Procedure : 2017/2144(DEC)
Document stages in plenary
Document selected : A8-0099/2018

Texts tabled :

A8-0099/2018

Debates :

PV 18/04/2018 - 10
CRE 18/04/2018 - 10

Votes :

PV 18/04/2018 - 12.27

Texts adopted :

P8_TA(2018)0132

REPORT     
PDF 389kWORD 58k
26.3.2018
PE 612.041v02-00 A8-0099/2018

on discharge in respect of the implementation of the general budget of the European Union for the financial year 2016, Section IX – European Data Protection Supervisor

(2017/2144(DEC))

Committee on Budgetary Control

Rapporteur: Ingeborg Gräßle

AMENDMENTS
1. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION

1. PROPOSAL FOR A EUROPEAN PARLIAMENT DECISION

on discharge in respect of the implementation of the general budget of the European Union for the financial year 2016, Section IX – European Data Protection Supervisor

(2017/2144(DEC))

The European Parliament,

–  having regard to the general budget of the European Union for the financial year 2016(1),

–  having regard to the consolidated annual accounts of the European Union for the financial year 2016 (COM(2017)0365 – C8‑255/2017)(2),

–  having regard to the Court of Auditors’ annual report on the implementation of the budget concerning the financial year 2016, together with the institutions’ replies(3),

–  having regard to the statement of assurance(4) as to the reliability of the accounts and the legality and regularity of the underlying transactions provided by the Court of Auditors for the financial year 2016, pursuant to Article 287 of the Treaty on the Functioning of the European Union,

–  having regard to Article 314(10) and Articles 317, 318 and 319 of the Treaty on the Functioning of the European Union,

–  having regard to Regulation (EU, Euratom) No 966/2012 of the European Parliament and of the Council of 25 October 2012 on the financial rules applicable to the general budget of the Union and repealing Council Regulation (EC, Euratom) No 1605/2002(5), and in particular Articles 55, 99, 164, 165 and 166 thereof,

–  having regard to Rule 94 of and Annex IV to its Rules of Procedure,

–  having regard to the report of the Committee on Budgetary Control and the opinion of the Committee on Civil Liberties, Justice and Home Affairs (A8-0099/2018),

1.  Grants the European Data Protection Supervisor discharge in respect of the implementation of the budget for the financial year 2016;

2.  Sets out its observations in the resolution below;

3.  Instructs its President to forward this decision and the resolution forming an integral part of it to the European Data Protection Supervisor, the European Council, the Council, the Commission, the Court of Justice of the European Union, the Court of Auditors, the European Ombudsman and the European External Action Service, and to arrange for their publication in the Official Journal of the European Union (L series).

2. MOTION FOR A EUROPEAN PARLIAMENT RESOLUTION

with observations forming an integral part of the decision on discharge in respect of the implementation of the general budget of the European Union for the financial year 2016, Section IX – European Data Protection Supervisor

(2017/2144(DEC))

The European Parliament,

–  having regard to its decision on discharge in respect of the implementation of the general budget of the European Union for the financial year 2016, Section IX – European Data Protection Supervisor,

–  having regard to Rule 94 of and Annex IV to its Rules of Procedure,

–  having regard to the report of the Committee on Budgetary Control and the opinion of the Committee on Civil Liberties, Justice and Home Affairs (A8-0099/2018),

A.  whereas in the context of the discharge procedure, the discharge authority wishes to stress the particular importance of further strengthening the democratic legitimacy of the Union institutions by improving transparency and accountability and implementing the concept of performance-based budgeting and good governance of human resources;

1.  Notes the conclusion of the Court of Auditors (the ‘Court’) that the payments as a whole for the year ended on 31 December 2016 for administrative and other expenditure of the European Data Protection Supervisor (the “Supervisor”) were free from material error and that the examined supervisory and control systems for administrative and other expenditure were effective;

2.  Notes that in its 2016 annual report, the Court observed that no serious weaknesses had been identified with respect to the audited topics related to human resources and procurement for the Supervisor;

