8.2.2014

Official Journal of the European Union

C 38/2

Euro exchange rates (1)

7 February 2014

(2014/C 38/02)

1 euro =

	Currency	Exchange rate
USD	US dollar	1,3574
JPY	Japanese yen	138,79
DKK	Danish krone	7,4623
GBP	Pound sterling	0,83140
SEK	Swedish krona	8,8595
CHF	Swiss franc	1,2237
ISK	Iceland króna
NOK	Norwegian krone	8,4120
BGN	Bulgarian lev	1,9558
CZK	Czech koruna	27,503
HUF	Hungarian forint	308,81
LTL	Lithuanian litas	3,4528
PLN	Polish zloty	4,1875
RON	Romanian leu	4,4825
TRY	Turkish lira	3,0162
AUD	Australian dollar	1,5178
CAD	Canadian dollar	1,5025
HKD	Hong Kong dollar	10,5532
NZD	New Zealand dollar	1,6462
SGD	Singapore dollar	1,7223
KRW	South Korean won	1 459,46
ZAR	South African rand	15,0675
CNY	Chinese yuan renminbi	8,2310
HRK	Croatian kuna	7,6495
IDR	Indonesian rupiah	16 507,53
MYR	Malaysian ringgit	4,5295
PHP	Philippine peso	61,081
RUB	Russian rouble	47,1200
THB	Thai baht	44,612
BRL	Brazilian real	3,2395
MXN	Mexican peso	18,1125
INR	Indian rupee	84,7270

(1) Source: reference exchange rate published by the ECB.

8.2.2014

Official Journal of the European Union

C 38/3

Executive Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council on the European Union Agency for Law enforcement Cooperation and Training (Europol) and repealing Decisions 2009/371/JHA and 2005/681/JHA

(The full text of this Opinion can be found in English, French and German on the EDPS website:http://www.edps.europa.eu)

(2014/C 38/03)

I. Introduction

I.1. Context of the opinion

On 27 March 2013, the Commission adopted the proposal for a Regulation of the European Parliament and of the Council on the European Union Agency for Law enforcement Cooperation and Training (Europol) and repealing Decisions 2009/371/JHA and 2005/681/JHA (‘the Proposal’). The Proposal was sent by the Commission to the EDPS for consultation on the same day and received on 4 April 2013.

Before the adoption of the Proposal, the EDPS was given the opportunity to provide informal comments. The EDPS welcomes the fact that many of these comments have been taken into account.

The EDPS welcomes the fact that he has been consulted by the Commission and that a reference to the consultation is included in the preambles of the Proposal.

The EDPS was also consulted on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions establishing a European law Enforcement Training Scheme, adopted in parallel with the Proposal (1). However, he will refrain from issuing a separate reaction on this communication, since he has only very limited comments which are included in part IV of this opinion.

I.2. Aim of the Proposal

The Proposal is based on Articles 88 and Article 87 (2) (b) of the Treaty on the Functioning of the European Union (TFEU) and has the following aims (2):

—	align Europol with the requirements of the Lisbon Treaty, by adopting a legal framework under the ordinary legislative procedure;

—	meet the goals of the Stockholm Programme by making Europol a hub for information exchange between the law enforcement authorities of the Member States and establishing European training schemes and exchange programmes for all relevant law enforcement professionals;

—	grant Europol new responsibilities, by taking over the tasks of CEPOL and giving a legal basis for the EU cybercrime centre;

—	ensure a robust data protection regime, in particular by strengthening the supervision structure;

—	improve the governance of Europol by seeking increased efficiency and aligning it with the principles laid down in the Common approach on EU decentralised agencies.

The EDPS emphasises that the Proposal is of great importance from the perspective of processing of personal data. The processing of information, including personal data, is a principal reason for the existence of Europol. In the current state of EU development, operational police work remains a competence of the Member States. However, this task has an increasingly cross border nature, and the EU level provides support by providing, exchanging and examining information.

I.3. Aim of the Opinion

This Opinion will focus on the most relevant changes of the legal framework for Europol from the perspective of data protection. It will first analyse the legal context, its development and the consequences for Europol. It will then elaborate on the main changes, which are:

—	The new information structure for Europol, which implies a merger of the different databases, and its consequences for the principle of purpose limitation.

—	The strengthening of data protection supervision.

—	Transfer and exchange of personal data and other information, with a focus of the exchange of personal data with third countries.

Subsequently, the Opinion will discuss a number of specific provisions of the Proposal, with an emphasis on Chapter VII thereof (Articles 34-48) on data protection safeguards.

V. Conclusions

General

167.

The EDPS emphasises that the Proposal is of great importance from the perspective of processing of personal data. The processing of information, including personal data, is a principal reason for the existence of Europol, and the Proposal already contains strong data protection. This detailed opinion has therefore been adopted with the aim of further strengthening the Proposal.

168.

The EDPS notes that the present Europol Decision provides for a robust data protection regime and considers that this level should not be lowered, independently of the discussions on the proposed data protection Directive. This should be specified in the recital.

169.

The EDPS welcomes the fact that the Proposal aligns Europol with the requirements of Article 88 (2) TFEU, which will ensure that that the activities of Europol will benefit from the full involvement of all the EU institutions concerned.

170.

The EDPS welcomes Article 48 of the Proposal that provides that Regulation (EC) No 45/2001, including the provisions on supervision, is fully applicable to staff and administrative data. However, he regrets that the Commission has not chosen to apply Regulation (EC) No 45/2001 to Europol's core business and to limit the Proposal to additional special rules and derogations which duly take account of the specificities of the law enforcement sector. However, he notes that Recital 32 of the proposal explicitly mentions that data protection rules at Europol should be strengthened and draw on the principles underpinning Regulation (EC) No 45/2001. These principles are also an important reference point for the present opinion.

