DG INFSO S.5 Unit extenral financial audits of FP5 contractors, personal data protection
Dear Communications Networks, Content and Technology (CNECT),
Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:
The former DG INFSO S.5 Unit has conducted either itself or its authorised representatives external financial audits to FP5 contractors pursuant to article 26(1) of the FP5 model contract:
“The Commission, or any representative authorised by it, may initiate an audit at any time during the contract and up to five years after each payment of the Community contribution, as referred to in Article 3(1), first subparagraph, of this Annex. The audit procedure shall be deemed to be initiated on the date of receipt of the relevant registered letter with acknowledgment of receipt sent by the Commission”.
The application concerns the very last three form a chronological point of view external financial audits of FP6 contractors, and as indicated by the date on the audit notification letter according to second sub-paragraph of the aforesaid article 26(1).
Copies of the following documents are kindly requested
1. The three audit announcement letters, including all annexes thereto.
2. The cover letter dispatching to the FP5 contractor the final audit report. The audit report itself is NOT requested.
3. The documents DG INFSO – DG CNET drew up in compliance to article 12(1) of Regulation No 45/2001 with regards to the personal data processing DG INFSO – DG CNET manifestly carried out in the framework of these three audits.
4. The article 25 of Regulation No 45/2001 covering these three external financial audits.
Provided that DG CNET redacts what is strictly necessary to withhold the identities of the natural persons, all other parts of the documents are to be fully released, since no exception of article 4 of Regulation No 1049/2001 may be relied upon to refuse access.
For documents under #3 and #4 above there is manifestly an overriding public interest for their full release, save the identity and contact details of the data subjects of request #3.
Yours faithfully,
Mr. Akis NASTAS
Dear Mr Nastas,
Thank you for your registered letter dated 17/07/2013.
We hereby acknowledge receipt of your application for access to documents, which was registered on 17/07/2013 under reference number GestDem 2013/3773.
In accordance with Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents, your application will be handled within 15 working days.
The time limit will expire on 07/08/2013. In case this time limit needs to be extended, you will be informed in due course.
Yours faithfully,
Carlos Remis
SG.B.5.
Transparence.
Berl. 05/329.
Dear Mr Nastas,
Please find attached the reply to your request for access to documents
together with its enclosure.
Yours sincerely,
Diana TILOUCHE
European Commission
Legal Service
BERL 1/111
B-1049 Brussels/Belgium
+32 2-299 57 49
[1][email address]
References
Visible links
1. mailto:[email address]
Dear Communications Networks, Content and Technology (CNECT),
Please forward this message to the Legal Services, Ms. Diana TILOUCHE.
On 15/7/2013 the Transparency Unit registered a request under reference number GestDem 2013/3685. It concerns the Commission’s written observations submitted the EFTA Court, Case E-14/11, Schenker v EFTA Surveillance Authority.
The Legal Services inadvertently released their reply to this email address. Although the recipient-applicant is the same person, the reply does not correspond to the GestDem reference number of the application.
I would therefore be obliged if the Legal Services would dispatch the reply to the 'correct' email address, i.e. that of GestDem 2013/3685.
Yours faithfully,
Mr. Akis NASTAS
Dear Sir,
Please find attached document Ares(2013)2853003 concerning "Your application for access to documents – Ref GestDem No 2013/3773 under Regulation 1049/2011 regarding public access to European Parliament, Council and Commission documents." sent by Ms ENGELBOSCH Katleen on 08/08/2013.
Kind regards.
-------------------------------------------------------------------------------------------------------------
Note: This e-mail was automatically generated by the European Commission's central mail registration system.
Replies by e-mail must be addressed to the original sender ENGELBOSCH Katleen (mailto:[email address]).
Remarque : Cet e-mail a été généré automatiquement par le système d'enregistrement central du courrier de la Commission européenne.
Toute réponse éventuelle par e-mail doit être adressée à l'expéditeur en personne, à savoir ENGELBOSCH Katleen (mailto:[email address]).
Dear Communications Networks, Content and Technology (CNECT),
Referring to the application GestDem 2013/3773 and the new time-limit of 28/8/2013 set in the DG CNET letter Ares(2013)2853003 - 08/08/2013, I would be obliged if DG CNET would inform me about the status of the initial reply.
Yours faithfully,
Mr. Akis NASTAS
Dear Mr Nastas,
We are currently finalising the replies to Gestdems 3681 and 3773.
