ISSN 1977-091X

doi:10.3000/1977091X.C_2012.336.eng

Official Journal

of the European Union

C 336
European flag  

English edition

Information and Notices

Volume 55
6 November 2012

Notice No

Contents

page

 

IV   Notices

 

NOTICES FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES

 

European Commission

2012/C 336/01

Interest rate applied by the European Central Bank to its main refinancing operations: 0,75 % on 1 November 2012 — Euro exchange rates

1

2012/C 336/02

Euro exchange rates

2

2012/C 336/03

Euro exchange rates

3

 

European Data Protection Supervisor

2012/C 336/04

Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposals for a directive amending Directive 2006/43/EC on statutory audit of annual accounts and consolidated accounts, and for a regulation on specific requirements regarding statutory audit of public-interest entities

4

2012/C 336/05

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of a European Cybercrime Centre

7

2012/C 336/06

Executive summary of the Opinion of the European Data Protection Supervisor on the proposal for a Council regulation on migration from the Schengen Information System (SIS) to the second generation Schengen Information System (SIS II) (recast)

10

2012/C 336/07

Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposal for a regulation of the European Parliament and of the Council on improving securities settlement in the European Union and on central securities depositories (CSDs) and amending Directive 98/26/EC

13

2012/C 336/08

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — European Strategy for a Better Internet for Children

15

 

V   Announcements

 

ADMINISTRATIVE PROCEDURES

 

European Commission

2012/C 336/09

Cancellation notice — Calls for proposals under the 2013 work programmes in the specific programme Capacities of the seventh framework programme for research, technological development and demonstration activities (2007-2013)

18

 

PROCEDURES RELATING TO THE IMPLEMENTATION OF THE COMMON COMMERCIAL POLICY

 

European Commission

2012/C 336/10

Notice of the expiry of certain anti-dumping measure

19

 

PROCEDURES RELATING TO THE IMPLEMENTATION OF COMPETITION POLICY

 

European Commission

2012/C 336/11

Prior notification of a concentration (Case COMP/M.6762 — Advent International Corporation/Mediq) — Candidate case for simplified procedure ( 1 )

20

2012/C 336/12

Prior notification of a concentration (Case COMP/M.6704 — REWE Touristik GmbH/Ferid NASR/EXIM Holding SA) ( 1 )

21

 

 

(1)   Text with EEA relevance

EN

 

IV Notices

NOTICES FROM EUROPEAN UNION INSTITUTIONS, BODIES, OFFICES AND AGENCIES

European Commission

6.11.2012   

EN

Official Journal of the European Union

C 336/1

Interest rate applied by the European Central Bank to its main refinancing operations (1):

0,75 % on 1 November 2012

Euro exchange rates (2)

1 November 2012

2012/C 336/01

1 euro =


 

Currency

Exchange rate

USD

US dollar

1,2975

JPY

Japanese yen

103,82

DKK

Danish krone

7,4597

GBP

Pound sterling

0,80315

SEK

Swedish krona

8,6398

CHF

Swiss franc

1,2072

ISK

Iceland króna

 

NOK

Norwegian krone

7,3705

BGN

Bulgarian lev

1,9558

CZK

Czech koruna

25,226

HUF

Hungarian forint

282,22

LTL

Lithuanian litas

3,4528

LVL

Latvian lats

0,6962

PLN

Polish zloty

4,127

RON

Romanian leu

4,534

TRY

Turkish lira

2,3251

AUD

Australian dollar

1,2491

CAD

Canadian dollar

1,2969

HKD

Hong Kong dollar

10,0557

NZD

New Zealand dollar

1,5685

SGD

Singapore dollar

1,583

KRW

South Korean won

1 416,07

ZAR

South African rand

11,2351

CNY

Chinese yuan renminbi

8,097

HRK

Croatian kuna

7,523

IDR

Indonesian rupiah

12 485,32

MYR

Malaysian ringgit

3,96

PHP

Philippine peso

53,487

RUB

Russian rouble

40,6714

THB

Thai baht

39,846

BRL

Brazilian real

2,6352

MXN

Mexican peso

16,9402

INR

Indian rupee

69,682

(1)  Rate applied to the most recent operation carried out before the indicated day. In the case of a variable rate tender, the interest rate is the marginal rate.

(2)  Source: reference exchange rate published by the ECB.

6.11.2012   

EN

Official Journal of the European Union

C 336/2

Euro exchange rates (1)

2 November 2012

2012/C 336/02

1 euro =


 

Currency

Exchange rate

USD

US dollar

1,285

JPY

Japanese yen

103,55

DKK

Danish krone

7,4596

GBP

Pound sterling

0,8016

SEK

Swedish krona

8,5955

CHF

Swiss franc

1,2073

ISK

Iceland króna

 

NOK

Norwegian krone

7,3305

BGN

Bulgarian lev

1,9558

CZK

Czech koruna

25,232

HUF

Hungarian forint

281,42

LTL

Lithuanian litas

3,4528

LVL

Latvian lats

0,6962

PLN

Polish zloty

4,1088

RON

Romanian leu

4,5275

TRY

Turkish lira

2,2975

AUD

Australian dollar

1,2374

CAD

Canadian dollar

1,2783

HKD

Hong Kong dollar

9,9589

NZD

New Zealand dollar

1,5533

SGD

Singapore dollar

1,5707

KRW

South Korean won

1 402,58

ZAR

South African rand

11,1572

CNY

Chinese yuan renminbi

8,0205

HRK

Croatian kuna

7,5295

IDR

Indonesian rupiah

12 368,1

MYR

Malaysian ringgit

3,9237

PHP

Philippine peso

52,897

RUB

Russian rouble

40,315

THB

Thai baht

39,514

BRL

Brazilian real

2,6106

MXN

Mexican peso

16,6645

INR

Indian rupee

69,147

(1)  Source: reference exchange rate published by the ECB.

