Internal audits of DG INFSO & DG RTD in 2011, FP6 & FP7, personal data protection

La solicitud fue parcialmente exitosa.

Dear Internal Audit Service (IAS),

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

The requested documents concern the documents the DG IAS drew up in the context of the DG IAS auditing activities regarding:

1. DG INFSO's Control Strategy for on-the-spot control and fraud prevention and detection

2. DG RTD's Control Strategy for on-the-spot control and fraud prevention and detection

The DG IAS auditing activities in question are referred to in pages 13-16 of the Commission Staff Working Paper SWD(2012) 283 final of 28.9.2012, link http://www.europarl.europa.eu/meetdocs/2...

The application concerns the release of the following DG IAS drawn up documents:

I. DG INFSO's Control Strategy for on-the-spot control and fraud prevention and detection.

R1. The documents DG IAS dispatched to DG INFSO about the preparation of the field audit activities.

R2. The meeting minutes of meetings between DG IAS and DG INFSO

R3. The note(s) to file of DG IAS

R4. The DG IAS final audit report of DG INFSO

R5. The ‘statement of contents’ of the DG IAS audit file within the meaning of the Case of the General Court T-437/08, CDC Hydrogene Peroxide v Commission

II. DG RTD Control Strategy for on-the-spot control and fraud prevention and detection.

R6. The documents DG IAS dispatched to DG RTD about the preparation of the field audit activities.

R7. The meeting minutes of meetings between DG IAS and DG RTD

R8. The note(s) to file of DG IAS

R9. The DG IAS final audit report of DG RTD

R10. The ‘statement of contents’ of the DG IAS audit file within the meaning of the Case of the General Court T-437/08, CDC Hydrogene Peroxide v Commission

******

OVERRIDING PUBLIC INTEREST

The premise of the overriding public interest is that when administrative departments of the European Commission have adopted “policies”, “acts” and “measures” directly aiming at disregarding the fundamental right of personal data protection, and in doing so they have seriously infringed Regulation No 45/2001, Commission Decision 597/2008 and the Staff Regulations, then the public deserves full access to internal Commission documents shedding light into the illegalities. Such access serves two important purposes: (i) it allows to establish compliance with legality or lack thereof; (ii) by exposing into the full public view the main culprits, the full disclosure will likely have a pedagogical and dissuasive effect to other Commission officials, who in the future will hopefully think twice before going down the road of illegalities of the kind of DG INFSO and DG RTD. The illegalities in question are briefly set out below.

The on-the-spot controls of DG INFSO and DG RTD are marred by grave breaches of Regulation No 45/2001 that reached the point of including two false declarations in the prior notifications of article 25 of Regulation No 45/2001 DG INFSO DPO-3338.1 and DG RTD DPO-3398.1, in particular the statements:

a) "This processing has been submitted to the EDPS who concluded that Article 27 is not applicable."
b) "3. Sub-Contractors —"

DG IAS is kindly referred to the applications pursuant to Regulation No 1049/2001

- GestDem 2013/3349, http://www.asktheeu.org/en/request/finan...

- GestDem 2013/3351, http://www.asktheeu.org/en/request/perso...

from which it is manifestly evident the deceitful nature of DG RTD DPO-3398.1 and the illegalities of the DG RTD external financial audits. Since DG INFSO DPO-3338.1 and DG RTD DPO-3398.1 are essentially identical, this proves the corresponding illegalities of DG INFSO.

The first specific justification of the overriding public interest concerns DG IAS itself. The above illegalities give rise to a host of questions about the extent to which in the context of its internal auditing activities DG IAS (i) had suspected or realised the illegalities of DG INFSO and DG RTD of their “on-the-spot control and fraud prevention and detection” and the “policy”, “acts” and “measures” of those administrative departments, and (ii) whether in case DG IAS had indeed spotted anything "unusual" what exactly DG IAS did about it by informing the competent “bodies” within the Commission.

The second specific justification of the overriding public interest concerns DG INFSO – DG CNECT and DG RTD. The DG IAS requested documents might shed light into the working “factories” of DG INFSO and DG RTD that have been carried out the external financial audits (i.e. the Audit Units) and their internal “methods” of disregarding legality, including “twisting the arms” FP6 contractors and FP7 beneficiaries by “obliging” them in risk-based audits to hand over personal data of third parties to the audited FP6 & FP7 projects in contravention of the national data protection legislation and Regulation No 45/2001.

While this request might seem aggressive and disrespectful, the applicant wishes to emphasise that the very application and its tenor are solely inspired by the very conduct of DG RTD and DG INFSO and the need to make a clear case for an overriding public interest.

