Feeds

Now draft biz guillotine law triggers info privacy watchdog

Data revealed during insolvencies sparks Euro ire

The smart choice: opportunity from uncertainty

There are insufficient data protection safeguards built in to proposed reforms to the EU's insolvency law framework, a privacy watchdog has said.

In a recently issued opinion into the European Commission's draft Insolvency Regulation, the European Data Protection Supervisor (EDPS) raised concerns about the mandatory publication of information relating to the opening and closing of insolvency proceedings (11-page 71KB PDF) as well as the exchange of information between courts and liquidators.

In December last year the Commission published its draft Insolvency Regulation in a bid to overhaul existing laws that have been in operation since 2000. The proposals seek to make clearer the processes involved when there are parallel court proceedings initiated by creditors in different EU member states regarding payment of the debts they are owed.

Under the Commission's proposals, a court that is asked to open secondary proceedings will "immediately" be required to inform the appointed liquidator in the main proceedings in order to give those liquidators the chance to challenge those secondary proceedings from commencing.

In addition, EU member states would also be required to provide a free, publicly-accessible online register of key information relating to insolvency proceedings involving companies, the self-employed and independent professionals. National registers would be connected to a pan-EU online portal. Foreign creditors will be able to lodge claims for payment of debts by submitting a standard form within 45 days of notice of the opening of proceedings in the insolvency register being published.

The EDPS, which advises EU institutions on privacy issues, said that because the proposals "necessarily" involve the processing of personal data, EU data protection laws must be respected in the new regime. However, the watchdog said whilst the Commission has made references to those laws being applicable to the regime, it said there are still data protection "shortcomings and inconsistencies" contained within the proposed Regulation.

"The general references [to data protection] need to be specified and translated into concrete safeguards that will apply for any situation in which personal data processing is envisaged," Giovanni Buttarelli, the assistant EDPS, said in a newly adopted opinion on the draft Insolvency Regulation. "Such safeguards should be developed in the proposed Regulation."

"For instance, the retention period of the data processed and sometimes published for insolvency proceedings should be specified. Besides, it is not sufficiently clear who is responsible for the data published and, as a result, who should update the data and ensure it is secured enough. In other words, data controllers should be designated. In addition, substantive provisions are needed to further develop in a concrete manner the modalities according to which the existing rights of the data subject about whom data is collected and processed may be exercised against the various actors in such a specific area," he added.

Buttarelli said that it may not always be necessary or proportionate for information about individual insolvency proceedings to be published on the Commission's proposed online registers. He said that, even if the information should be detailed in this way, there should be a limit on how long the information should sit there before being removed, as well as efforts made to ensure the data is both accurate and secure.

"The necessity and the proportionality of the proposed system for the Internet publication of decisions opening and closing insolvency proceedings is assessed and it is verified whether the publication obligation does not go beyond what is necessary to achieve the public interest objective pursued and whether there are not less restrictive measures to attain the same objective," Buttarelli said.

"Subject to the outcome of this proportionality test, the publication obligation should in any event be supported by adequate safeguards to ensure full respect of the rights of the persons concerned, the security/accuracy of the data and their deletion after an adequate period of time," he added.

Buttarelli also called on the Commission to clarify aspects about how information contained within the national registers can be processed and used.

"[The Regulation] must identify the purpose of the processing operations and establish which are the compatible uses; identify which entities (judges and authorities responsible for the opening and the closing of insolvency procedures, competent authorities and potentially others) will have access to which data stored in the database and will have the possibility to modify the data; ensure the right of access and appropriate information for all the data subjects whose personal data may be stored and exchanged; define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose," he said.

"These are essential elements that should be included in the Regulation itself," the watchdog added.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Designing a Defense for Mobile Applications

More from The Register

next story
ONE EMAIL costs mining company $300 MEEELION
Environmental activist walks free after hoax sent share price over a cliff
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
UK.gov's Open Source switch WON'T get rid of Microsoft, y'know
What do you mean, we've ditched Redmond in favour of IBM?!
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.