6.11.2012   

EN

Official Journal of the European Union

C 336/3

Euro exchange rates (1)

5 November 2012

2012/C 336/03

1 euro =


 

Currency

Exchange rate

USD

US dollar

1,2777

JPY

Japanese yen

102,60

DKK

Danish krone

7,4589

GBP

Pound sterling

0,79990

SEK

Swedish krona

8,5690

CHF

Swiss franc

1,2063

ISK

Iceland króna

 

NOK

Norwegian krone

7,3425

BGN

Bulgarian lev

1,9558

CZK

Czech koruna

25,234

HUF

Hungarian forint

282,58

LTL

Lithuanian litas

3,4528

LVL

Latvian lats

0,6962

PLN

Polish zloty

4,1226

RON

Romanian leu

4,5240

TRY

Turkish lira

2,2793

AUD

Australian dollar

1,2338

CAD

Canadian dollar

1,2732

HKD

Hong Kong dollar

9,9024

NZD

New Zealand dollar

1,5515

SGD

Singapore dollar

1,5659

KRW

South Korean won

1 396,33

ZAR

South African rand

11,1668

CNY

Chinese yuan renminbi

7,9820

HRK

Croatian kuna

7,5250

IDR

Indonesian rupiah

12 297,67

MYR

Malaysian ringgit

3,9142

PHP

Philippine peso

52,748

RUB

Russian rouble

40,4824

THB

Thai baht

39,379

BRL

Brazilian real

2,5999

MXN

Mexican peso

16,6796

INR

Indian rupee

69,7720

(1)  Source: reference exchange rate published by the ECB.

European Data Protection Supervisor

6.11.2012   

EN

Official Journal of the European Union

C 336/4

Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposals for a directive amending Directive 2006/43/EC on statutory audit of annual accounts and consolidated accounts, and for a regulation on specific requirements regarding statutory audit of public-interest entities

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/04

Introduction

Consultation of the EDPS

1.

On 30 November 2011, the Commission adopted a proposal concerning amendments to Directive 2006/43/EC on statutory audits (1). The amendments to Directive 2006/43/EC concern the approval and registration of auditors and audit firms, the principles regarding professional ethics, professional secrecy, independence and reporting as well as the associated supervision rules. On the same date, the Commission adopted a proposal for a regulation on statutory audit of public-interest entities (2), which lays down the conditions for carrying out such audits (hereinafter ‘the proposed regulation’). These proposals were sent to the EDPS for consultation on 6 December 2011.

2.

The EDPS welcomes the fact that he is consulted by the Commission and recommends that a reference to this Opinion is included in the preamble of the directive. A reference to the EDPS consultation has already been included in the preamble of the proposed regulation.

3.

In this Opinion, the EDPS addresses issues relating to Directive 2006/43/EC which go beyond what is covered by the proposed amendments. He emphasises the potential data protection implications of the Directive itself (3). The analysis presented in this Opinion is directly relevant for the application of the existing legislation and for other pending and possible future proposals containing similar provisions, such as those discussed in the EDPS Opinions on the legislative package on the revision of the banking legislation, credit rating agencies, markets in financial instruments (MiFID/MiFIR) and market abuse (4). Therefore, the EDPS recommends reading this Opinion in close conjunction with his Opinions of 10 February 2012 on the abovementioned initiatives.

Objectives and scope of the proposal

4.

The Commission considers audit firms as contributing players to the financial crisis, and seeks to address the role auditors played in the crisis — or indeed the role they should have played. The Commission also states that robust audit is key to re-establishing trust and market confidence.

5.

The Commission mentions that it is also important to stress that auditors are entrusted by law to conduct statutory audits of the financial statements of companies which enjoy limited liability and/or are authorised to provide services in the financial sector. This entrustment responds to the fulfilment of a societal role in offering an opinion on the truth and fairness of the financial statements of those companies.

6.

Finally, according to the Commission, the financial crisis has highlighted weaknesses in the statutory audit especially with regard to public-interest entities (PIE). These are entities which are of significant public interest because of their business, their size, their number of employees or their corporate status, or because they have a wide range of stakeholders.

7.

In order to address these concerns, the Commission has published a proposal to amend Directive 2006/43/EC on statutory audits, which concerns the approval and registration of auditors and audit firms, the principles regarding professional ethics, professional secrecy, independence and reporting as well as the associated supervision rules. The Commission has also proposed a new regulation on statutory audit of public-interest entities laying down the conditions for carrying out such audits.

8.

The Commission proposes that Directive 2006/43/EC shall apply to situations not covered by the proposed regulation. Therefore, it is important to introduce a clear separation between the two legal texts. This means that the current provisions in Directive 2006/43/EC that only relate to the performance of a statutory audit on the annual and consolidated financial statements of the public-interest entities are moved to and, as appropriate, amended in the proposed regulation.

Aim of the EDPS Opinion

9.

The implementation and application of the legal framework for statutory audits may in certain cases affect the rights of individuals relating to the processing of their personal data. Directive 2006/43/EC in its current and amended form and the proposed regulation contain provisions which may have data protection implications for the individuals concerned.

Conclusions

46.

The EDPS welcomes the attention specifically paid to data protection in the proposed regulation but identified some scope for further improvement.

47.