171.

The EDPS recommends specifying in the recitals of the Proposal that the new data protection framework of the EU institutions and bodies will be applicable to Europol as soon as it is adopted. In addition, the application of the data protection regime for EU institutions and bodies to Europol should be clarified within the instrument replacing Regulation (EC) No 45/2001, as first announced in 2010, in the context of the review of the data protection package. At the latest from the moment of the adoption of the new general framework, the main new elements of the data protection reform (i.e. accountability principle, data protection impact assessment, privacy by design and by default and notification of personal data breach) should also be applied to Europol. This should also be mentioned in the recitals.

New Europol information structure

172.

The EDPS understands the need for flexibility in connection with the changing context, as well as in light of the growing roles of Europol. The existing information architecture is not necessarily the benchmark for the future. It is at the discretion of the EU legislator to determine the information structure of Europol. In his role of advisor to the EU legislator the EDPS focuses on the question to what extent the choice of the legislators is constrained by the principles of data protection.

173.

In relation to Article 24 of the Proposal, he:

—	recommends defining the notions of strategic, thematic and operational analysis in the Proposal and deleting the possibility to process personal data for strategic or thematic analysis, unless a sound justification is given.

—	Recommends concerning Article 24(1)(c) clearly defining a specific purpose for each operational analysis case and requiring that only relevant personal data shall be processed according to the defined specific purpose.

—

recommends adding in the Proposal the following elements: (i) all cross-matching operations by Europol analysts shall be specifically motivated, (ii) retrieval of data following a consultation shall be limited to the strict minimum required and specifically motivated, (iii) traceability of all operations related to the cross-matches shall be ensured and (iv) only authorised staff in charge of the purpose for which the data were initially collected may modify that data. This would be in line with the current practice within Europol.

Strengthening data protection supervision

174.

Article 45 of the Proposal recognises that supervision of the processing operations foreseen in the Proposal is a task that also requires the active involvement of national data protection authorities (3). Cooperation between the EDPS and national supervisory authorities is crucial for effective supervision in this area.

175.

The EDPS welcomes Article 45 of the Proposal. This states that data processing by the national authorities is subject to national supervision, and thus reflects the key role of national supervisory authorities. He also welcomes the requirement that the national supervisory authorities should keep the EDPS informed on any actions they take with respect to Europol

176.

The EDPS welcomes:

—	the provisions on supervision that provide a strong architecture for supervision on data processing. Account is taken of the responsibilities at national level and at EU level, and a system is laid down for coordination between all involved data protection authorities

—	the recognition in the Proposal of the EDPS’ role as the authority established to supervise all the EU institutions and bodies.

—

Article 47 on cooperation and coordination with the national supervisory authorities, but suggests clarifying that the cooperation envisaged includes both bilateral and collective cooperation. A recital should further emphasise the importance of cooperation between the different supervisory authorities and provide examples of how such cooperation could be best enhanced.

Transfer

177.

The EDPS suggests inserting a sentence in Article 26(1) of the Proposal stating that the competent authorities of the Member States shall access and search information on a need-to-know basis and to the extent necessary for the legitimate performance of their tasks. Article 26(2) should be amended and aligned with Article 27(2).

178.

The EDPS welcomes that, in principle, transfer to third countries and international organisations can only take place on the basis of adequacy or a binding agreement providing adequate safeguards. A binding agreement will ensure legal certainty as well as full accountability of Europol for the transfer. A binding agreement should always be needed for massive, structural and repetitive transfers. However, he understands that there are situations in which a binding agreement can not be required. Those situations should be exceptional, should be based on real necessity and only allowed for limited cases, and strong safeguards — substantial as well as procedural — are needed.

179.

The EDPS strongly recommends deleting the possibility for Europol to assume Member States' consent. The EDPS also advises adding that consent should be given ‘prior to the transfer’, in the second sentence of Article 29(4). The EDPS also recommends adding in Article 29 a paragraph stating that Europol shall keep detailed records of the transfers of personal data.

180.

The EDPS recommends adding to the Proposal a transitional clause regarding existing cooperation agreements regulating personal data transfers by Europol. This clause should provide for the review of these agreements within a reasonable deadline in order to align them with the requirements of the Proposal. This clause should be included in the substantive provisions of the Proposal and contain a deadline of no longer than two years after the entry into force of the Proposal

181.

For the sake of transparency, the EDPS also recommends adding at the end of Article 31(1) that Europol shall make publicly available the list of its international and cooperation agreements with third countries and international organisations, by posting this list, regularly updated, on its website.

182.

The EDPS recommends adding expressly in Article 31(2) that derogations may not be applicable to frequent, massive or structural transfers, in other words for sets of transfers (and not just for occasional transfers).

183.

The EDPS recommends providing a specific paragraph dedicated to transfers with the EDPS' authorisation. This paragraph, that logically would come before the paragraph on derogations would provide that EDPS may authorise a transfer or a set of transfers where Europol adduces adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals, and as regards the exercises of the corresponding rights. In addition, this authorisation would be granted prior to the transfer/set of transfers, for a period not exceeding one year, renewable.

Other

184.

The opinion includes a large number of other recommendations, aiming at further improving the proposal. Here, some more significant recommendations are listed.

(a)	Deleting the possibility for Europol to directly access national databases (Article 23).

