ISSN 1725-2423
doi:10.3000/17252423.C_2009.192.eng
Official Journal
of the European Union
C 192
English edition
Information and Notices
Volume 52
15 August 2009
|
ISSN 1725-2423 doi:10.3000/17252423.C_2009.192.eng |
||
|
Official Journal of the European Union |
C 192 |
|
|
|
||
|
English edition |
Information and Notices |
Volume 52 |
|
Notice No |
Contents |
page |
|
|
I Resolutions, recommendations and opinions |
|
|
|
OPINIONS |
|
|
|
European Data Protection Supervisor |
|
|
2009/C 192/01 |
||
|
2009/C 192/02 |
||
|
|
IV Notices |
|
|
|
NOTICES FROM EUROPEAN UNION INSTITUTIONS AND BODIES |
|
|
|
Commission |
|
|
2009/C 192/03 |
||
|
|
NOTICES FROM MEMBER STATES |
|
|
2009/C 192/04 |
||
|
2009/C 192/05 |
||
|
|
V Announcements |
|
|
|
PROCEDURES RELATING TO THE IMPLEMENTATION OF THE COMPETITION POLICY |
|
|
|
Commission |
|
|
2009/C 192/06 |
Prior notification of a concentration (Case COMP/M.5603 — ENI/TEC) — Candidate case for simplified procedure ( 1 ) |
|
|
2009/C 192/07 |
Prior notification of a concentration (Case COMP/M.5609 — ISP/RDM/Manucor) — Candidate case for simplified procedure ( 1 ) |
|
|
|
OTHER ACTS |
|
|
|
Commission |
|
|
2009/C 192/08 |
||
|
|
|
|
|
(1) Text with EEA relevance |
|
EN |
|
I Resolutions, recommendations and opinions
OPINIONS
European Data Protection Supervisor
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/1 |
Opinion of the European Data Protection Supervisor on the Recommendation for a Council Regulation amending Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank
2009/C 192/01
THE EUROPEAN DATA PROTECTION SUPERVISOR,
Having regard to the Treaty establishing the European Community, and in particular its Article 286,
Having regard to the Charter of Fundamental Rights of the European Union, and in particular its Article 8,
Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,
Having regard to Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, and in particular its Article 41,
HAS ADOPTED THE FOLLOWING OPINION:
I. INTRODUCTION
Recommendation to amend the Regulation concerning the collection of statistical information by the European Central Bank
|
1. |
On 23 November 1998, the Council of the European Union adopted Regulation (EC) No 2533/98 concerning the collection of statistical information by the European Central Bank (hereinafter ‘Regulation (EC) No 2533/98’) (1). In order to maintain this Regulation as an effective instrument to carry out the statistical information collection tasks of the European System of Central Banks (hereinafter the ‘ESCB’) a number of amendments are being considered. On 15 September 2008, the Governing Council of the European Central Bank (hereinafter the ‘ECB’) unanimously adopted a Recommendation (2) (hereinafter the ‘Recommendation’) for a Council Regulation amending Regulation (EC) No 2533/98 (3). |
|
2. |
On 4 February 2009, the Council decided to consult the European Data Protection Supervisor (hereinafter the ‘EDPS’) and invited him to submit his opinion (4). It must be underlined that such consultation at the Coreper's stage, although unusual, is covered by Articles 41 and 46(d) of Regulation (EC) No 45/2001. |
|
3. |
The main articles of Regulation (EC) No 2533/98 which are submitted for amendments are Articles 1, 2, 3 (partly) and 8. Although Article 8 specifically deals with the confidentiality regime, the EDPS considers that the other articles may also have an impact on the protection of personal data and are therefore part of the current analysis. |
|
4. |
Last, the general context in which this Recommendation is analysed must also take into account the proposal for a Regulation of the European Parliament and of the Council on European Statistics (5), a proposal for which the EDPS also provided his opinion (6). Both texts are interlinked. This connection between the two regulations implies, as was underlined in the latter opinion, that close cooperation and appropriate coordination should be ensured between the European Statistical System and the ESCB, while preserving the respective governance structures. The EDPS also explained his interpretation of the notions of confidentiality and anonymity in the context of statistics. This analysis remains valid. |
II. ANALYSIS OF THE PROPOSAL
Statistical Information
|
5. |
The EDPS welcomes that the proposed amendments contain a specific reference to the data protection legal framework. Indeed, where Regulation (EC) No 2533/98 presently only refers to Directive 95/46/EC, it is now proposed that Article 8(8) also refers to Regulation (EC) No 45/2001, the latter covering more specifically the activities of the ECB as a European institution. |
|
6. |
Moreover, this provision confirms recital 34 of Regulation (EC) No 45/2001 which states that: ‘Under Article 8(8) of Council Regulation (EC) No 2533/98 of 23 November 1998 concerning the collection of statistical information by the European Central Bank, that Regulation is to apply without prejudice to Directive 95/46/EC’. In this context, it is also without prejudice to Regulation (EC) No 45/2001. |
|
7. |
As explained in the preamble of the Recommendation, its main objective is to review the scope of Regulation (EC) No 2533/98 in order to maintain it as an effective instrument for the ECB to carry out the statistical information collection tasks of the ESCB. It should also guarantee the continued availability to the ECB of statistical information of the necessary quality (and) covering the entire range of tasks of the ESCB. |
|
8. |
Although the expression ‘statistical information’ is used extensively both in Regulation (EC) No 2533/98 and in the Recommendation adopted by the ECB, the EDPS notes that the expression ‘statistical information’ is not defined in any of these texts, except by some reference to the definition of reporting requirements (Article 1(1) of Regulation (EC) No 2533/98). The EDPS considers that the scope of this expression should be clarified in the context of Regulation (EC) No 2533/98, especially as statistical information may cover data coming not only from legal, but also from natural persons (also described as reference reporting population). Therefore personal data in the sense of Regulation (EC) No 45/2001 may be collected and although these data would be processed in a statistical form, they could still be data on identifiable individuals (i.e. indirectly, through code or because a very small proportion of people with specific characteristics is mentioned). Moreover, it is equally important to define this expression as the Recommendation deals with the possibility to grant to scientific research bodies access to confidential statistical information which ‘does not allow direct identification’ (Article 8(4)) or expressed in a positive way: which still allows indirect identification. |
|
9. |
According to the EDPS, the expression could be understood in a similar fashion as in the proposal for a Regulation on European Statistics (where it is defined as: ‘all different forms of statistics including basic data, indicators, accounts and metadata’). Nonetheless, in the case of the ECB, the notion of statistical information should be limited to statistics on natural and legal persons which are processed within the sphere of competence of the ECB. The EDPS suggests that further clarification about this expression be given in the recitals. |
Purpose
|
10. |
According to the Explanatory Memorandum of the Recommendation, the existing architecture of the collection of statistical information is based on a one-to-one link between the reference reporting population (the natural and legal persons subject to reporting requirements) and specific types of statistics (as described in Article 2(2) of Regulation (EC) No 2533/98). In the view of the ECB, this architecture has become ineffective because data are increasingly collected only once and serve multiple statistical purposes, in order to minimise the reporting burden. Therefore the ECB proposes to extend the scope of the purposes by providing an indicative list of all statistical purposes for which statistical information may be collected from the reference reporting population. |
|
11. |
The EDPS takes note of the reasons why the widening of scope is requested, but underlines that one of the principles contained in Regulation (EC) No 45/2001 relates to the purpose limitation. This principle states that personal data must be processed for specific, explicit and legitimate purposes and must not be further processed in a way incompatible with those purposes. This principle contained in Article 4(1)(b) is further clarified as it is stated ‘that further processing of personal data for historical, statistical or scientific purposes shall not be considered incompatible provided that the controller provides appropriate safeguards, in particular to ensure that the data are not processed for any other purposes or used in support of measures or decisions regarding any particular individual’. |
|
12. |
The EDPS acknowledges, in view of the facts described in the Explanatory Memorandum of the Recommendation that the existing practice has not been compliant with Regulation (EC) No 45/2001 as data have been further processed for purposes not established in Regulation (EC) No 2533/98. By creating an ‘indicative’ list of purposes going beyond the framework of Regulation (EC) No 2533/98, the purpose limitation principle of Regulation (EC) No 45/2001 would still not be fully met. |
|
13. |
However, it was stressed in comments received from the ECB on this point that Regulation (EC) No 2533/98 remains an ‘umbrella Regulation’ which establishes the reference reporting population (the scope of entities from which the ECB may potentially collect data for performing its tasks). To be able to impose actual reporting obligations to the reporting agents, the ECB has to issue a specific ECB legal act that defines both the actual reporting population and the specific reporting requirements. |
|
14. |
