August 14, 2017

Giovanni Buttarelli, EDPS, said that the Commission’s proposal is one of the first EU instruments that explicitly refers to the once-only principle, which aims to ensure that citizens and businesses do not need to submit the same information to a public administration more than once. Mr Buttarelli said that he welcomes this initiative, but also recommends that the Commission “take into account some key issues related to data protection in their continued development of the once-only principle.” Further, he said, “[a]dditional clarity on important data protection principles, such as the legal basis of the processing, purpose limitation and data minimisation will reinforce the protection of the rights of individuals”.

The Commission’s proposal aims to modernise administrative services by facilitating the availability, quality and accessibility of information across the EU. It foresees the exchange of evidence for specified cross-border procedures, such as a request for recognition of a diploma, through a technical system, which will allow authorities to exchange data directly, at the explicit request of the individuals concerned and without these individuals having to resubmit documents that are already available in another Member State.

The EDPS supports the efforts made to ensure that individuals remain in control of their personal data. He also welcomes the amendments to the Internal Market Information System (IMI) Regulation, which the proposal introduces. These clarify the coordinated supervision mechanism foreseen for IMI and would enable the new European Data Protection Board to benefit from the technical possibilities offered by IMI for information exchange under the General Data Protection Regulation (GDPR).

However, in this latest Opinion, the EDPS has asked for clarification of certain issues. In particular, the proposal should not provide a legal basis for the exchange of information for purposes other than those it specifies, and it should not provide a restriction on the principle of purpose limitation as set out under the GDPR. He also requests clarification on a range of issues relating to the practical implementation of user control.

The Opinion states that the Commission’s proposal is a necessary and welcome development in the modernisation of administrative services throughout the EU, which also respects relevant data protection principles. As such, it represents a promising step towards achieving the digital Europe, based on the free movement of data, envisioned by the Estonian Presidency of the Council, whilst also demonstrating the compatibility of data protection with this vision.