(b)

Where access concerns EU information systems, granting access only on a hit/no hit basis (i.e. a positive or a negative answer). Any information related to the hit should be communicated to Europol after the explicit approval and authorization of transfer by the Member State (if the access concerns data supplied by a Member State), the EU body or the international organisation and be subject to the assessment referred to in Article 35 of the Proposal. The EDPS recommends laying down these conditions in Article 23 of the Proposal.

(c)	Strengthening Article 35 of the Proposal by making the assessment by the Member State providing the information mandatory. The EDPS suggests deleting in Article 35 (1) and (2) the wording ‘as far as possible’ and amending Article 36(4) accordingly.

(d)	Replacing the overview of all personal data referred to in Article 36(2) by statistics on these data for each purpose. As the specific categories of data subjects referred to Article 36(1) also deserve a specific attention, the EDPS suggests including statistics on these data.

(e)

Including in the Proposal a provision that Europol must have a transparent and easily accessible policy with regard to the processing of personal data and for the exercise of the data subjects' rights, in an intelligible form, using clear and plain language. The provision should also state that this policy should be easily available on Europol's website, as well as on the websites of the national supervisory authorities.

(f)

Since Article 41 does not clearly define the responsibility of all parties involved, it should, with regard to Article 41(4 be made clear that the responsibility for compliance with all applicable data protection principles (and not only the ‘legality of the transfer’) lies with the sender of the data. The EDPS recommends amending Article 41 accordingly.

(g)

adding in substantive provision(s) of the Proposal that: (i) an impact assessment similar to what is described in the proposed data protection Regulation shall be carried out for all processing operation on personal data, (ii) the principle of privacy by design and by default shall be applied for the creation of or improvement to systems processing personal data, (iii) the controller shall adopt policies and implement appropriate measures to ensure and be able to demonstrate compliance with the data protection rules, and to ensure that the effectiveness of the measures is verified, and (iv) the Europol DPO and, where necessary, the supervisory authorities, shall be included in the discussions surrounding the processing of personal data.

He also made a few suggestions in relation to the Communication that was adopted in parallel to the proposal.

Done at Brussels, 31 May 2013.

Peter HUSTINX

European Data Protection Supervisor

(1) COM(2013) 172 final.

(2) Explanatory Memorandum, part 3.

(3) See also Resolution 4 of the Spring Conference of European Data Protection Authorities (Lisbon 16-17 May 2013).

8.2.2014

Official Journal of the European Union

C 38/8

Executive Summary of Opinion of the EDPS on the Proposal for a Regulation of the European Parliament and of the Council concerning type-approval requirements for the deployment of the eCall system and amending Directive 2007/46/EC

(The full text of this Opinion can be found in English, French and German on the EDPS website (http://www.edps.europa.eu))

(2014/C 38/04)

1. Introduction

1.1. Consultation of the EDPS

On 13 June 2013, the Commission adopted the proposal for a Regulation of the European Parliament and of the Council concerning type-approval requirements for the deployment of the eCall system and amending Directive 2007/46/EC (the Proposal) (1) announced in the Commission Communication of 21 August 2009 on ‘eCall: Time for Deployment’ (the 2009 Communication) (2).

The EDPS welcomes the fact that he is consulted by the Commission and that a reference to the consultation is included in the preambles of the Proposal.

Before the adoption of the Proposal, the EDPS was given the possibility to provide informal comments to the Commission. He highly appreciates that most of his comments have been taken into account.

1.2. Objective and scope of the Proposal

This Proposal complements other regulatory measures which have been implemented to support the deployment of eCall, such as the ITS Directive 2010/40/EU (3), the Commission Recommendation of 8 September 2011 on the support to the EU-wide eCall service (4), and the adoption of specifications for the upgrade of Public Safety Answering Points (PSAPs) (5), on which the EDPS was consulted and provided comments (6).

The Proposal provides for the mandatory introduction of an eCall in-vehicle system in new type-approved vehicles in Europe. Contrary to the current system where eCall is installed by car manufacturers on a voluntary basis, the Proposal provides for the mandatory fitting of eCall devices in all new vehicles starting with new passenger cars and light commercial vehicles by 1 October 2015 (7). It therefore contains several obligations addressed to vehicle/equipment manufacturers.

4. Conclusions

63.

The EDPS emphasises that the processing of personal data is one of the core obligations created by the Proposal and welcomes that many recommendations he made in relation to 112 eCall's data protection implications were taken into account.

64.

Regarding 112 eCall, the EDPS recommends that the following issues are further specified in the Proposal:

—	an explicit reference to applicable EU data protection law should be inserted in the Proposal in a substantive and dedicated provision, mentioning in particular Directive 95/46/EC and specifying that the provisions will apply in accordance with the national rules implementing it;

—	the reference to the Article 29 Working Party working document is dissociated from the reference made to the data protection legislation in recital 13;

—

concrete data protection safeguards applying to 112 eCall should be developed in the Proposal rather than in delegated acts and in particular that Article 6:

—	designates the controller and the authority responsible for handling access requests;

—	specifies the list of data referred to as a minimum set of data and as a full set of data (possibly to be elaborated in a delegated or implementing act);

—	includes the possibility for data subjects to deactivate private eCall and added value services;

—	specifies retention periods for the data processed;

—	specifies the modalities of the exercise of data subjects’ rights;

—

Article 6(3) should be complemented to ensure that the information it refers to is part of the technical documentation handed over together with the vehicle and it should be specified in the Proposal that the availability of the information has to be pointed out to the car owner at the time of the purchase of the car, in a separate document;

—	the EDPS should be consulted prior to the adoption of delegated acts foreseen in Article 6(4);

65.