The EDPS makes the following recommendations:

rephrasing Article 56 of the proposed regulation and inserting a provision in Directive 2006/43/EC emphasising the full applicability of existing data protection legislation and replacing the multiple references in different articles of the proposed regulation with one general provision referring to Directive 95/46/EC as well as Regulation (EC) No 45/2001. The EDPS suggests that the reference to Directive 95/46/EC be clarified by specifying that the provisions will apply in accordance with the national rules which implement Directive 95/46/EC,

specifying the kind of personal information that can be processed under Directive 2006/43/EC and the proposed regulation, to define the purposes for which personal data can be processed by the competent authorities concerned and fix a precise, necessary and proportionate data retention period for the above processing,

in view of the risks concerned regarding transfers of data to third countries, the EDPS recommends adding to Article 47 of Directive 2006/43/EC that in the absence of an adequate level of protection an assessment should take place on a case-by-case basis. He also recommends including a similar reference and the assessment on a case-by-case basis in the relevant provisions of the proposed regulation,

replacing the minimum retention period of five years in Article 30 of the proposed regulation with a maximum retention period. The chosen period should be necessary and proportionate for the purpose for which data are processed,

mentioning the purpose of the publication of sanctions in the articles concerned in Directive 2006/43/EC and in the proposed regulation and explaining the necessity and proportionality of the publication in the recitals of both Directive 2006/43/EC and the proposed regulation. He also recommends that publication should be decided on a case-by-case basis and that a possibility to publish less information than currently required should be catered for,

providing for adequate safeguards regarding mandatory publication of sanctions to ensure respect of the presumption of innocence, the right of the persons concerned to object, the security/accuracy of the data and their deletion after an adequate period of time,

adding a provision in Article 66(1) of the proposed regulation saying that: ‘The identity of these persons should be guaranteed at all stages of the procedure, unless its disclosure is required by national law in the context of further investigation or subsequent judicial proceedings.’,

removing the wording ‘the principles laid down’ from Article 66(1)(c) of the proposed regulation.

Done at Brussels, 13 April 2012.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1)  COM(2011) 778.

(2)  COM(2011) 779.

(3)  The EDPS was not consulted by the Commission on the proposal for a Directive 2006/43/EC on statutory audits; the Directive itself was adopted on 17 May 2006.

(4)  EDPS Opinions of 10 February 2012, available at: http://www.edps.europa.eu

6.11.2012   

EN

Official Journal of the European Union

C 336/7

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the European Commission to the Council and the European Parliament on the establishment of a European Cybercrime Centre

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/05

1.   Introduction

1.1.   Consultation of the EDPS

1.

On 28 March 2012, the Commission adopted a Communication titled ‘Tackling Crime in our Digital Age: Establishing a European Cybercrime Centre’ (1).

2.

The EDPS notes that the Council published its conclusions on the establishment of a European Cybercrime Centre on 7 and 8 June 2012 (2). The Council endorses the goals of the Communication, supports the establishment of the Centre (also referred to as ‘EC3’) within Europol and the use of the existing structures to cross-work with other crime areas, confirms that the EC3 should serve as a focal point in the fight against cybercrime, and that the EC3 will cooperate closely with relevant agencies and actors at international level, and calls the Commission in consultation with Europol to further elaborate the scope of the specific tasks that will be required to make the EC3 operational by 2013. However, the conclusions do not refer to the importance of fundamental rights, and in particular, to data protection in the establishment of the EC3.

3.

Before the adoption of the Commission Communication, the EDPS was given the possibility to provide informal comments on the draft communication. In its informal comments, the EDPS emphasised that data protection is an essential aspect to be taken into consideration in the set-up of the European Cybercrime Centre (hereafter ‘EC3’). Unfortunately, the Communication did not take into account the comments made at informal stage. Moreover, the Council conclusions ask to ensure that the Centre will be operational already by next year. This is why data protection should be taken into consideration in the next steps that will be taken already on a very short term.

4.

This Opinion addresses the importance of data protection when setting up the EC3, and provides specific suggestions that could be taken into consideration in the course of the set-up of the terms of reference for the EC3 and in the legislative revision of the Europol legal framework. Acting on his own initiative, the EDPS has therefore adopted the current Opinion based on Article 41(2) of Regulation (EC) No 45/2001.

1.2.   Scope of the Communication

5.

In its Communication, the Commission indicates the intention to create a European Cybercrime Centre as priority of the Internal Security Strategy (3).

6.

The Communication non-exhaustively lists several strands of cybercrime which the EC3 is supposed to focus on: cybercrimes committed by organised crime groups, particularly those generating large criminal profits such as online fraud, cybercrimes which cause serious harm to their victims, such as online child sexual exploitation, and cybercrimes seriously affecting critical information communication technology (ICT) systems in the Union.

7.

In terms of the Centre's work, the Communication lists four main tasks (4):

serving as the European cybercrime information focal point,

pooling European cybercrime expertise to support Members States in capacity building,

providing support to Member States' cybercrime investigations,

becoming the collective voice of European cybercrime investigators across law enforcement and the judiciary.

8.

The information processed by the EC3 will be gathered from the widest array of public, private and open sources, enriching available police data, and it would concern cybercrime activities, methods and suspects. The EC3 will also collaborate directly with other European agencies and bodies. This will happen via the participation of these entities in the EC3's Programme Board and also through operational cooperation where relevant.

9.

The Commission proposes that the EC3 would be the natural interface to Europol's cybercrime activities and other international police cybercrime units. The EC3 should also, in partnership with Interpol and other strategic partners around the globe, strive to improve coordinated responses in the fight against cybercrime.

10.

In practical terms, the Commission proposes to create this EC3 as part of Europol. The EC3 will be part of Europol  (5) and, therefore, it will be placed under the legal regime of Europol (6).

11.

According to the European Commission (7), the main novelties that the proposed EC3 will bring to Europol's current activities will be: (i) increased resources to more efficiently gather information from various sources; (ii) exchange of information with partners beyond the law enforcement community (mainly from the private sector).

1.3.   Focus of the Opinion

12.

The EDPS seeks in this Opinion to:

ask the Commission to clarify the scope of the activities of the EC3, as far as they are relevant for data protection,

assess the foreseen activities in the context of the current Europol legal framework, especially their compatibility with the framework,

highlight relevant aspects where the legislator should introduce further detail in the context of the future review of Europol's legal regime to ensure a higher level of data protection.

13.