Therefore, DG INFSO and DG RTD have nothing but themselves to blame. In this respect, those two administrative departments are to be reminded that nobody will even contemplate to question the legality of Directorates-General like DG AGRI, DG MARK, DG SANCO and DG COMP, simply because their track record inspires the utmost confidence about their adherence to legality and a conduct commensurate of an administrative department of the guardian of the Treaties.

DG IAS might find that it has been caught in some sort of a “cross-fire” between applicants and the Research DGs, but an internal auditor of an Institution does not exactly have a free hand to turn a blind eye to flagrant disregard of legality of the auditee – administrative department. When the Research DGs were making references to IAS 240 and its “adoption” in their risk-based audits and DG IAS was nodding in approval, DG IAS was indirectly acknowledging that it ought to check the legality of the auditing techniques of the Research DGs. The “cross-fire” is therefore a mere consequence of the DG IAS “nodding”.

Yours faithfully,

Mr. Tasos Ntetsikas

EC ARES NOREPLY, Servicio de Auditoría Interna

Link: [1]File-List
Link: [2]Edit-Time-Data
Link: [3]themeData
Link: [4]colorSchemeMapping

Sent by COSTA BENTO Mario (IAS) <[email address]>. All
responses have to be sent to this email address.
Envoyé par COSTA BENTO Mario (IAS) <[email address]> .
Toutes les réponses doivent être effectuées à cette adresse électronique.

Dear Mr. Ntetsikas,

 

Thank you for your e-mail  dated 18/10/2013.  We hereby acknowledge
receipt of your application for access to documents, which was registered
on 21/10/2013 under reference number GestDem 2013/5195.

 

In accordance with Regulation (EC) No 1049/2001 regarding public access to
European Parliament, Council and Commission documents, your application
will be handled within 15 working days. The time limit will expire on
12/11/2013. In case this time limit needs to be extended, you will be
informed in due course.

 

Yours faithfully

 

Mário Costa Bento

Document Management Officer
[5]logo CE

European Commission

Internal Audit Service - IAS.A.1
Phone: 85291
[6]http://ec.europa.eu/dgs/internal_audit/i...
Please consider the environment before printing this e-mail

 

References

Visible links
1. file:///tmp/cid:filelist.xml@01CECE43.DCEF8B20
2. file:///tmp/cid:editdata.mso
3. file:///tmp/~~themedata~~
4. file:///tmp/~~colorschememapping~~
6. http://ec.europa.eu/dgs/internal_audit/i...

EC ARES NOREPLY, Servicio de Auditoría Interna

7 Adjuntos

Veuillez trouver ci-joint le document Ares(2013)3460291 concernant "Request for access to IAS documents No 2013/5195 of 21/10/2013" envoyé par M/Mme TAVERNE Philippe le 12/11/2013.

Please find attached document Ares(2013)3460291 regarding "Request for access to IAS documents No 2013/5195 of 21/10/2013" sent by Mr/Ms TAVERNE Philippe on 12/11/2013.

-------------------------------------------------------------------------------------------------------------
Note: This e-mail was automatically generated by the European Commission's central mail registration system.
Replies by e-mail must be addressed to the original sender TAVERNE Philippe (mailto:[email address]).
Remarque : Cet e-mail a été généré automatiquement par le système d'enregistrement central du courrier de la Commission européenne.
Toute réponse éventuelle par e-mail doit être adressée à l'expéditeur en personne, à savoir TAVERNE Philippe (mailto:[email address]).

Dear Internal Audit Service (IAS),

This is a confirmatory application that is to be forwarded to the Secretariat-General.

*******************

Dear Secretariat-General

Pursuant to article 7(2) of Regulation 1049/2001 a confirmatory application is respectfully submitted for requests R.2, R.3, R.5, R.7, R.8 and R.10.

I. EXCEPTIONS DG IAS RELIED ON TO REFUSE ACCESS

This chapter analyses the two provisions of article 4 of Regulation 1049/2001 on which DG IAS relied upon to justify its total refusal.

I.1. ARTICLE 4(1)(A) FORTH INDENT – IRRELEVANCY OF ‘FINANCIAL INTERESTS’

In so far DG IAS quoted “the institutions shall refuse access to a document where disclosure would undermine the protection of the public interest as regards [...] the financial [...] policy of the Community [...]”, it must be concluded that DG IAS relied on article 4(1)(a) fourth indent “protection of the public interest of the financial policy”. The areas of monetary policy and economic policy must be excluded from any consideration as not being applicable, not even remotely.

Since DG IAS stated “b) protection of the financial interests of the EU”, and then relied on the provision about the “financial policy”, it is evident that the DG IAS reasoning is a huge leap of logic. Even a first-year student of economics or law would be able to distinguish between the two of them.

Consequently, DG IAS erred in law in so far it appears it relied on article 4(1)(a) fourth intent.

