DG RTD instructions to audit firms to process personal data, FP6 & FP7 Audit Manuals, overriding public interest
Dear Research and Innovation (RTD),
Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:
I. INTRODUCTION
The present application concerns the external financial audits of DG RTD, in the context of which DG RTD has expressly instructed its external contractors – audit firms – to process personal data of third parties.
For the purposes of understanding the present application, the applicant refers to the application GESTDEM 3654-2013. In that application - registered on 12/7/2013 – DG RTD partially released in the initial response of 8/11/2013 - among several documents – the FP6 Audit Process Manual and the FP7 Audit Process Manual. The undersigned will lodge a confirmatory application arguing that the exceptions of Regulation 1049/2001 DG RTD relied upon to withhold parts of the two Manuals do not apply at all.
The single most important aim pursued by application GESTDEM 3654-2013 is the release of documents, parts of which show the concealed policy of DG RTD to disregard Regulation 45/2001. In the confirmatory application GESTDEM 2013-3349 -
http://www.asktheeu.org/en/request/finan... - another applicant provided what appears to be the expunged parts of the partially released in GESTDEM-2013 – 3654 FP6 Audit Manual - Guidelines to on-the-spot financial audits on FP6 Contracts. It is self-evident that the expunged parts of the FP6 Audit Manual not only are not covered by the exceptions of Regulation 1049/2011 relied upon to justify the partial release, but they also prove the DG RTD concealed policy of massively infringing Regulation 45/2001.
It must thus be concluded that insofar the aforementioned pursued aim is concerned, DG RTD will continue its practices to unlawfully refuse the full release of the requested documents.
Yet, the DG RTD practices of unlawful refusals to fully released the documents in question are doomed to fail. All it will take is a mere changing of the framing of the applications pursuant to Regulation 1049/2001. This is precisely what the present application does.
II. APPLICATION
The application concerns documents held by DG RTD and dispatched to every single external contractor – audit firm of DG RTD from 1/1/2005 onwards laying down the instructions, directions, and guidelines of DG RTD to process personal data in the context of the external financial audits of FP6 contractors and FP7 beneficiaries. It also specifically includes the subcontractors of the signatories of the Framework Contracts such as Kypris & Associates (Greece), Littlejhoon (U.K.), GDA (Italy), KPMG Greece, and the audit firms that conducted external financial audits in non-EU Member States like Israel, Norway, and Switzerland.
The present application requests the full release of the parts of documents held by DG RTD as defined below:
1. Concerning the FP6 Audit Manuals (several documents), the parts of the documents laying down the instructions, directions, and guidelines, or equivalent, of DG RTD to the audit firms to process personal data in the context of the external financial audits of FP6 contractors and FP7 beneficiaries
2. Concerning the FP7 Audit Manuals (several documents), the parts of the documents laying down the instructions, directions, and guidelines, or equivalent, of DG RTD to the audit firms to process personal data in the context of the external financial audits of FP6 contractors and FP7 beneficiaries
3. The cover letters – or equivalent - accompanying the dispatch of the documents under (1) & (2) above.
4. The documents – or parts thereof – with which DG RTD imposed to the audit firms – signatories of the Framework Contracts - ‘security’ constraints and limitation as regards to the confidentiality of the FP6 and FP7 Audit Manuals. An example of such constrains and limitations might be (i) the limited and controlled disclosure of the documents to staff of the audit firm, and (ii) the prohibition of disclosure to third parties without the prior written consent of DG RTD.
5. The documents – or parts thereof – with which DG RTD imposed to the subcontractors of audit firms – signatories of the Framework Contracts - ‘security’ constraints and limitation as regards to the confidentiality of the FP6 and FP7 Audit Manuals. An example of such constrains and limitations might be (i) the limited and controlled disclosure of the documents to staff of the audit firm, and (ii) the prohibition of disclosure to third parties without the prior written consent of DG RTD.
6. The DG RTD internal documents – or parts thereof – analysing and establishing the ‘recommendations’ and ‘requirements’, or equivalent, of the International Standards on Auditing, according to which DG RTD was entitled to instruct and direct the external contractors – audit firms to process the personal data of third parties to the audited FP6 contracts and FP7 grant agreements.
7. The DG RTD internal documents– or parts thereof – analysing and establishing that according to Regulation 45/2001, Commission Decision 597/2008 of 3/6/2008, and Directive 95/46/EC, it has been lawful to instruct and direct the external contractors – audit firms to process the personal data of third parties to the audited FP6 contracts and FP7 grant agreements.
