 000 as of March 2011), as well as the variety of situations and contexts in which IMI may be used in the future, it is not possible to lay down a one-size-fits-all solution for the exercise of data subjects’ rights in the proposed Regulation. The obligations of competent authorities are, in principle, covered by national data protection legislation, while Articles 15 and 16 cover issues specific to IMI (e.g. blocked data), as well as the obligations of the Commission. It is also important to ensure transparency for data subjects whenever the exercise of their rights in the context of IMI is limited by national legislation (Article 19).
Provisions for coordinated supervision follow the model established in the VIS and SIS II Regulations[15] (Article 20).
The legal instrument for IMI should provide sufficient flexibility to accommodate future developments with respect to the use of the system, including possibly involving third countries in the information exchanges in certain areas (Article 22), or the use of the system in a purely domestic context (Article 21), for which some Member States have already expressed an interest. In all such cases, the guarantees for personal data protection should continue to apply.
To allow for the extension of IMI to further Union acts, the Commission will be empowered to update the list of provisions already covered by IMI, as listed in Annex I, with additional provisions included in Annex II.
The Commission undertakes to produce regular reports on the functioning of IMI, inter alia based on statistical information retrieved from the system and provided by Member States on request, as appropriate (Article 26).