I.2. ABSENCE OF THE ‘FINANCIAL INSTRESTS’ FROM THE DG IAS AUDIT MANUALS

In the application GestDem 2013/3786 DG IAS fully disclosed the DG IAS Audit Manual and all annexes thereto. Even a quick reading of the Audit Manual concerning the European Commission, http://www.asktheeu.org/en/request/688/r..., reveals that the notion of the ‘financial interest’ is not found anywhere in the approach and methodology of the DG IAD audits.

Therefore, it must be concluded that the introduction of the notion of ‘financial interests’ into the initial response, whereas this notion is completely absent from the DG IAS Audit Manuals, is an arbitrary and baseless reasoning that does not exist in DG IAS’ own approach of the audit methodology and tasks. Consequently, the ‘innovation’ of the ‘financial interests’ to refuse total access is to be regarded as an error in law.

I.3. ARTICLE 4(3) THIRD INDENT – PURPOSES OF AUDITS

DG IAS relied on that provision to refuse total access to documents under requests R.2, R.3, R.5, R.7, R.8 and R.10. The next paragraphs argue that the DG IAS reasoning defies logic to an astonishing extent.

DG IAS performs internal audits only, from which it follows that third parties can bear no influence or pressure to the auditee and the auditor. In other words, future DG IAS audits of administrative departments about the management and execution of research programmes (FP7, Horizon 2020) will be entirely internal affairs. DG RTD and DG CNECT have full access to the documents DG IAS refused to disclose. Whether or not documents at issue are accessible to the public cannot and will not affect future DG IAS audits, because no third parties will be involved in such audits, not even remotely.

In view of the above, the DG IAS claim “Moreover, public access to the documents requested would reveal the IAS audit methodology, which in consequence could compromise IAS future audit work, resulting in a negative impact on the budget of the EU and reducing the overall effectiveness of its internal audit capacity” is completely erroneous because:

- DG IAS has fully disclosed its Audit Manuals

- The disclosure of the withheld documents can in no way affect the effectiveness of the internal audit capacity.

It can must therefore be concluded that the DG IAS logic is entirely meaningless in so far article 4(3) third indent ‘purposes of audits’ is concerned.

I.4. NO REASONABLY FORESEEABLE RISK

The Courts of the Union have consistently held that the risk of undermining the interests protected by article 4(2) must be reasonably foreseeable and not merely hypothetical. DG IAS has argued in support of manifestly non-existent risks.

I.5. CONCLUSIONS

The above arguments have completely refuted the DG IAS arguments on the basis of which DG IAS totally refused access to the documents under requests R.2, R.3, R.5, R.7, R.8 and R.10.

II. DG IAS REAL MOTIVES IN UNJUSTIFIABLY REFUSING ACCESS

The applicant respectfully suggests that the real reason of the DG IAS refusal is to avoid the release of documents, which will prove that DG IAS relied on personal data unlawfully in the possession of DG RTD and DG INFSO in order to drawn up the audit reports.

In the interests of brevity the applicant will merely refer to what several other applicants have pointed in asktheeu.org out about the two false statements of the prior notifications DG ENTR DPO-3334.1, DG INFSO DPO-3338.1, DG RTD DPO-3398.1 and DG MOVE DPO-3420.1 and their non-existent legal basis. Such illegalities are a loud statement of the gravely illegal personal data processing.

The DG IAS internal audits of DG RTD and DG INFSO have relied on the personal data of third parties to the audited projects, which DG RTD and DG INFSO have processed in their audit reports. It is impossible for DG IAS to establish any finding about the DG RTD and DG INFSO financial management (e.g. regularity of transactions) without DG IAS not being dragged into further illegal processing of personal data.

III. OVERRIDING PUBLIC INTEREST

Since more than half of the initial application is about the overriding public interest argument, it is obvious the applicant has put to DG IAS such a line of reasoning. The DG IAS response “However, at this stage the IAS has not identified any arguments to demonstrate the overriding public interest within the meaning of that Regulation” has manifestly ignored that reasoning. The response is simply a stereotype, without the slightest indication that DG IAS considered the argument.

The astonishing and totally groundless reasoning to totally refuse access to the documents under requests R.2, R.3, R.5, R.7, R.8 and R.10 lends further support to the overriding public interest to disclose the documents, such that the illegalities of DG IAS are scrutinised.

IV. CONFIRMATORY APPLICATION

As stated above, the confirmatory application concerns the documents under requests R.2, R.3, R.5, R.7, R.8 and R.10.

Yours faithfully,

Mr. Tasos Ntetsikas

Servicio de Auditoría Interna

Dear Sir,

Thank you for your email dated 02/12/2013.