The Opinion is organised as follows: part 2.1 elaborates why data protection is an essential element in the creation of the EC3. Part 2.2 deals with the compatibility of the goals set for the EC3 in the Communication with Europol's legal mandate. Part 2.3 deals with the cooperation with private sector and international partners.

3.   Conclusions

50.

The EDPS regards the fight against cybercrime as a cornerstone in building security and safety in the digital space and generating the required trust. The EDPS notes that compliance with data protection regimes should be regarded as an integral part of the fight against cybercrime and not as a deterrent of its effectiveness.

51.

The Communication refers to the establishment of a new European Cybercrime Centre within Europol while a Europol Cybercrime Centre has already been in existence for a number of years. The EDPS would welcome if more clarity is provided concerning the new capacities and the activities that will distinguish the new EC3 from the existing Europol Cybercrime Centre.

52.

The EDPS advises that the competences of the EC3 should be clearly defined and not just laid out by referring to the concept of ‘computer crime’ included in current Europol's legislation. Also, the definition of the competences and data protection safeguards of the EC3 should be part of the review of the Europol legislation. Until the new Europol legislation becomes applicable, the EDPS recommends that the Commission sets forth such competences and data protection safeguards in the terms of reference for the Centre. These could include:

a clear definition in which data processing tasks (in particular, investigations and operational support activities) the Centre's staff could be engaged, alone or in collaboration with joint investigation teams, and

clear procedures that on the one hand ensure the respect of individual rights (including the right for data protection), and on the other hand provide guarantees that evidence has been lawfully obtained and can be used before a court.

53.

The EDPS considers that the exchanges of personal data of the EC3 with the widest array of public, private and open source actors imply specific data protection risks as they will often involve the processing of data collected for commercial purposes and international data transfers. These risks are addressed by the current Europol Decision which establishes that, in general, Europol should not exchange data directly with the private sector, and with specific international organisations only in very concrete circumstances.

54.

Against this background, and given the importance of these two activities for the EC3, the EDPS recommends that appropriate data protection safeguards should be provided in compliance with the existing provisions in the Europol Decision. These safeguards should be embedded in the terms of reference to be elaborated by the implementation team for the EC3 (and later in the revised Europol legal framework) and should in no event result in a lower level of data protection.

Done at Brussels, 29 June 2012.

Peter HUSTINX

European Data Protection Supervisor

(1)  Cybercrime is not defined in EU legislation.

(2)  Council conclusions on the establishment of a European Cybercrime Centre, 3172nd Justice and Home Affairs Council meeting, Luxembourg, 7 and 8 June 2012.

(3)  The EU Internal Security Strategy in Action: Five steps towards a more secure Europe, COM(2010) 673 final, 22 November 2010. See also the EDPS Opinion on this Communication, issued on 17 December 2010 (OJ C 101, 1.4.2011, p. 6).

(4)  Communication, pp. 4-5.

(5)  As recommended by the feasibility study published in February 2012 evaluating the different options available (status quo, hosted by Europol, owned/be part of Europol, virtual Centre), http://ec.europa.eu/home-affairs/doc_centre/crime/docs/20120311_final_report_feasibility_study_for_a_european_cybercrime_centre.pdf

(6)  Council Decision of 6 April 2009 establishing the European Police Office (Europol) (2009/371/JHA).

(7)  Press release of 28 March 2012, Frequently Asked Questions: the new European Cybercrime Centre, reference: MEMO/12/221, date: 28.3.2012, http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/12/221

6.11.2012   

EN

Official Journal of the European Union

C 336/10

Executive summary of the Opinion of the European Data Protection Supervisor on the proposal for a Council regulation on migration from the Schengen Information System (SIS) to the second generation Schengen Information System (SIS II) (recast)

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/06

1.   Introduction

1.1.   Consultation of the EDPS

1.

On 30 April 2012, the Commission adopted a proposal concerning a recast of Council Regulation (EC) No 1104/2008 of October 2008 on Migration from the Schengen Information System (SIS) to the second generation Schengen Information System (SIS II) (1) (‘the proposal’).

2.

The EDPS already issued an Opinion on the three proposals setting up the second generation Schengen Information System on 19 October 2005 (2). At the time, the EDPS focused his analysis on the need to limit access rights and retention periods, as well as the need to supply information to data subjects. He also pointed out that the new functionality of links between records must not lead to an extension of access rights. On the technical design of SIS II, he recommended improvements of the security measures and cautioned against the use of national copies.

3.

The EDPS takes note of the Council conclusions on migration to SIS II (3). The Council invited, inter alia, Member States to:

implement, as soon as possible, the corrective and preventive mechanisms (for current SIS 1+ alerts and new SIS 1+ alerts respectively), so that they can be adapted to the data quality requirements laid down for SIS II alerts,

prior to the launch of the migration of SIS 1+ data to SIS II, once again review the conformity of current alerts with SIS II dictionaries, ensuring that they comply with the final version of those dictionaries,

via the competent national authorities responsible for the quality of SIS data, systematically monitor the accuracy of the alerts entered in the national system of SIS 1+, this being essential for ensuring the trouble-free use of the mapping/dictionary mapping mechanism.

4.

Before the adoption of the present Commission proposal, the EDPS was given the possibility to provide informal comments on the draft proposal. In these comments, the EDPS expressed his concerns on different aspects of the migration that in his view should be clarified. Unfortunately, the adopted text did not take into account the comments made during the informal stage and has therefore not provided the required clarifications.

3.   Conclusions

61.

Migration of the data contained in SIS to SIS II is an operation likely to involve specific risks from the point of view of data protection. While the EDPS welcomes the efforts made to ensure that this migration will happen fully in accordance with the law, he has some recommendations to make to further improve the proposal.

62.

The EDPS particularly welcomes that under the new provisions, the legal framework for SIS II enters into force once the first Member State has successfully completed the switchover. This is relevant as under the old legislation, the SIS II legal framework would only have come into force once all Member States have completed the migration to SIS II, which would have created legal ambiguity particularly with regard to new functions.

