The European Data Protection Supervisor (EDPS) adopted an opinion on the Commission's proposal aimed at revising the financial rules applicable to the annual budget of the European Union ("EU Financial Regulation"). The EDPS believes, among other conclusions, that the proposal does not meet the requirements of data protection law.

The "EU Financial Regulation" proposal covers matters which involve the processing of personal data by the EU institutions and by entities at Member State level. In the proposal there is the possibility to publish decisions on administrative and financial penalties. With regard to this new element, EDPS proposes to improve the proposal by explicitly indicating the purpose for the disclosure and by ensuring the consistent application of the possibility of what is in fact naming and shaming of persons, with use of clear criteria to demonstrate the necessity of the disclosure.

In addition to this recommendation, EDPS also suggest the following ones in order to improve the Commission's proposal:

• The legislator should ensure the confidentiality of whistleblowers' identity during investigations, except in cases where it contravenes national rules regulating judicial procedures;
• The Regulation should explicitly indicate the purpose and explain the necessity of the disclosure of information on the recipients of funds deriving from the budget;
• The proposal provides for the setting up of a database (Central Exclusion Database) containing details of individuals and companies candidates excluded from participation in tenders. The EDPS underlines that access to the database by third countries' authorities should comply with the specific data protection rules related to third countries transfers.

The EDPS Assistant Supervisor, Giovanni Buttarelli stressed in the light of the adopted opinion that, transparency and data protection are two principles that strengthen each other. Mr. Buttarelli also stated that synergy between these two principles in the new Regulation can only be ensured if the rules on transparency and processing of personal information are sufficiently clear and precise.