3.  Notes that, according to the current discharge procedure, the Supervisor submits annual activity reports to the Court in June, the Court then submits its report to Parliament in October, and the discharge is voted by Parliament in plenary by May; notes that, unless the discharge is postponed, at least 17 months pass between the closing of the annual accounts and the closing of the discharge procedure; points out that auditing in the private sector follows a much shorter timeline; stresses that the discharge procedure needs to be streamlined and sped up; requests that the Supervisor and the Court follow best practice in the private sector; proposes in this regard to set a deadline for the submission of the annual activity reports of 31 March of the year following the accounting year and a deadline for the submission of the Court’s report of 1 July; proposes also to review the timetable for the discharge procedure as set down in Article 5 of Annex IV to Parliament's Rules of Procedure so that the vote on the discharge would take place in Parliament’s plenary part-session in November, thereby closing the discharge procedure within the year following the accounting year in question;

4.  Welcomes the overall prudent and sound financial management of the Supervisor in the 2016 budget period; expresses support for the successful paradigm shift towards performance-based budgeting in the Commission’s budget planning introduced by Vice-President Kristalina Georgieva in September 2015 as part of the “EU Budget Focused on Results” initiative; encourages the Supervisor to apply that method to its own budget-planning procedure;

5.  Notes that in 2016, the Supervisor had a total allocated budget of EUR 9 288 043 (EUR 8 760 417 in 2015) and that the implementation rate was 91,93% (94,66% in 2015); notes the decrease of the implementation rate and the Supervisor’s forecast for maintaining this trend in the upcoming years; calls on the Supervisor to define its budget estimations prudently, taking into account the foreseeable increase of activity for the coming years;

6.  Notes that the creation of the European Data Protection Board continues to be undertaken by the Supervisor; considers that budget estimations should ensure an efficient budgetary performance in the upcoming years;

7.  Stresses that the General Data Protection Regulation (GDPR) and the Directive for data protection in the police and justice sectors(6) will become enforceable in May 2018 and will have to be fully respected and implemented; acknowledges the intention of the Supervisor to keep the GDPR as a reference for its work;

8.  Welcomes the ongoing work of Internet Privacy Engineering Network which is a group composed of IT experts from all sectors providing a platform for cooperation and information exchange on engineering methods and tools which integrate data protection and privacy requirements into new technologies, an essential issue in the implementation of the GDPR;

9.  Calls on the Supervisor to provide a detailed list of missions undertaken by its members in 2016, indicating the price, the place and the cost of each mission; calls for the missions undertaken in 2017 to be included in its next annual activity report;

10.  Is aware of the adoption of implementing measures to ensure effective internal control of the processes in order to guarantee an economic, efficient and effective achievement of the Supervisor’s objectives; calls on the Supervisor to include information on the measures in its annual activity report;

11.  Welcomes the launch in 2016 of the Supervisor’s Accountability Initiative, designed to equip all the Union institutions, beginning with the Supervisor as a data controller itself, to lead by example in how the institutions comply and demonstrate compliance with data protection rules;

12.  Points out that in its Annual Internal Audit report for the 2016, published at the end of March 2017, the internal auditor (IAS) identified five important Internal Control Systems recommendations already made in previous years and that had still not been addressed; regrets that some of those recommendations relate to information security and business continuity policies; notes that the absence of an Information Security Policy increases the risk of information being insufficiently protected, which could lead to leakage of information and could harm the reputation of the Supervisor; welcomes the adoption by the Supervisor of the Information Security Policy on 19 June 2017 despite a delay of more than 14 months; calls on the Supervisor, especially given the nature of its mission and tasks, to lead by example and implement recommendations without undue delay in the future;

13.  Calls on the Supervisor to inform Parliament’s Committee on Budgetary Control of the amounts paid in 2016 under Service Level Agreements in which fees depend on consumption;

14.  Welcomes the adoption in 2016 of an equal opportunities strategy and the consideration of measures to improve wellbeing at work;

15.   Welcomes the inclusion of exhaustive information on all the human resources at the Supervisor’s disposal in its annual activity report;

16.  Calls for an overview in the Supervisor’s annual activity report of the sections on procurement and missions’ management, to include a comparative table of the last four years;

