250 likes | 319 Views
Prof. Dr. Diana-Urania Galetta University of Milan Prof. Jens-Peter Schneider University of Freiburg i . Brsg. Shared Information and Mutual Assistance Book V – Mutual Assistance Book VI – Administrative Information Management. Presentation for the EU Ombudsman / ReNEUAL conference
E N D
Prof. Dr. Diana-Urania Galetta University of Milan Prof. Jens-Peter Schneider University of Freiburg i. Brsg. Shared Information and Mutual AssistanceBook V – Mutual AssistanceBook VI – Administrative Information Management Presentation for the EU Ombudsman / ReNEUAL conference EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May 19-20th 2014
Book V - Structure • V-1 Scope and application of Book V • V-2 General concept of mutual assistance (1) In order to receive the assistance necessary to fulfil its tasks under Union law, the requesting public authority may ask a Member State or EU public authority (the requested authority) for support, provided it cannot reasonably be expected to execute the necessary task itself. • V-3 Duties of the requesting authority • V-4 Duties of the requested authority (3) The requested authority is obliged to comply with any lawful request for assistance. It shall refuse to provide personal data where the transfer would infringe applicable EU or national data protection law. (4) It may refuse to comply particularly in the following cases: […] • V-5 Right of a person concerned to be informed • V-6 Allocation of costs
Book VI - Introduction Information management is a core feature of each administrative procedure. Information-related activities - as the essence of composite decision-making procedures - are already partially addressed in Books II-IV Book VI deals with specific categories of inter-administrative information management activities consisting either in certain forms of inter-administrative information exchange or in databases directly accessible to public authorities
Book VI - Structure • Chapter 1: General Provisions • Scope; Definitions • The regulatory standards of Book VI apply only to the specified information management activities. These standards vary for the different types of information management activities: • Databases, which are necessarily supported by an information system • duties to inform other authorities, if they are supported by an information system • structured information mechanisms, if they are supported by an information system • (simple) duties to inform other authorities • (simple) structured information mechanisms. • An information system is either a specific software or IT infrastructure (IT system) or an organizational infrastructure supporting inter-administrative information exchange or establishing a database.
Information management activities:definitions, Art. VI-2 • A structured cooperation mechanism means a pre-defined workflow allowing authorities to communicate and interact with each other in a structured manner beyond the general obligations of mutual assistance according to Book V. • A duty to inform is an obligation for an authority which exists in EU law to provide data or information to another authority without prior request. • Art. VI-26 (1): Personal data stored in a database as a result of an information exchange under a duty to inform, shall be accessible only for so long as necessary to achieve the purposes for which they were supplied. If a duty to inform is triggered by a specified event the data shall only be accessible until the administrative tasks connected with that event are accomplished and no longer than six months after the formal closure of the relevant administrative procedure. […] • Database means a structured collection of data supported by an IT system and managed by a public authority, which provides at least one other competent authority at EU or Member State level with access to stored data without prior request. • Art. VI-27 (1): Data may be accessible through databases irrespective of the limits set out in Article VI-26 in accordance with the rules of the basic act for the respective database.
Information Management Activities Single Case Decision-making (Book III) [or conclusion of contracts, Art. IV-7] Initiation (Chap. 2) Info. Gathering (Chap. 3) Hearing … (Chap. 4) Conclusion (Chap. 5) (specific) Information Management Activities (Book VI) supported by Info. Systems (IT Systems / …) (shared) Data Bases Duties to inform other authorities Structured Cooperation Mechanisms (informational) Mutual Assistance (Book V)
Book VI - Structure • Chapter 1: General Provisions • Scope; Definitions • A) information exchange schemes regularly involve EU as well as national authorities • B) the most important data-bases are accessible to EU as well as to national authorities • C) these issues can only marginally be regulated by existing national administrative law • A + B + C = As a consequence the scope of application of Book VI includes not only information management activities of EU authorities but also of national authorities • On the contrary, book VI does not apply to information management activities legally confined to a single Member State with no information exchange with either another Member State or an EU authority
Book VI - Structure • Chapter 1: General Provisions • Scope; Definitions • Relation to general data protection law and freedom of information rights • Book VI combines rules on structural issues (procedures, organisation, inter-administrative obligations) as well as rules on data protection’s aspects of information law • It is not simply a duplication of data protection rules but an adaptation of them to the problems and needs of inter-administrative information exchange and databases • The project Book VI at this stage does not cover rules on access to documents or the proactive display of data held by public authorities
Book VI - Structure • Chapter 1: General Provisions • Need for a basic act • “A basic act shall be adopted before an information management activity within the scope of this book may be performed. No duty to perform such an activity shall exist without a basic act” (VI-3) • A legal framework for composite information management activities is necessary: • A) to steer the informational course of composite administrative procedures and provide the various actors involved in such procedures with legal certainty as to their tasks and obligations • B) to ensure that the various stages of the composite information management activities comply with the procedural rights afforded to concerned persons and third parties in EU administrative procedures • C) to provide solutions to overcome the challenges stemming from the inherent fragmentation of composite procedures
Book VI - Structure • Chapter 1: General Provisions • Scope; Definitions • Need for a basic act and Evaluation • Principles • Duties of sincere cooperation • Principle of transparent information management • Principle of data quality • Actors/Functions → architecture of info systems • Competent authorities • Management authorities for IT systems • Contact points