The EDPS considers that any modification introduced in the Regulation on this aspect should clarify the extent to which data will be processed in the future or at least more precisely specify the expected purposes within the remit of the ECB's competences. Therefore, the EDPS does not oppose the widening of the purposes for which statistical information is collected, but suggests deleting any reference to the establishment of an indicative list of purposes. Moreover, the text could confirm that any ECB legal act that defines the actual reporting population and the specific reporting requirements will not go beyond the limitation of purposes within the specific competences of the ECB. |
|
15. |
Furthermore, as a matter of clarification, the EDPS can not agree with the explanation given by the ECB in the Explanatory Memorandum of the Recommendation, according to which ‘information becomes statistical information if it is used for the compilation of statistics, irrespective of the purpose for which it was originally collected’. The purpose limitation principle does not allow such an interpretation. Indeed, personal data shall be collected in the first place for one or more specific purposes and may be further used for (other) statistical purposes subject to appropriate safeguards (see Article 4(1)(b) of Regulation (EC) No 45/2001 referred to in point 11). |
|
16. |
Last, the EDPS notes that the purpose limitation is already underlined in the proposed Article 8(4)(a) which states that ‘(…) the ESCB shall use confidential statistical information transmitted to it exclusively for the exercise of the tasks of the ESCB except in any of the following circumstances: (a) if the reporting agent or the other legal person, natural person, entity or branch which can be identified, has explicitly given its consent to the use of the said statistical information for other purposes’. By requesting the explicit consent to extend the initial purpose, the ECB acknowledges that purposes should be limited as a principle. |
Payment statistics
|
17. |
Moreover, in the proposed indicative list of purposes for which statistics may be collected from the reference reporting population, the EDPS has noted that the recommendation (Article 2(1)) adds the notion of ‘payment statistics’ to the already existing purpose of ‘payment system statistics’. This means that the statistics to be collected will cover data on individual payments as part of payment systems statistics (i.e. infrastructure of payments). This addition of payment statistics makes it all relevant to ensure that the rules on data protection are respected. |
|
18. |
Although the EDPS understands that Article 105(2) of the EC Treaty gives the ESCB a mandate to promote the smooth operation of payment systems and that, in this context, comprehensive information on both the payments infrastructures and the payments carried out via these infrastructures may be necessary for ECB policy-making, this mandate should be limited to what is necessary in order to achieve the ECB's policy making and should not allow the collection of financial information relating to natural persons who are identifiable (either directly or indirectly). Even if the EDPS can understand that it is important to collect information on the payments themselves — for example data on credit card payments for conjectural analysis or for balance of payment purposes, he wants to underline that whether data on credit cards are collected directly from the natural person or from the card companies and/or payment system runners on an aggregated basis, they still may contain personal information about natural persons. |
|
19. |
However, if in specific cases, there might be some reasons to process such payment statistics, the ECB stated that they will comply with the applicable data protection legal framework. This covers the need to ascertain the necessity of the processing and to ensure that security measures are taken. |
Reporting population
|
20. |
Similar to the Commission in its opinion on the Recommendation (7), the EDPS recognises the need expressed by the ECB in the Recommendation to adjust the scope of the reference reporting population. The reason given by the ECB is that financial markets are becoming increasingly complex, with steadily growing interlinkages between the financial transactions and balance sheet positions of different types of financial intermediaries (such as monetary financial institutions, insurance corporations and financial vehicle corporations). |
|
21. |
In turn, this may imply that the ECB requires comparable, frequent and timely statistics for these subsectors, so that it can continue to carry out its tasks. However, the consequence will be that such modification of the reference reporting population will increase the collection of information by the different actors involved in the ESCB. In order to avoid unnecessary collection of data, the EDPS notes that the ECB intends to ensure that it will only collect the necessary statistical information if the merits of doing so outweigh the costs and if this information is not already collected by other bodies. |
|
22. |
However, in order to ensure the respect of the data quality principle as well as the data minimization principle, the EDPS considers that a specific procedure to ensure that the information is not already collected by other bodies should be put in place. The ECB confirmed that discussions are ongoing between the ESS (Eurostat) and the ECB in order to develop procedures for further fostering cooperation and minimisation of reporting burden. The EDPS considers that such cooperation should be further developed. |
Exchange of confidential information
|
23. |
The Recommendation amends Article 3 of Regulation (EC) No 2533/98 by mentioning several statistical principles, among which the principle of statistical confidentiality. Furthermore, it modifies Article 8 as regards the confidentiality regime established. The idea is to mirror the content of the proposal for a Regulation on European Statistics. As was already underlined in this text, there is a need to introduce more flexibility in the existing rules on statistical confidentiality between the European Statistical System (ESS) and the ESCB. The proposed new regime introduced by the Recommendation reiterates this need by stating that in order to ensure an efficient and effective exchange of the necessary statistical information, the legal framework should foresee that such a transmission can take place provided that it is necessary for the efficient development, production or dissemination of European statistics. |
|
24. |
The EDPS already had the occasion to clarify his position regarding the transmission of confidential data between the ESS and the ESCB (8). The EDPS considered that such transfers taking place between Eurostat and the ECB comply with the conditions of necessity provided for in Article 7 of Regulation (EC) No 45/2001. In the light of the proposed amendments, the EDPS confirms that such transfer could take place but for statistical purposes only and by guaranteeing protection from unlawful disclosure. This aspect could be further underlined in the modification of Regulation (EC) No 2533/98. Paragraph 3 of Article 8 already contains some measures but the EDPS suggests adding for instance that reporting agents shall be informed that the further transmission will take place for statistical purposes only and that persons receiving this statistical information are reminded of the confidential aspect of this statistical information. |
Access to non-directly identifiable confidential statistical information for research purposes
|
25. |
The EDPS notes that the approach adopted by the ECB towards access to non-directly identifiable confidential statistical information for research purposes is to allow such access while maintaining strict confidentiality safeguards. Paragraph 4 of Article 8 foresees the prior explicit consent of the authority which provided the information. |
|
26. |
In the context of processing of non-directly identifiable confidential statistical information, the EDPS wants to underline that the definition of personal data contained in Article 2(a) of Directive 95/46/EC reads as follows: ‘Personal data shall mean any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity’. |
|
27. |
Furthermore, as was analysed by the EDPS in his Opinion on the proposal for a Regulation of the European Parliament and of the Council on Community statistics on public health and health and safety at work (9), ‘non-direct identifiability’ relates to the notion of anonymity from a statistical point of view. Although, from a data protection view, the notion of anonymity would cover data that are no longer identifiable (see recital 26 of the Directive 95/46/EC), from a statistical point of view, anonymous data are data for which no direct identification is possible. |
|
28. |
Therefore, this definition implies that the indirect identification of statistical information would remain possible and the processing would still be subject to compliance with Regulation (EC) No 45/2001. In this respect, Article 4(1)(e) specifies that personal data ‘must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. The Community institution or body shall lay down that personal data which are to be stored for longer periods for historical, statistical or scientific use should be kept either in anonymous form only or, if that is not possible, only with the identity of the data subjects encrypted. In any event, the data shall not be used for any purpose other than for historical, statistical or scientific purposes’. |
|
29. |
As a result, in the case of such access for research purposes, the EDPS considers that the statistical information should be provided in such a way that the reporting agent cannot be identified, either directly or indirectly, when account is taken of all relevant means that might reasonably be used by a third party. |
III. CONCLUSION
|
30. |
The EDPS notes the willingness to improve the exchange of statistical information between the ESS and the ESCB and the access for research purposes. Although it is welcome that such exchange and access may take place while ensuring strict confidentiality of the data, some clarifications are needed as regards the terminology used and the concepts covered by such exchange and access. |
|
31. |
The EDPS has the following comments regarding the submitted Recommendation and future change of Regulation (EC) No 2533/98:
|
Done in Brussels, 8 April 2009.