You can expect an answer by 20^th September at the latest.
Best regards,
Katleen Engelbosch.
Katleen Engelbosch
Head of Unit
DG CONNECT
Unit CNECT/R4 - Compliance
Dear Sir,
Please find attached document Ares(2013)3079939 concerning "Your application for access to documents – Ref GestDem No 2013/3773 under Regulation 1049/2011 regarding public access to European Parliament, Council and Commission documents – partial reply." sent by Mr Madelin Robert on 19/09/2013.
Kind regards.
-------------------------------------------------------------------------------------------------------------
Note: This e-mail was automatically generated by the European Commission's central mail registration system.
Replies by e-mail must be addressed to the original sender Madelin Robert (mailto:[email address]).
Remarque : Cet e-mail a été généré automatiquement par le système d'enregistrement central du courrier de la Commission européenne.
Toute réponse éventuelle par e-mail doit être adressée à l'expéditeur en personne, à savoir Madelin Robert (mailto:[email address]).
Dear Communications Networks, Content and Technology (CNECT),
Referring to the DG CNECT initial reply to GESTDEM 2013/3773, Ares(2013)3079939 - 19/09/2013, and requests under #1 and #2, this is to inform DG CNECT that the released documents concern FP5 projects "desk controls" only, which are distinct from FP5 projects "external financial audits". The latter invariably entail on-the-spot auditing activities, where in principle the laws of the corresponding the Member State also apply, while the former do not entail any activity by the auditors on the territory of a Member State.
The application expressly referred to "external financial audits" in the second and third paragraphs. Since cumulatively the former DG INFSO S.5 and DG CNECT R.4 Units have carried out several hundreds of "external" financial audits, it is somewhat surprising that the R.4 Unit did not realize this particular aspect of the application.
For the purposes of procedural economy, it is proposed that DG CNECT consider the present email as the initial application, with all time-limits starting running from the date on which DG CNECT notifies the applicant about the acceptance, or otherwise, of the proposal.
However, should DG CNECT be silent until the 9th of October, it is very likely that a confirmatory application will be lodged.
Yours faithfully,
Mr. Akis NASTAS
Dear Sir,
Please find attached document Ares(2013)3131086 concerning "Your application for access to documents – Ref GestDem No 2013/3773 under Regulation 1049/2011 regarding public access to European Parliament, Council and Commission documents" sent by Mr. Madelin Robert on 30/09/2013.
Kind regards.
-------------------------------------------------------------------------------------------------------------
Note: This e-mail was automatically generated by the European Commission's central mail registration system.
Replies by e-mail must be addressed to the original sender Madelin Robert (mailto:[email address]).
Remarque : Cet e-mail a été généré automatiquement par le système d'enregistrement central du courrier de la Commission européenne.
Toute réponse éventuelle par e-mail doit être adressée à l'expéditeur en personne, à savoir Madelin Robert (mailto:[email address]).
Dear Communications Networks, Content and Technology (CNECT),
******
In accordance to article 8 of Regulation No 1049/2001, this is a confirmatory application regarding application GestDem 2013-3773 In accordance to article 8 of Regulation No 1049/2001.
******
A. OBSERVATIONS ON THE DG CNECT INITIAL REPLY TO REQUESTS #3 & #4
The DG CNECT initial reply has completely overlooked requests #3 and #4, since nothing is stated about them in the initial reply. DG CNECT has not stated whether it searched for documents, what the results of the search(es) have been, and whether any exception of article 4 of Regulation No 1049/2001 was relied upon to refuse access. By implication, the DG CNECT initial reply is a total refusal for access without a statement of reasons, which is the very worst kind of an initial reply. The applicant is left in the hopeless position to guess whether the requested documents are held and whether an article 4 exception was relied upon to refuse total access.
The DG CNECT 'informative' statements about Regulation No 45/2001 and data subject rights enshrined in that Regulation are hypocritical, since request #3 is about documents expressly stipulated by article 12(1) of Regulation No 45/2001, which DG INFSO ought to have drawn up and dispatch to the data subjects. Consequently, if DG INFSO had drawn up such documents, DG CNECT has an absolute obligation to release a partial copy to the applicant, expunging from the documents disclosing the identity of the data subjects. Request #3 has seemingly fallen on deaf ears, and this exactly why the DG CNECT initial reply about data subject rights is hypocritical.
Turning to request #4, DG CNECT has neither released a copy of the article 25 of Regulation No 45/2001 prior notification covering the three FP5 financial audits, nor has DG CNECT stated that the document does not exist.