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities information flow: - notifications - (requests for) additional information competentauthorities follow-up measures Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities information flow: - notifications - (requests for) additional information competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities information flow: - notifications - (requests for) additional information IT System for info. exchange EU (operational) Management Authority competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A information flow: - notifications - (requests for) additional information EU Contact Point IT System for info. exchange EU (operational) Management Authority contact point in Member State … contact point in Member State B competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Book VI - Structure • Chapter 2: Structured cooperation mechanisms • A “structured information mechanism” is a cooperation system in which the cooperation obligations are structured in a pre-defined workflow, allowing authorities to communicate and interact with one another • The system involves the use of standardising instruments aimed at facilitating cooperation and the exchange of information • In accordance with Article VI-3a basic act has to be adopted, which should indicate the standardising instruments, which characterise the specific mechanism • Example: Internal Market Information System (IMI) • Actual problem: the use of Networks of informal cooperation without a formal legal basis– Examples: SOLVIT; EU-PILOT NETWORK; PUBLIC PROCUREMENT NETWORK
Book VI - Structure • Chapter 1: General Provisions • Chapter 2: Structured cooperation mechanisms • Chapter 3: Duties to inform other public authorities without prior request and shared data bases • Section 1: General standards for duties to inform and shared data bases: esp. verification • Section 2: Management of information • Subsection 1: Access to data and information • Subsection 2: Alteration and deletion of data and information: Competencies and Obligations • Subsection 3: Use of data and information: • Duties to use/consult, independently assess, take specific action; Restrictions • Subsection 4: Data protection and information security • Storage, blocking and deletion of data; Confidentiality; Security standards
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A information flow: - notifications - (requests for) additional information EU Contact Point IT System for info. exchange EU (operational) Management Authority contact point in Member State … contact point in Member State B competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A verification information flow: - notifications - (requests for) additional information EU Verification Authority EU Contact Point IT System for info. exchange EU (operational) Management Authority contact point in Member State … contact point in Member State B competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Book VI - Structure • Chapter 1: General Provisions • Chapter 2: Structured cooperation mechanisms • Chapter 3: Duties to inform other public authorities without prior request and shared data bases • Chapter 4: Supervision and dispute resolution • Section 1: General supervision and dispute resolution • Establishment of a Central Supervisory Authority • Mediation procedure; Binding inter-administrative decisions • Power to grantaccess to data and to alter ordeletedata • Section 2: Data protection supervision of shared data bases • Internal supervision by Data Protection Officers • Cooperative external data protection supervision of shared data bases • Establishment of a European Data Protection Board as an option • Chapter 5: Remedies and Liability • The supervisory and judicial procedures should ensure the efficiency of administrative action while at the same time guaranteeing that concerned persons are in a position to obtain the enforcement of their rights
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A verification information flow: - notifications - (requests for) additional information EU Verification Authority EU Contact Point IT System for info. exchange EU (operational) Management Authority contact point in Member State … contact point in Member State B competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A verification information flow: - notifications - (requests for) additional information EU Verification Authority EU Supervisory Authority EU Contact Point IT System for info. exchange EU (operational) Management Authority contact point in Member State … contact point in Member State B competentauthorities competentauthorities follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A verification information flow: - notifications - (requests for) additional information EU Verification Authority EU Supervisory Authority EU Contact Point IT System for info. exchange EU (operational) Management Authority EDPS contact point in Member State … contact point in Member State B MS Data Protec. Authority MS Data Protec. Authority MS Data Protec. Authority competentauthorities competentauthorities MS Data Protec. Authority follow-up measures Business / Citizens Business / Citizens
Architecture:duties to informsupported by anInformation System Business / Citizens restrictive measures competentauthorities contact point in Member State A verification information flow: - notifications - (requests for) additional information EU Verification Authority EU Supervisory Authority EU Contact Point IT System for info. exchange EU (operational) Management Authority EDPS contact point in Member State … contact point in Member State B representative of MS Data Protec. Authority representative of MS Data Protec. Authority representative of MS Data Protec. Authority competentauthorities competentauthorities representative of MS Data Protec. Authority follow-up measures Business / Citizens Business / Citizens EDPB
Book VI - Structure • Chapter 1: General Provisions • Scope; Definitions • Need for a basic act and Evaluation • Duties of sincere cooperation; Principle of transparent information management; Principle of data quality • Actors/Functions: Competent authorities; Single central contact points; Management authorities for IT systems • Chapter 2: Structured cooperation mechanisms • Chapter 3: Duties to inform other public authorities without prior request and shared data bases • Section 1: General standards for duties to inform and shared data bases: esp. verification • Section 2: Management of information • Chapter 4: Supervision and dispute resolution • Section 1: General supervision and dispute resolution • Section 2: Data protection supervision of shared data bases • Chapter 5: Remedies and Liability
Prof. Dr. Diana-Urania Galetta University of Milan Prof. Jens-Peter Schneider University of Freiburg i. Brsg. Shared Information and Mutual AssistanceBook V – Mutual AssistanceBook VI – Administrative Information Management Presentation for the EU Ombudsman / ReNEUAL conference EU Administrative Procedures – The ReNEUAL Draft Model Rules 2014 Brussels, May 19-20th 2014