Peter HUSTINX
European Data Protection Supervisor
(1) OJ L 318, 27.11.1998, p. 8.
(2) OJ C 251, 3.10.2008, p. 1.
(3) The procedure to adopt such amendments is based on Article 107(6) of the Treaty establishing the European Community and subsequently on Articles 5(4) and 41 of the Statute of the European System of Central Banks and the European Central Bank.
(4) The Council also consulted the European Commission on 13 October 2008, which submitted a Commission Opinion on 13 January 2009, COM(2008) 898 final.
(5) COM(2007) 625 final of 16.10.2007.
(6) OJ C 308, 3.12.2008, p. 1.
(7) Commission Opinion of 13 January 2009, COM(2008) 898 final.
(8) See point 27 of Opinion of the European Data Protection Supervisor on the proposal for a Regulation of the European Parliament and of the Council on European Statistics (COM(2007) 625 final).
(9) OJ C 295/1, 7.12.2007, see points 14 to 18.
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/6 |
Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on standards of quality and safety of human organs intended for transplantation
2009/C 192/02
THE EUROPEAN DATA PROTECTION SUPERVISOR,
Having regard to the Treaty establishing the European Community, and in particular its Article 286,
Having regard to the Charter of Fundamental Rights of the European Union, and in particular its Article 8,
Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,
Having regard to Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, and in particular its Article 41,
Having regard to the request for an opinion in accordance with Article 28 (2) of Regulation (EC) No 45/2001 sent to the EDPS on 8 December 2008,
HAS ADOPTED THE FOLLOWING OPINION:
I. INTRODUCTION
The proposal for a Directive on standards of quality and safety of human organs intended for transplantation
|
1. |
On 8 December 2008, the Commission adopted a Proposal for a Directive of the European Parliament and of the Council on standards of quality and safety of human organs intended for transplantation (hereinafter: the proposal) (1). The proposal was sent by the Commission to the EDPS for consultation, in accordance with Article 28(2) of Regulation (EC) No 45/2001. |
|
2. |
The proposal aims at ensuring high standards of quality and safety for human organs intended for transplantation, in order to ensure a high level of human health protection. In particular, the proposal:
|
|
3. |
The implementation of the proposed organ donation and transplantation scheme requires the processing of personal data relating to health (health data) of the organs’ donors and receivers by the authorised organisations and healthcare professionals of the different Member States. These data are deemed as sensitive and fall under the stricter rules of data protection as laid down in Article 8 of Directive 95/46/EC on special categories of data. |
|
4. |
More specifically, the donors’ data are being processed in the procurement organisations that perform the donor and organ characterisation and, thus, define whether the organ under consideration is appropriate for transplantation (a list of these data is provided in the Annex to the proposal). The recipients’ (patients) data are being processed in the transplantation centres where the operation actually takes place. Although there is no communication of the donor’s data to the recipient (and vice versa), there is a requirement for the national competent authorities to maintain full traceability of the organ from the donor to recipient (and vice versa), which should be possible also in the cases of cross-border exchange of organs. |
EDPS consultation
|
5. |
The EDPS welcomes the fact that he is consulted and that reference to this consultation is made in the preamble of the proposal, in accordance with Article 28 of Regulation (EC) No 45/2001. |
|
6. |
The proposal will advance organ donation and transplantation procedures, with a final aim of increasing organ availability and decreasing mortality in organs waiting lists. It is complementing the existing legislative framework with regard to the use of biological materials of human origin (2). Moreover, it can be seen as part of the overall EC approach towards setting different types of common standards for the provision of healthcare services at the Member States, with a basic aim of promoting cross-border availability of these services across Europe (3). As already stated in his Opinion on patients’ rights in cross-border healthcare, the EDPS supports such an approach. However, he emphasises again the need for a well coordinated and uniform data protection perspective throughout the various healthcare related initiatives (4). |
|
7. |
The proposal has already considered the data protection needs arising both for the donors, and the recipients of organs. The most important element is the requirement to keep the donors’ and recipients’ identity confidential (recitals 11 and 15, Articles 10 and 17). A number of general references to data protection can furthermore be found in some parts of the proposal (recital 17, Articles 16, 4(3)(a), 15(3) and 19(1)(a), Annex), as well as more specific references on the need to cooperate with the national Data Protection Authorities (Articles 18(f) and 20(2)). |
|
8. |
The EDPS welcomes the aforementioned content. He would however like to express his concerns about some of the provisions which are not clearly defined or elaborated, and are therefore leading to ambiguities, which could potentially affect the uniform implementation of the proposal by the Member States. |
|
9. |
More specifically, the sometimes conflicting use of the concepts of ‘organs traceability’ and ‘anonymity of donors and recipients’ is an issue which requires further clarification and precision. In connection with this, the need to adopt enhanced security measures for the protection of the donors’ and recipients’ data at Member States level should be further stressed, to guarantee a reinforced data protection level in the different European countries, as well as to ensure data protection in the cross-border exchange of organs (within or outside Europe). |
|
10. |
The present Opinion will elaborate further on the above mentioned issues, with the aim of improving the current data protection related content of the proposal, both in terms of clarity and consistency. |
II. CLARIFYING THE CONCEPTS OF TRACEABILITY AND ANONYMITY
The applicability of Directive 95/46/EC
|
11. |
According to Article 2(a) of Directive 95/46/EC on the protection of personal data, ‘personal data’ means: ‘any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity’. |
|
12. |
Biological materials of human origin, like organs, tissues, cells or blood, can be defined as material that can be extracted from the human body. It is questionable whether these materials as such can be considered as personal data. However, it is undisputed that such materials can be used as sources of personal information about their holder. The extraction of such information is often the purpose of the processing of biological materials. And even without such a purpose, the biological materials are often accompanied by such extracted information. In those situations the rules of Directive 95/46/EC apply (5). That is to say, as long as the holder of the biological material is an identified or identifiable (natural) person. |
|
13. |
Recital 26 of Directive 95/46/EC explains how to determine whether a person is identifiable: ‘account should be taken of all the means likely reasonable to be used either by the controller or by any other person to identify the said person’. The same Recital furthermore explains that the rules of Directive 95/46/EC do not apply if the information relates to a person who is not or no longer identifiable: such data are considered as anonymous. |
|
14. |
In Recommendation (2006)4, the Council of Europe has addressed the specific issue of identifiability of biological materials, making a distinction between identifiable and non-identifiable biological materials (6). |
|
15. |
According to the recommendation identifiable biological materials are ‘those biological materials which, alone or in combination with associated data, allow the identification of the persons concerned either directly or through the use of a code’ (7). In the latter case, the user of the biological materials may either have access to the code (coded materials) or not have access to the code, which is under the control of a third party (linked anonymised materials). In its opinion 4/2007 on the concept of personal data, the Article 29 Working Party (hereinafter: WP29) used the notion of retraceable pseudonymised data to describe indirectly identifiable information on individuals, which can still be used to backtrack to and identify the individuals under predefined conditions (8). Key-coded data are mentioned as an example, where personal data are earmarked by a code, while the key making the correspondence between the code and the common identifiers of the individuals is kept separately. If the codes used are unique for each specific person, identification is possible through the key applied for the coding. |