B. OBSERVATIONS ON THE DG CNECT INITIAL REPLY TO REQUESTS #1 & #2
DG CNECT has expunged from the released documents the parts enabling the identification of the FP5 contractors. While DG CNECT relied upon article 4(2) first indent (protection of commercial interests), it has not specifically stated what are the reasonably foreseeable risks to the protected interest. In fact, the reliance on that article is totally arbitrary, since no explanation is provided.
On 30/9/2013 and in GestDem 2013-3956, http://www.asktheeu.org/en/request/fp6_f..., DG CNECT released the audit announcement letters of the (i) FP6 contractor "Datamed ... " (2 FP6 projects were audited) and (ii) Sword Technologies (5 FP6 projects and 3 FP7 grant agreements). In those two letters, the full details of the auditees were released. There is no reason why the in requests #1 and #2 the parts disclosing the identity of the auditee should not be disclosed.
C. OVERRIDING PUBLIC INTEREST
The false declarations of the article 25 of Regulation No 45/2001 DG INFSO DPO-3338.1 and its total lack of legal basis is now in public view in asktheeu.org (by analogy to DG RTD DPO-3398.1, see to that effect the DG RTD initial reply of GestDem 2013-3351). The specific three FP5 auditees have the lawful right to be informed that the FP5 audits were tainted by grave infringements of Regulation No 45/2001.
The former S.5 Unit of DG INFSO has infringed several article of Regulation No 45/2001 in the three FP5 financial audits that are concerned with the present application.
By virtue of the definition of the 'controller' in article 1 second indent of Commission Decision 597/2008 of 22/7/2008, the signatory of the audit reports and the letters dispatching them is the same official who inserted false statements in DG INFSO DPO-3338.1.
In a Union governed by the rule of law, the Commission services have an obligation to objectively assess whether any exception of article 4 may lawfully be relied upon, without attempting to conceal from the public the DG INFSO - DG CNECT conduct.
In sum and in my view, the overriding public interest makes the full release of the requested documents the only outcome of the confirmatory application, save the parts disclosing the identity of individuals (data subjects).
D. CONCLUSION - CONFIRMATORY APPLICATION
A confirmatory application for all requests is hereby submitted.
Yours faithfully,
Mr. Akis NASTAS
Dear Mr Nastas,
We have analysed your confirmatory request below, and we don't understand
the subject of it.
In your e-mail, you mention that "The DG CNECT initial reply has
completely overlooked request #3 and #4". However, I see that, in its
reply dated 19/09/2013, DG CONNECT sent you the documents requested under
nr. 3 and 4 of your request (see points 3 and 4, page 3 of the reply from
DG CONNECT). For your facility, I let you this reply and its annexes
herewith.
That is why, as you received the requested documents, we don't understand
what is the matter of your confirmatory request, and we cannot register
it.
If we have misunderstood your e-mail, please let us know with your
argumentation.
Yours sincerely,
Paul SIMON
European Commission - Secretariat General
Unit SG.B.5, Transparency
Dear Communications Networks, Content and Technology (CNECT),
This email is to be forwarded to the Transparency Unit. It provides clarifications to the email of the Transparency Unit of 17/10/2013.
*****************
Referring to the email of the Transparency Unit of 17/10/2013 (i.e. earlier today), this is to provide the requested clarifications regarding requests #3 and #4.
I. INITIAL OBSERVATIONS – APOLOGY
Referring to the confirmatory application, section “A. OBSERVATIONS ON THE DG CNECT INITIAL REPLY TO REQUESTS #3 & #4”, it must be admitted that taking literally the claim that DG CNECT overlooked requests #3 and #4 is wholly incorrect. DG CNECT did indeed explain in its initial reply what documents it thought fall under the scope of the requests #3 and #4 and released them.
The applicant sincerely apologises to DG CNECT and to the Transparency Unit for that gross inaccuracy.
II. REASSESSMENT OF THE INITIAL REPLY ON REQUEST #3 - DOCUMENTS PURSUANT TO ARTICLE 12(1) & 25 OF REGUALTION NO 45/2001
It is worth recalling that request #3 was framed as “3. The documents DG INFSO – DG CNET drew up in compliance to article 12(1) of Regulation No 45/2001 with regards to the personal data processing DG INFSO – DG CNET manifestly carried out in the framework of these three audits.”