III. OVERRIDING PUBLIC INTEREST
It is patently obvious that all requested documents are subject to an overriding public interest, first, because they are directly concerned with the fundamental right of personal data protection, and second, because they are necessary to scrutinise the lawfulness of the DG RTD policies as regards the contractually provided external financial audits and their compliance with Union and national law.
Yours faithfully,
Mr. Sifis RAPTIS
Dear Sir,
Thank you for your e-mail dated 10/11/2013. We hereby acknowledge receipt
of your application for access to documents, which was registered on
12/11/2013 under reference number GestDem 2013/5621.
In accordance with Regulation (EC) No 1049/2001 regarding public access to
European Parliament, Council and Commission documents, your application
will be handled within 15 working days. The time limit will expire on
3/12/2013. In case this time limit needs to be extended, you will be
informed in due course.
Yours faithfully,
Silvia BOJINOVA
Head of Unit
[1]cid:image001.png@01CDF26F.EF7D9990
European Commission
DG Research & Innovation
R5
ORBN 09/151
B-1049 Brussels/Belgium
+32 229-85891
[2][email address]
[3]http://ec.europa.eu/research
References
Visible links
2. mailto:[email address]
3. http://ec.europa.eu/research
Dear Mr Raptis,
We refer to your e-mail dated 10/11/2013 in which you make a request for
access to documents, registered on 12/11/2013 under the above mentioned
Gestdem reference number.
Your application is currently being handled. However, we will not be in a
position to complete the handling of your application within the time
limit of 15 working days, which expires on 03/12/2013.
An extended time limit is needed in order to contact our relevant services
to ensure the widest possible treatment of your application.
Therefore, we have to extend the time limit with 15 working days in
accordance with Article 7(3) of Regulation (EC) No 1049/2001 regarding
public access to documents. The new time limit expires on 03/01/2014.
We apologise for this delay and for any inconvenience this may cause.
Yours faithfully,
Silvia BOJINOVA
Head of Unit
[1]cid:image001.png@01CDF26F.EF7D9990
European Commission
DG Research & Innovation
R5
ORBN 09/151
B-1049 Brussels/Belgium
+32 229-85891
[2][email address]
[3]http://ec.europa.eu/research
References
Visible links
2. mailto:[email address]
3. http://ec.europa.eu/research
Dear Mr Raptis,
We refer to your email dated 10/11/2013 in which you make a request for
access to documents, registered on 12/11/2013 under the above mentioned
Gestdem reference number.
Please see attached the reply of the Directorate-General for Research and
Innovation.
Please also kindly note that you will receive the remaining documents in a
second email.
Yours faithfully,
Liliane DE WOLF
Head of Unit
[1]cid:image001.gif@01CF108E.79E78450
European Commission
DG Research & Innovation
J1 Common Legal Support Service
ORBN 01/037
1049 Brussels/Belgium
+32 229-61073
[2][email address]
[3]http://ec.europa.eu/research
References
Visible links
2. mailto:[email address]
3. http://ec.europa.eu/research
Dear Mr Raptis,
Further to our previous email, please see attached the corresponding
documents to your request.
Yours faithfully,
Liliane DE WOLF
Head of Unit
[1]cid:image001.gif@01CF108E.79E78450
European Commission
DG Research & Innovation
J1 Common Legal Support Service
ORBN 01/037
1049 Brussels/Belgium
+32 229-61073
[2][email address]
[3]http://ec.europa.eu/research
References
Visible links
2. mailto:[email address]
3. http://ec.europa.eu/research
Dear Research and Innovation (RTD),
Pursuant to article 7(2) of Regulation (EC) No 1049/2001 (hereafter ‘the Regulation’) a confirmatory application is respectfully submitted.
According to the Commission Decision 937/2001 published in the OJ L 345/94 of 29/12/2001 the Secretariat-General will assume the responsibility to handle it and therefore it is to be transferred to it.
1. INITIAL REPLY FOR REQUESTS #1 & #2
These two requests concern very specific the parts of the FP6 and FP7 audit manuals, namely ‘the parts of the documents laying down the instructions, directions, and guidelines, or equivalent, of DG RTD to the audit firms to process personal data in the context of the external financial audits of FP6 contractors and FP7 beneficiaries’.
Yet DG RTD manifestly disregarded this most essential feature of these two requests.
1.1. Ares reference numbers of year 2013
The released FP6 audit manual (drawn up on 16/9/2006) bears the reference number Ares(2013)1155057 - 16/05/2013, and the FP7 audit manual bears too an Ares reference number of year 2013. Such Ares reference numbers show that the two documents were dispatched by the Commission services to a third party, perhaps released under another application under Regulation No 1049/2001.