|
16. |
The recommendation also refers to the non-identifiable biological materials (or unlinked anonymised materials) as ‘those biological materials which, alone or in combination with associated data, do not allow, with reasonable efforts, the identification of the persons concerned’ (9). These would indeed be considered anonymous data, as defined by Directive 95/46/EC. |
|
17. |
It follows from the foregoing that Directive 95/46/EC applies to the collection, storage and processing of identifiable organs and the subsequent extraction of information from such organs, for as long as it remains possible, with due account of all means likely reasonably to be used, to identify the person concerned. As will be shown, the permanent traceability of organs as envisaged in the proposed directive will keep the persons identifiable throughout the whole process. |
Traceability versus anonymity of human organs
|
18. |
Traceability of a biological material is the possibility to backtrack to the holder of the material and, thus, identify him/her. To put it in other words, whenever traceability of the holders of the biological materials is possible, either in a direct or indirect way, these can be considered as identifiable and vice versa. The concepts of ‘traceability’ and ‘identifiably’ are therefore in principle strongly connected to each other. On the contrary, traceability and anonymity of data cannot appear at the same time. They are opposite to each other. If certain information is truly anonymous it is not possible to identify and trace back the individuals. |
|
19. |
In the context of the current proposal, traceability is a mandatory requirement to be established in the framework of the Member States national quality programmes in a twofold way, i.e. both to the donors and to the recipients. This means that, although information about donors and recipients is kept confidential, the organs related information is identifiable. This is also included in the proposal’s definition on traceability in Article 3: ‘the ability for a competent authority to locate and identify the organ at each stage in the chain from donation to transplantation or disposal, which under specified circumstances in this Directive is authorised to identify the donor and the procurement organisation, identify the recipients at the transplantation centre, locate and identify all relevant non-personal information relating to products and materials coming into contact with that organ’. |
|
20. |
Moreover, Article 10 of the proposal on traceability states in its first paragraph that ‘Member States shall ensure that all organs procured and allocated in their territory can be traced from the donor to recipient and vice versa in order to safeguard the health of donors and recipients’. Paragraph 3 of the same article states that ‘Member States shall ensure that: (a the competent authorities or other bodies involved in the chain from donation to transplantation or disposal keep the data needed to ensure traceability at all stages of the chain from donation to transplantation or disposal in accordance with the national quality programmes, (b data required for full traceability is kept for a minimum of 30 years after donation. Such data storage may be stored in electronic form’. |
|
21. |
Although the traceability process is subject to implementing measures (see Article 25 of the proposal), an indirect identification scheme of the donors and recipients seems the most likely solution, following or at least being interoperable with Directive 2004/23/EC (10) on tissues and cells and the European identifying code established therein (11). In such a case, the processing relating to donors and recipients in the context of the proposal concerns linked anonymised biological materials or in data protection terminology retraceable pseudonymised data (see above in point 15) to which the provisions of Directive 95/46/EC apply. |
|
22. |
It is noted however that, despite the clear traceability and identifiability requirements, the proposal in some of its parts uses the term ‘anonymity’ or ‘anonymous data’ to refer to the donors’ and recipients’ data. As follows from the previous points, this is contradictory and highly confusing. (12) |
|
23. |
More specifically, paragraph 2 of Article 10 of the proposal, which sets the need for a donor identification system, states that ‘Member States shall ensure the implementation of a donor identification system that can identify each donation and each of the organs associated with it. Member States shall ensure that this donor identification system is designed with the aim of collecting, processing or using no personal data or as little personal data as possible. In particular, use is to be made of the possibilities for pseudonymisation or rendering individuals anonymous’ (13). The EDPS is of the opinion that the underlined terms in this particular paragraph are in conflict with the concept of traceability, since there is no possibility to have traceable and identifiable data when donors and recipients are rendered anonymous. Besides, it is remarkable that this paragraph refers to donor identification, whereas the recipient identification (which is also part of the process) is not mentioned at all. |
|
24. |
The aforementioned contradiction is even more apparent in Article 17 on Anonymisation of donors and recipients, which states that: ‘Member States shall take all necessary measures to ensure that all personal data of donors and recipients processed within the scope of this Directive are rendered anonymous so that neither donors nor recipients remain identifiable’. This Article is entirely in conflict with the proposal’s articles on traceability. |
Confidentiality instead of anonymity
|
25. |
The EDPS understands that the term anonymity is actually used to stress the need for enhanced confidentiality (14) of the donors’ and recipients’ data, meaning that information is accessible only to those authorised to have access. The EDPS assumes that anonymisation is more specifically used as implying an indirect identification scheme used for the donors and recipients (15), which can also be distracted from the way in which this term is used in Directive 2004/23/EC on tissues and cells. As stated earlier, however, anonymity is not the correct term to be used. |
|
26. |
An example of how both data protection and traceability can be addressed in a transplantation process can be found in the Council of Europe Additional Protocol to the Convention on human rights and biomedicine (16). There, the concept of confidentiality is used instead of anonymity. More specifically Article 23(1) of the protocol states that ‘all personal data relating to the person from whom organs or tissues have been removed and those relating to the recipient shall be considered to be confidential. Such data may only be collected, processed and communicated according to the rules relating to professional confidentiality and personal data protection’. Paragraph 2 of the same article continues as follows: ‘the provisions of paragraph 1 shall be interpreted without prejudice to the provisions making possible, subject to appropriate safeguards, the collection, processing and communication of the necessary information about the person from whom organs or tissues have been removed or the recipient(s) of organs and tissues in so far as this is required for medical purposes, including traceability, as provided for in Article 3 of this protocol’. |
|
27. |
Based on the foregoing, the EDPS recommends to alter the language in certain parts of the proposal in order to avoid ambiguity and to explicitly reflect the fact that the data are not anonymous but should be processed under strong confidentiality and security rules. More specifically, the EDPS recommends the following changes:
|
|
28. |
Moreover, as will be discussed in the following parts of this Opinion, the EDPS suggests to further outline the need for reinforced protection of the donors’ and recipients’ data through the application of strong security measures, both at national and at cross-border level. |
III. STRESSING NATIONAL DATA SECURITY MEASURES
Basic security needs and requirements
|
29. |
As follows from the proposal, the processing of personal data of the donors and recipients mainly takes place at national level, i.e. in the Member States procurement and transplantation centres. It is at this level that the register of living donors is also kept. Although the traceability mechanism has not yet been defined, it can be expected that any codification activity will also occur at national level even in the case that a European coding system is used, since identification of the donors and recipients is only possible through the national competent authorities. |