Regarding private eCall and added value services, the EDPS reminds that they are regulated by the Proposal so that they comply with similar or stricter data protection requirements than those foreseen for the 112 eCall system. He also reminds that:

—	the Proposal specifies that contrary to the 112 eCall, private eCall and added value services shall be activated on a voluntary basis and deactivated by default;

—

the requirement for an appropriate and distinct contract between the consumer and the service provider is stated in a specific provision of the proposed Regulation and that it is clarified in the provision that this contract should cover data protection aspects, including providing appropriate information to consumers on the service(s) and collecting their consent for the processing of data in relation to the provision of these added value services; the proposal ensures that data subjects are given the choice to opt for the services, through a specific contract offer, made prior to the processing: non-negotiable clauses part of a car sale contract, or clauses belonging to general terms and conditions, whose acceptance is mandatory, will not fit this requirement;

—	it should also be stated in the contract that the refusal of the service offered will not involve adverse consequences linked to that refusal: such a statement could appear in the privacy statement of the contract.

66.

The EDPS further recommends that:

—	it is clarified in the Proposal that constant tracking is prohibited for added value services;

—	the categories of data processed under the 112 eCall — and private eCall and added value services is specified in a substantive provision of the Proposal and that the concept of ‘FSD’ is defined in the Proposal;

—	only the data necessary to private eCall and added value services are processed in compliance with the data minimisation principle;

—	a specific provision recalls that the processing of sensitive data under private eCall and added value services is prohibited;

—	the retention period of data processed under 112 eCall, private eCall and added value services is determined and specified in a substantive provision of the Proposal;

—	security of the data processed under 112 eCall, private eCall and added value services is guaranteed by some specifications in the text.

Done at Brussels, 29 October 2013.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1) COM(2013) 316 final.

(2) COM(2009) 434 final.

(3) Directive 2010/40/EU of the European Parliament and of the Council of 7 July 2010 on the framework for the deployment of Intelligent Transport Systems in the field of road transport and for interfaces with other modes of transport (OJ L 207, 6.8.2010, p. 1).

(4) Commission Recommendation 2011/750/EU of 8 September 2011 on support for an EU-wide eCall service in electronic communication networks for the transmission of in-vehicle emergency calls based on 112 (eCalls) (OJ L 303, 22.11.2011, p. 46).

(5) Commission Delegated Regulation (EU) No 305/2013 of 26 November 2012 supplementing Directive 2010/40/EU of the European Parliament and of the Council with regard to the harmonised provision for an interoperable EU-wide eCall Text with EEA relevance (OJ L 91, 3.4.2013, p. 1).

(6) See in particular Opinion of 22 July 2009 on the ITS Directive, formal comments of 12 December 2011 on the Commission Recommendation on the implementation of the harmonised EU-wide eCall, and the letter of 19 December 2012 on the Commission Delegated Regulation with regard to the harmonised provision for an interoperable EU-wide eCall, all published on the EDPS website (http://www.edps.europa.eu) (under ‘Consultation’).

(7) See Article 4 and Article 5(1) of the Proposal.

8.2.2014

Official Journal of the European Union

C 38/12

Executive Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC, 2002/21/EC and 2002/22/EC and Regulations (EC) No 1211/2009 and (EU) No 531/2012

(The full text of this Opinion can be found in English, French and German on the EDPS website http://www.edps.europa.eu)

(2014/C 38/06)

1. Introduction

1.1. Consultation of the EDPS

On 11 September 2013, the Commission adopted a Proposal for a Regulation laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC, 2002/21/EC and 2002/22/EC and Regulations (EC) No 1211/2009 and (EU) No 531/2012 (hereinafter — ‘the proposal’) (1). A request for consultation was sent by the Commission in accordance with Article 28(2) of Regulation (EC) No 45/2001, and was received by the EDPS on 23 September 2013.

The EDPS had an opportunity to provide his advice before the proposal was adopted, which he welcomes. This Opinion builds on the comments provided within the context of that informal consultation.

1.2. Context and objectives of the proposal

The proposal is adopted against the background of the Digital Agenda for Europe (2), having as its overarching goal the enhancement of economic growth and social improvements derived from the European digital economy. The proposal is thus aimed at achieving a single market for electronic communications in the EU by harmonising various legal and technical aspects relating to the provision of electronic communications services to the public.

The proposal, firstly, facilitates the provision of cross-border electronic communications services by enabling providers to offer services across the Union based on a single EU authorisation and thus with minimum administrative hurdles. It further harmonises the conditions of radio spectrum assignment for WiFi services, as well as the features of products allowing virtual access to fixed networks.

Next, the proposal harmonises the rights of end-users, inter alia those relating to the open Internet. It also harmonises publication by providers of information on electronic communications services they offer and the inclusion of such information in contracts, as well as the modalities of switching an operator and charges applicable to roaming services.

The present Opinion focuses on those aspects of the proposal which are likely to have the most significant effect on the rights to privacy and the protection of personal data as laid down in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, as well as on the confidentiality of communications.

2. Conclusions

43.