It is obvious that the request concerns documents drawn up pursuant to article 12(1) of Regulation No 45/2001. DG CNECT released the article 25 of Regulation No 45/2001 prior notification DPO-3338.1 (Annex 3) – and the attached Privacy Statement (Annex 3A) as the sole two documents falling under the scope of request #3. The only possible logical interpretation of such kind of an initial reply is that DG CNECT understands that a document drawn up pursuant to article 25 of Regulation No 45/2001 (a prior notification) can somehow be equated with a document drawn up pursuant to article 12(1).
Without referring at all to the provisions of any specific Regulation, ‘equating’ two different kinds of documents, with each kind being drawn up pursuant to two different articles of a Regulation, flies in the face of common sense. It is even more problematic when it is made in the context of an administrative procedure, i.e. an initial reply of Regulation No 1049/2001.
Turning to the particularities of documents drawn up pursuant to the aforesaid two articles of Regulation No 45/2001, the following remarks are made:
1. The released document under request #3 is the prior notification of article 25 of Regulation No 45/2001. Under the provisions of the second indent of article 1 of Commission Decision 597/2001, the sole official responsible for its compliance with Regulation No 45/2001 is the designated data controller, who in the case of the released DPO-3338.1 is the then Head of the S.5 Unit of the former DG INFSO.
2. DPO-3398.1 is an autonomous document, in the sense that it does not have an addressee. The Data Protection Officer and the DG INFSO Data Protection Coordinator might have played a secondary role in its ‘drafting’ and its maintenance in the register of prior notifications, but they are not its addresses.
3. Documents drawn up pursuant to article 12(1) have as an addressee a specific data subject. They provide to the data subject the information stipulated in article 12(1), which is totally different from the information stipulated in article 25.
According to article 12(1), DG INFSO had had an absolute legal obligation to inform every single data subject whose personal data DG INFSO processed. This specifically includes every single data subject who is referred to in the audit reports.
In the applicant’s view, releasing an article 25 prior notification instead of the documents drawn up pursuant to article 12(1) amounts to an attempt to mislead the applicant, which wholly unacceptable.
In conclusion and having due regard that DG CNECT has not stated that documents at issue are not held, the initial reply to request #3 is the result of a failure to search for documents and inform the applicant accordingly. It may be interpreted as a total refusal with no statement of reasons.
It is expected that the Secretariat-General will provide a frank and comprehensive reply to request #3.
III. REASSESSMENT OF THE INITIAL REPLY ON REQUEST #4, PRIOR NOTIFICAITON DPO-3338.1 & DESK CONTROLS
The initial application referred expressly to FP5 ‘external financial audits’. For requests #1 & #2, DG CNECT released documents about FP5 ‘desk controls’. As it will be argued below, the former audits are very different from the latter controls. The confirmatory reply did not raise an objection about it. Therefore, for procedural economy reasons no discrimination is to be made between (i) FP5 external financial audits and (ii) FP5 desk controls.
However, drawing no distinction between such FP5 audits and FP5 controls necessarily implies that the requested prior notification(s) under request #4 must cover FP5 desk controls as well.
Insofar it can be inferred from the DG CNECT initial reply, according to DG CNECT the prior notification DPO-3338.1 covers the ‘audits-controls’ of requests #1 & #2. The applicant takes issue with DPO-3338.1 covering DG INFSO FP5 desk controls.
Notwithstanding the analysis if the preceding section, the document released under #4 is a prior notification about ‘external financial audits’ and not about ‘desk controls’. Nowhere in DPO-3338.1 is it stated that it concerns ‘desk controls’. There are several fundamental differences between ‘desk controls’ and ‘external financial audits’. Some notable ones include:
1. Desk controls do not entail on-the-spot audit activities, which the external financial audits do
2. Desk controls are carried out by Commission officials only. External auditing firms have carried out 80% of all FP6 and FP7 audits.
3. In FP6 & FP7, external financial audits are stipulated in articles FP6.II.29 and FP7.II.22. The provisions of the fourth subparagraph of those two articles essentially provide that all external financial audits are to entail on-the-spot auditing activities. Such kind of auditing provisions are not found in the FP5 model contract.
Moreover, DPO-3338.1 makes reference to the DG INFSO prior notification DPO-1260, which was first filed on 19/2/2009. DG INFSO had been conducting FP5 projects desk controls as early as 2004.