|
30. |
It is therefore of utmost importance to implement an information security policy based on strict and sound security measures at the relevant national services, especially in order to meet the confidentiality requirements for the donors and recipients set out in the proposal, as well as to safeguard integrity (17), accountability (18) and availability (19) of these data. In this regard, the information security policy should cover elements of physical and logical security focusing, among other, on the control of data entry, access, recording, transfer and communication, as well as data media and storage control. |
|
31. |
With regard to confidentiality, the medical data of the recipients’ (20), as well as the data used for the donors’ characterisation and follow-up (also in relation to ‘expanded donors’ (21)), may reveal sensitive personal information about them, which can affect their social, professional and/or personal life as well. The protection of the donors’ identification data is of further importance, where living donors or persons who have provided their consent to donate one or more of their organs after their death could become victims of trafficking of human organs and tissues in case this information is revealed. Integrity of the organs’ related data is also crucial, since even a single mistake in the transferred information could be life-threatening for the recipient. The same applies for the accuracy of the donors’ health data prior to the transplantation, since these data are used to identify whether the organ is suitable or not. As regards accountability, since so many different organisations are involved in the overall donation and transplantation scheme, there should be a way that all involved entities are aware and can take responsibility of their actions, e.g. in case where donors’ identification data is revealed to non-authorised persons or the organs’ medical data are not accurate. Last, since the whole system is based on the transfer of the organs related data and the traceability mechanism from donor to recipient, these data should be at the disposal of the authorised persons when needed without delay (otherwise non-availability would compromise the sound system’s performance). |
|
32. |
In this respect, appropriate authorisation mechanisms should be in place, following specific access controls policies, both for the national databases and in the case of cross-border exchanges of organs. These policies should at first be defined at the organisational level, especially with regard to the identification procedures for the donors and recipients (e.g. who has access to what information and under which circumstances). In this way access rights will be set out, together with access scenarios where these rights can be executed (e.g. circumstances and procedure for disclosing data by the procurement organisation to the competent authority, certain — if any — cases where the identity of the donor needs to be disclosed to the recipient and the procedures for doing it, etc.). In order for the policies to be effective, the persons involved in the processing should be bound with specific confidentiality rules. |
|
33. |
Once these policies are determined, they can be implemented at technical level, i.e. in terms of controlling user access to systems and applications according to the pre-defined access rights. Proven technologies, like encryption and digital certificates (22) (e.g. based on public key infrastructure schemes (23), can be used for this. Role-based authentication mechanisms can also be applied to restrict the user access rights based on their role (e.g. only doctors should be in the position of modifying the recipients’ and donors’ medical data into the national databases). |
|
34. |
Access control should be complemented with possibilities for logging users actions (e.g. read and write access to medical data), especially when electronic systems are used. Physical and logical security measures should also be in place to make sure that the donors’ and organs’ databases are fully operational as a central element of the proposed donation and transplantation system. Availability of the data should be considered as a cornerstone of the system. In this regard, the information security policy should be based on a sound risk analysis and assessment, and should also include elements as incidents and business continuity management. All these elements should be maintained and improved through regular processes of monitoring and reviewing. Independent audits can also increase the effectiveness and improvement of the system, paying especial attention to pseudonymisation, traceability and data transfer practices. |
|
35. |
The EDPS would like to see more emphasis put on the need for such measures in the context of the proposed Directive. |
Enhancement of the proposal’s security provisions
|
36. |
Article 16 of the proposal on the Protection of personal data, confidentiality and security of processing states that ‘Member States shall ensure that the fundamental right to protection of personal data is fully and effectively protected in all organ transplantation activities, in conformity with Community provisions on the protection of personal data, such as Directive 95/46/EC, and in particular Articles 8(3), 16, 17 and 28(2) of that Directive’. The EDPS recommends that a second paragraph is added in this article, describing the basic principles for ensuring security at the Member State level, including as a minimum a reference to the following points:
|
|
37. |
The EDPS recommends that the above mentioned elements are included in Article 16 and then further specified as part of the implementing measures of Article 25, especially paragraph 1(a), (b) and (c). |
IV. SAFEGUARDS REGARDING CROSS-BORDER EXCHANGES OF ORGANS
Security harmonisation across Member States
|
38. |
The cross-border exchange of organs will in practice always involve processing of personal data, since, even if coded, the organs remain (indirectly) identifiable through the national competent authorities. |
|
39. |
The EDPS has already expressed his opinion about the security needs for the protection of personal data in cross-border healthcare within Europe, stressing inter alia the need for harmonising information security policies among Member States in order to achieve a sound data protection level (24). He recommends that this element is also mentioned in the current proposal and more specifically in Recital (17) where the provision of Directive 95/46/EC on security of processing is mentioned. |
Establishment of the traceability system
|
40. |
In this specific case, a significant parameter for cross-border data security is the traceability mechanism to be established. To this end, besides the security measures applied at Member State level, special attention should be paid to pseudonymisation possibilities to be used for the identification of donors and recipients (e.g. type of codification, possibility of double codification, etc) and to maintaining interoperability with the tissue and cells identification system. |
|
41. |
The EDPS recommends that a specific reference on this item is made in Article 25 of the proposed Directive on the implementing measures, amending paragraph 1(b) as follows: ‘procedures for ensuring the full traceability of organs, including labelling requirements, while safeguarding confidentiality of donors and recipients throughout the whole traceability process and maintaining interoperability with the tissue and cells identification system.’ |
Exchange of organs with third countries
|
42. |
Security needs are even more important when data are exchanged with third countries where an adequate data protection level cannot always be guaranteed. A specific regime for transfer of personal data to third countries is laid down in Articles 25 and 26 of Directive 95/46/EC. The EDPS is aware of the fact that data protection requirements should not obstruct the fast and efficient transfer of organs, which is a necessity in the system of organ donation and can often even be a matter of life or death. The possibilities of allowing transfers despite the lack of an adequate level of data protection in general in the third country should therefore be explored. One should thereby take into account that due to the indirect nature of the individuals’ identification at cross-border level together with the fact that the national competent authorities have the overall supervision of the system, the risks at stake are most probably lower than those arising at national level (25). |
|
43. |
