15.2.2012

EN

Official Journal of the European Union

C 43/14

---

Opinion of the European Economic and Social Committee on the ‘Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions — Better governance of the Single Market through greater administrative cooperation: A strategy for expanding and developing the Internal Market Information System (“IMI”)’

COM(2011) 75 final

and the ‘Proposal for a Regulation of the European Parliament and of the Council on administrative cooperation through the Internal Market Information System (the IMI Regulation)’

COM(2011) 522 final — 2011/0226 (COD)

2012/C 43/04

Rapporteur: Mr HERNÁNDEZ BATALLER

On 21 February 2011, the European Commission decided to consult the European Economic and Social Committee, under Article 304 of the Treaty on the Functioning of the European Union, on the

Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: Better governance of the Single Market through greater administrative cooperation: A strategy for expanding and developing the Internal Market Information System (‘IMI’)

COM(2011) 75 final.

On 14 and 13 September 2011 respectively, the European Parliament and the Council decided to consult the European Economic and Social Committee, under Article 114 of the Treaty on the Functioning of the European Union, on the

Proposal for a Regulation of the European Parliament and of the Council on administrative cooperation through the Internal Market Information System (‘The IMI Regulation’)

COM(2011) 522 final — 2011/0226 (COD).

The Section for the Single Market, Production and Consumption, which was responsible for preparing the Committee's work on the subject, adopted its opinion on 10 November 2011.

At its 476th plenary session, held on 7 and 8 December (meeting of 7 December), the European Economic and Social Committee adopted the following opinion by 172 votes in favour with 2 abstentions.

1.   Conclusions and recommendations

1.1   The EESC welcomes the Commission's intention of improving the governance of the single market through greater administrative cooperation, broadening and developing the Internal Market Information System (IMI) and establishing a proper electronic network for direct contact between the various administrations.

1.2   The EESC welcomes the intention stated in the proposal for a regulation to establish rules for using IMI for administrative cooperation addressing, inter alia, the functions of the various IMI users, the exchange of information, notification procedures, warning mechanisms and reciprocal assistance agreements.

1.3   It also considers it beneficial to establish measures to protect privacy with respect to the nature of the exchanged data, addressing, inter alia, the periods for storing exchanged data and the right of notification and correction.

1.4   With regard to this key legal framework, the EESC suggests including among the definitions set out in Article 5 the concept of ‘IMI data’, which are economic and professional data that relate to the exercise of economic and professional activities in the internal market and which are exchanged through the IMI system. These data are provided for in the directives establishing the IMI as the instrument for administrative cooperation between national authorities.

1.5   The EESC believes that the IMI can play a decisive role in overhauling administrative cooperation in the internal market and ensuring it meets the needs and expectations of individuals, businesses and civil society organisations who may have a future part to play in developing and operating the system.

1.6   The Committee therefore recommends that the system's development include an objective distinction between data, with regard to the conditions under which economic and professional activities are exercised in the various Member States, to ensure that these data are accessible to private individuals and businesses alike.

1.7   In the EESC's view, the administrative cooperation provided for in the directives that the IMI system helps to implement basically requires, among other measures, the exchange of information between authorities. At the same time, it reiterates that due regard must be given to European data protection legislation. The Committee rejects outright, however, the idea that any exchanged data may also be processed as set out in the proposal for a regulation, for two reasons: firstly, because nowhere do the directives that the IMI system helps to implement state the need for data to be processed under the administrative cooperation they provide for; and secondly, because in the EESC's opinion, the practical requirements to supervise and monitor the operation of the IMI system outlined by the Commission by no means justify expanding the scope for processing exchanged personal data to cover the creation of independent and separate files through processing.

1.8   Lastly, given the quantitative leap represented by this system, the number of participants and the flow of information, the EESC would recommend that provision be included for a basic dispute settlement system for cases of ‘transnational’ non-compliance. Even a rudimentary system of this nature would help clarify responsibility for any system malfunction or poor system management, which would help improve legal certainty for the public.