That DG RTD granted access to documents with Ares reference numbers and dates seven months older than the initial reply is a proof that DG RTD did not properly discharge its obligations under the first stage of the administrative procedure of Regulation No 1049/2001.
1.2. Instructions to process personal data in the FP6 manual – effective full disclosure in GestDem 2013/3349
The FP6 audit manual expressly instructs and directs audit firms to process personal data of third parties to the audited projects, which is in itself a grave infringement of numerous provisions of Regulation No 45/2001.
The content of the FP6 manual is essentially lawfully in the public domain. More specifically, in the confirmatory application under Regulation No 1049/2001 GestDem 2013/3349 of 16/10/2013 http://www.asktheeu.org/en/request/finan... another applicant had quoted the expunged parts of the FP6 audit manual DG RTD had disclosed on 25/9/2013 as annex to the initial reply. In the reply to the confirmatory application GestDem 2013/3349 Ares(2014)6510 - 06/01/2014 http://www.asktheeu.org/en/request/581/r... the Secretariat-General confirmed the authenticity of the parts of the FP6 manual that applicant had quoted in the confirmatory application. That applicant wrote on 26/1/2014 to the Secretariat-General requesting the granting of full access to the FP6 manual in the light of all that transpired in GestDem 2013/3349 http://www.asktheeu.org/en/request/finan....
It is self-evident that pages 16 – 18 of the FP6 audit manual are express instructions to audit firms to process personal data of third parties to the audited FP6 projects, under circumstance in which Directive 95/46/EC and Regulation No 45/2001 are automatically infringed upon.
DG RTD had an absolute obligation to release the parts of the manual with the instructions and directions in question, but it chose to unlawfully refuse access in order to conceal its unlawful policy of the Research DGs to process personal data.
1.3. Instructions to process personal data in the FP7 manual
It must be inferred that DG RTD did not grant access to the parts of the FP7 manual in the same way that it did so for the FP6 manual.
2. SERIOUS INFRINGEMENT OF ARTICLE 4(1)(A) FOURTH INDENT OF REGULATION No 1049/2001
It is pointed out from the outset that the arguments of DG RTD that the withheld parts of the FP6 & FP7 audit manuals are protected on the grounds of the PUBLIC INTEREST as regards the FINANCIAL POLICY of the Union are UNWORTHY of an Institution that is the guardian of the treaties. This is briefly explained below.
(i) An external financial audit pursuant to the provisions of a private law contract (i.e. FP6.II.29 and FP7.II.22) is a mere contractual measure. According to the Commission’s pleadings before the General Court, and also the Judgments of that Court, in such a context the Commission is not relying on its prerogatives as a public authority. Even though the Union’s financial contribution granted to a FP6-FP7 research project is motivated by a general public interest, the legal relationship between the participant-auditee and a Research DGs is solely governed by a few Regulations and the legal principles applicable to private law contracts (e.g. contracts are executed in good faith). Consequently, a methodology (i.e. the manuals) about the application of contractual measures (i.e. an audit) has nothing to do with the financial policy of the Union.
(ii) The public interest is manifestly and seriously harmed by a policy entailing grave infringement of numerous provisions of Regulation No 45/2001. It is wholly inconsistent - also hypocritical to an extreme degree - to rely on the public interest to refuse full access in these particular conditions.
(iii) Since the FP6 audits have ended, invocation of the article 4 exceptions borders the absurd to refuse full access, and infinitely more so for the parts of the FP6 manual setting out the concealed policy of gravely infringing Directive 95/46/EC and Regulation No 45/2001.
(iv) The argument that disclosure of the manuals would disclose information enabling auditees to ‘pre-empt the audit by making adaptations to accounting and supporting documentation’ is entirely divorced from reality. Eligible costs are those found in the statutory accounts of the beneficiary; fiddling with such accounts for the purposes of a FP6-FP7 audit will automatically incur liabilities of the auditee under the tax and company law, which is a far more serious misconduct by the auditee. Save fraudulent beneficiaries, no auditee would be prepared to fiddle with statutory accounts.
(v) The purported risks of the manuals will be exploited by ‘rogue’ beneficiaries is non-existent in the first place. Given the 50% audit coverage target of the Research DGs, meaning that audits are a ‘normal’ and not exceptional, it cannot be argued that the FP6 & FP7 manuals were indented to discover fraud, because the frequency of fraud in 50% of the projects must be presumed as pretty low. The error rate established from audits was in the order of 5%, which means that fraud is likely to be less than 0.5% in terms of financial impact.
3. SERIOUS INFRINGEMENT OF ARTICLE 4(2) THIRD INDENT OF REGULATION No 1049/2001
This article protects audits pursuant to the exercise of the prerogatives of a public authority. The OLAF on-the-spot checks and the DG COMP investigations for anti-competitive conducts are prime examples.
