Executive summary of the EDPS Opinion on the proposals for a regulation on European venture capital funds and for a regulation on European social entrepreneurship funds.
The EDPS welcomes the fact that he is consulted by the Commission and recommends that references to this Opinion are included in the preambles of the proposed regulations.
He notes that the proposed regulations on European venture capital funds and on European social entrepreneurship funds will complement each other. The proposed regulations aim to solve different problems with both types of funds due to the fragmentation and dispersion of the European risk capital sector. Both proposals, if adopted, will coexist as autonomous legal acts in mutual independence.
The implementation and application of the legal framework for venture capital funds and social entrepreneurship funds may in certain cases affect the rights of individuals relating to the processing of their personal data. On the basis of this observation, the EDPS considers that - with regard to data protection issues - the proposed regulations are too general. It is unclear in some cases whether processing of personal data will take place under certain provisions of the proposed regulations, for example regarding exchanges of information, investigatory powers of the competent authorities and establishment of European Securities and Markets Authority (ESMA) databases.
Accordingly, the EDPS recommends the following:
· inserting provisions in the proposed regulations emphasising the full applicability of existing data protection legislation. The EDPS also suggests that the reference to Directive 95/46/EC be clarified by specifying that the provisions will apply in accordance with the national rules which implement Directive 95/46/EC;
· specifying the kind of personal information that can be processed and transferred under the proposed regulations, as well as (i) defining the purposes for which personal data can be processed and transferred by the competent authorities concerned and ESMA and (ii) fixing a proportionate data retention period for the above processing or at least introduce precise criteria for its establishment;
· limiting competent authorities’ access to documents and information to specifically identified and serious violations of the proposed regulations and in cases where a reasonable suspicion (which should be supported by concrete initial evidence) exists that a breach has been committed;
· introducing a requirement for competent authorities to request documents and information by formal decision, specifying the legal basis and the purpose of the request and what information is required, the time limit within which the information is to be provided as well as the right of the addressee to have the decision reviewed by a court of law;
· clarifying the legal basis of the fund manager databases by introducing more detailed provisions in the proposed regulations. Such provisions must comply with the requirements of Regulation (EC) No 45/2001. In particular, the provision establishing the database must (i) identify the purpose of the processing operations and establish which are the compatible uses; (ii) identify which entities (ESMA, competent authorities, Commission) will have access to which data stored in the database and will have the possibility to modify the data; (iii) ensure the right of access and appropriate information for all the data subjects whose personal data may be stored and exchanged; (iv) define and limit the retention period for the personal data to the minimum necessary for the performance of such purpose;
· the investigatory powers of the competent authorities and the establishment of ESMA databases of fund managers, essential elements of the processing of personal data, should not be left to be decided by delegated acts, but included in the relevant substantive articles of the proposed regulations;
· including references in the proposed regulations to the need to consult the EDPS in so far as the delegated and implementing acts concern the processing of personal data.
Lastly, the EDPS notes that there are comparable provisions to the ones referred to in this Opinion in several pending and possible future proposals, such as those discussed in the EDPS Opinions on the legislative package on the revision of the banking legislation, credit rating agencies, markets in financial instruments (MIFID/MIFIR) and market abuse. Therefore, the EDPS recommends reading this Opinion in close conjunction with his Opinions of 10 February 2012 on the abovementioned initiatives.