“This proposal is one of the first EU instruments that explicitly refers to the once-only principle, which aims to ensure that citizens and businesses do not need to submit the same information to a public administration more than once. I welcome this initiative, but also recommend that the Commission take into account some key issues related to data protection in their continued development of the once-only principle. Additional clarity on important data protection principles, such as the legal basis of the processing, purpose limitation and data minimisation will reinforce the protection of the rights of individuals.” said Giovanni Buttarelli, EDPS.
The successful implementation of an EU-wide once-only principle to enable the lawful exchange of data across EU borders depends on ensuring that the relevant data protection principles are respected, the European Data Protection Supervisor (EDPS) said today, as he published his Opinion on the Commission’s proposal for a Regulation establishing a single digital gateway and the once-only principle.
The Commission’s proposal aims to modernise administrative services by facilitating the availability, quality and accessibility of information across the EU. It foresees the exchange of evidence for specified cross-border procedures, such as a request for recognition of a diploma, through a technical system, which will allow authorities to exchange data directly, at the explicit request of the individuals concerned and without these individuals having to re-submit documents that are already available in another Member State.
The EDPS supports the efforts made to ensure that individuals remain in control of their personal data. He also welcomes the amendments to the Internal Market Information System (IMI) Regulation, which the proposal introduces. These clarify the coordinated supervision mechanism foreseen for IMI and would enable the new European Data Protection Board to benefit from the technical possibilities offered by IMI for information exchange under the General Data Protection Regulation (GDPR).
However, the EDPS also asks for additional clarity on some subjects. In particular, the proposal should not provide a legal basis for the exchange of information for purposes other than those it specifies, and it should not provide a restriction on the principle of purpose limitation as set out under the GDPR. He also requests clarification on a range of issues relating to the practical implementation of user control.
The Commission’s proposal is a necessary and welcome development in the modernisation of administrative services throughout the EU, which also respects relevant data protection principles. As such, it represents a promising step towards achieving the digital Europe, based on the free movement of data, envisioned by the Estonian Presidency of the Council, whilst also demonstrating the compatibility of data protection with this vision.