To this end, the EDPS is of the opinion that the competent authority, who is responsible for the authorisation of such transfers, consults with the national Data Protection Authority in order to develop, in light of the possible derogations indicated in Article 26 of Directive 95/46/EC, the necessary framework for secure, but also fast and efficient transfer of organs’ data to and from third countries. The EDPS recommends that a reference on this item is made in Article 21 on the Exchange of organs with third countries or in the relevant recital 15. |
Implementing measures
|
44. |
As a final remark, the EDPS urges the legislator to ensure that, with regard to Article 25, in all cases where implementing measures affecting data protection and security are considered, all relevant stakeholders are consulted, including the EDPS and the Article 29 Working Party. |
V. CONCLUSIONS
|
45. |
The EDPS has noted the initiative to ensure high standards of quality and safety for human organs intended for transplantation, which can be seen as part of the overall EC approach towards setting common standards to promote cross-border availability of healthcare services across Europe. |
|
46. |
The proposal has already considered the data protection needs arising for the donors and the recipients of organs, especially with regard to the requirement for keeping their identities confidential. The EDPS regrets however that some of these provisions are vague, ambiguous or general and, for this reason, he recommends a number of amendments to enhance the proposal’s data protection related content. |
|
47. |
As a first point, the EDPS notes the existing contradiction between the concepts of traceability and anonymity used within the proposal. In this respect, he recommends specific changes of the language in certain parts of the proposal (namely in recital 15, Article 10 paragraph 2 and Article 17) in order to avoid ambiguity and to explicitly reflect the fact that the data are not anonymous but should be processed under strong confidentiality and security rules. |
|
48. |
Moreover, he recommends laying more emphasis on the need to adopt strong security measures at national level. This could be done by adding a second paragraph in Article 16 describing the basic principles for ensuring security at the Member State level, and further specifying these principles as part of the implementing measures of Article 25(1). The proposed security principles include:
|
|
49. |
With regard to the cross-border exchange of organs, the EDPS recommends that the need for harmonising information security policies among Member States is mentioned in Recital (17) of the proposal. In addition, special attention should be paid to the pseudonymisation possibilities to be used for the identification of donors and recipients, and to maintaining interoperability with the tissue and cells identification system. The EDPS recommends that a specific reference on this item is made in Article 25(1)(b) of the proposal. |
|
50. |
Concerning the exchange of organs with third countries, the EDPS recommends to mention in Article 21 or relevant Recital 15 of the proposal that the competent authority will consult with the national Data Protection Authority in order to develop the necessary framework for secure, but also fast and efficient transfer of organs’ data to and from the third countries. |
|
51. |
Finally, the EDPS recommends that in all cases where implementing measures affecting data protection and security are considered, all relevant stakeholders are consulted, including the EDPS and the Article 29 Working Party. |
Done in Brussels, 5 March 2009.
Peter HUSTINX
European Data Protection Supervisor
(1) COM(2008) 818 final.
(2) This framework includes Directives 2002/98/EC, 2004/33/EC, 2005/61/EC and 2005/62/EC for blood and blood products, and Directives 2004/23/EC, 2006/17/EC and 2006/86/EC for human tissues and cells.
(3) See also the Proposal for a Directive of the European Parliament and of the Council on the application of patients’ rights in cross-border healthcare, COM(2008) 414 final.
(4) EDPS Opinion of 2 December 2008 on the proposal for a Directive on the application of patient's rights in cross-border healthcare.
(5) Article 29 Data Protection Working Party, Opinion 4/2007 on the concept of personal data, p. 9.
(6) Recommendation Rec(2006) 4 of the Committee of Ministers to Member States on research on biological materials of human origin.
(7) Article 2(i) of Recommendation Rec(2006) 4.
(8) Article 29 Data Protection Working Party, Opinion 4/2007, p. 18.
(9) Article 2(ii) of Recommendation Rec(2006) 4.
(10) Since organ donors are very often tissue donors, there is a need to trace and report any unexpected adverse reaction also in the tissue vigilance system, and, thus, interoperability with the indirect identification method used in this system is required. See: Directive 2004/23/EC of the European Parliament and of the Council of 31 March 2004 on setting standards of quality and safety for the donation, procurement, testing, processing, preservation, storage and distribution of human tissues and cells, OJ L 102/48, 7.4.2004, and Commission Directive 2006/86/EC of 24 October 2006 implementing Directive 2004/23/EC of the European Parliament and of the Council as regards traceability requirements, notification of serious adverse reactions and events and certain technical requirements for coding, processing, preservation, storage and distribution of human tissues and cells, OJ L 294/32, 25.10.2006.
(11) This code includes a unique identification number for each donation, which, together with the tissue establishment and product identification, can trace back to the donors and recipients. More specifically, according to Article 10 of Directive 2006/86/EC, ‘a single European identifying code shall be allocated to all donated material at the tissue establishment, to ensure proper identification of the donor and the traceability of all donated material and to provide information on the main characteristics and properties of tissues and cells’. As described in the Annex VII to this Directive, the code has two parts: (a donation identification, including a unique ID number for the donation and the identification of the tissue establishment, and (b product identification, including product code, split number and expiry date.
(12) This observation was also made by the EDPS in his comments of 19.9.2006 on the public consultation on the future EU action in the area of organ donation and transplantation.
(13) Own emphasis.
(14) Ensuring that information is accessible only to those authorised to have access (ISO definition, source: http://www.wikipedia.org).
(15) The term ‘anonymisation’, depending on the context where it is applied, is sometimes used to imply indirectly identifiable data, like in the case of statistics. This, however, is not correct from a data protection point of view as was explained by the EDPS in his Opinions on the proposal for a Regulation of the European Parliament and of the Council on Community statistics on public health and health safety at work (COM(2007) 46 final), and on the proposal for a Regulation of the European Parliament and of the Council on European Statistics (COM(2007) 625 final).
(16) Council of Europe, Additional Protocol to the Convention on Human Rights and Biomedicine concerning transplantation of Organs and Tissues of Human Origin, Strasbourg, 24.1.2002, see http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=186&CM=8&DF=2/13/2009&CL=ENG for ratification chart. See also: Council of Europe, Convention for the Protection of Human Rights and Dignity of the Human Being with Regard to the Application of Biology and Medicine: Convention on Human Rights and Biomedicine, Oviedo, 4.4.1997, see http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=164&CM=8&DF=2/13/2009&CL=ENG for ratification chart.
(17) Ensuring that data is ‘whole’ or complete, the condition in which data are identically maintained during any operation (such as transfer, storage or retrieval), the preservation of data for their intended use, or, relative to specified operations, the a priori expectation of data quality. Put simply, data integrity is the assurance that data is consistent and correct (source: http://www.wikipedia.org); ensuring that information can only be accessed or modified by those authorised to do so (source: http://searchdatacenter.techtarget.com).
(18) Liability to account for one’s actions; non-repudiation: ensuring that the data has been sent and received by the parties claiming to have sent and received it: the concept of ensuring that a party in a dispute cannot repudiate, or refute the validity of a statement (source: http://www.wikipedia.org).
(19) The degree to which the data can be instantly accessed (source: http://www.pcmag.com).
(20) It has to be noted that the mere fact that an organ is transplanted to a recipient constitutes sensitive personal data about the health of this person.
