Tải bản đầy đủ - 0 (trang)
7 Cooperation Between DPAs in a Composite Administration, Against the Background of Developing EU Administrative Law

7 Cooperation Between DPAs in a Composite Administration, Against the Background of Developing EU Administrative Law

Tải bản đầy đủ - 0trang

414



8  Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered…



from different jurisdictions, national as well as European.152 It is based on shared

responsibility, not on a division of responsibilities, which is the main feature of a

federal structure. As Bignami states: “Both national and European administrations

share responsibility for single determination of rights and duties under European

law.”153

The integrated or composite administration has elements of horizontal and vertical cooperation. In practice, the demarcation between horizontal and vertical cooperation is fluid, as Harlow illustrates.154 She describes a system of multi-level

governance with bottom-up mechanisms where EU objectives are achieved through

mutual cooperation of authorities of the Member States and top-down mechanisms

with a key role of EU bodies, but that are also based on transnational networks

where national and EU bodies work together to carry out jointly agreed policies.

Various forms exist.

This phenomenon of an integrated or composite administration is not laid down

in the Treaties. However, there are links with primary EU law. Foremost, Title XXIV

of the TFEU is titled “Administrative cooperation”. Article 197(1) TFEU provides

that “Effective implementation of Union law by the Member States, which is essential for the proper functioning of the Union, shall be regarded as a matter of common interest.” The Union may take action to support the Member States in this

perspective, however without harmonising national laws and regulations.

Moreover, the cooperation between the partners in an integrated or composite

administration is governed by the principle of sincere cooperation in Article 4(3)

TEU which is considered to be a reflection of federal good faith.155

Furthermore, the right to good administration is recognised as a fundamental

right in Article 41 Charter. Under Article 41(1) Charter “every person has the right

to have his or her affairs handled impartially, fairly and within a reasonable time by

the institutions and bodies of the Union”. Article 41(2) specifies the right to be

heard, the right to have access to his or her file and the obligation of the administration to give reasons for its decisions. Article 41 Charter is connected to the notion

that the European Union is subject to the rule of law156 and to the right to an effective



152



 Herwig C.H. Hofmann, Herwig and Morgane Tidghi, “Rights and Remedies in Implementation

of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164,

2014, at 148.

153

 Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European

Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005,

at 821. Her statement discusses what she calls a “mixed administration” or “mixed procedure”,

based on the example of comitology, but also relevant here.

154

 Contribution of Harlow in Paul Craig and Grainne de Búrca (eds), The evolution of EU Law

(Second Edition), Oxford University Press, 2011, Chapter 15, in particular at 443, with reference

to Chiti and Cassese.

155

 Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell,

2010, at 7-045.

156

 Explanations relating to the Charter of Fundamental Rights, OJ (2007) 303/17, Explanation on

Article 41.



8.7 Cooperation Between DPAs in a Composite Administration,…



415



remedy under Article 47 Charter.157 Although Article 41 of the Charter is only

addressed to EU institutions and bodies, there are indications that the Court of

Justice considers this a provision of general application binding on the Member

States when they act within the scope of EU law.158 The Court ruled in M.M., in relation to Article 41(2), that the provision is of general application.159 Hence, the case

law gives good arguments in support of the view that Article 41 applies to the actors

in an integrated or composite administration. This covers the DPAs.

These provisions of primary law underline that the actors in an integrated or

composite administration under EU law should act in the common interest. These

actors have a shared authority and a shared responsibility under EU law. They

should exercise their duties with a certain degree of care.160 Finally, individuals are

entitled to a good administration, which is closely linked to the duty of care of the

administration. Craig refers to a principle of care or diligent or impartial

administration.161



8.7.2  M

 aterial Aspects of the Composite Administration:

Mutual Cooperation and Mutual Trust

The actors in the composite administration cooperate in the common interest, but in

a non-hierarchical manner,162 exercising their duty with a certain degree of care.

Their mutual cooperation has different material aspects, all necessarily based on

mutual trust.

First, cooperation requires the application and enforcement of national rules by

authorities in other jurisdictions,163 even in situations where these national rules are

not in conformity with the law in the other jurisdiction. A requesting authority may

157



 Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers,

Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098.

158

 Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers,

Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098, at 1070.

159

 Case C-277/11, M.M., EU:C:2012:744, at 84.

160

 Herwig C.H. Hofmann, Herwig and Morgane Tidghi, “Rights and Remedies in Implementation

of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164,

2014, at 150 and the case law mentioned in footnote 17 thereof, in particular Case T-211/02,

Tideland Signal v Commission, EU:T:2002:232, at 37. See on the duty of care also Koen Lenaerts

and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell, 2010, at 7-045.