63.

This approach has to be also assessed from the point of view of supervision. In the view of the EDPS, it will result in a transfer of responsibilities during the migration that could have negative effects and impinge on the safeguards that supervision provides at the moment when it is needed most. Therefore, the EDPS recommends that the coordinated supervision mechanism should be applicable from the start of the migration. The recast should provide for this approach.

64.

The EDPS is of the opinion that essential aspects of the migration should be further clarified in the text of the Regulation and not left for other instruments such as the migration plan. In particular, this concerns:

the scope of the migration. It should be absolutely clear which data categories migrate and which not, and also if the migration involves any transformation of the data, and if so, which are those alterations,

the need for risk assessment. It is important to carry out a risk assessment for the migration, with the results feeding into a specific security plan,

the logging of the data. Although the proposed text contains a specific article, the focus of this article refers mainly to the regular processing activities of SIS II rather than to the specific data processing activities of the migration, and the text presents a similar provision to the one in the main SIS II Regulation. In the view of the EDPS, the Regulation should have a specific clause determining what should be recorded, for how long, and with which purpose focused on the activities of the migration.

65.

The EDPS recommends that the Regulation should strengthen the testing obligations by clarifying:

Pre-migration tests should also include the following elements:

(i)

all functional aspects associated to the migration process as referred to in Article 11 of the proposal and other issues such as the quality of the data to be transferred;

(ii)

non-functional elements such as security;

(iii)

any specific measures and controls adopted to reduce the risks of the migration.

As regards comprehensive tests, the EDPS recommends that the proposal should provide clearer criteria to define if those tests have resulted in a success or in a failure.

After the switchover of a Member State has been completed, it should be possible to validate the results. The Regulation should also require that these validation tests are successful in order to consider a Member State's switchover to SIS II successful. Hence, these tests should be carried out as a precondition to enable the use of full SIS II functionality by that Member State.

As regards using test data during migration, the EDPS would like to stress that if ‘test data’ are to be based on ‘scrambled’ real data from SIS, all necessary measures would have to be taken to ensure that it will be impossible to reconstruct real data from this test data.

66.

Preventive security measures are especially welcomed, and the EDPS recommends introducing in the text of the recast a specific provision requiring the Commission and the Member States to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risks represented by the migration and also by the specific nature of the personal data to be processed, based on the requirements of Article 22 of Regulation (EC) No 45/2001.

Take into consideration general security aspects:

(i)

recognise the specific nature of the data processing activities associated to the migration;

(ii)

establish some general guidelines concerning the measures to be taken (for instance that the data should only be transferred between two systems if adequately encrypted);

(iii)

establish that the Commission together with the Member States, and in particular with France, shall develop a specific security plan, after the evaluation of the possible risks associated to the migration, in due time before the migration.

Specific clauses to protect data integrity are also needed, and the EDPS would recommend to include in the Regulation or in a specific Commission decision the following measures:

(i)

an annex with the mapping and validation rules applicable in the conversion, making it easy to verify whether the relaxation of SIS II rules is compliant with the SIS II Regulation;

(ii)

a provision defining the responsibility of the different actors in the identification and correction of anomalous data;

(iii)

a requirement to fully test, before the migration, the compliance of the data to be migrated with SIS II integrity rules.

Provide for the disposal of the old system. After the migration, the question of what will happen to the technical equipment of SIS 1+ becomes urgent. The EDPS therefore recommends that the proposal or a specific Commission decision should establish a precise time limit for this retention together with an obligation to take appropriate technical measures to ensure a secure deletion of the data after finishing the migration and the intensive monitoring period.

Done at Brussels, 9 July 2012.

Peter HUSTINX

European Data Protection Supervisor

(1)  COM(2012) 81 final.

(2)  EDPS Opinion of 19 October 2005 on three proposals regarding the second generation Schengen Information System (SIS II) (OJ C 91, 19.4.2006, p. 38).

(3)  3135th Justice and Home Affairs Council meeting, Brussels, 13 and 14 December 2011, Council conclusions.

6.11.2012   

EN

Official Journal of the European Union

C 336/13

Executive summary of the Opinion of the European Data Protection Supervisor on the Commission proposal for a regulation of the European Parliament and of the Council on improving securities settlement in the European Union and on central securities depositories (CSDs) and amending Directive 98/26/EC

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/07

1.   Introduction

1.1.   Consultation of the EDPS

1.

On 7 March 2012, the Commission adopted a proposal for a regulation of the European Parliament and of the Council on improving securities settlement in the European Union and on central securities depositories (CSDs) and amending Directive 98/26/EC (‘the proposal’). This proposal was sent to the EDPS for consultation on the same day.

2.

The EDPS welcomes the fact that he is consulted by the Commission and recommends that references to this Opinion are included in the preambles of the proposed regulation.

3.

The proposal contains provisions which may in certain cases have data protection implications for the individuals concerned such as the investigative powers of the competent authorities, the exchange of information, the keeping of records, the outsourcing of activities, the publication of sanctions and the reporting of breaches.

4.

There are comparable provisions to the ones referred to in this Opinion in several pending and possible future proposals, such as those discussed in the EDPS Opinions on the European Venture Capital Funds and the European Social Entrepreneurship Funds (1), the legislative package on the revision of the banking legislation, credit rating agencies, markets in financial instruments (MiFID/MiFIR) and market abuse (2). Therefore, the EDPS recommends reading this Opinion in close conjunction with his Opinions on the abovementioned initiatives.

1.2.   Objectives and scope of the proposal

5.

Any trade in securities on or off a trading venue is followed by a post-trade flow of processes, leading to the settlement of the trade, which means the delivery of securities to the buyer against the delivery of cash to the seller. CSDs are key institutions that enable settlement by operating so-called securities settlement systems. They are the institutions which facilitate the transactions concluded on the markets. CSDs also ensure the initial recording and the central maintenance of securities accounts that record how many securities have been issued by whom and each change in the holding of those securities.