(21) Potential donors, who are not the ideal donor candidates, but could be considered under certain circumstances, e.g. for elderly recipients. See: Commission Staff Working Document accompanying the proposal for a directive of the European Parliament and of the Council on standards of quality and safety of human organs indented for transplantation and the Communication from the Commission Action Plan on Organ Donation and Transplantation (2009-2015): Strengthened cooperation between Member States, Impact Assessment, 8.12.2008.
(22) The electronic equivalent of an ID card that authenticates the originator of a digital signature (source: http://www.ffiec.gov/ffiecinfobase/booklets/e_banking/ebanking_04_appx_b_glossary.html).
(23) A Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates (source: http://www.wikipedia.org).
(24) EDPS Opinion of 2 December 2008 on the proposal for a directive on the application of patient’s rights in cross-border healthcare.
(25) See Article 29 Data Protection Working Party, Opinion 4/2007, p. 18 on pseudonymised and key-coded data.
IV Notices
NOTICES FROM EUROPEAN UNION INSTITUTIONS AND BODIES
Commission
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/14 |
Euro exchange rates (1)
14 August 2009
2009/C 192/03
1 euro =
|
|
Currency |
Exchange rate |
|
USD |
US dollar |
1,4294 |
|
JPY |
Japanese yen |
135,61 |
|
DKK |
Danish krone |
7,4444 |
|
GBP |
Pound sterling |
0,86160 |
|
SEK |
Swedish krona |
10,1835 |
|
CHF |
Swiss franc |
1,5267 |
|
ISK |
Iceland króna |
|
|
NOK |
Norwegian krone |
8,6165 |
|
BGN |
Bulgarian lev |
1,9558 |
|
CZK |
Czech koruna |
25,733 |
|
EEK |
Estonian kroon |
15,6466 |
|
HUF |
Hungarian forint |
269,20 |
|
LTL |
Lithuanian litas |
3,4528 |
|
LVL |
Latvian lats |
0,7000 |
|
PLN |
Polish zloty |
4,1240 |
|
RON |
Romanian leu |
4,2130 |
|
TRY |
Turkish lira |
2,1160 |
|
AUD |
Australian dollar |
1,6939 |
|
CAD |
Canadian dollar |
1,5509 |
|
HKD |
Hong Kong dollar |
11,0784 |
|
NZD |
New Zealand dollar |
2,0785 |
|
SGD |
Singapore dollar |
2,0628 |
|
KRW |
South Korean won |
1 769,06 |
|
ZAR |
South African rand |
11,5152 |
|
CNY |
Chinese yuan renminbi |
9,7688 |
|
HRK |
Croatian kuna |
7,3120 |
|
IDR |
Indonesian rupiah |
14 246,96 |
|
MYR |
Malaysian ringgit |
5,0279 |
|
PHP |
Philippine peso |
68,695 |
|
RUB |
Russian rouble |
45,1200 |
|
THB |
Thai baht |
48,635 |
|
BRL |
Brazilian real |
2,6020 |
|
MXN |
Mexican peso |
18,3544 |
|
INR |
Indian rupee |
68,9610 |
(1) Source: reference exchange rate published by the ECB.
NOTICES FROM MEMBER STATES
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/15 |
Extract from the decision on reorganisation measures applied at the Banco Privado Português, S.A. under Article 3 of Directive 2001/24/EC of the European Parliament and of the Council on the reorganisation and winding-up of credit institutions (Directive 2001/24/EC)
2009/C 192/04
Publication provided for in Article 6 of that Directive and in Article 18 of Decree-Law No 199/2006 of 25 October 2006
The Bank of Portugal, the administrative authority competent for the purposes of the reorganisation of credit institutions within the meaning of the sixth indent of Article 2 of Directive 2001/24/EC, considering that the Banco Privado Português, S.A. was ordered to review and redraft the reorganisation plan it had previously put forward and that the bank must be given additional time to do so, decided on 26 May 2009, in accordance with Article 3 of that Directive and Article 145(1)(b) and (3) of the General Rules on Credit Institutions and Finance Companies (Regime Geral das Instituições de Crédito e Sociedades Financeiras), approved by Decree-Law No 298/92 of 31 December 1992 (and amended by subsequent acts), to extend until 1 September 2009 the exemption from immediately honouring obligations previously contracted by the Banco Privado Português, S.A. The exemption must be used to the extent necessary to restructure and reorganise the bank, without prejudice to the expenditure essential for day-to-day administration.
An appeal may be lodged against the above decision by initiating administrative proceedings against it within 90 days of notification or publication of this notice before the Lisbon Administrative Court, Rua Filipe Folque, n.o 12-A, 1.o, Lisbon, PORTUGAL.
The Secretary of the Boards
Paulo Ernesto CARVALHO AMORIM
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/16 |
Extract from the decision concerning Kaupthing Bank hf. pursuant to Directive 2001/24/EC of the European Parliament and of the Council of 4 April 2001 on the reorganisation and winding-up of credit institutions
2009/C 192/05
Invitation to lodge a claim — Time limits to be observed
In a ruling of the District Court of Reykjavik issued on 24 November 2008, Kaupthing Bank hf. ID-No 560882-0419, Borgartun 19, 105 Reykjavik, ICELAND, was granted a moratorium on payments until 13 February 2009. On 19 February the moratorium was extended until Friday 13 November 2009. Pursuant to temporary provision II of Act No 44/2009 on the Amendment to Act No 161/2002 the District Court of Reykjavik appointed a Winding-up Committee for the bank on 25 May 2009 whose tasks include dealing with claims against the bank while the moratorium remains in effect and after winding-up proceedings have commenced at the end of the moratorium period.
The reference date for the winding-up proceedings is 15 November 2008, according to temporary provision III of Act No 44/2009, amending Act No 161/2002. The date for commencing the processing of claims shall be based on the entry into force of Act No 44/2009 and is 22 April 2009, according to sub-paragraph 2 of temporary provision II of Act No 44/2009.
All parties claiming debts or other rights from Kaupthing Bank hf. or assets controlled by the bank are hereby invited to submit their claims in writing to the Winding-up Committee of the bank within six months of the first publication of this notice in the Icelandic Legal Gazette on 30 June 2009. Accordingly the last day to submit claims is 30 December 2009. Claims must be filed with the Winding-up Committee within the specified time limit and shall comply with the instructions contained in paragraphs 2 and 3 of Article 117 of Act No 21/1991 on Bankruptcy etc.
Claims should be sent to:
|
The Winding-up Committee of Kaupthing Bank hf. |
|
Borgartun 19 |
|
105 Reykjavik |
|
ICELAND |
Pursuant to the aforementioned provisions, creditors are instructed to include the itemized amount of their claims as of 22 April 2009.
Claims in foreign currencies should be filed in the relevant currency. Creditors from Member States of the European Economic Area or the European Free Trade Association may file claims in the language of that state. Such claims must be accompanied by an Icelandic translation. However, it is permitted to file a claim in English without having it translated into Icelandic. Other creditors can file their claims in Icelandic or English.
If a claim is not filed within the aforementioned time limit, the claim against Kaupthing Bank hf. is considered null and void according to Article 118 of the Act No 21/1991 on Bankruptcy etc. unless the exceptions specified in sub-paragraphs 1-6 of the said Article are applicable.
By filing a claim, the creditor is deemed to have waived the rights to confidentiality (banking secrecy) with regard to the claim in question.