161

 Paul Craig in “The EU Charter of Fundamental Rights, A Commentary,” Edited by Steve Peers,

Tamara Hervey, Jeff Kenner and Angela Ward, Hart Publishing, 2014, at 1069–1098, at 1078.

162

 Anna-Sara Lind and Jane Reichel, Administrating Data Protection – or the Fort Knox of the

European Composite Administration, Critical Quarterly for Administration and Law (EuCritQ), 1,

pp. 44–57, 2014, at 47.

163

 As explained by Mitsilegas in relation to criminal law cooperation, Valsamis Mitsilegas, The

constitutional implications of mutual recognition in criminal matters in the EU, CMLR, 43,

pp. 1277–1311, 2006, at 1281.



416



8  Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered…



expect that the requested authority cooperates, even in those cases. Second, cooperation requires the recognition of procedural standards and controls in other

Member States.164 There is a rebuttable presumption that fundamental rights are

protected in the requested Member State.165 Third, a requested authority must cooperate sincerely and dedicate sufficient resources to handling the request and not

question the validity of the request. The requested authority also has an obligation

to verify the assumptions it makes when it reports on a request.166

This is all linked to the concept of mutual recognition, a concept that developed

in EU law in the context of the internal market167 and implies that Member States

must recognise each others’ tests, diplomas and evidence, for instance in relation to

professional qualifications.168 Mutual recognition plays a central role in the area of

police and judicial cooperation in criminal matters.169 In the area of data protection,

too, examples can be found of mutual recognition in the relation between DPAs.

One example is the cooperation between the DPAs on the transfer of personal data

based on Binding Corporate Rules, as developed by the Article 29 Working Party.

Where one DPA approves a specific transfer to a third country on this basis, other

DPAs must recognise this without further scrutiny.170

Mutual recognition is based on trust. As Den Heijer states: “if the system of

mutual recognition is to work, there must also be complete mutual confidence in

police and judicial systems in the Member States. High standards not only must be

attained, but also must be maintained.”171

Networks of cooperation and mechanisms for institutional cooperation are

instrumental to enhancing trust and, by doing so, facilitating cooperation, for

instance by developing common administrative standards.172 The duty to cooperate

and mutual trust are linked to the principle of sincere cooperation under Article 4(3)

TEU. As a result, these networks and mechanisms must exercise their own duties in

164



 Valsamis Mitsilegas, The constitutional implications of mutual recognition in criminal matters

in the EU, CMLR 43 (2006), pp. 1277–1311, at 1281.

165

 Under Joined cases C-411/10 and C-493/10, N.S., and M.E. and Others, EU:C:2011:865.

166

 Under Case C-503/03, Commission v Spain, EU:C:2006:74.

167

 Paul Craig and Grainne de Búrca, EU Law, Text, Cases and Material (Fifth Edition), Oxford

University Press, 2011, at 684–687.

168

 Koen Lenaerts and Piet van Nuffel, European Union Law (Third edition), Sweet & Maxwell,

2010, at 7-045.

169

 Further read: Valsamis Mitsilegas, The constitutional implications of mutual recognition in

criminal matters in the EU, CMLR, 43, pp. 1277–1311, 2006.

170

 David Barnard-Wills and David Wright, Deliverable 1 – “Co-ordination and co-operation

between Data Protection Authorities”, www.phaedra-project.eu, at 87.

171

 As explained in case note Maarten den Heijer, “Joined Cases C-411 and 493/10, N.S. v. Secretary

of State for the Home Department and M.E. and Others v. Refugee Applications Commissioner,

Minister for Justice, Equality and Law Reform, Judgment of the Court (Grand Chamber) of 21

December 2011”, CMLR, 49, pp. 1735–1753, 2012, at 1746.

172

 Francesca E. Bignami, Transgovernmental Networks vs. Democracy: The Case of the European

Information Privacy Network, Michigan Journal of International Law, Vol. 26, pp. 807–868, 2005,

at 809.



8.7 Cooperation Between DPAs in a Composite Administration,…



417



accordance with high standards of confidence in respect of the principle of sincere

cooperation. In a composite administration, the cooperation between the various

actors and levels is a condition for success.

The requirements of sincere cooperation are even higher in the context of internet privacy and data protection, due to the presumed lack of government control.

The principle of sincere cooperation under Article 4(3) TEU applies to all governmental actors (EU and national) involved in the implementation of EU law and policies in this domain. Arguably, the principle of sincere cooperation extends to

cooperation with authorities in related policy areas, where they deal with aspects of

privacy and data protection. Cooperation in the domain of privacy and data protection on the internet also involves non-governmental stakeholders. Where DPAs

cooperate with actors outside government, the latter should respect principles of

good governance, but Article 4(3) TEU does not apply to non-governmental

stakeholders.