6.

While generally safe and efficient within national borders, CSDs combine and communicate less safely across borders, which means that an investor faces higher risks and costs when making a cross-border investment. The absence of an efficient single internal market for settlements also raises other important concerns such as the limitation of security issuers' access to CSDs, different national licensing regimes and rules for CSDs across the EU, and limited competition between different national CSDs. These barriers result in a very fragmented market while cross-border transactions in Europe continue to increase and CSDs become increasingly interconnected.

7.

The proposal aims at addressing these problems by introducing an obligation to represent all transferable securities in book entry form and to record these in CSDs before trading them on regulated venues, harmonising settlement periods and settlement discipline regimes across the EU, and introducing a common set of rules addressing the risks of CSDs' operations and services.

8.

The proposal will complete the regulatory framework for securities market infrastructures, alongside the Directive 2004/39/EC on markets in financial instruments (MiFID) for trading venues, and the proposal for a regulation on derivative transactions (EMIR) for central counterparties.

3.   Conclusions

48.

The EDPS welcomes the attention specifically paid to data protection in the proposal.

49.

The EDPS makes the following recommendations:

include references to this Opinion in the preamble of the proposal,

rephrase provisions emphasising the full applicability of existing data protection legislation in one general provision referring to Directive 95/46/EC as well as Regulation (EC) No 45/2001 and clarify the reference to Directive 95/46/EC by specifying that the provisions will apply in accordance with the national rules which implement Directive 95/46/EC. The EDPS furthermore recommends including this type of overarching provision in a substantive provision of the proposal,

limit competent authorities’ access to documents and information to specifically identified and serious violations of the proposal and in cases where a reasonable suspicion (which should be supported by concrete initial evidence) exists that a breach has been committed,

introduce a requirement for competent authorities to request documents and information by formal decision, specifying the legal basis and the purpose of the request and what information is required, the time limit within which the information is to be provided as well as the right of the addressee to have the decision reviewed by a court of law,

specify the kind of personal information that can be processed and transferred under the proposal, define the purposes for which personal data can be processed and transferred by competent authorities and fix a proportionate data retention period for the above processing or at least introduce precise criteria for its establishment,

in view of the risks concerned regarding transfers of data to third countries, add in Article 23.7 specific safeguards such as for example a case-by-case assessment and the existence of an adequate level of protection of personal data in the third country receiving the personal data,

replace the minimum retention period of five years in Article 27 of the proposal with a maximum retention period when records contain personal data. The chosen period should be necessary and proportionate for the purpose for which data are processed,

rephrase Article 28.1(i) as follows: ‘The CSD ensures that the service provider provides its services in full compliance with the national rules, applicable to the CSD, implementing Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. The CSD is responsible (…)’,

add in Article 62.2(b) a provision saying that: ‘the identity of these persons should be guaranteed at all stages of the procedure, unless its disclosure is required by national law in the context of further investigation or subsequent judicial proceedings’ and remove in Article 62.2(c) ‘the principles laid down in’,

in light of the doubts expressed in the present Opinion, assess the necessity and proportionality of the proposed system of mandatory publication of sanctions. Subject to the outcome of the necessity and proportionality test, in any event provide for adequate safeguards to ensure respect of the presumption of innocence, the right of the persons concerned to object, the security/accuracy of the data and their deletion after an adequate period of time.

Done at Brussels, 9 July 2012.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1)  EDPS Opinion of 14 June 2012, available at: http://www.edps.europa.eu

(2)  EDPS Opinions of 10 February 2012, available at: http://www.edps.europa.eu

6.11.2012   

EN

Official Journal of the European Union

C 336/15

Executive summary of the Opinion of the European Data Protection Supervisor on the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — ‘European Strategy for a Better Internet for Children’

(The full text of this Opinion can be found in English, French and German on the EDPS website: http://www.edps.europa.eu)

2012/C 336/08

I.   Introduction

I.1.   Consultation of the EDPS

1.

On 2 May 2012, the Commission published its Communication on a ‘European Strategy for a Better Internet for Children’ (1) (hereafter ‘the Communication’).

2.

Before the adoption of this Communication, the EDPS was given the opportunity to provide informal comments. The EDPS welcomes that some of his informal comments have been taken into account in the Communication. In view of the importance of the subject, the EDPS would still like to submit this Opinion at his own initiative.

I.2.   Objectives and background of the Communication

3.

The objective of the Communication is to develop a strategy to enhance the protection of children online. The Communication is placed in the context of the EU Agenda for the Rights of the Child (2), the Digital Agenda for Europe (3), and the Council conclusions on the protection of children in the digital world (4).

4.

The Communication is centred on four main pillars:

1.

stimulating quality content online for young people;

2.

stepping up awareness and empowerment;

3.

creating a safe environment for children online; and

4.

fighting against sexual abuse and sexual exploitation of children.

5.

The Communication outlines a number of actions to be taken by industry, the Member States and the Commission, respectively. It covers issues such as parental controls, privacy settings, age ratings, reporting tools, hotlines, and cooperation between industry, hotlines and law enforcement bodies.

I.3.   Objectives and scope of the EDPS Opinion

6.

The EDPS fully supports initiatives aimed at strengthening the protection of children on the Internet and at improving the means to fight against abuse of children online (5). In two previous Opinions, the EDPS has underlined the importance of the protection and safety of children online in a data protection perspective (6). He welcomes that this has been recognised in the Communication.

7.

The growing use of the digital environment by children and the constant evolution of that environment pose new data protection and privacy risks, which are exposed in point 1.2.3 of the Communication. Such risks include, amongst others, misuse of their personal data, the unwanted dissemination of their personal profile on social networking sites, their growing use of geo-location services, their being increasingly directly subject to advertising campaigns and to serious crimes such as child abuse. These are particular risks that must be addressed in a manner appropriate to the specificity and vulnerability of the category of individuals at risk.