The EDPS recalls that respect for the rights to privacy and the protection of personal data, and for the confidentiality of communications, is crucial to building consumer trust and confidence in the European single market for electronic communications. In that regard, the EDPS provides the following key recommendations:

—

Traffic management measures constitute a restriction to net neutrality, which the proposal sets out as the key principle applicable to Internet use in the EU, and interfere with end-users’ rights to confidentiality of communications, privacy and personal data protection. In view of this, such measures should be subject to strict transparency, necessity and proportionality requirements. In particular:

—

Using traffic management for the purposes of implementing a legislative provision or preventing and impeding serious crimes may entail a wide-scale, preventive and systematic monitoring of communications content which would be contrary to Articles 7 and 8 of the EU Charter of Fundamental Rights, as well as Article 5(1) of Directive 2002/58/EC and Directive 95/46/EC. Reference to these grounds should be removed from Article 23(5)(a) of the proposal;

—	Article 23(5) of the proposal should provide clear information on communications inspection techniques that are allowed within the context of traffic management measures;

—

Article 23(5) should explicitly provide that, whenever sufficient for the achievement of one of the aims set out in that provision, traffic management measures will involve communications inspection techniques based on the sole analysis of the IP-headers, as opposed to those involving Deep Packet Inspection;

—

Articles 25(1) and 26 of the proposal should require the provision of information on traffic management measures, instituted for all purposes laid down in Article 23(5). In particular, these provisions should require providers to indicate the communications inspection techniques underlying such traffic management measures, as well as explain the effect of such techniques on end-users’ privacy and data protection rights;

—

Article 24(1), laying down the powers of national regulatory authorities to, inter alia, supervise the application of traffic management measures, should include the possibility for the latter to cooperate with national data protection authorities. Similarly, Article 25(1) should provide for a possibility for national data protection authorities to obtain for inspection information on traffic management measures before its publication;

—	The interrelationship between Article 7(1) of Directive 2002/58/EC and Article 27(4) of the proposal should be clarified;

—	Both Articles 17(1)(f) and 19(4)(e) of the proposal should be amended to include the requirement for the European virtual broadband access product and the European ASQ connectivity product, respectively, to comply with the principle of data protection by design.

Done at Brussels, 14 November 2013.

Peter HUSTINX

European Data Protection Supervisor

(1) COM(2013) 627 final.

(2) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, ‘A Digital Agenda for Europe’, COM(2010) 245 final/2, 26 August 2010.

8.2.2014

Official Journal of the European Union

C 38/14

Executive Summary of the Opinion of the European Data Protection Supervisor on a Proposal for a Directive of the European Parliament and of the Council on payment services in the internal market amending Directives 2002/65/EC, 2006/48/EC and 2009/110/EC and repealing Directive 2007/64/EC, and for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions

(The full text of this Opinion can be found in English, French and German on the EDPS website http://www.edps.europa.eu)

(2014/C 38/07)

1. Introduction

1.1. Consultation of the EDPS

On 27 July 2013, the Commission adopted a draft proposal for a Directive of the European Parliament and of the Council on payment services in the internal market amending Directives 2002/65/EC, 2006/48/EC and 2009/110/EC and repealing Directive 2007/64/EC (the proposed Directive), and for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions (1). These proposals were sent to the EDPS for consultation on 28 July 2013.

The EDPS welcomes the fact that he is consulted by the Commission and welcomes that a reference to this Opinion has been included in the preamble of the instruments.

Before the adoption of the proposed Regulation, the EDPS was given the possibility to provide informal comments to the Commission. Some of these comments have been taken into account. As a result, the data protections safeguards in the proposed Regulation have been strengthened.

As the proposal for a Regulation does not raise any issues from a data protection point of view, the EDPS will concentrate his comments on the proposed Directive.

1.2. Objectives and scope of the proposed Directive

The aim of the proposed Directive is to help develop further an EU-wide market for electronic payments, which will enable consumers, retailers and other market players to enjoy the full benefits of the EU internal market, in line with Europe 2020 and the Digital Agenda. To achieve this and promote more competition, efficiency and innovation in the field of e-payments, the Commission states that there should be legal clarity and a level playing field, leading to downward convergence of costs and prices for payment services users, more choice and transparency of payment services, facilitating the provision of innovative payment services, and to ensure secure and transparent payment services.

The Commission claims that these objectives will be achieved by updating and complementing the current framework on payments services, providing for rules that enhance transparency, innovation and security in the field of retail payments and improving consistency between national rules, with an emphasis on the legitimate needs of consumers.

3. Conclusions

The EDPS welcomes the introduction in Article 84 of a substantive provision stating that any processing of personal data taking place in the frame of the proposed Directive should be done in full respect of the national laws implementing Directive 95/46/EC and Directive 2002/58/EC, and of Regulation (EC) No 45/2001.

The EDPS recommends that:

—	references to applicable data protection law should be specified in concrete safeguards that will apply to any situation in which personal data processing is envisaged.

—	it should be made clear in the draft Directive that the provision of payment services might entail the processing of personal data.

—	it should be clarified expressly in the proposed Directive that the processing of personal data may be carried out insofar that it is necessary for the performance of payment services.

—	a substantive provision is added stating the obligation that ‘privacy by design/privacy by default’ be embedded in all data processing systems developed and used in the frame of the proposed Directive.

—

regarding exchanges of information: (i) mentioning the purposes for which personal data can be processed by national competent authorities, the EU central bank, the national central banks and the other authorities referred to in Article 25, (ii) specifying the kind of personal information that can be processed under the proposed Directive and (iii) fixing a proportionate data retention period for the processing or at least introducing precise criteria for its establishment.

—

a requirement should be introduced in Article 22 for competent authorities to request documents and information by formal decision, specifying the legal basis and the purpose of the request and what information is required should be introduced, as well as the time-limit within which the information is to be provided.

—	it is introduced in Article 31 that the modalities set forth as regards the provision of information to users also apply to the provision of information about the processing of personal data pursuant to Articles 10 and 11 of Directive 95/46/EC.

—

in the case of the term ‘availability of sufficient funds’ in Articles 58 and 59 it is made clear that the information transmitted to the third party should consist in a simple ‘yes’ or ‘no’ answer to the question if there are sufficient funds available — not in for example a statement of the account balance.

