Feeds

Now draft biz guillotine law triggers info privacy watchdog

Data revealed during insolvencies sparks Euro ire

High performance access to file storage

There are insufficient data protection safeguards built in to proposed reforms to the EU's insolvency law framework, a privacy watchdog has said.

In a recently issued opinion into the European Commission's draft Insolvency Regulation, the European Data Protection Supervisor (EDPS) raised concerns about the mandatory publication of information relating to the opening and closing of insolvency proceedings (11-page 71KB PDF) as well as the exchange of information between courts and liquidators.

In December last year the Commission published its draft Insolvency Regulation in a bid to overhaul existing laws that have been in operation since 2000. The proposals seek to make clearer the processes involved when there are parallel court proceedings initiated by creditors in different EU member states regarding payment of the debts they are owed.

Under the Commission's proposals, a court that is asked to open secondary proceedings will "immediately" be required to inform the appointed liquidator in the main proceedings in order to give those liquidators the chance to challenge those secondary proceedings from commencing.

In addition, EU member states would also be required to provide a free, publicly-accessible online register of key information relating to insolvency proceedings involving companies, the self-employed and independent professionals. National registers would be connected to a pan-EU online portal. Foreign creditors will be able to lodge claims for payment of debts by submitting a standard form within 45 days of notice of the opening of proceedings in the insolvency register being published.

The EDPS, which advises EU institutions on privacy issues, said that because the proposals "necessarily" involve the processing of personal data, EU data protection laws must be respected in the new regime. However, the watchdog said whilst the Commission has made references to those laws being applicable to the regime, it said there are still data protection "shortcomings and inconsistencies" contained within the proposed Regulation.

"The general references [to data protection] need to be specified and translated into concrete safeguards that will apply for any situation in which personal data processing is envisaged," Giovanni Buttarelli, the assistant EDPS, said in a newly adopted opinion on the draft Insolvency Regulation. "Such safeguards should be developed in the proposed Regulation."

"For instance, the retention period of the data processed and sometimes published for insolvency proceedings should be specified. Besides, it is not sufficiently clear who is responsible for the data published and, as a result, who should update the data and ensure it is secured enough. In other words, data controllers should be designated. In addition, substantive provisions are needed to further develop in a concrete manner the modalities according to which the existing rights of the data subject about whom data is collected and processed may be exercised against the various actors in such a specific area," he added.

Buttarelli said that it may not always be necessary or proportionate for information about individual insolvency proceedings to be published on the Commission's proposed online registers. He said that, even if the information should be detailed in this way, there should be a limit on how long the information should sit there before being removed, as well as efforts made to ensure the data is both accurate and secure.

"The necessity and the proportionality of the proposed system for the Internet publication of decisions opening and closing insolvency proceedings is assessed and it is verified whether the publication obligation does not go beyond what is necessary to achieve the public interest objective pursued and whether there are not less restrictive measures to attain the same objective," Buttarelli said.

"Subject to the outcome of this proportionality test, the publication obligation should in any event be supported by adequate safeguards to ensure full respect of the rights of the persons concerned, the security/accuracy of the data and their deletion after an adequate period of time," he added.

Buttarelli also called on the Commission to clarify aspects about how information contained within the national registers can be processed and used.

"[The Regulation] must identify the purpose of the processing operations and establish which are the compatible uses; identify which entities (judges and authorities responsible for the opening and the closing of insolvency procedures, competent authorities and potentially others) will have access to which data stored in the database and will have the possibility to modify the data; ensure the right of access and appropriate information for all the data subjects whose personal data may be stored and exchanged; define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose," he said.

"These are essential elements that should be included in the Regulation itself," the watchdog added.

Copyright © 2013, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Combat fraud and increase customer satisfaction

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.