annex-letter20-05-2022-explanationofinfringementprocedures
Dieses Dokument ist Teil der Anfrage „CHAP(2022)01376 - Verstöße von Behörden gegen die Freizügigkeitsrichtlinie“
Ref. Ares(2023)1355086 - 23/02/2023
Explanation of infringement procedures launched by the European Commission for breaches of European Union law 1. Principles Each Member State is responsible for the transposition, application and implementation of European Union law in its internal legal system. Only national courts can, where appropriate, order a Member State to compensate individuals for infringements of European Union law attributable to it. They have the power to issue orders to administrative bodies and annul a national decision. Therefore, by using the means of redress available at national level (national administrative or judicial authorities) you should, as a rule, be able to assert your rights more directly and more personally than infringement procedures brought by the Commission could. The European Commission is entrusted with the task of overseeing the application, implementation and enforcement of European Union law. Where a Member State fails to comply with European Union law, the Commission may initiate infringement procedures and if necessary, refer the case to the Court of Justice. It is up to the Commission to decide whether or not to act, and how to act, in response to a complaint concerning a breach of European Union law. A breach of European Union law means the failure, either by action or omission, of a Member State to fulfil its obligations under the Treaties. Any breach of European Union law by an authority of a Member State, irrespective of the level of the authority involved (at central, regional or local level) is attributable to the Member State to which that authority belongs. Anyone may lodge a complaint with the Commission free of charge against any Member State about any measure (law, regulation or administrative action) or the absence of such measure or practice which they consider incompatible with European Union law. You do not have to demonstrate a formal interest in bringing proceedings nor do you have to prove that you are principally and directly concerned by the infringement complained of. A complaint about a breach of European Union law has to relate to an infringement of European Union law by a Member State. It cannot therefore concern a private dispute. 2 Handling of your complaint by the Commission's services After examining the facts and in the light of the rules and priorities established by the Commission for opening and pursuing infringement procedures1, the Commission services will decide whether further action should be taken on your complaint. It may be necessary to gather further information to determine the factual and legal situation of your case. If necessary, you will be asked to supply further information. Should the Commission contact the authorities of the Member State against which you have made your complaint, it will not disclose your identity unless you have given your express permission to do so (see below point 3). If the Commission considers that there may be an infringement of European Union law which warrants the opening of an infringement procedure, it addresses a "letter of formal notice" to the Member State concerned, requesting it to submit its observations by a specified date. In the light of the reply or absence of a reply from the Member State concerned, the Commission may decide to address a "reasoned opinion" to the Member State, calling on the Member State to comply with European Union law within a specified period. The purpose of those formal contacts is to determine whether there is indeed an infringement of European Union law and, if so, to resolve the case at this stage without having to take it to the Court of Justice. The Commission may decide whether or not to pursue the infringement procedures any further. 1 Communication from the Commission - EU law: Better results through better application (C(2016)8600 final). 1
If the Commission brings the case before the Court of Justice of the European Union, it may take several years for the Court of Justice to hand down its judgment. Judgments of the Court of Justice differ from those of national courts. The Court of Justice delivers a judgment stating whether there has been an infringement of European Union law. The Court of Justice cannot annul a national provision which is incompatible with European Union law, nor force a national administration to respond to the request of an individual, nor order the Member State to pay damages to an individual adversely affected by an infringement of European Union law. It is up to a Member State against which the Court of Justice has handed down its judgment to take whatever measures are necessary to comply with it, particularly to resolve the dispute which gave rise to the proceedings. If the Member State does not comply, the Commission may again bring the matter before the Court of Justice seeking to have financial sanctions imposed on the Member State until the latter puts an end to the infringement. Following the examination of your complaint, the Commission may also decide not to open formal infringement procedures, even if it considers that a breach of EU law has occurred.2 3. Administrative procedures for the handling of your complaint After receiving your complaint, the Commission will: a. register your complaint (by assigning to it an official reference number, which should be quoted in any further correspondence) and acknowledge its receipt within 15 working days; b. perform a preliminary assessment of your complaint within two months from its registration and inform you of its results; c. assess your complaint with a view to arriving at a decision to issue a formal notice or to close the case within not more than one year. Where that time limit is exceeded, the Commission will inform you in writing of the status of the file; d. where appropriate, propose to transfer it to the most suitable problem-solving mechanism; e. inform you about progress on your complaint; f. not disclose your identity to