7.2.2007   

EN

Official Journal of the European Union

C 27/21

I.

The concept of maladministration includes failure to comply with Community law on data protection.

II.

The EDPS has special expertise in the field of data protection and is the specialised authority with regard to the supervision of compliance by Community institutions and bodies with Community law on data protection.

III.

Where complaints could be dealt with by either the EO or the EDPS, complainants may choose the authority to which to address their complaint and should receive adequate information on which to base their choice.

IV.

Unnecessary duplication of procedures should be avoided, as far as possible.

V.

Diverging approaches to legal and administrative aspects of data protection should be avoided, as far as possible.

VI.

The exchange of information between the EO and EDPS is subject to respect for the requirements of confidentiality applicable to their activities.

—

The EO intends to inform complainants, when appropriate, of the special expertise of the EDPS as mentioned under II above and of the conditions under which complaints concerning the processing of personal data by Community Institutions and bodies may be lodged with the EDPS.

—

In particular, the above information will be given where a complaint into which the EO could open an inquiry relates exclusively or predominantly to data protection, so as to enable the complainant to decide whether he wishes to turn instead to the EDPS before the EO opens an inquiry.

—

In those cases, the EO intends to advise the complainant on the possibility to file his complaint with the EDPS. The EO would also facilitate the transfer of such a complaint to the EDPS, if requested to do so by the complainant before the opening of an inquiry.

—

The EDPS intends to inform complainants, when appropriate, that complaints concerning maladministration in the activities of Community Institutions and bodies may be lodged with the EO.

—

Where he considers it appropriate to do so, the EDPS would also seek to facilitate the transfer of a complaint to the EO, if requested to do so by the complainant.

—

Both authorities envisage informing complainants, when appropriate, that information in the case file could be sent to the other authority.

—

Neither authority envisages opening an inquiry if the other authority is dealing, or has dealt, with what is essentially the same complaint, unless the complainant presents significant new evidence in a case where the other authority has already concluded its inquiry. Both authorities intend to inform each other when they decline to open an inquiry for this reason and declare their willingness to provide information to facilitate each other's decision-making in this regard.

—

The EO intends to inform the EDPS whenever he opens an inquiry that involves an issue of data protection. In case the EDPS is already investigating the matter, both authorities declare their intention to discuss how best to avoid unnecessary duplication of procedures and diverging interpretations.

—

If the EO and the EDPS become aware of the fact that they are both dealing with complaints arising from the same factual circumstances, they will endeavour to keep each other informed.

—

In cases where the text of Regulation No 45/2001 (1) and the existing case law of the Court of Justice leave room for divergent views as to the correct interpretation and application of data protection rules, the EO envisages consulting the EDPS, unless the latter's views on the question are already known. The EDPS expresses his intention to answer within the required time-limits. When deciding upon a case, the EO envisages taking the reply of the EDPS into account.

—

The EO declares his intention to inform the EDPS of the findings of his inquiries, insofar as they involve significant issues of data protection.

—

The EDPS declares his intention to inform the EO of the findings of his inquiries, insofar as he considers that they could be relevant to the EO.

—

The EO and EDPS note the following as regards possible data protection aspects of complaints concerning access to documents and information:

—

Regulation No 45/2001 provides for each data subject to have certain rights of access to data related to him or herself (2). The EDPS is competent to deal with complaints from data subjects about failure to comply with that duty.

—

Cases concerning the refusal of access to information about another person, or cases concerning the complainant's access to information or documents relating to him or herself that are not based on Regulation No 45/2001 (for example, cases following refusal of an application under Regulation No 1049/2001 (3)) fall within the competence of the EO. In the latter cases, the EO intends to inform the complainant about the rights under Regulation No 45/2001, in so far as this is likely to be useful.

—

The EO and EDPS declare that parts A, B and C above also apply to complaints concerning access to documents and information.

—

Both authorities declare their intention to meet regularly, at least once a year, in order to exchange views on the practical implementation of the working arrangements set out in the present Memorandum and to discuss possible improvements.