8.7.3  P

 rocedural Standards Applied in the Composite

Administration Should Ensure Accountability

The composite administration involves a “multi-jurisdictional nature of many of its

procedures and a pluralization of the actors involved”.173 This requires a high degree

of procedural cooperation, based on a clear legal relationship between the various

actors. Also where the responsibilities are shared clear rules are needed, to enable

accountability. Rules on administrative procedure should be designed to maximise

the two objectives of public law: the effective discharge of public duties and the

protection of individuals’ rights.174 Arguably, a good administration as meant in

Article 41 Charter should meet both objectives.

Harlow argues that a composite administration requires a networked response

from administrative procedural law, in what she calls “Accountability Networks”.175

She states that “Governance outside the state” must be countered by administrative

law, providing for multi-dimensional accountability. She mentions as examples the

collaboration of courts and the information sharing and advisory cooperation by

national parliaments, which results from the responsibilities of national parliaments

for EU law recognised in the Treaties. She also mentions the cooperation within the

European Network of Ombudsmen.



173



 Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative

Procedure: Introduction to the ReNEUAL Model Rules, p.10.

174

 Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative

Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version 2014, p4.

175

 Contribution of Harlow in Paul Craig and Grainne de Burca (eds), The evolution of EU Law

(Second Edition), Oxford University Press, 2011, Chapter 15, at 464.



418



8  Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered…



Procedures must ensure effective remedies in multi-jurisdictional cooperation

between authorities, also as a prerequisite for mutual trust. Procedural standards,

such as transparency, justification and inclusiveness, contribute to legitimacy.

Procedural legitimacy is considered as a compensation for flaws in the democratic

accountability.176

Hofmann & Tidghi mention two procedural standards that are particularly relevant in a composite administration. The administration must, first, be capable of

ensuring that it can rely – under the rule of law – on accurate and lawfully collected

information and, second, the right to fair hearing must be respected.177 The first

standard played a role in Commission v Spain178 on the Schengen Information

System. An authority of a Member State could not base a decision on an act of an

authority in another Member State, without first verifying the accuracy of the information on which the decision was based. The Court of Justice required the second

standard in Technische Universität München,179 in relation to the duty of the competent institution to examine carefully and impartially all the relevant aspects of the

individual case.180 Both standards relate to the fact that, in a composite ­administration

with various actors, the information may be dispersed. These procedural standards

must compensate for this shortcoming.

Moreover, information exchange is a key instrument for a well-functioning

European composite administration. That is why informational networks were created in various policy areas, allowing all actors in a composite procedure to have

access to information necessary for decision-making.181 An example is the Internal

Market Information System (IMI), which was conceived as a mechanism to

exchange information, to facilitate cooperation amongst national authorities and

between national and EU authorities, for the purpose of better decision-making.182

More generally, information exchange plays a central role in discussions on EU

administrative law.183



176



 W. Vandenbruwaene, Multi-Level Governance through a Constitutional Prism, Maastricht

Journal of European and Comparative Law, Volume 21, nr 2, at 229–242, 2014, at 241.

177

 Herwig C.H. Hofmann, Herwig & Morgane Tidghi, “Rights and Remedies in Implementation

of EU Policies by Multi-Jurisdictional Networks”, European Public Law, 20, No.1, 147–164,

2014, at 150–152.

178

 Case C-503/03, Commission v Spain, EU:C:2006:74, at 52–55.

179

 Case C-269/90, Technische Universität München, EU:C:1991:438, at 13–14. This case is also

relevant in relation to the duty of care.

180

 This is closely related to the principle of care or diligent or impartial administration, referred to

by Craig.

181

 D.-U. Galetta, H.C.H. Hofmann & J.-P. Schneider, Information, Exchange in the European

Administrative Union: An Introduction, European Public Law, 20, no.1, pp. 65–69, 2014.

182

 Lottini, Micaela, “An Instrument of Intensified Informal Mutual Assistance: The Internal

Market Information System (IMI) and the Protection of Personal Data”, European Public Law, 20,

No.1, 107–126, 2014.