the authorities of the Member State concerned, unless you have explicitly chosen non-confidential treatment of your complaint. You are referred to the following Commission documents which explain the Commission's general approach to the management of correspondence and complaints: Code of good administrative behaviour for staff of the European Commission in their relations with the public, available on the EUR-Lex website (http://eur-lex.europa.eu) under its publication reference, Official Journal L 267, 20.10.2000, p. 63. Administrative procedures for the handling of relations with the complainant regarding the application of European Union law, Annex to the Commission Communication "EU law: Better results through better application", accessible on the EUR-Lex website (http://eur-lex.europa.eu) under the reference C/2016/8600 and published in the Official Journal OJ C 18, 19.1.2017, p. 10–20. Action 20 of the Communication: 'Long term action plan for better implementation and enforcement of single market rules', accessible on the EUR-Lex website (http://eur-lex.europa.eu) under the reference COM/2020/94 final. Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, available on the EUR-Lex website (http://eur-lex.europa.eu) under its publication reference, Official Journal L 295, 21.11.2018, p. 39. 2 Communication from the Commission - EU law: Better results through better application (C(2016)8600 final). 2
Specific privacy statement Handling complaints about the application of EU law The processing of personal data by the European Commission is subject to the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.1 This privacy statement explains the reason for the processing of your personal data, the way the European Commission collects, handles and ensures protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor. 1. The process of handling complaints Any person or body may file with the Commission a complaint about the application of EU law by a Member State. The Commission will examine the complaint and decide whether or not further action should be taken. For instance, the Commission may enter into an informal dialogue with the authorities of the concerned Member States on issues related to potential non-compliance with EU law and/or may decide to launch a formal infringement procedure against the respective Member State. 2. Identity of the data controller The controller of the processing operation is the unit responsible for implementation and enforcement of EU law in the Secretariat-General of the European Commission. 3. Purpose The purpose of collecting and handling complaints, including personal data/information contained therein, is to enable the Commission to learn about potential infringements of European Union law and thus carry out its task under Article 17 of the Treaty on European Union to ensure that Member States apply the provisions of the Treaty and the measures taken under it. The Commission handles complaints about the application of EU law by Member States in a consistent way and in line with its Communication ‘EU law: Better results through better application’, accessible on the EUR-Lex website (http://eur-lex.europa.eu) under the reference C/2016/8600 and published in the Official Journal OJ C 18, 19.1.2017, p. 10–20 and Action 20 of the Communication ‘Long term action plan for better implementation and enforcement of single market rules’, accessible on the EUR- Lex website (http://eur-lex.europa.eu) under the reference COM/2020/94 final. Your personal data will not be used for an automated decision-making including profiling. 4. Grounds for lawful processing Personal data are processed for the performance of a task carried out in the public interest in accordance with Article 5(1)(a) of Regulation 2018/1725. The corresponding Union law for the processing of personal data based on Article 5(1)(a) are Articles 4(3) and 17 of the Treaty on European Union (TEU), and Articles 258, 260 and 291 of the Treaty on the functioning of the European Union (TFEU). The processing of non-mandatory personal data of the complainant, as well as any possible disclosure of the complainant’s personal data to the Member State concerned by the respective complaint (at the 1 OJ L 295, 21.11.2018, p. 39. 1
phase of EU Pilot or formal infringement procedure), is based on the consent of the complainant in accordance with Article 5(1)(d) of Regulation 2018/1725. 5. Information collected To give effect to the complainants’ administrative guarantees and ensure their proper information, the Commission requires to be provided with the surname, first name, address and e-mail address (for the online complaint form) of the complainant (natural person or legal entity2), as well as their agreement or the lack of their agreement to disclose their identity to the national authorities against which the complaint is lodged. Furthermore, to allow the Commission to examine the complaint, the following additional information must be supplied: the national authority complained about, the national measure(s) which the complainant considers to be in breach of EU law, previous action taken to solve the problem. The information collected by the Commission may also include the complainant’s title, their telephone and fax numbers, email address, website, and (where applicable) the name of their representative and the details thereof (name, title, address, telephone and fax number, e-mail address, website). The full text of the complaint, including any other documents provided by the complainant, may contain other personal data of a very diverse nature. No special categories of personal data under Article 10 of Regulation (EU) 2018/1725 are required for the purpose of handling a complaint. 6. Storage and security The personal information collected and all other relevant information are stored on the European Commission servers in the Data Centre in Luxembourg. The server operates under the Commission's decisions and provisions on security established by the Security Directorate for this kind of server and service, namely Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission. In order to protect the personal data being processed, the European Commission has put in place a number of technical and organisational measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by both the processing itself and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation. 