We hereby acknowledge receipt of your confirmatory application for access to documents, which was registered on 03/12/2013 under reference number GestDem 2013/3786 – Ares(2013) 3629462.

In accordance with Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents, your application will be handled within 15 working days.

The time limit will expire on 03/01/2014. In case this time limit needs to be extended, you will be informed in due course.

Yours faithfully,

Carlos Remis
SG.B.5.
Transparence.
Berl. 05/329.

mostrar partes citadas

Servicio de Auditoría Interna

Dear Sir,

It seems that we have given a wrong reference to your confirmatory request. Instead of reference GestDem 2013/3786, please read GestDem 2013/5195.

As a general rule, we would advise you to identify the Gestdem references in each mailing to the European Commission regarding an access to documents.

Kind regards,
Priscille Schiltz
European Commission
SG B5 - Transparency, 'Access to documents'

mostrar partes citadas

Dear Internal Audit Service (IAS),

Please forward this to the Transparency Unit

**************

Dear Transparency Unit,

Referring to your email of 5 December, I would like to clarify the following points:

1. The reference to 'GestDem 2013/3786' in the first paragraph of section I.2 of the confirmatory application is about another application of a third applicant (not the undersigned). That paragraph argues that DG IAS had released in GestDem 2013/3786 its audit manual, and therefore the argument justifying the totally withheld documents of GestDem 2013/5195 is highly inconsistent with the full transparency-disclosure of GestDem 2013/3786.

2. The confirmatory application does not have a reference at all about GestDem 2013/5195. I felt that it was not absolutely necessary to quote it.

3. For the sake of full clarity, in the future I will follow the recommendation of the Transparency Unit and quote the GestDem reference number in the confirmatory application.

Yours faithfully,

Mr. Tasos Ntetsikas

Servicio de Auditoría Interna

2 Adjuntos

Dear Mr Ntetsikas,

Kindly find the answer to your confirmatory application concerning your
request for access to documents pursuant to Regulation (EC) N° 1049/2001
regarding public access to European Parliament, Council and Commission
documents (Gestdem 2013/5195).
Yours sincerely,
Carlos Remis
SG.B.5.
Transparence.
Berl. 05/329.
 
 
 
 
 
 
 

 
 
 

Dear Internal Audit Service (IAS),

Please forward this email to the Transparency Unit of the Secretariat-General. It concerns the confirmatory application under Regulation No 1049/2001 GestDem 2013/5195.

************

Dear Madam/Sir,

I refer to GestDem 2013/5195 and the letter Ares(2013)3771270 - 19/12/2013 extending the time-limit to the 24th of January 2014 http://www.asktheeu.org/en/request/912/r....

The asktheueu.org website indicates that the Secretariat-General has not dispatched either the reply or a notification of a further extension of the time-limit.

I would be obliged if the Transparency Unit would let me know the time-frame of replying to the confirmatory application.

Yours faithfully,

Mr. Tasos Ntetsikas

Servicio de Auditoría Interna

Dear Mr Ntetsikas,

I refer to your message of 29 January copied below.

We regret that the treatment of your confirmatory request has known some delay, due inter alia to the large scope of your request and the need to consult other Commission services.

However, I am pleased to inform you that a draft decision has now been submitted to our Legal Service, and that once the Legal Service opinion has been received the draft decision will be submitted to our hierarchy (Head of Unit, Director, Deputy Secretary-General and Secretary-General) for approval.

This process may still take up to two/three weeks.

Please be assured however that we have tried - and will continue to do so - our utmost to provide you with a reply within the shortest possible deadlines.

We hope that the delay in the treatment of your application has not caused too much inconvenience to you.

Thank you again for your patience.

Kind regards,
European Commission
Secretariat General
Unit B4 "Transparency"

mostrar partes citadas

Servicio de Auditoría Interna

1 Adjuntos

Dear Mr Ntetsikas,

 

I refer to our earlier correspondence about your request registered under
number Gestdem 2013/5195.

 

I am pleased to inform you that our Legal Service has now approved our
draft decision, and that the draft will be submitted to our hierarchy
(Head of Unit, Director, Deputy Secretary-General and Secretary-General)
for approval.

 

You may therefore expect a confirmatory decision within the coming days.

 

Thank you again for your patience.

 

Kind regards,

 

Carlos Remis
SG.B.4.
Transparence.
Berl. 05/329.

 

 

Servicio de Auditoría Interna

2 Adjuntos

 
Dear Mr Ntetsikas,

Kindly find the answer to your confirmatory application concerning your
request for access to documents pursuant to Regulation (EC) N° 1049/2001
regarding public access to European Parliament, Council and Commission
documents (Gestdem 2013/5195).
Yours sincerely,
Carlos Remis
SG.B.4
Transparence.
Berl. 05/329.