—	in the case of the term ‘sensitive payment data’ in Article 58 that the word ‘sensitive’ is deleted and that the term ‘payment data’ is used instead.

—

it should be clarified in a recital that the security incidents reporting obligations are without prejudice to other incident reporting obligations set forth in other legislation, in particular the personal data breaches requirements set forth under data protection law (in Directive 2002/58/EC and in the proposed General Data Protection Regulation) and the security incidents notification requirements planned under the proposed Directive on network and information security.

—	it must be ensured that the processing of personal data, and their passing along through the various intermediaries, respect the principles of confidentiality and security in compliance with Articles 16 and 17 of Directive 95/46/EC.

—	a substantive provision is added to the proposed Directive with the obligation that standards are developed on the basis of, and after having conducted, privacy impact assessments.

—	a reference should be included in the proposed Directive to the need to consult the EDPS in so far as the EBA guidelines on state of the art customer authentication and any exemption of the use of strong customer authentication concern the processing of personal data.

Done at Brussels, 5 December 2013.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1) COM(2013) 547 final and COM(2013) 550 final.

8.2.2014

Official Journal of the European Union

C 38/16

Update of model cards issued by the Ministries of Foreign Affairs of Member States to accredited members of diplomatic missions and consular representations and members of their families, as referred to in Article 19(2) of Regulation (EC) No 562/2006 of the European Parliament and of the Council establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ C 247, 13.10.2006, p. 85; OJ C 153, 6.7.2007, p. 15; OJ C 64, 19.3.2009, p. 18; OJ C 239, 6.10.2009, p. 7; OJ C 304, 10.11.2010, p. 6; OJ C 273, 16.9.2011, p. 11; OJ C 357, 7.12.2011, p. 3; OJ C 88, 24.3.2012, p. 12; OJ C 120, 25.4.2012, p. 4; OJ C 182, 22.6.2012, p. 10; OJ C 214, 20.7.2012, p. 4; OJ C 238, 8.8.2012, p. 5; OJ C 255, 24.8.2012, p. 2; OJ C 242, 23.8.2013, p. 13)

(2014/C 38/08)

The publication of model cards issued by the Ministries of Foreign Affairs of Member States to accredited members of diplomatic missions and consular representations and members of their families, as referred to in Article 19(2) of Regulation (EC) No 562/2006 of the European Parliament and of the Council of 15 March 2006 establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code) is based on the information communicated by the Member States to the Commission in conformity with Article 34 of the Schengen Borders Code.

In addition to the publication in the Official Journal, a monthly update is available on the website of Directorate-General for Home Affairs.

BELGIUM

Replacement of the information published in OJ C 88, 24.3.2012

Specimen of cards issued by foreign ministries of the Member States

—

Carte d’identité diplomatique (carte D)

Diplomatieke identiteitskaart (D kaart)

Diplomatischer Personalausweis (D Karte)

(Diplomat’s Identity Card — D card)

remain valid till expiry date

Front

Back

issued as from 2.12.2013

—

Carte d’identité consulaire (carte C)

Consulaat identiteitskaart (C kaart)

Konsularer Personalausweis (C Karte)

(Consular Identity Card — C card)

remain valid till expiry date

Front

Back

issued as from 2.12.2013

—

Carte d’identité spéciale — couleur bleue (carte P), délivrée avant et après le 1.2.2012

Bijzondere identiteitskaart — blauw (P kaart), uitgereikt vóór en na 1.2.2012

Besonderer Personalausweis — blau (P Karte), ausgestellt vor und nach dem 1.2.2012

(Special Identity Card — blue in colour — P card, issued before and after 1.2.2012)

Before 1.2.2012)

remain valid till expiry date

Front

Back

After 1.2.2012

remain valid till expiry date

Front

Back

issued as from 2.12.2013

—

Carte d’identité spéciale — couleur rouge (carte S)

Bijzondere identiteitskaart — rood (S kaart)

Besonderer Personalausweis — rot (S Karte)

(Special Identity Card — red in colour — S card)

remain valid till expiry date

Front

Back

issued as from 2.12.2013

—

Document d’identité E pour les enfants âgés de moins de 5 ans des étrangers privilégiés titulaires d’une carte d’identité diplomatique, d’une carte d’identité consulaire, d’une carte d’identité spéciale — couleur bleue ou d’une carte d’identité spéciale — couleur rouge

Identiteitsbewijs E voor kinderen, die de leeftijd van vijf jaar nog niet hebben bereikt, van een bevoorrecht vreemdeling welke houder is van een diplomatieke identiteitskaart, consulaire identiteitskaart, bijzondere identiteitskaart, blauw of bijzondere identiteitskaart — rood

Identitätsdokument E für Kinder unter fünf Jahren, für privilegierte Ausländer, die Inhaber eines diplomatischen Personalausweises sind, konsalrer Personalausweis, besonderer Personalausweis — rot oder besonderer Personalausweis — blau.

