Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Wholesale energy market integrity and transparency

2010/0363(COD)

OPINION OF THE EUROPEAN DATA PROTECTION SUPERVISOR on the proposal for a Regulation of the European Parliament and of the Council on energy market integrity and transparency

The Commission did not consult the EDPS, and acting on his own initiative, the EDPS adopts this Opinion based on Article 41(2) of Regulation. (EC) No  45/2001.

The main aim of the Proposal is to prevent market manipulation and insider trading on wholesale energy (gas and electricity) markets. In particular, the proposed rules prohibit the following:

  • use of inside information when selling or buying energy at the wholesale market level; exclusive and price sensitive information should be disclosed before trading can take place;
  • transactions that give false or misleading signals about the supply, demand or prices of wholesale energy market products, and
  • distributing false news or rumours that give misleading signals about these products.

Market monitoring at the European level to uncover possible infringements of these prohibitions will be the responsibility of the European Agency for the Cooperation of Energy Regulators (the ‘ACER’).

Pursuant to the proposal, the ACER will have timely access to information on the transactions taking place on wholesale energy markets. This includes information on price, quantity sold and the parties involved. This bulk data will also be shared with national regulators that will then be responsible for investigation of suspected abuses. In cases with a cross-border impact, the ACER will have the power to coordinate investigations. National regulatory authorities in Member States will enforce penalties.

The Proposal contains several provisions relevant to the protection of personal data:

  • Articles 6 to 8 on market monitoring and reporting;
  • Article 9 on ‘data protection and operational reliability’;
  • Articles 10 and 11 on investigation and enforcement; and
  • Article 14 on ‘relations with third countries’.

In view of these factors, the EDPS makes the following recommendations:

Market monitoring and reporting: the proposed Regulation should clearly specify whether and to what extent the records of transactions and capacity information to be collected for monitoring purposes may include any personal data, and specific safeguards may also be required. If no processing of personal data is expected (or such processing would only be exceptional and would be restricted to rare cases, where a wholesale energy trader might be an individual rather than a legal entity), this should be clearly set forth in the proposal, at least in a recital.

Provisions on data protection, data security and accountability: these provisions should be clarified and further strengthened, especially if the processing of personal data would play a more structural role. The Commission should ensure that adequate controls are in place to ensure data protection compliance and provide evidence thereof (‘accountability’).

On-site inspections: the proposal should clarify whether these inspections are limited to a business property (premises, land and vehicles) of a market participant or whether they may also be carried out in a private property (premises, land or vehicles) of individuals. In the latter case, the proportionality and necessity of on-site inspections on a private property should be specifically justified, and additional safeguards as well as a judicial warrant would also be needed. This should be clearly stated in the proposal.

Powers to require ‘existing telephone and existing data traffic records: the proposal should clarify the scope of this power. It should, in particular:

  • unambiguously specify what records can be required and from whom;
  • explicitly mention the fact that no data can be required from providers of publicly available electronic communications services, at least in a recital;
  • clarify whether the authorities may also require private records of individuals, such as employees or executives of the market participant under investigation (e.g. text messages sent from personal mobile devices or browsing history of home internet use). If this is case, the necessity and proportionality of this power should be clearly justified and the Proposal should also require a warrant from a judicial authority

Reporting of suspected market abuse: the proposal should explicitly provide that any personal data contained in these reports should only be used for purposes of investigating the suspected market abuse reported. Unless a suspected market abuse has led to a specific investigation and the investigation is still ongoing, all personal data related to the reported suspected market abuse should be deleted from the records of all recipients after the lapse of a specified period (unless otherwise justified, at the latest two years following the date of report). Parties to an information exchange should also send each other an update in case a suspicion proves to be unfounded and/or an investigation has been closed without taking further action.

Transfers of personal data to third countries: the proposal should clarify that in principle, transfers can only be made to entities or individuals in a third country that does not afford adequate protection if the controller adduces adequate safeguards with respect to the protection of the privacy and fundamental rights and freedoms of individuals and as regard the exercise of the corresponding rights.

Prior checking by the EDPS: the ACER should submit to the EDPS for prior checking its personal data processing activities with regard to coordination of investigations under the proposed Regulation.