8.

The EDPS welcomes that the actions envisaged in the Communication should respect the current data protection framework (including Directive 95/46/EC and Directive 2002/58/EC (7) on e-privacy), the e-Commerce Directive 2000/31/EC (8) and the Charter of Fundamental Rights of the EU, and that it also takes into account the proposed new data protection framework (9). The EDPS stresses that all measures to be deployed further to the Communication should be consistent with this framework.

9.

This Opinion highlights the specific data protection issues that are raised by the measures foreseen in the Communication, which must be properly addressed by all the relevant addressees of the Communication, i.e. the Commission, the Member States and industry, where applicable. In particular, Chapter II underlines the specific means which can help enhance the protection and safety of children online from a data protection perspective. In Chapter III, the Opinion highlights some data protection issues that need to be addressed for the implementation of measures aimed at fighting against sexual abuse and sexual exploitation of children on the Internet, in particular concerning the use of reporting tools and the cooperation between industry, law enforcement and hotlines.

IV.   Conclusion

49.

The EDPS supports the Communication's initiatives to make the Internet safer for children, and in the fight against sexual abuse and sexual exploitation of children. In particular, he welcomes the recognition of data protection as a key element for ensuring the protection of children on the Internet and for empowering them to enjoy its benefits in safety.

50.

The EDPS underlines that data protection requirements should be appropriately considered by industry, Member States and the Commission when implementing initiatives aimed at enhancing children's safety online, in particular:

Member States should ensure that they include references in their education campaigns and materials to data protection risks as well as information about how children and parents can prevent them. Synergies between data protection authorities, Member States and industry should also be developed in order to foster awareness among children and parents about online safety.

Industry should ensure that it processes personal data of children in accordance with the law, and that it obtains parental consent where necessary. It should implement default privacy settings for children which provide for more protective mechanisms than those that should be embedded by default for all users. It should also implement appropriate warning mechanisms to alert children who want to change their default privacy settings and to ensure that such a change is validated by parental consent where required. It should work on deploying appropriate tools for age verification which are not intrusive from a data protection perspective.

In relation to information to children, industry should explore how to develop a taxonomy to provide information to children in a simple manner and to inform them about the potential risks of a change of their default settings.

In respect of advertising to children, the EDPS recalls that there should be no direct marketing aimed specifically at young minors and that children should not be the subject of behavioural advertising. The EDPS considers that the Commission should provide stronger encouragement to industry to develop privacy friendly self-regulatory measures at the EU level, promoting good practices with respect to online advertising to children, which should be based on full compliance with data protection legislation. He also encourages the Commission to look into the possibility to further legislate at EU level to ensure the appropriate consideration of children's rights to privacy and data protection in the context of advertising.

51.

The initiatives highlighted in the Communication in respect of fighting against sexual abuse and sexual exploitation of children raise a number of data protection issues, which must be carefully considered by all stakeholders in their respective field of action:

Because of their sensitivity from a data protection perspective, the deployment of reporting tools should rely upon an appropriate legal basis. The EDPS recommends that the deployment of the EU-wide reporting tool for children foreseen in Section 2.2.3 is clearly laid down in the law. He furthermore advises that is clearly defined what constitutes ‘harmful conduct and content’ which may be reported through the future EU-wide reporting tool for children.

The EDPS encourages the development by industry of standard minimum reporting templates, which should be designed in a way to minimise the processing of personal data to only those that are strictly necessary.

The procedures for reporting through hotlines could be better defined. A European Code of Practice including common reporting procedures and data protection safeguards, also in respect of the international exchanges of personal data, would improve data protection in this area.

In order to ensure the development of reporting tools which ensure a high level of data protection, data protection authorities should be engaged in a constructive dialogue with industry and other stakeholders.

Cooperation between industry and law enforcement as regards notice and take down procedures concerning child abuse material released on the Internet must only occur pursuant to an appropriate legal base. The modalities for such cooperation need to be more clearly defined. This is also the case concerning the cooperation between industry and a future European Cybercrime Centre.

The EDPS considers that a right balance has to be found between the legitimate objective to fight against illegal content and the appropriate nature of the means used. He recalls that any action of surveillance of telecommunications networks, where necessary in specific cases, should be the task of law enforcement.

Done at Brussels, 17 July 2012.

Giovanni BUTTARELLI

Assistant European Data Protection Supervisor

(1)  COM(2012) 196 final.

(2)  EU Agenda for the Rights of the Child, COM(2011) 60 final.

(3)  Digital Agenda for Europe, COM(2010) 245 final.

(4)  Council conclusions on the protection of children in the digital world, 3128th Education, Youth, Culture and Sport Council meeting, Brussels, 28 and 29 November 2011.

(5)  There are also a number of initiatives at international level, such as the Council of Europe Strategy for the Rights of the Child (2012-2015), COM(2011) 171 final, 15 February 2012.

(6)  See EDPS Opinion on the proposal for a decision of the European Parliament and of the Council establishing a multiannual Community programme on protecting children using the Internet and other communication technologies, published in OJ C 2, 7.1.2009, p. 2, and EDPS Opinion on the proposal for a directive on combating sexual abuse, sexual exploitation of children and child pornography, repealing framework Decision 2004/68/JHA, published in OJ C 323, 30.11.2010, p. 6.

(7)  Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, OJ L 201, 31.7.2002, p. 37.

(8)  Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market, OJ L 178, 17.7.2000, p. 1.

(9)  Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), COM(2012) 11 final.

V Announcements

ADMINISTRATIVE PROCEDURES

European Commission

6.11.2012   

EN

Official Journal of the European Union

C 336/18

Cancellation notice

Calls for proposals under the 2013 work programmes in the specific programme ‘Capacities’ of the seventh framework programme for research, technological development and demonstration activities (2007-2013)

2012/C 336/09

The European Commission has decided to cancel the following call for proposals:

Part

Call identifier

6.