(Identity document E for children, under the age of five, of aliens who are holders of diplomatic identity cards, consular identity cards, blue special identity cards or red special identity cards)

remain valid till expiry date

Front

Back

issued as from 2.12.2013

8.2.2014

Official Journal of the European Union

C 38/25

Publication pursuant to Directive 2001/24/EC of the European Parliament and of the Council on the reorganisation and winding-up of credit institutions

SUMMARY OF THE DECISION ON EXTRAORDINARY MEASURES IMPOSED ON NOVA LJUBLJANSKA BANKA D.D. ON 18 DECEMBER 2013

(2014/C 38/09)

Pursuant to the first paragraph of Article 31 and the first paragraph of Article 43 of the Bank of Slovenia Act (Uradni List RS (UL RS; Official Gazette of the Republic of Slovenia) Nos 72/06 (official consolidated version) and 59/11) and the first paragraph of Article 217 in connection with Article 253 of the Banking Act (UL RS Nos 99/10 (official consolidated version), 52/11 (correction), 9/11 (ZPlaSS-B), 35/11, 59/11, 85/11, 48/12, 105/12, 56/13, 63/13-ZS-K and 96/13; hereinafter ‘ZBan-1’), the Bank of Slovenia hereby imposes on Nova Ljubljanska banka d. d., Trg republike 2, 1520 Ljubljana, Slovenia a decision on extraordinary measures, and a decision to write down all of the bank's qualified liabilities and increase its share capital via the payment of new contributions with the aim of re-establishing conditions at the bank for achieving the required ratios.

The Bank of Slovenia determined that the bank is operating in an environment of increased risk that could result in the revocation of authorisation to provide banking services because, based on an assessment of the bank's financial position as at 30 September 2013 prepared under the assumption of a going concern, including additionally required impairments identified in an independent examination of the credit portfolio, the bank does not fulfil requirements regarding the provision of minimum capital.

Under the extraordinary measure to write down qualified liabilities, the Bank of Slovenia decided to write down all of the bank's qualified liabilities as at 18 December 2013. Those comprise the bank's share capital and liabilities to creditors from subordinated claims that would only be repaid after the repayment of all ordinary claims against the bank in the event of the latter's bankruptcy.

The bank's qualified liabilities written down on the basis of the decision on extraordinary measures include:

(a)

the bank's share capital, which amounts to EUR 184 079 267,12 and is divided into 22 056 378 ordinary freely transferable no-par-value registered shares designated NLB, bearing the ISIN SI0021103526 and issued in the central register of book-entry securities managed by Centralna klirinško depotna družba d.d., Ljubljana (the Central Securities Clearing Corporation; hereinafter ‘the KDD’), representing a first-order qualified liability;

(b)

liabilities from financial instruments issued by the bank that represent third-order qualified liabilities:

—

hybrid Perpetual Floating Rate Upper Tier Two Subordinated Step-Up Notes designated NOVALI FLOAT 49, bearing the ISIN NLB XS0208414515, issued on 17 December 2004 and managed as book-entry securities on clearing system accounts administered by Euroclear Bank SA/NV, Luxembourg and Clearstream Banking SA Luxembourg,

—	subordinated bonds designated NLB 26, bearing the ISIN SI0022103111, issued on 14 July 2010 and managed in the central register of book-entry securities managed by the KDD; they began bearing interest on 24 May 2010,

—	a hybrid subordinated floating rate perpetual loan paid on the basis of the agreement concluded on 19 June 2007 with the lender Merrill Lynch International Bank Limited, London Branch, and

—	a subordinated loan that the bank received on the basis of the agreement concluded on 31 May 2006 with the Dublin Branch of KBC Bank NV.

Pursuant to the decision on extraordinary measures, the bank's share capital was reduced to zero (0) owing to the write-down of qualified liabilities. Owing to the reduction in share capital, 22 056 378 of the bank's shares designated NLB, bearing the ISIN SI0021103526 and issued in the central register of book-entry securities managed by the KDD, were cancelled on 18 December 2013 by the decision on extraordinary measures.

Following the write-down of qualified liabilities, the bank's share capital was increased via new contributions paid in on 18 December 2013, based on the decision on extraordinary measures.

On the basis of the decision on extraordinary measures, the Republic of Slovenia paid in 20 000 000 newly issued bank shares in the total amount of EUR 1 551 000 000. Following the increase, the bank's share capital amounts to EUR 200 000 000 and is divided into 20 000 000 no-par-value shares. The new shares will be issued in book-entry form; they are freely transferable and will be entered in the KDD register.

Following the increase, the bank's share capital once again meets the Bank of Slovenia's requirements regarding capital adequacy ratios.

Pursuant to the third paragraph of Article 253 of ZBan-1, extraordinary measures are deemed reorganisation measures as set out in Directive 2001/24/EC.

Pursuant to Article 350a of ZBan-1, shareholders, creditors and other persons whose rights are affected by the Bank of Slovenia's decision on an extraordinary measure may request that the Bank of Slovenia reimburse them for damages, provided that they prove that the damages that arose as a result of the effects of an extraordinary measure exceed the damages that would have been incurred had the extraordinary measure not been imposed. An action may be brought against the Bank of Slovenia at the competent court in Ljubljana (e.g. the Local Court or District Court in Ljubljana).

The bank may appeal against the decision on extraordinary measures at the Administrative Court of the Republic of Slovenia within 15 days of delivery of the decision to all the members of the management board. The bank's shareholders whose total participating interests amount to at least one-tenth of the bank's share capital may, for the purposes of exercising the right to judicial protection against the Bank of Slovenia's decision on the winding-up of the bank or extraordinary measure, request that the bank's management board, or special administration if one has been appointed, convene a general meeting of the bank's shareholders, with a proposal that the general meeting discharge the persons authorised to represent the bank pursuant to the second paragraph of Article 347 of ZBan-1 and appoint other persons to represent the bank in judicial protection proceedings against the Bank of Slovenia's decision.

Ljubljana, 20 December 2013.