17.  Notes the adoption in 2016 of an Ethics Framework that governs the conduct of members and all staff of the Supervisor in their internal and external relations; notes also that this framework encompasses the already existing codes of conduct, whistleblowing and anti-harassment decisions, disciplinary procedures and administrative investigations; asks for the information on the different topics of the framework to continue to be presented separately in the annual activity report;

18.  Expresses the need to establish an independent disclosure, advice and referral body with sufficient budgetary resources, in order to help whistleblowers use the right channels to disclose their information on possible irregularities affecting the financial interests of the Union, while protecting their confidentiality and offering needed support and advice;

19.  Encourages the growing contribution of the Supervisor to solutions driving innovation and ensuring compliance with privacy and data protection rules, especially by increasing transparency, user control and accountability in big data processing; calls for effective actions maximising the benefits of new technologies while ensuring full respect for fundamental rights;

20.  Notes that the Supervisor has published in its annual activity report a chapter about inter-institutional cooperation with other institutions as was requested in the 2015 discharge report; notes that in 2016 the Supervisor signed two new Single Cooperation Agreements; calls on the Supervisor to continue strengthening inter-institutional cooperation and to provide an update on its achievements in its next annual activity report;

21.  Notes that the Supervisor included in its annual activity report a statement on the progress it had made with respect to its 2015-2019 strategy; notes that in March 2015 the Supervisor re-evaluated its key performance indicators so as to monitor and adjust the impact of its work and use of resources; notes with satisfaction that all the key performance indicators set in the Supervisor’s 2015-2019 strategy have been met and that the Supervisor had at times exceeded its targets in 2016, which shows that the implementation of the strategy is on track; encourages the Supervisor to keep on working in this direction;

22.  Welcomes the aim of the Supervisor, as set out in the strategy concerning its mandate, to make data protection as simple and effective as possible for all involved;

23.  Regrets the decision of the United Kingdom to withdraw from the European Union; observes that at this point no predictions can be made about the financial, administrative, human and other consequences related to the withdrawal, and asks the Committee and the Court to perform impact assessments and inform Parliament of the results by the end of 2018.

7.2.2018

OPINION of the Committee on Civil Liberties, Justice and Home Affairs

for the Committee on Budgetary Control

on discharge in respect of the implementation of the general budget of the European Union for the financial year 2016: European Data Protection Supervisor

(2017/2144(DEC))

Rapporteur: Kostas Chrysogonos

SUGGESTIONS

The Committee on Civil Liberties, Justice and Home Affairs calls on the Committee on Budgetary Control, as the committee responsible, to incorporate the following suggestions into its motion for a resolution:

1.  Notes that the Court of Auditor annual report on the implementation of the EU Budget does not contain any remarks about the European Data Protection Supervisor (EDPS); acknowledges however that no EDPS transaction was selected for audit by the Court of Auditors in 2016 as part of a random sample from administrative expenditure as a whole, covering all institutions and bodies and that therefore the legality and regularity of the underlying EDPS transactions was not examined by the Court of Auditors; stresses however, that the Court of Auditors published clean opinions for the EDPS in the last four years; recalls that transparency is vital for the appropriate function of this Union body;

2.  Points out that in its Annual Internal Audit report for the 2016 published at the end of March 2017, the internal auditor (IAS) identified 5 important Internal Control Systems recommendations identified in previous years and that had still not been addressed; regrets that some of these recommendations relate to information security and business continuity policies; notes that the absence of an Information Security Policy increases the risk of information being insufficiently protected, which could lead to leakage of information and could harm the reputation of the institution; welcomes the adoption by the EDPS of the Information Security Policy on 19 June 2017 despite the delay of more than 14 months; calls on the EDPS, especially given the nature of its mission and tasks, to lead by example and implement in the future recommendations without undue delay;

3.  Notes with satisfaction that all the Key Performance Indicators set in the EDPS Strategy 2015-2019 are met and sometimes exceeded their respective targets in 2016, which shows that the implementation of the Strategy is on track;

4.  Highlights the quality of the advice given to Union policy makers in relation to the adoption of the Umbrella agreement and the Privacy Shield; acknowledges the EDPS efforts to prepare itself for ensuring the Secretariat of the new European Data Protection Board (EDPB) as part of the General Data Protection Regulation (GDPR)(7); notes with interest the launch by EDPS of the Ethics Advisory Group(8);