2.   Background

2.1   The Internal Market Information System is an IT application accessible via the Internet, developed by the European Commission in conjunction with the Member States (and applicable in the European Economic Area), whose purpose is to help the latter to fulfil in practice the requirements for exchanges of information laid down in the Union's legal acts through a centralised communication system that allows the cross-border exchange of information and mutual assistance.

2.2   The System, which was initially set up as a ‘project of joint interest’, is designed to be a flexible and decentralised system that can easily be customised to support different areas of Single Market legislation which contain administrative cooperation provisions.

2.3   The basic principles of the IMI system are as follows:

a)	reusability;

b)	organisational flexibility;

c)	simple agreed procedures;

d)	multilingualism;

e)	user-friendliness;

f)	data protection; and

g)	no IT costs for users.

2.4   This system is currently used for the purposes of administrative cooperation in relation to the Directive on the Recognition of Professional Qualifications (1) and the Directive on Services in the Internal Market (2). It will also be used experimentally for implementing the Posting Directive (3).

2.5   The IMI system cannot currently be used by either consumers or businesses. This is a tool intended solely for use by the competent authorities in the specific areas it covers.

2.6   The EESC has previously stated its views (4) on the Commission Communication on Delivering the benefits of the single market through enhanced administrative cooperation  (5), supporting a more decentralised and network-based approach to cross-border administrative cooperation operating in the interests of the single market and making use of the Internal Market Information System.

3.   The Commission communication

3.1   According to the Commission, to ensure that the single market functions smoothly, Member State administrations need to work together closely by providing mutual assistance and exchanging information.

3.2   In its communication entitled Towards a Single Market Act  (6), one of the 50 proposals it makes announced the creation of an electronic network for direct contact between European authorities, based on a strategy of expanding the IMI using a multilingual information system.

3.3   The IMI is flexible with regard to its organisational set-up in each Member State. The network's decentralised structure requires each participating country to appoint a national IMI coordinator (NIMIC), to manage overall IMI project coordination.

3.4   The IMI's potential lies in:

—	adding new policy areas;

—	developing new functions;

—	linking IMI with other IT systems; and

—	using existing IMI functions for new purposes.

3.5   Where, in a particular legislative area, no information system exists to support administrative cooperation, reusing IMI instead of developing a new purpose-built system has a number of advantages:

a)	more cost-efficient,

b)	more user-friendly,

c)	faster, more predictable solutions,

d)	safer ground, and

e)	low threshold for pilot projects.

3.5.1   There is no limit to the number of new areas that can be added to IMI, but there are organisational constraints on its expansion, because the conceptual coherence of the system needs to be preserved, on the basis of the following criteria:

—	the new user group should be linked to or partly overlap with existing user groups;

—	priority should be given to adding areas that can use existing functions;

—	if adding a new legal area requires the development of new functions, this should be done in a generic way so that the new module can be adapted easily for other user groups;

—	the costs of any further development needed should be justified by the expected added value of using IMI for the new or existing user groups and for the implementation of EU law and the benefits to citizens and businesses, and

—	new areas and functions or links to other tools should not increase the complexity of the system for its users.

3.6   IMI follows a ‘privacy by design’ approach whereby privacy and data protection compliance are designed into the system from the outset, including a strict application of the purpose-limitation principle and appropriate controls.

3.7   Expenditure for IMI covers development and improvement of the system, hosting IMI in the Commission Data Centre, maintenance, system administration, second-line support, training, communication and awareness-raising.

3.8   In the Commission's view, expanding the system to cover new areas and functions or to create links to other tools should not increase the complexity of the system for its users. Requirements for administrative cooperation should be sufficiently clear and operational and the need for an IT tool to support the process should be analysed.

3.9   The Commission considers it essential that the project have a transparent and effective governance structure and that all stakeholders understand the procedures and forums involved in reaching agreement on various aspects of the project. It therefore includes daily management of the system, policy decisions, advice and guidance from experts and developing the governance structure.

3.10   Lastly, the system is intended to ensure a high level of system performance and security. Where performance is concerned, as the number of users and volume of data in IMI grows, it is crucial to ensure that the performance of the system (e.g. response times) remains satisfactory. With regard to security, the IMI stores and processes personal data and other data that is not intended to be publicly available.

4.   General comments on the Communication from the Commission

4.1   The EESC endorses the Commission's approach, adopting a strategy of expanding and developing the Internal Market Information System (IMI) with a view to stepping up administrative cooperation.

4.1.1   More coherent administrative cooperation in the internal market should be based, as a minimum, on the Charter of Fundamental Rights, especially on the principles of sound administration, access to documents, data protection and the shared general principles of law recognised in the Court of Justice's case-law.

4.1.2   In any event, the EESC points out that the level of precautions and protection applying to personal data will vary depending on whether the data refer to traders or business people in their capacity as economic operators.

4.1.3   While it is true that the IMI eliminates uncertainty, it only does so for the authorities and not for SMEs and other stakeholders in society, to whom it should also be extended, as stated by the European Parliament in its Resolution of 6 April 2001.

4.2   In addition to its substantive and specific regulation, the subject of data protection requires this aspect to be taken into account, as a sound legislative technique, in other regulations. This applies in general to the regulation of procedures implementing Community policies and in particular to the IMI System, which is in itself a complex procedure.

4.2.1   As regards lodging appeals, this procedure should provide for a dispute settlement system for cases of transnational disagreements. It is therefore important to provide rapid and efficient access to dispute settlement mechanisms that are straightforward and inexpensive to those they are designed for, whether these are private individuals or businesses.

4.3   Access to the system to provide and obtain information should be very carefully regulated, to ensure that national authorities are obliged to carry out the consultation on the basis of a duly-reasoned prior request, using a standard form and that the person making the request can always display a legitimate interest.

4.4   As regards synergies with other, existing information instruments and databases of regulated professions that include ‘lists’ of the professions that are regulated in each Member State, the EESC considers that in addition to the ‘list’, all requirements for exercising a given profession should be included, meaning not only academic qualifications, but also membership or otherwise of a professional association, insurance, licences, etc. This would make some consultations more or less automatic and could be accessible to civil society actors. The EESC hopes that the directive currently being drafted will address these aspects.

4.4.1   The need for this approach can be inferred from the 2010 Annual Report on the IMI system, which refers to the challenge involved in managing the wide range of authorities that are responsible in the field of services. Each authority, with its sphere of competences (at least the basic distinction between regulation, intervention and supervision), should be included on the lists of regulated professions.

4.5   Responsibilities for any malfunctioning of the system or its mismanagement, in terms of mistakes, excessive delays, corrections, etc., to the information that is exchanged, should be clarified, in order to guarantee legal certainty and protection for the rights of individuals and operators where personal data are concerned. The administration's liability for the abnormal functioning of authorities is a general principle of EU law, recognised in all the Member States.

5.   The proposal for a regulation

5.1   The objectives of the Commission proposal are to:

a)	establish a sound legal framework for IMI and a set of common rules to ensure that it functions efficiently;

b)	provide a comprehensive data protection framework by setting out the rules for the processing of personal data in IMI;

c)	facilitate possible future expansion of IMI to new areas of EU law; and

d)	clarify the roles of the different actors involved in IMI.

5.2   It lays down the main principles of data protection through IMI, including the rights of data subjects, in a single legal instrument thus increasing transparency and enhancing legal certainty. The proposal precisely defines the form and methods of administrative cooperation through IMI.

5.2.1   The list of areas of Union acts currently supported by IMI is set out in Annex I. Areas of possible future expansion are listed in Annex II.