Coherent Development of Research Policies

FP7-CDRP-2013-STAKEHOLDERS

PROCEDURES RELATING TO THE IMPLEMENTATION OF THE COMMON COMMERCIAL POLICY

European Commission

6.11.2012   

EN

Official Journal of the European Union

C 336/19

Notice of the expiry of certain anti-dumping measure

2012/C 336/10

Further to the publication of a notice of impending expiry (1) following which no duly substantiated request for a review was lodged, the Commission gives notice that the anti-dumping measure mentioned below will shortly expire.

This notice is published in accordance with Article 11(2) of Council Regulation (EC) No 1225/2009 of 30 November 2009 on protection against dumped imports from countries not members of the European Community (2).

Product

Country(ies) of origin or exportation

Measures

Reference

Date of expiry (3)

Polyethylene terephthalate (PET) film

Brazil, India and Israel

Anti-dumping duty

Council Regulation (EC) No 1292/2007 (OJ L 288, 6.11.2007, p. 1)

7.11.2012

(1)  OJ C 117, 21.4.2012, p. 7.

(2)  OJ L 343, 22.12.2009, p. 51.

(3)  The measure expires at midnight of the day mentioned in this column.

PROCEDURES RELATING TO THE IMPLEMENTATION OF COMPETITION POLICY

European Commission

6.11.2012   

EN

Official Journal of the European Union

C 336/20

Prior notification of a concentration

(Case COMP/M.6762 — Advent International Corporation/Mediq)

Candidate case for simplified procedure

(Text with EEA relevance)

2012/C 336/11

1.

On 23 October 2012, the Commission received a notification of a proposed concentration pursuant to Article 4 of Council Regulation (EC) No 139/2004 (1) by which Advent International Corporation (NL) acquires within the meaning of Article 3(1)(b) of the Merger Regulation control of the whole of Mediq N.V. (NL) by way of public bid announced on 24 September 2012.

2.

The business activities of the undertakings concerned are:

for Advent International Corporation: investment in several types of markets through a diverse portfolio that includes, among others, companies in the healthcare, industrial, retail and consumer and financial services sectors,

for Mediq N.V.: the provision of medical devices, pharmaceuticals and associated care.

3.

On preliminary examination, the Commission finds that the notified transaction could fall within the scope of the EC Merger Regulation. However, the final decision on this point is reserved. Pursuant to the Commission Notice on a simplified procedure for treatment of certain concentrations under the EC Merger Regulation (2) it should be noted that this case is a candidate for treatment under the procedure set out in the Notice.

4.

The Commission invites interested third parties to submit their possible observations on the proposed operation to the Commission.

Observations must reach the Commission not later than 10 days following the date of this publication. Observations can be sent to the Commission by fax (+32 22964301), by email to COMP-MERGER-REGISTRY@ec.europa.eu or by post, under reference number COMP/M.6762 — Advent International Corporation/Mediq, to the following address:

European Commission

Directorate-General for Competition

Merger Registry

J-70

1049 Bruxelles/Brussel

BELGIQUE/BELGIË

(1)  OJ L 24, 29.1.2004, p. 1 (the ‘EC Merger Regulation’).

(2)  OJ C 56, 5.3.2005, p. 32 (‘Notice on a simplified procedure’).

6.11.2012   

EN

Official Journal of the European Union

C 336/21

Prior notification of a concentration

(Case COMP/M.6704 — REWE Touristik GmbH/Ferid NASR/EXIM Holding SA)

(Text with EEA relevance)

2012/C 336/12

1.

On 24 October 2012, the Commission received a notification of a proposed concentration pursuant to Article 4 and following a referral pursuant to Article 4(5) of Council Regulation (EC) No 139/2004 (1) by which the undertakings REWE Touristik GmbH (Germany) belonging to REWE Group and Ferid NASR (Czech Republic) acquire within the meaning of Article 3(1)(b) of the Merger Regulation joint control of the undertaking EXIM Holding SA (Czech Republic) by way of purchase of shares.

2.

The business activities of the undertakings concerned are:

for undertaking REWE Touristik: REWE Touristik is a German limited liability company part of the Travel & Tourism Division of REWE Group; the latter is also operating in the food and non-food retail sector via a separate branch,

for undertaking Ferid NASR: Mr. Ferid Nasr is a natural person focusing his business activities on the tourism sector; in addition, he holds a stake in a Tunisian travel agency offering travel related services in Tunisia,

for undertaking EXIM Holding: EXIM is a Czech joint stock company currently solely controlled by its 100 % shareholder, Mr. Ferid Nasr. The company's activities include the supply of travel services, in particular package holidays to short-haul as well as long-haul destinations. In the Czech Republic EXIM runs 41 travel agencies, in Slovakia there are 16 stationary travel agencies. EXIM is directly holding equity interests in four operative companies active in the fields of touristic tour and travel sales operations under the brand names ‘EXIM TOURS’ and/or ‘Kartago’.

3.

On preliminary examination, the Commission finds that the notified transaction could fall within the scope the EC Merger Regulation. However, the final decision on this point is reserved.

4.

The Commission invites interested third parties to submit their possible observations on the proposed operation to the Commission.

Observations must reach the Commission not later than 10 days following the date of this publication. Observations can be sent to the Commission by fax (+32 22964301), by e-mail to COMP-MERGER-REGISTRY@ec.europa.eu or by post, under reference number COMP/M.6704 — REWE Touristik GmbH/Ferid NASR/EXIM Holding SA, to the following address:

European Commission

Directorate-General for Competition

Merger Registry

J-70

1049 Bruxelles/Brussel

BELGIQUE/BELGIË

(1)  OJ L 24, 29.1.2004, p. 1 (the ‘EC Merger Regulation’).