5.  Highlights that the GDPR and the Directive for data protection in the police and justice sectors(9) will become enforceable in May 2018 and shall be fully respected and implemented; acknowledges the intention of the EDPS to keep GDPR as point of reference for its work;

6.  Welcomes the ongoing work of Internet Privacy Engineering Network which is a group composed of IT experts from all sectors providing a platform for cooperation and information exchange on engineering methods and tools which integrate data protection and privacy requirements into new technologies, an essential issue in the implementation of the GDPR;

7.  Welcomes the launch in 2016 of the EDPS Accountability Initiative, designed to equip Union institutions, beginning with the EDPS as a data controller itself, to lead by example in how they comply and demonstrate compliance with data protection rules;

8.  Encourages the growing contribution of the EDPS to solutions driving innovation and ensuring compliance with privacy and data protection rules, especially by increasing transparency, user control and accountability in big data processing; calls for effective actions maximising benefits of new technologies ensuring full respect for all the fundamental rights;

9.  Welcomes the aim of the EDPS, as set out in the Strategy for its mandate, to make data protection as simple and effective as possible for all involved;

10.  Notes with satisfaction the publication of guidelines on the processing of personal information as part of a whistleblowing procedure, providing recommendations on how to create safe channels for staff to report fraud, ensure the confidentiality of information received and protect the identities of anyone connected to the case.

INFORMATION ON ADOPTION IN COMMITTEE ASKED FOR OPINION

Date adopted

1.2.2018

 

 

 

Result of final vote

+:

–:

0:

46

6

0

Members present for the final vote

Asim Ademov, Heinz K. Becker, Malin Björk, Michał Boni, Caterina Chinnici, Frank Engel, Cornelia Ernst, Raymond Finch, Lorenzo Fontana, Kinga Gál, Ana Gomes, Nathalie Griesbeck, Sylvie Guillaume, Monika Hohlmeier, Brice Hortefeux, Filiz Hyusmenova, Sophia in ‘t Veld, Dietmar Köster, Barbara Kudrycka, Cécile Kashetu Kyenge, Juan Fernando López Aguilar, Roberta Metsola, Claude Moraes, Péter Niedermüller, Ivari Padar, Soraya Post, Judith Sargentini, Birgit Sippel, Branislav Škripek, Csaba Sógor, Sergei Stanishev, Helga Stevens, Traian Ungureanu, Marie-Christine Vergiat, Udo Voigt, Josef Weidenholzer, Kristina Winberg, Tomáš Zdechovský, Auke Zijlstra

Substitutes present for the final vote

Kostas Chrysogonos, Carlos Coelho, Gérard Deprez, Maria Grapini, Teresa Jiménez-Becerril Barrio, Marek Jurek, Andrejs Mamikins, Angelika Mlinar, Jaromír Štětina

Substitutes under Rule 200(2) present for the final vote

Georges Bach, Jonathan Bullock, Julia Reda, Francis Zammit Dimech

FINAL VOTE BY ROLL CALL IN COMMITTEE ASKED FOR OPINION

46

+

ALDE

Gérard Deprez, Nathalie Griesbeck, Filiz Hyusmenova, Sophia in 't Veld, Angelika Mlinar

ECR

Marek Jurek, Branislav Škripek, Helga Stevens

GUE/NGL

Malin Björk, Kostas Chrysogonos, Cornelia Ernst, Marie-Christine Vergiat

PPE

Asim Ademov, Georges Bach, Heinz K. Becker, Michał Boni, Carlos Coelho, Frank Engel, Kinga Gál, Monika Hohlmeier, Brice Hortefeux, Teresa Jiménez-Becerril Barrio, Barbara Kudrycka, Roberta Metsola, Csaba Sógor, Jaromír Štětina, Traian Ungureanu, Francis Zammit Dimech, Tomáš Zdechovský

S&D

Caterina Chinnici, Ana Gomes, Maria Grapini, Sylvie Guillaume, Dietmar Köster, Cécile Kashetu Kyenge, Juan Fernando López Aguilar, Andrejs Mamikins, Claude Moraes, Péter Niedermüller, Ivari Padar, Soraya Post, