5.7.2012   

EN

Official Journal of the European Union

C 197/21

1.

On 8 December 2011, the Commission adopted a Proposal for a Decision of the European Parliament and of the Council on serious cross-border threats to health (‘the Proposal’) and on the same day forwarded it to the EDPS for consultation. On 19 January 2012, the Council sent the Proposal for consultation as well.

2.

Already before the adoption of the Proposal, the EDPS had the opportunity to provide informal comments on a draft text. The EDPS welcomes this consultation at an early stage and is pleased to see that some of his comments have been taken into account.

3.

The Proposal aims at replacing Decision 2119/98/EC of the European Parliament and of the Council of 24 September 1998 setting up a network for the epidemiological surveillance and control of communicable diseases in the Community (1), which is the current legal basis (along with its implementing Commission Decision 2000/57/EC (2)) for the Early Warning and Response System (‘EWRS’). The EWRS is operated by the European Centre for Disease Prevention and Control (‘ECDC’) (3) on behalf of the Commission and is used by the competent authorities in the Member States to exchange information necessary for the epidemiological surveillance and control of communicable diseases at European level. The EWRS has been successfully used in a number of situations such as SARS, avian influenza in humans and other major communicable diseases. It constitutes an important tool to protect public health.

4.

The Proposal aims at increasing cooperation between Member States as regards cross-border health threats. Among others, the Proposal extends the scope of the existing EWRS, which currently only covers communicable diseases, to other kinds of cross-border health threats, including hazards of biological, chemical, environmental or unknown origin which are likely to spread across national borders.

5.

The EWRS itself has been the subject of a prior check Opinion of the EDPS issued on 26 April 2010 (4). In the follow-up to that Opinion, the data protection safeguards for the EWRS have improved considerably. Among others, in the framework of the follow-up procedure, a Commission recommendation on data protection guidelines for the EWRS has also been adopted (5).

6.

This Opinion should be read in the light of the progress already made and contains recommendations to further improve the level of data protection under the Proposal.

7.

The EDPS welcomes the references to Regulation (EC) No 45/2001 and Directive 95/46/EC in recital 18 and Article 18 of the Proposal and that the reference to the applicable data protection legislation in Article 18 now encompasses all personal data processing under the scope of the Proposal. He also welcomes the specific data protection safeguards for contact tracing set forth, or required to be adopted by the Commission, under Article 18.

8.

However, the following elements of the Proposal still require, or would benefit from, clarification, further detail or other improvements from the point of view of data protection:

9.

As a preliminary remark, the EDPS notes that several aspects of the Proposal are not elaborated in the text itself, but will be the subject of delegated and implementing acts, such as the list of communicable diseases to which the Proposal shall apply (6) and the procedures for the information exchange in the EWRS (7). Other aspects will be clarified in guidelines and recommendations to be adopted by the Commission, such as the data protection guidelines for the EWRS (8).

10.

Delegated acts are meant to amend and specify certain non-essential aspects of legal acts (Article 290 TFEU), while implementing acts aim to establish uniform conditions for the implementation of legally binding Union acts (Article 291 TFEU). While details can of course be regulated in delegated and implementing acts, and such additional provisions are certainly of great benefit, the EDPS recommends that the Proposal itself also provide more guidance on some of the points mentioned in point 8, as will be discussed below.

34.

In general, the EDPS recommends that some essential elements, including certain essential data protection safeguards, should be also included in the text of the Proposal itself. In addition, some clarifications are also necessary due to the expansion of the scope of the Proposal to additional health threats beyond communicable diseases, which have not been subject to the prior checking procedure and also not discussed in the guidelines.

35.

More particularly, the EDPS recommends that the Proposal should: