EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52013XX0406(02)

Executive summary of the Opinion of the European Data Protection Supervisor on proposals for a directive on insurance mediation, a directive amending certain provisions of Directive 2009/65/EC on the coordination of laws, regulations and administrative sanctions relating to undertakings for collective investment in transferable securities and a regulation on key information documents for investment products

OJ C 100, 6.4.2013, p. 12–13 (BG, ES, CS, DA, DE, ET, EL, EN, FR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

6.4.2013   

EN

Official Journal of the European Union

C 100/12


Executive summary of the Opinion of the European Data Protection Supervisor on proposals for a directive on insurance mediation, a directive amending certain provisions of Directive 2009/65/EC on the coordination of laws, regulations and administrative sanctions relating to undertakings for collective investment in transferable securities and a regulation on key information documents for investment products

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2013/C 100/05

1.   Introduction

1.1.   Consultation of the EDPS

1.

On 3 July 2012, the Commission adopted a proposal for a directive on insurance mediation (hereafter ‘the IM directive’), a proposal for a directive amending certain provisions of Directive 2009/65/EC on the coordination of laws, regulations and administrative sanctions relating to undertakings for collective investment in transferable securities (hereafter ‘the UCITS directive’) and a proposal for a regulation on key information documents for investment products (hereafter ‘the KID regulation’). These proposals were sent to the EDPS for consultation on 5 July 2012.

2.

The EDPS welcomes the fact that he is consulted by the Commission and recommends that a reference to this Opinion is included in the preambles of the proposed legal instruments.

3.

Comparable provisions to the ones referred to in this Opinion are present in several pending and future proposals, such as those discussed in the EDPS Opinions on the legislative package on the revision of the banking legislation, credit rating agencies, markets in financial instruments (MIFID/MIFIR) and market abuse (1). Therefore, this Opinion should be read in close conjunction with the EDPS Opinions of 10 February 2012 on the abovementioned initiatives.

4.

The two proposed directives and the proposed regulation will affect the rights of individuals relating to the processing of their personal data in different ways as they deal with the investigatory powers of competent authorities including access to existing telephone records and traffic data, databases, publication of administrative sanctions including the identity of those responsible and the reporting of breaches (so-called ‘whistle blowing schemes’).

5.

As the issues discussed in this Opinion have been discussed in past EDPS Opinions in the financial area, the EDPS intends to publish guidelines on these and other issues concerned in order to give guidance on how do deal with data protection issues in future Commission proposals in this area.

1.2.   Objectives and scope of the proposals

6.

The Commission states that strong, well-regulated retail markets that place the best interests of consumers at their heart are necessary for consumer confidence and economic growth in the medium and longer term. Specifically, according to the Commission, the abovementioned legislative proposals introduce new, consumer-friendly standards for information about investments, raise standards for advice, and tighten certain rules on investment funds to ensure their safety.

3.   Conclusions

34.

The EDPS recommends:

that references to this Opinion are included in the preambles of all proposals,

inserting provisions in all proposals emphasising the full applicability of existing data protection legislation. The EDPS also suggests that the reference to Directive 95/46/EC be clarified by specifying that the provisions will apply in accordance with the national rules which implement Directive 95/46/EC,

in the case of the proposed IM directive, limiting competent authorities' access to documents and information to specifically identified and serious violations of the proposed directives and in cases where a reasonable suspicion (which should be supported by concrete initial evidence) exists that a breach has been committed,

in the case of the proposed IM directive, introducing a requirement for competent authorities to request documents and information by formal decision by a judicial authority, specifying the legal basis and the purpose of the request and what information is required, the time limit within which the information is to be provided as well as the right of the addressee to have the decision reviewed by a court of law,

in the case of the proposed UCITS directive, introducing the requirement for competent authorities to request telephone records and traffic data by formal decision of the competent authority specifying the legal basis and the purpose of the request and what information is required, the time limit within which the information is to be provided as well as the right of the addressee to have the decision reviewed by a court,

in the case of the proposed IM directive, clarifying the modalities of the EIOPA database by introducing more detailed provisions in the proposed regulations. Such provisions must comply with the requirements of Regulation (EC) No 45/2001. In particular, the provision establishing the database must: (i) identify the purpose of the processing operations and establish which are the compatible uses; (ii) identify which entities (EIOPA, competent authorities, Commission) will have access to which data stored in the database and will have the possibility to modify the data; (iii) ensure the right of access and appropriate information for all the data subjects whose personal data may be stored and exchanged; (iv) define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose,

assessing the necessity of the proposed system for the mandatory publication of sanctions in all proposals and verify whether the publication obligation does not go beyond what is necessary to achieve the public interest objective pursued and whether there are not less restrictive measures to attain the same objective. Subject to the outcome of this proportionality test, the publication obligation should in any event be supported by adequate safeguards to ensure respect of the presumption of innocence, the right of the persons concerned to object, the security/accuracy of the data and their deletion after an adequate period of time,

with regard to the reporting of breaches in all proposals: (i) inserting provisions in the proposed directives saying that: ‘the identity of these persons should be guaranteed at all stages of the procedure, unless its disclosure is required by national law in the context of further investigation or subsequent judicial proceedings’; (ii) adding a paragraph requiring Member States to put in place ‘appropriate procedures to ensure the right of the accused person of defence and to be heard before the adoption of a decision concerning him and the right to seek effective judicial remedy against any decision or measure concerning him’; (iii) removing ‘the principles laid down’ from the provisions.

Done at Brussels, 23 November 2012.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor


(1)  EDPS Opinions of 10 February 2012, available at: http://www.edps.europa.eu/EDPSWEB/edps/Consultation/Opinions


Top