7. Who has access to your information? Access to the processed personal data is provided to the European Commission staff responsible for carrying out this processing operation and to authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements. Within the Commission, access to the personal information collected is granted only through a user ID and password to a defined population of users in the Secretariat-General and other Commission departments dealing with complaints and infringements. If the Commission enters into an exchange with the concerned Member State and you have not consented to disclose your identity, the personal data collected will not be available to the Member State authorities concerned. If you have given your consent to the disclosure of your identity, access by the Member States to the personal information collected will be limited to a defined population of users in the national administrations, and only through a user ID and password. The Member States are data controllers for their processing of your personal data and are bound by the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of 2 Regulation (EU) 2018/1725 concerns the data protection of individuals. It does not apply to information concerning legal entities unless this information relates to an identified or identifiable natural person. 2
personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)3. The information collected is not accessible to the public. Some infringement-related information is published on the Europa webpage, but this information does not contain any personal data. The Commission sometimes receives a large number of complaints on the same subject against the same Member State (so-called multiple complaints). In such cases, the Commission may decide to communicate with the complainants through publications on the Europa webpage. This communication does not contain any personal data. The personal information we collect will not be given to any third party (apart from the Member State in case you consented to the disclosure of your identity), except: to the extent and for the purpose we may be required to do so by law; and for the purpose of dispatching letters of the European Commission by registered mail via a postal service provider (see corresponding notification ‘DPR-EC-00884 Traitement du courrier’ of the European Commission’s Office for Infrastructure and Logistics in Brussels). 8. How long is the information kept? The European Commission only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing. Personal data/information allowing a complainant to be identified will be erased 10 years after the closure of the file, if there is no follow-up given by the Commission to the respective complaint. When the complaint led to an informal dialogue between the Commission and the concerned Member State, which is not followed by a formal infringement procedure, personal data/information allowing a complainant to be identified will be erased by the European Commission 10 years after the closure of the informal dialogue. In cases where the Commission launches on the basis of a complaint a formal infringement procedure, personal data and documents submitted by the complainant will be kept without any time limit, for administrative, procedural and archiving purposes. 9. What are your rights and how can you exercise them? You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access your personal data and to rectify them in case your personal data are inaccurate or incomplete. Under certain conditions, you have the right to erase your personal data, to restrict the processing of your personal data, and the right to data portability. You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a), on grounds relating to your particular situation. If you have consented to the processing of certain parts of your personal data, you can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent. You have no direct access to the information stored. Anyone who wishes to exercise his/her rights as data subjects should write an email to sg-plaintes@ec.europa.eu giving full details of their request or, in case of conflict, to the European Commission’s Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given below. 10. Contact information If you have any question or concern concerning the processing of your personal data or a request thereon, please contact the data controller, either by email to sg-plaintes@ec.europa.eu or by letter to the Secretariat-General (unit responsible for implementation and enforcement of EU law), European Commission, B 1049 Brussels. 3 OJ L 119, 4.5.2016, p. 1. 3
You can also contact the European Commission’s Data Protection Officer, e-mail address: data- protection-officer@ec.europa.eu, with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725. 11. Remedies with regard to the processing of personal data Complaints related to the processing of personal data by the European Commission can also be addressed to the European Data Protection Supervisor at the following address: Rue Wiertz 60 (MO 63), 1047 Brussels, Belgium, e-mail address: edps@edps.europa.eu. The European Data Protection Supervisor is responsible for monitoring and ensuring the application of the provisions of Regulation (EU) 2018/17254 and any other EU act relating to the protection of the fundamental rights and freedoms of natural persons with regard to the processing of personal data by an EU institution or body. 12. Where to find more detailed information? The Commission’s Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link : http://ec.europa.eu/dpo-register. This specific processing operation has been included in the Data Protection Officer’s public register with the following Record reference: DPR-EC-00082. 4 Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39. 4