30.11.2010   

EN

Official Journal of the European Union

C 323/9

1.

On 12 July 2010, the Commission adopted a proposal for a Directive of the European Parliament and of the Council on Deposit Guarantee Schemes (recast) (3).

2.

The proposal was sent to the EDPS in accordance with Article 28(2) of Regulation (EC) No 45/2001 on the same day as it was adopted. The EDPS was informally consulted prior to the adoption of the proposal. The EDPS welcomed this informal consultation and is pleased to see that all his remarks have been taken into account in the final proposal.

3.

In this Opinion, the EDPS will briefly explain and analyse the data protection aspects of the proposal.

4.

Deposit Guarantee Schemes (DGSs) reimburse deposits to depositors up to a certain amount in case a credit institution has to be closed. Directive 94/19/EC, which obliges Member States to establish one or more DGSs within their territory, was adopted on 30 May 1994 by the European Parliament and the Council. Shortly after the outbreak of the financial crisis in 2008, the Council encouraged the Commission to bring forward an appropriate proposal to promote convergence of DGSs which should contribute to restoring confidence in the financial sector. On 11 March 2009, as an emergency measure, Directive 94/19/EC was amended by Directive 2009/14/EC. The most visible amendment was the increase of the coverage level from EUR 20 000 to EUR 100 000 for depositors in case a bank has to be closed. The Commission indicates on page 5 of the Explanatory Memorandum to the current proposal that, since Directive 2009/14/EC has not been completely implemented yet, it considers it necessary to consolidate and amend Directives 94/19/EC and 2009/14/EC by means of a recast.

5.

The proposal aims at simplifying and harmonising the relevant national rules, in particular as to the scope of coverage and the arrangement of payout. Provisions are amended in order to further reduce the time limit for paying out depositors and guarantee better access for DGSs to information about their members (the credit institutions, such as banks). There are furthermore several adjustments which envisage ensuring sound and credible DGSs that are sufficiently financed (4).

6.

The improved procedure for the repayment of depositors entails an increased processing of personal data of depositors within a Member State, but also between Member States. In Article 3(7) it is stated ‘that Member States shall ensure that DGS, at any time and at their request, receive from their members all information necessary to prepare a repayment of depositors’. Such information can, as follows from Article 12(4) of the proposal, also be exchanged between the DGSs in different Member States.

7.

In case the depositor is a natural person, information about the depositor constitutes personal data in the sense of Article 2(a) of Directive 95/46/EC. The transfer of such information between credit institutions and a DGS, or between DGSs, constitutes the processing of personal data in the sense of Article 2(b) of Directive 95/46/EC. The provisions of Directive 95/46/EC, as implemented in the relevant national legislation, are therefore applicable to these processing operations. The EDPS is pleased to see that this is confirmed and emphasised in recital 29 of the proposal.

8.

Furthermore the EDPS is pleased to see that certain data protection elements have been addressed in the proposal in substantive terms. Article 3(7) provides that the information obtained for the preparation of repayments may only be used for that purpose and shall not be kept longer than is necessary for that purpose. This further specifies the principle of purpose limitation, as laid down in Article 6(1)(b) of Directive 95/46/EC and the obligation to keep data no longer than is necessary for the purpose for which it was collected or is further processed, as can be found in Article 6(1)(e) of Directive 95/46/EC.

9.

It is explicitly pointed out in Article 3(7) that the information obtained for the preparation of repayments also includes markings under Article 4(2). On the basis of the latter Article, credit institutions are obliged to mark deposits if the deposit is for some reason not eligible for repayment, for instance because the deposits arise out of transactions which are connected with a criminal conviction for money laundering as defined in Article 1(c) of Council Directive 91/308/EEC (see Article 4(1) of the proposal). Since the purpose of the information exchange precisely is the repayment of the deposit, the communication of such a marking can be considered to be a necessary measure. The EDPS therefore takes the view that the transfer of such a marking, when considered personal data, is in conformity with the data protection rules as long as the marking itself does not reveal more information than necessary. A simple mark stating that the deposit is not eligible would serve the purpose. Therefore the obligation contained in Article 4(2) of the proposal should be applied in that way, in order to comply with the rules stemming from Directive 95/46/EC.

10.

Article 3(7) of the proposal also deals with the collection of information by DGSs which is necessary to perform regular stress tests of their systems. This information is submitted to the DGSs by the credit institutions on an ongoing basis. In the informal consultation the EDPS expressed concerns as to whether this information would also include personal data. The EDPS expressed doubts as to whether it was actually necessary to process personal data for performing stress tests. The Commission has adjusted the proposal on this point and added that such information shall be rendered anonymous. In terms of data protection this means that the information cannot, after taking into account all means likely to be used, be linked to an identified natural person (5). The EDPS is satisfied with this assurance.

11.

Also with regard to the information received for the performance of stress tests it is stated in Article 3(7) that such information may only be used for that purpose and that it shall be kept no longer than is necessary for that purpose. The EDPS would like to point out that if information is made anonymous, it no longer falls within the definition of personal data to which the rules contained in Directive 95/46/EC apply. There may be good reasons to provide for limited use of this information. However, the EDPS would like to make clear that data protection rules do not require this.

12.

In order to facilitate an effective cooperation between DGSs, also with regard to the exchange of the information referred to in Article 3(7), Article 12(5) of the proposal states that the DGSs or, where appropriate, the competent authorities, shall have written cooperation agreements in place. It is in such agreements that the application of the data protection rules should be worked out in greater detail. The EDPS is therefore pleased to see that an extra sentence is added to Article 12(5) emphasising that ‘such agreements shall take into account the requirements set out in Directive 95/46/EC’.

13.

The EDPS is satisfied with the way in which the data protection aspects are addressed in the proposed Directive, and would only like to refer to the comments made in points 9 and 11 of this opinion.