Boštjan JAZBEC

Governor

8.2.2014

Official Journal of the European Union

C 38/27

Prior notification of a concentration

(Case COMP/M.7168 — Lukoil/ISAB/ISAB Energy/ISAB Energy Services)

Candidate case for simplified procedure

(Text with EEA relevance)

(2014/C 38/10)

On 30 January 2014, the Commission received a notification of a proposed concentration pursuant to Article 4 of Council Regulation (EC) No 139/2004 (1) by which the undertaking ISAB S.r.l. (Italian Republic) controlled by Lukoil (Russian Federation) acquires within the meaning of Article 3(1)(b) of the Merger Regulation control of the whole of the undertakings ISAB Energy S.r.l. (Italian Republic) and ISAB Energy Services S.r.l. (Italian Republic) by way of purchase of assets.

The business activities of the undertakings concerned are:

—	for Lukoil: the exploration and production of oil and gas, the production and sale of petroleum products and the marketing of these outputs,

—	for ISAB S.r.l.: the holding of ownership of the ISAB refinery, a petrochemical complex located in Priolo Gargallo, Sicily,

—	for ISAB Energy S.r.l.: the holding of ownership as well as the operation of the Integrated Gasification Combined Cycle power generation plant in Sicily,

—	for ISAB Energy Services S.r.l.: the provision of operating and maintenance services in relation to utilities and electric power and steam plants as well as refineries.

On preliminary examination, the Commission finds that the notified transaction could fall within the scope of the EC Merger Regulation. However, the final decision on this point is reserved. Pursuant to the Commission Notice on a simplified procedure for treatment of certain concentrations under the EC Merger Regulation (2) it should be noted that this case is a candidate for treatment under the procedure set out in the Notice.

The Commission invites interested third parties to submit their possible observations on the proposed operation to the Commission.

Observations must reach the Commission not later than 10 days following the date of this publication. Observations can be sent to the Commission by fax (+32 22964301), by email to COMP-MERGER-REGISTRY@ec.europa.eu or by post, under reference number COMP/M.7168 — Lukoil/ISAB/ISAB Energy/ISAB Energy Services, to the following address:

European Commission

Directorate-General for Competition

Merger Registry

1049 Bruxelles/Brussel

BELGIQUE/BELGIË

(1) OJ L 24, 29.1.2004, p. 1 (the ‘EC Merger Regulation’).

(2) OJ C 366, 14.12.2013, p. 5 (‘Notice on a simplified procedure’).

		ISSN 1977-091X doi:10.3000/1977091X.C_2014.038.eng
Official Journal of the European Union		C 38

English edition	Information and Notices	Volume 57 8 February 2014

Contents		page
	II Information
	INFORMATION FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES
	European Commission
2014/C 38/01	Non-opposition to a notified concentration (Case COMP/M.7103 — USS/Optrust/PGGM/Global Via Infraestructuras/Globalvia) ( 1 )	1

	IV Notices
	NOTICES FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES
	European Commission
2014/C 38/02	Euro exchange rates	2
	European Data Protection Supervisor
2014/C 38/03	Executive Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council on the European Union Agency for Law enforcement Cooperation and Training (Europol) and repealing Decisions 2009/371/JHA and 2005/681/JHA	3
2014/C 38/04	Executive Summary of Opinion of the EDPS on the Proposal for a Regulation of the European Parliament and of the Council concerning type-approval requirements for the deployment of the eCall system and amending Directive 2007/46/EC	8
2014/C 38/05	Executive Summary of the Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and the Council on electronic invoicing in public procurement	11
2014/C 38/06	Executive Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council laying down measures concerning the European single market for electronic communications and to achieve a Connected Continent, and amending Directives 2002/20/EC, 2002/21/EC and 2002/22/EC and Regulations (EC) No 1211/2009 and (EU) No 531/2012	12
2014/C 38/07	Executive Summary of the Opinion of the European Data Protection Supervisor on a Proposal for a Directive of the European Parliament and of the Council on payment services in the internal market amending Directives 2002/65/EC, 2006/48/EC and 2009/110/EC and repealing Directive 2007/64/EC, and for a Regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions	14
	NOTICES FROM MEMBER STATES
2014/C 38/08	Update of model cards issued by the Ministries of Foreign Affairs of Member States to accredited members of diplomatic missions and consular representations and members of their families, as referred to in Article 19(2) of Regulation (EC) No 562/2006 of the European Parliament and of the Council establishing a Community Code on the rules governing the movement of persons across borders (Schengen Borders Code) ( OJ C 247, 13.10.2006, p. 85 ; OJ C 153, 6.7.2007, p. 15 ; OJ C 64, 19.3.2009, p. 18 ; OJ C 239, 6.10.2009, p. 7 ; OJ C 304, 10.11.2010, p. 6 ; OJ C 273, 16.9.2011, p. 11 ; OJ C 357, 7.12.2011, p. 3 ; OJ C 88, 24.3.2012, p. 12 ; OJ C 120, 25.4.2012, p. 4 ; OJ C 182, 22.6.2012, p. 10 ; OJ C 214, 20.7.2012, p. 4 ; OJ C 238, 8.8.2012, p. 5 ; OJ C 255, 24.8.2012, p. 2 ; OJ C 242, 23.8.2013, p. 13 )	16

	V Announcements
	ADMINISTRATIVE PROCEDURES
	European Commission
2014/C 38/09	Publication pursuant to Directive 2001/24/EC of the European Parliament and of the Council on the reorganisation and winding-up of credit institutions — Summary of the decision on extraordinary measures imposed on Nova Ljubljanska banka d.d. on 18 December 2013	25
	PROCEDURES RELATING TO THE IMPLEMENTATION OF COMPETITION POLICY
	European Commission
2014/C 38/10	Prior notification of a concentration (Case COMP/M.7168 — Lukoil/ISAB/ISAB Energy/ISAB Energy Services) — Candidate case for simplified procedure ( 1 )	27