Feeds

Now draft biz guillotine law triggers info privacy watchdog

Data revealed during insolvencies sparks Euro ire

The Power of One Infographic

There are insufficient data protection safeguards built in to proposed reforms to the EU's insolvency law framework, a privacy watchdog has said.

In a recently issued opinion into the European Commission's draft Insolvency Regulation, the European Data Protection Supervisor (EDPS) raised concerns about the mandatory publication of information relating to the opening and closing of insolvency proceedings (11-page 71KB PDF) as well as the exchange of information between courts and liquidators.

In December last year the Commission published its draft Insolvency Regulation in a bid to overhaul existing laws that have been in operation since 2000. The proposals seek to make clearer the processes involved when there are parallel court proceedings initiated by creditors in different EU member states regarding payment of the debts they are owed.

Under the Commission's proposals, a court that is asked to open secondary proceedings will "immediately" be required to inform the appointed liquidator in the main proceedings in order to give those liquidators the chance to challenge those secondary proceedings from commencing.

In addition, EU member states would also be required to provide a free, publicly-accessible online register of key information relating to insolvency proceedings involving companies, the self-employed and independent professionals. National registers would be connected to a pan-EU online portal. Foreign creditors will be able to lodge claims for payment of debts by submitting a standard form within 45 days of notice of the opening of proceedings in the insolvency register being published.

The EDPS, which advises EU institutions on privacy issues, said that because the proposals "necessarily" involve the processing of personal data, EU data protection laws must be respected in the new regime. However, the watchdog said whilst the Commission has made references to those laws being applicable to the regime, it said there are still data protection "shortcomings and inconsistencies" contained within the proposed Regulation.

"The general references [to data protection] need to be specified and translated into concrete safeguards that will apply for any situation in which personal data processing is envisaged," Giovanni Buttarelli, the assistant EDPS, said in a newly adopted opinion on the draft Insolvency Regulation. "Such safeguards should be developed in the proposed Regulation."

"For instance, the retention period of the data processed and sometimes published for insolvency proceedings should be specified. Besides, it is not sufficiently clear who is responsible for the data published and, as a result, who should update the data and ensure it is secured enough. In other words, data controllers should be designated. In addition, substantive provisions are needed to further develop in a concrete manner the modalities according to which the existing rights of the data subject about whom data is collected and processed may be exercised against the various actors in such a specific area," he added.

Buttarelli said that it may not always be necessary or proportionate for information about individual insolvency proceedings to be published on the Commission's proposed online registers. He said that, even if the information should be detailed in this way, there should be a limit on how long the information should sit there before being removed, as well as efforts made to ensure the data is both accurate and secure.

"The necessity and the proportionality of the proposed system for the Internet publication of decisions opening and closing insolvency proceedings is assessed and it is verified whether the publication obligation does not go beyond what is necessary to achieve the public interest objective pursued and whether there are not less restrictive measures to attain the same objective," Buttarelli said.

"Subject to the outcome of this proportionality test, the publication obligation should in any event be supported by adequate safeguards to ensure full respect of the rights of the persons concerned, the security/accuracy of the data and their deletion after an adequate period of time," he added.

Buttarelli also called on the Commission to clarify aspects about how information contained within the national registers can be processed and used.

"[The Regulation] must identify the purpose of the processing operations and establish which are the compatible uses; identify which entities (judges and authorities responsible for the opening and the closing of insolvency procedures, competent authorities and potentially others) will have access to which data stored in the database and will have the possibility to modify the data; ensure the right of access and appropriate information for all the data subjects whose personal data may be stored and exchanged; define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose," he said.

"These are essential elements that should be included in the Regulation itself," the watchdog added.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.