Given that DG INFSO FP5 desk controls have been going on since 2004, if not earlier, there is absolute binary choice: either there is another DG INFSO prior notification covering the DG INFSO desk controls, or there is no prior notification at all covering the DG INFSO desk controls.
To conclude, the released DPO-3338.1 under request #4 does not cover the ‘audit-controls’ of requests #1 and #2. The initial reply to request #4 is the result of a failure to search for documents and inform the applicant accordingly. It may be interpreted as a total refusal with no statement of reasons.
It is expected that the Secretariat-General will provide a frank and comprehensive reply about request #4.
IV. FALSE STATEMENTS OF DPO-3338.1 AND ITS NON EXISTING LEGAL BASIS
It is now in full public view in asktheeu.org that the prior notification DPO-3338.1 has the two false statements
1. “This processing has been submitted to the EDPS who concluded that Article 27 is not applicable. ”
2. “3 . Processors -”
In addition, the initial DG RTD reply of GestDem 3351/2013 to request #7, www.asktheeu.org/en/request/personal_dat..., is effectively an admission that there is no legal basis covering the personal data processing of the DG RTD prior notification DPO-3398. Since DG RTD DPO-3398.1 is a copy of DG INFSO DPO-3338.1, it must be concluded that DG INFSO DPO-3338.1 has no legal basis at all.
Whereas DG CNECT is fully aware of the completely deceitful nature of the prior notification DPO-3338.1, nevertheless DG CNECT released it as the initial reply in requests #3. In other words, DG CNECT has misled the applicant with the release of a deceitful prior notification that is wholly immaterial to the requested documents under request #3.
In my view, having due regard to the deceitful nature of DPO-3338.1 DG CNECT should avoid at all costs the misleading of applicants in the administrative procedure of Regulation No 1049/2001, with the prior notification DPO-3338.1 being a fundamental part of the exercise of misleading. Doing so is rubbing salt to the wounds.
V. CONCLUSIONS
Even though it was not raised in the confirmatory application, Annex 1 of the initial reply contains two (2) DG INFSO letters notifying desk controls instead of the requested three (3).
In view of all the foregoing, the applicant maintains that:
1. The documents released in request #3 are wholly immaterial to the requested documents. If the documents in question are held (if they were drawn up in first place) they are to be released, except the parts covered by article 4(1)(b) of Regulation No 1049/2001.
2. The document released in request #4, i.e. the prior notification DPO-3338.1, has no reference to FP5 desk controls, and therefore the initial reply did not release the prior notification corresponding to the three audits-controls of requests #1 and #2.
Yours faithfully,
Mr. Akis NASTAS
Dear Mr Nastas,
Thank you for your /e-mail dated 17/10/2013, registered on 25/10/2013. I
hereby acknowledge receipt of your confirmatory application for access to
documents (ref.: Ares(2013)3340916 – gestdem 2013-3773).
In accordance with Regulation 1049/2001 regarding public access to
European Parliament, Council and Commission documents, you will receive a
response to your request within 15 working days (18/11/2013).
Yours sincerely,
Paul SIMON
European Commission - Secretariat General
Unit SG.B.5, Transparency
Dear Mr. Nastas,
Kindly find herewith a letter concerning your confirmatory application for
access to documents (GESTDEM 2013/3773).
Yours sincerely,
BLURIOT-PUEBLA Madeleine
Cellule 'Accès aux documents'
European Commission
SG/B/5 - Transparence
BERL 05/330
B-1049 Brussels/Belgium
+32 2 296 09 97
[1][email address]
References
Visible links
1. mailto:[email address]
Dear Mr Nastas,
Kindly find herewith a letter concerning your confirmatory application for
access to documents (gestdem 2013/3773).
Yours sincerely,
Carlos Remis
SG.B.5.
Transparence.
Berl. 05/329.
Dear Communications Networks, Content and Technology (CNECT),
This email concerns the confirmatory application under Regulation 1049/2001 GestDem 2013/3773. It is to be forwarded to the Transparency Unit.
************
Dear member of the staff of the Transparency Unit,
I refer to the letter Ares(2013)3680761 - 09/12/2013 concerning GestDem 2013/3773 http://www.asktheeu.org/en/request/686/r....
According to asktheeu.org, neither the reply to the confirmatory application had been provided nor since 9/12/2013 did the Transparency Unit inform me about the status of the reply.
I would therefore be obliged if the Transparency Unit would let me know the status of the reply to the confirmatory application.
Yours faithfully,
Mr. Akis NASTAS