Notice is hereby given that a creditors’ meeting will be held on Friday 29 January 2010 at 10:00 a.m. at Hilton Hotel Nordica, Sudurlandsbraut 2, 108 Reykjavik, ICELAND. Any party who has filed a claim against the bank is entitled to attend the meeting. The meeting will discuss the list of filed claims and the Winding-up Committee's position towards the recognition of claims insofar as it is available. The list of filed claims will be made available to parties who have filed claims at least one week before the meeting.
Further information on the filing and handling of claims will be made available on the bank's website, http://www.kaupthing.com. The Winding-up Committee wishes to give the creditors the following instructions:
|
(a) |
please provide your e-mail address or the e-mail address of your representative when filing the claim; |
|
(b) |
please specify your bank account details to facilitate any eventual payment. |
Creditors are encouraged to file their claims as soon as possible, within the above-mentioned time limit.
Reykjavik, 6 July 2009.
The Winding-up Committee of Kaupthing Bank hf.
David B. GISLASON, Attorney to the District Court
Feldis L. OSKARSDOTTIR, Attorney to the District Court
Olafur GARDARSSON, Attorney to the Supreme Court
V Announcements
PROCEDURES RELATING TO THE IMPLEMENTATION OF THE COMPETITION POLICY
Commission
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/18 |
Prior notification of a concentration
(Case COMP/M.5603 — ENI/TEC)
Candidate case for simplified procedure
(Text with EEA relevance)
2009/C 192/06
|
1. |
On 7 August 2009, the Commission received a notification of a proposed concentration pursuant to Article 4 of Council Regulation (EC) No 139/2004 (1) by which ENI S.p.A. (‘ENI’, Italy) acquires within the meaning of Article 3(1)(b) of the Council Regulation sole control of the whole of Toscana Energia Clienti S.p.A. (‘TEC’, Italy) jointly controlled by ENI and Toscana Energia S.p.A. (‘Toscana Energia’, Italy) by way of purchase of shares. |
|
2. |
The business activities of the undertakings concerned are:
|
|
3. |
On preliminary examination, the Commission finds that the notified transaction could fall within the scope of Regulation (EC) No 139/2004. However, the final decision on this point is reserved. Pursuant to the Commission Notice on a simplified procedure for treatment of certain concentrations under Council Regulation (EC) No 139/2004 (2) it should be noted that this case is a candidate for treatment under the procedure set out in the Notice. |
|
4. |
The Commission invites interested third parties to submit their possible observations on the proposed operation to the Commission. Observations must reach the Commission not later than 10 days following the date of this publication. Observations can be sent to the Commission by fax (+32 22964301 or 22967244) or by post, under reference number COMP/M.5603 — ENI/TEC, to the following address:
|
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/19 |
Prior notification of a concentration
(Case COMP/M.5609 — ISP/RDM/Manucor)
Candidate case for simplified procedure
(Text with EEA relevance)
2009/C 192/07
|
1. |
On 7 August 2009, the Commission received a notification of a proposed concentration pursuant to Article 4 of Council Regulation (EC) No 139/2004 (1) by which Intesa San Paolo S.p.A. (‘ISP’, Italy) and Reno de Medici (‘RDM’, Italy) acquire within the meaning of Article 3(1)(b) of the Council Regulation joint control of the undertaking Manucor S.p.A. (‘Manucor’, Italy) currently solely controlled by Equinox Investment S.c.p.A (‘Equinox’, Luxembourg), by way of purchase of shares. |
|
2. |
The business activities of the undertakings concerned are:
|
|
3. |
On preliminary examination, the Commission finds that the notified transaction could fall within the scope of Regulation (EC) No 139/2004. However, the final decision on this point is reserved. Pursuant to the Commission Notice on a simplified procedure for treatment of certain concentrations under Council Regulation (EC) No 139/2004 (2) it should be noted that this case is a candidate for treatment under the procedure set out in the Notice. |
|
4. |
The Commission invites interested third parties to submit their possible observations on the proposed operation to the Commission. Observations must reach the Commission not later than 10 days following the date of this publication. Observations can be sent to the Commission by fax (+32 22964301 or 22967244) or by post, under reference number COMP/M.5609 — ISP/RDM/Manucor, to the following address:
|
OTHER ACTS
Commission
|
15.8.2009 |
EN |
Official Journal of the European Union |
C 192/20 |
Notice for the attention of the persons and entities added to the lists provided for in Articles 11 and 15 of Council Regulation (EC) No 194/2008 renewing and strengthening the restrictive measures in respect of Burma/Myanmar, by virtue of Commission Regulation (EC) No 747/2009
2009/C 192/08
In Common Position 2009/615/CFSP, the Council of the European Union decided to amend further certain annexes to Common Position 2006/318/CFSP (1), having determined that:
|
1. |
the persons, entities and bodies listed in Annex VI of Regulation (EC) 194/2008 are:
|
|
2. |
the legal persons, entities and bodies listed in Annex VII are:
|
Consequently the Commission has, pursuant to Article 18(1)(b) of Council Regulation (EC) No 194/2008 (2), adopted Commission Regulation (EC) No 747/2009 (3) which amends Annexes VI and VII to Regulation (EC) 194/2008.
Regulation (EC) No 194/2008 provides for:
|
1. |
the freezing of all funds, other financial assets and economic resources belonging to the persons, groups and entities listed in Annex VI and that no funds, other financial assets and economic resources may be made available to them, whether directly or indirectly; and |
|
2. |
a prohibition on new investment in the enterprises, legal persons, entities or bodies listed in Annex VII. |
The attention of the persons, entities and bodies listed in Annex VI is drawn to the possibility of making an application to the competent authorities of the relevant Member State(s) as indicated in the websites listed in Annex IV to Regulation (EC) No 194/2008 in order to obtain an authorisation to use frozen funds for essential needs or specific payments in accordance with Article 13 of that Regulation.
The persons, entities and bodies on the lists in Council Regulation 194/2008 as further amended by Commission Regulation (EC) No 747/2009 may submit at any time a request to the Council of the European Union, together with any supporting documentation, for the decision to include and/or maintain them on the lists referred to above to be reconsidered. Such requests should be made to the following address:
|
Council of the European Union |
|
Rue de la Loi/Wetstraat 175 |
|
1048 Bruxelles/Brussel |
|
BELGIQUE/BELGIË |
The persons, entities and bodies added to Annexes VI or VII of Council Regulation 194/2008 by means of Common Position 2009/615/CFSP and Commission Regulation (EC) No 747/2009, may make their views on their listing known to the Commission. Such communications should be sent to:
|
European Commission |
|
‘Restrictive measures’ |
|
Rue de la Loi/Wetstraat 200 |
|
1049 Bruxelles/Brussel |
|
BELGIQUE/BELGIË |
Such requests and information will be considered when they are received. In this respect, the attention of the persons and entities concerned is drawn to the constant review by the Council of the lists according to Article 9 of Common Position 2006/318/CFSP.
The attention of the persons and entities concerned is also drawn to the possibility of challenging the Commission Regulation (EC) No 747/2009 before the Court of First Instance of the European Communities, in accordance with the conditions laid down in Article 230(4) and (5) of the Treaty establishing the European Community.
(1) OJ L 116, 29.4.2006, p. 77. Common Position as last amended by Common Position 2009/615/CFSP (OJ L 210, 14.8.2009, p. 38).
(3) OJ L 212, 15.8.2009, p. 10.