5.3   The proposal improves the conditions for the functioning of the internal market by providing an efficient and user-friendly tool which facilitates the practical implementation of those provisions of Union acts which require Member States to cooperate with one another and with the Commission and to exchange information, ensuring a high level of protection for personal data.

5.3.1   The proposal establishes certain common rules related to its governance and use. This includes the obligation to appoint one national IMI coordinator per Member State, the obligation on competent authorities to provide an adequate response in a timely manner and the provision that information exchanged via IMI may be used for providing evidence in the same way as similar information obtained within the same Member State.

5.3.2   The proposal also contains a mechanism for expanding IMI to new Union acts. Its aim is to provide the necessary flexibility for the future while ensuring a high level of legal certainty and transparency. Following an assessment of technical feasibility, cost-efficiency, user-friendliness and overall impact on the system, as well as the results of a possible test phase, the Commission will be empowered to up-date the list of areas in Annex I accordingly, adopting a delegated act.

5.3.3   The Commission's role is to ensure the security, availability, maintenance and development of the IMI software and IT structure. However the Commission could take an active part in IMI workflows, on the basis of legal provisions or other arrangements underlying the use of IMI in a given area of the internal market.

5.3.4   The proposal aims to establish a number of guarantees regarding the transparency of data processing and security. Personal data should not remain accessible for longer than necessary, thus maximum retention periods should be established, following which the data should be blocked and then automatically deleted five years after closure of an administrative cooperation procedure.

5.3.5   As regards geographic scope, the legal instrument for IMI should provide sufficient flexibility to accommodate the inclusion of third countries in the information exchanges in certain areas, or the use of the system in a purely domestic context.

6.   General comments on the proposal for a regulation

6.1   The EESC welcomes the proposal for a regulation for establishing rules governing IMI use for administrative cooperation. Nevertheless, since these are rules that are directly applicable with the intention of forming a general regulatory framework, the EESC has concerns regarding two questions:

—	the lack of precision in some of the fundamental legal concepts, and

—	the considerable widening of authority for IMI users as regards the exchanged data.

6.2   In practical terms, IMI is a multilingual IT application that links up more than 6 000 competent authorities which exchange information, within relatively short periods, on the conditions for carrying out specific economic and professional activities in the relevant Member States.

6.2.1   The actual exchange of information via this IT application is subject to a set of minimum procedural rules drawn up for this purpose. Nevertheless, far beyond this specific and limited purpose of exchanging information, the proposal now also legitimises the processing of personal data exchanged as stated in Article 6 thereof. However, the Directives it applies and for which it serves as a basis at no point make corresponding provision for such processing. Because these directives make no such provision, the EESC rejects the idea that exchanged data may also be processed.

6.2.2   Thus there are grounds for questioning the scope of this new power introduced by the proposal for a regulation concerning the processing of personal data under the terms established in Article 2(b) of Directive 95/46/EC.

6.2.3   Apart from the general authority of IMI actors for processing the personal data exchanged, as set out in the article, no other provision of the proposal for a regulation contains a reference either to the purposes justifying the processing or any possible guarantees or restrictions to which they might be subject.

6.2.4   Only the reasons set out in Recital 15 explain why the Commission is now including the processing of data in the general objectives of IMI. The EESC believes that these reasons, unless subsequently explained and clarified, are not sufficient for authorising a function with such a broad remit, particularly:

a)	supervising the use of the system by the IMI and Commission coordinators.

6.2.5   The EESC feels that both the IMI and Commission coordinators already have access to the exchanged data, by virtue of which they have already made specific assessments of the system which allow them to evaluate both the response time and the authorities involved, broken down by sector, inter alia.

6.2.6   Thus, subject to further clarifications, it does not seem necessary to make provision for creating specific files using the data exchanged for supervising the use of the system:

b)	gathering information on administrative cooperation or mutual assistance in the internal market.

6.2.7   Such information is already public and available from Commission reports on the functioning of the IMI system and could be used to assess administrative cooperation, of which it presents merely a functional aspect:

c)	training and awareness-raising initiatives.