The FP6 & FP7 audits are mere contractual measures. There are several fundamental features of the audits proving it, some of which are given below.
(i) Approximately 80% of the audits were conducted by audit firms. Article 57(2) of the Financial Regulation No 1605/2002 (as amended) expressly prohibits audit firms to exercise discretionary powers of judgment in an audit. Consequently, audits are not an exercise of the prerogatives of a public authority.
(ii) The EU Courts have consistently held that Regulation No 2188/95: (1) is of a general nature and applies to all areas of the Union’s financial interests; (2) the 4-year limitation of article 3 precludes any act of the Institution to request the reimbursement of unduly paid Union funds. There is no deviation from the 4-year limit.
(iii) FP6 & FP7 audits may be performed 5 years after the end of the research project (as defined in Annex I). The 5-year limitation is possible precisely because Regulation No 2188/95 is not applicable to such audits. Consequently, the audits cannot be considered as an exercise of the prerogatives of a public authority.
(iv) The EU Courts have consistently held that the essence of an act or a measure is not determined by the words describing it, but solely on its substance. Therefore, the FP6 and FP7 audits are mere contractual measures.
The above compelling arguments imply that article 4(2) third indent does not apply to the FP6 & FP7 manuals.
4. WHOLLY INADEQUATE SEARCH FOR DOCUMENTS UNDER REQUEST #3
Request #3 is framed is a wide context. It is not restricted to letter, but includes emails, notes to file, and meeting minutes (e.g. handing over of the manuals on the occasion of a meeting between Commission officials and an audit firm).
It is respectfully suggested that DG RTD did not carry out a diligent search for documents.
In the event that the confirmatory application states that no documents are held, then the unavoidable consequence is that in the reply to the confirmatory application the Secretariat-Genera will have to either expressly admit that DG RTD was recklessly negligent with the handling of documents protected by a articles 4(1)(a) fourth indent and 4(2) third intend, or fully release the two audit manuals. There is absolute dichotomy between those two alternatives.
5. RECKLESS DISREGARD OF DUTY TO ADVISE THE AUDIT FIRMS ABOUT THE SENSITIVITY OF THE AUDIT MANUALS
If the DG RTD position is to be accepted – i.e. that extensive parts of the two audit manuals are protected by article 4(1)(a) fourth indent and 4(2) third indent – then the initial reply to requests #4 - #8 (no documents are held) means that DG RTD neither imposed to the audit firms a restriction on the disclosure of the manuals nor did it notify them that parts of the documents are subject to the restrictions of articles 4(1)(a) fourth indent and 4(2) third intend.
Consequently, either DG RTD was recklessly negligent into how it provided copies thereof to the audit firms without any warning of their confidential status, or DG RTD did not consider the manuals are being worthy of any special confidentiality protection. In either alternative, such conduct does not tell in favour of the DG RTD position that the manuals are not to be fully disclosed.
6. OVERRIDING PUBLIC INTEREST
Firstly, the applicant incorporates by reference the arguments set out in the initial application.
Secondly, that DG RTD did not grant access to the parts of the audit manuals instructing audit firms to process personal data PROVES that DG RTD is only interested in avoiding the further disclosure of information about the policy of the Research DGs to gravely infringe numerous provisions of Directive 95/46/EC Regulation No 45/2001. The scrutiny of this gravely unlawful policy constitutes the rationale of the overriding public interest.
7. CONFIRMATORY APPLICATION
It concerns all seven requests of the initial application.
The rationale concerning requests #4- #7 is the following: Due to the probable inadequate DG RTD search for documents under request #3, DG RTD might have not been diligent in its search for these 4 requests.
Yours faithfully,
Mr. Sifis RAPTIS
Dear Sir,
Thank you for your email dated 31/01/2014.
We hereby acknowledge receipt of your confirmatory application for access to documents, which was registered on 31/01/2014 under reference number GestDem 2013/5621 – Ares(2014) 228291.
In accordance with Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents, your application will be handled within 15 working days.
The time limit will expire on 21/02/2014. In case this time limit needs to be extended, you will be informed in due course.
Yours faithfully,
Carlos Remis
SG.B.4
Transparence.
Berl. 05/329.
Dear Mr Raptis,
Kindly find the answer to your confirmatory application concerning your
request for access to documents pursuant to Regulation (EC) N° 1049/2001
regarding public access to European Parliament, Council and Commission
documents (Gestdem 2013/5621).
Yours sincerely,
Carlos Remis
SG.B.4.
Transparence.
Berl. 05/329.