The European Data Protection Supervisor adopted an opinion on the Proposal for a Council Regulation on jurisdiction, applicable law, recognition and enforcement of decisions and cooperation in matters relating to maintenance obligations.
The EDPS welcomes this proposal and recommends duly taking into account the complexity and variety of maintenance obligations, the broad differences in Member States laws in this domain, and the obligations on protection of personal data stemming from Directive 95/46/EC.
Furthermore, the EDPS considers essential to clarify some aspects of the functioning of the system, such as the change in the purpose for which personal data are processed, the legal grounds for processing by national central authorities, and the definition of the data protection rules applicable to further processing by judicial authorities. In particular, the proposal should ensure that transfers of personal data from national administrations to national central authorities and processing by the latter authorities and national courts are carried out only when they are necessary, clearly defined, and based on legislative measures, according to the criteria laid down by data protection rules and complemented by the case law of the Court of Justice.
The EDPS also invites the legislator to specifically address the following substantive points:
- Purpose limitation: a complete and precise definition of the purposes for which personal data are processed is essential. Also the purposes for which data on creditor are processed should be precisely and explicitly defined in the proposal
- Necessity and proportionality of personal data processed: there is a need to define more precisely both the nature of personal data which can be processed according to this regulation, as well as the authorities whose databases can be accessed. A limitation should relate not only to the authorities, but also to the kinds of data that can be processed. The proposal should ensure that national central authorities and courts should be allowed to process personal data only to the extent that this is necessary in the specific case to facilitate the enforcement of maintenance obligations. Furthermore, each kind of maintenance obligation may require a different balance of interests and thus determine to what extent processing of personal data is proportionate in a specific case.
- Special categories of data: processing of sensitive data for the purpose of enforcing maintenance obligations should be in principle excluded, unless it is carried out in compliance with Article 8 of Directive 95/46/EC. Processing of biometrics data for the enforcement of maintenance obligations would be disproportionate and therefore should not be allowed.
- Storage periods: EDPS prefers a flexible but proportionate storage period rather than rigid a priori limitation to a definite period of time, which can prove in certain cases too short for the envisaged purposes of the processing.
- Information to creditor and debtor: a timely, comprehensive and detailed information notice should properly inform the data subject about all the various transfers and processing operations to which his/her personal data are subject. It is essential that adequate information is also provided to the creditor, in case personal data concerning him/her are exchanged.