6.2.8   The EESC feels that such initiatives do not require the ‘processing’ of data (as defined in Directive 95/46EC), but simply the ‘use’ of the data in the system.

7.   As regards the need for precision, this refers to a basic concept of ‘personal data’ referred to a number of times in the proposal for a regulation. In this respect, reference should be made to the concept contained in Regulation 95/46/EC whose definition far exceeds the requirements for the functioning of IMI which, ultimately, concerns a specific category of these data whose common feature is that they are of importance for the exercising of economic and/or professional activities in the internal market.

7.1   The Committee thus considers that the proposal should set out the scope of the concept, limiting the category of ‘personal data’ to the data included in the corresponding Directives under which IMI is used for administrative cooperation between state authorities and which relate to the exercising of economic and professional activities in the internal market. For this reason, reference should be made to the definitions set out in Article 5.

8.   Recital 12 of the proposal states that IMI is a tool not open to the general public which allows external actors to supply information and retrieve data. The EESC disagrees with this approach and believes that certain IMI information should be accessible to external actors, such as citizens, businesses or organisations, provided that it does not contain personal data. Such access would include, inter alia, the administrative requirements imposed by a country with which a commercial or professional relationship is being sought.

8.1   Making this information accessible would in no way include access to other data and certainly not the processing of such data, as might be deduced from the definition of ‘external actor’ in Article 5(i) of the proposal.

8.2   These external actors should be given the right to make a request for information to their closest IMI user, to create an obligation for the latter to follow it up through the system, provided that the said external actor can provide evidence of an interest linked to a commercial or professional relationship with the country for which the information is being requested.

9.   Article 4 of the proposal gives the Commission the authority to include the administrative cooperation set out in the provisions relating to Annex II in IMI. These include the future interconnection of Business Registers, a proposal which has still not been approved. Given the broad scope of this projected measure, the EESC feels it necessary for details to be provided as regards the kind of act to be used for achieving such an expansion of IMI.

10.   As regards the definition of external actors, and in accordance with the comments already made, the EESC proposes re-drafting it as follows:

—	identifying them as citizens, businesses or organisations requesting a consultation from an IMI user that relates to the objective of certain directives included in the system and which the user must pass on;

—	granting them right of access to information in the system which does not contain personal data; and

—	expressly excluding the processing of the information which they have accessed.

11.   To ensure that the internal market functions properly, the EESC deems it constructive that the information received by a competent authority through IMI from another Member State should have the same evidentiary value in administrative procedures.

12.   As regards exercising stakeholders' rights, the EESC regrets that the proposal does not include a single solution, but refers to the obligations of the competent authorities which are laid down in the national legislations on data protection in different forms. Similarly, as regards storing data, it feels that establishing different deadlines is not appropriate for the smooth functioning of the internal market as regards the exercising of citizens' rights.

13.   For the purposes of exchanging information with third countries, the EESC considers that it should be made clear whether the conditions set out in Article 22(1) of the proposal must all be met simultaneously or as alternatives. In the latter case, the EESC does not find that a Commission decision as to whether the level of data protection in a third country is sufficient or equivalent represents an appropriate basis for extending IMI to that third country, whilst there are other instances in which the actual Directives included in IMI or an international agreement provide for the external exchange of data.

14.   To ensure greater legal certainty, the provisions concerning the functioning of IMI that are being repealed and those remaining in force should be set out in the articles of the proposal, rather than in the recitals.

---

(1)  Directive 2005/36/EC (OJ L 255, 30.9.2005, p. 22).

(2)  Directive 2006/123/EC (OJ L 376, 27.12.2006, p. 36).

(3)  Directive 96/71/EC.

(4)  Opinion CESE (OJ C 128, 18.5.2010, p. 103).

(5)  COM(2008) 703 final.

(6)  COM(2010) 608 final.

---