EDPS calls for more legal certainty and a higher level of data protection for IMI

The European Data Protection Supervisor (EDPS) addressed on 27 July a letter to the Internal Market and Services Directorate General of the Commission, in which he took stock of what has been achieved and what further progress needs to be made on the issues raised in the Commission Report on the state of data protection in the Internal Market Information System (IMI).

In this letter, the European Data Protection Supervisor (EDPS) welcomes the progress made thus far on IMI and encourages the Commission to implement further safeguards, using the principles of Privacy by design, and to continue cooperating, as necessary, with data protection authorities in Member States.

Importantly, the EDPS also calls on the Commission to adopt a new legal instrument in order to establish a more comprehensive data protection framework for IMI. EDPS Peter Hustinx highlights that the adoption of a legal instrument, such as a Council and Parliament Regulation, would be necessary to set a more comprehensive framework for the operation of IMI and provide for legal certainty and a higher level of data protection. EDPS also points out that the importance of such framework was already underlined by previous interventions in relation to Internal Market Information System (IMI).

Taking into account the expected scale and complexity of the system, as well as the need to obtain some experience with the practical use of IMI, the EDPS was sensitive to the Commission’s preference for a step-by-step approach. Based on this approach, significant progress has been made. While the EDPS is pleased with the results so far, it will be inevitable for an important and complex European information system such as IMI, that a binding legislative instrument be adopted as a subsequent step, preferably under the ordinary legislative procedure. Work on the development of such an instrument should take into account the first experiences with IMI and should start as soon as possible.

The EDPS will also consider the need for a joint meeting with national and, where relevant, sub-national data protection authorities in due course, to look into issues that may arise in the context of supervision or further consultation with regard to IMI. This letter to DG MARKT, as the opinion on the implementation of the Internal Market Information System delivered  October 2008 previous to IMI's launch, is part of the continuous monitoring from EDPS to the implementation process of IMI.

Internal Market Information System (IMI)

IMI is an online application that allows Member States to cooperate with each other in order to improve the implementation of Internal Market legislation. This also involves recording and sharing of relevant personal data.

IMI allows national, regional and local authorities in European Union Member States to communicate quickly and easily with their counterparts in other European countries, and helps users find the right authority to contact in another country and communicate with them using pre-translated sets of standard questions and answers. It is designed as a flexible system that can be used for many pieces of single market legislation and currently covers the Professional Qualifications Directive (2005/36/EC) and the Services Directive (2006/123/EC).