183

 See the documents published by Research Network on EU Administrative Law, ReNEUAL

Model Rules on EU Administrative Procedure:



8.8 Three Models to Organise Cooperation Between DPAs, Against the Background…



419



8.7.4  F

 ragmentation of Areas of Law as a Further

Complication, also in View of the Special Status of DPAs

Fragmentation of EU administrative law is a complicating factor. The rules and

procedures under EU law are quite often sector-specific or issue-specific.184 The

example of data protection illustrates this, in particular after the entry into force of

the General Data Protection Regulation, when cooperation mechanisms of DPAs

will exercise powers in individual cases. A procedure before a cooperation mechanism of independent DPAs has no equivalent in other areas of EU law. A further

complication is that the competences in related areas may be on different levels. As

discussed in this book, the competence of the European Union under Article 16

TFEU is unique under EU fundamental rights law. A procedure before a cooperation

mechanism of independent DPAs may have an impact on a procedure under national

law, in relation to the exercise of another fundamental right.

A resolution of the European Parliament states that the absence of a coherent and

codified set of administrative law makes it difficult for citizens to understand their

rights.185 Procedural guarantees – such as those included in the ReNEUAL Model

Rules on EU Administrative Procedure186 – could deal with the disadvantages of

fragmentation of administrative law in the European Union, and also cover procedures in the area of data protection.



8.8  T

 hree Models to Organise Cooperation Between DPAs,

Against the Background of the GDPR

The previous sections discussed three types of cooperation on enforcement, namely

the exchange of information between DPAs, the effective assistance in supervision

as well as the carrying out of joint investigative tasks. Presently, the Article 29

Working Party only contributes indirectly to enforcement activities by exercising its

advisory role, which it interprets in a wide manner.

The General Data Protection Regulation will bring considerable novelties by

introducing a one-stop shop mechanism with a lead authority and a consistency

mechanism. The one-stop shop mechanism is meant to strengthen the protection of

the individual although it is mainly justified by internal market considerations, at

least by the Commission, whereas the consistency mechanism with the EDPB is



184



 Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative

Procedure: Introduction to the ReNEUAL Model Rules, p.8.

185

 European Parliament resolution of 15 January 2013 with recommendations to the Commission

on a Law of Administrative Procedure of the European Union (2012/2024(INL)).

186

 Research Network on EU Administrative Law, ReNEUAL Model Rules on EU Administrative

Procedure: Introduction to the ReNEUAL Model Rules /Book I – General Provisions, online version

2014; Book V – Mutual Assistance; Book VI- Administrative Information Management.



420



8  Understanding the Role of Cooperation Mechanisms of DPAs: Towards a Layered…



based on a rationale that is not fully shared between the EU institutions. For the

Commission it should be an instrument for the uniform application of EU data protection law, whereas for the European Parliament and the Council it is mainly a

conflict solving mechanism.

The three models discussed in this chapter do not fully coincide with the mechanisms introduced by the General Data Protection Regulation. The one-stop shop

mechanism with a lead authority is a specification of the first model (cooperation by

DPAs), but it also has elements of the second model (a structured network), if only

because of the role of the EDPB in deciding which DPA is competent.187 The envisaged consistency mechanism has elements of the second model (a structured network) and the third model (a European DPA).

The example of electronic communications – including BEREC – shows the difficulties in accepting a role of the central European level, leading to a model where

national authorities shall take the utmost account of opinions of BEREC, a model

that served as inspiration for the General Data Protection Regulation.

The integrated or composite administration in the European Union comprises

horizontal as well as vertical cooperation between authorities. This type of administration is characterised by considerations of common interest, good faith and good

administration. Material aspects of the composite administration comprise mutual

cooperation and mutual trust. Procedures of administrative law are, in our view, an

appropriate instrument to compensate for flaws in the democratic legitimacy. This

means precise rules, also on procedure and on the exchange of case-related information.188 A problem is the fragmentation of procedures in various areas of law.



8.8.1  Introduction of the Three Models of Cooperation

The following sections describe three models of cooperation: horizontal cooperation of DPAs, a structured network of DPAs and cooperation within a European

DPA. These three models are examples of the integrated or composite EU administration where competences are not divided but shared. The main differences between

these three models relate to the nature of coordination.

In the first model, the emphasis is on the horizontal cooperation. The two objectives of cooperation are achieved solely on the basis of a bottom-up approach, without any centralised structure. Horizontal cooperation of DPAs enhances the

legitimacy of the control, because it emphases political as well as public democratic

accountability at the level of the Member States.



187



 Article 65 (1)(b) GDPR.

 See Sect. 8.6 above, referring to Dariusz Kloza and Anna Moscibroda, Making the case for

enhanced enforcement cooperation between data protection authorities: insights from competition

law, International Data Privacy Law, Vol. 4, No. 2, 2014, at 135–137.

188



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

7 Cooperation Between DPAs in a Composite Administration, Against the Background of Developing EU Administrative Law

Tải bản đầy đủ ngay(0 tr)

×