Ga verder naar contentGa verder naar content en skip ook inhoudsopgave
In- en Uitvoer
Home

2008/49/EC: Commission Decision of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data (notified under document number C(2007) 6306) (Text with EEA relevance )

2008/49/EC: Commission Decision of 12 December 2007 concerning the implementation of the Internal Market Information System (IMI) as regards the protection of personal data (notified under document number C(2007) 6306) (Text with EEA relevance )

THE COMMISSION OF THE EUROPEAN COMMUNITIES,

Having regard to the Treaty establishing the European Community,

Having regard to Decision 2004/387/EC of the European Parliament and of the Council of 21 April 2004 on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC)(1), and in particular Article 4 thereof,

Whereas:

  1. On 17 March 2006, Member State representatives in the Internal Market Advisory Committee(2) approved the Global Implementation Plan for the Internal Market Information System, hereinafter ‘IMI’, and its development aimed at improving communication among Member State administrations.

  2. In its Decision COM/2006/3606 of 14 August 2006 on the third revision of the IDABC Work Programme 2005-2009 the Commission decided on the financing and setting up of the Internal Market Information System as a project of common interest.

  3. Further financing was provided by Commission Decision COM/2007/3514 of 25 July 2007 on the fourth revision of the IDABC Work Programme.

  4. IMI is intended to support legislative acts in the field of the Internal Market that require the exchange of information between Member States administrations, including Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market(3) and Directive 2005/36/EC of the European Parliament and of the Council of 7 September 2005 on the recognition of professional qualifications(4).

  5. Since the protection of personal data has to be ensured within IMI, it is necessary to complement the Decision setting up IMI in that regard. Since the various tasks and functions of the Commission and the Member States in relation to IMI will entail different responsibilities and obligations as regards data protection rules, it is necessary to define their respective functions, responsibilities and access rights.

  6. The opinion of the Article 29 Working Party on data protection issues related to the Internal Market Information System (IMI)(5) expressly calls for a Commission Decision which determines the rights and obligations of the IMI actors.

  7. The exchange of information by electronic means between Member States should comply with the rules on the protection of personal data in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(6) and Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data(7).

  8. For the purpose of ensuring follow-up questions between competent authorities and for the purpose of situations in which a data subject wishes to appeal against a negative administrative decision taken on the basis of an information exchange, all personal data exchanged between competent authorities and processed in IMI should be retained for six months after the formal closure of an information exchange. After the six-month period all personal data should be erased. A six-month retention period is considered appropriate because it corresponds to the duration of administrative procedures as provided for in Community legislation on the basis of which information is exchanged,

HAS ADOPTED THIS DECISION:

CHAPTER 1 GENERAL PROVISIONS

Article 1 Subject matter

This Decision lays down the functions, rights and obligations of the IMI actors and IMI users referred to in Article 6 in relation to data protection requirements with regard to the operation of the Internal Market Information System, hereinafter ‘IMI’.

Article 2 Data quality

The competent authorities of the Member States shall exchange and further process personal data only for the purposes defined in the relevant Community acts as set out in the Annex, on the basis of which the information is exchanged, hereinafter ‘the relevant Community acts’.

Requests for information from the competent authorities of one Member State to another and the replies thereto shall be based on the multilingual questions and the data fields defined for the purposes of IMI and drawn up by the Commission in cooperation with the Member States.

Article 3 Controllers

The responsibilities of the controller under Article 2(d) of Directive 95/46/EC and Article 2(d) of Regulation (EC) No 45/2001 shall be jointly exercised by the IMI actors pursuant to Article 6 in accordance with their respective responsibilities within IMI.

The controllers shall ensure that the data subject may effectively exercise its rights to information, to access, to rectify and to object according to the applicable data protection legislation. The IMI actors shall provide privacy statements in an appropriate form.

Article 4 Retention of personal data of data subjects of the information exchanges

Article 5 Retention of personal data of IMI users

CHAPTER 2 FUNCTIONS AND RESPONSIBILITIES IN RELATION TO IMI

Article 6 IMI actors and users

Article 7 Competent authorities

Article 8 IMI coordinators

Article 9 IMI user roles

Article 10 Commission

CHAPTER 3 ACCESS RIGHTS TO PERSONAL DATA

Article 11 Data subject

Article 12 Access rights of IMI users

CHAPTER 4 FINAL PROVISION

Article 13 Addressees

ANNEX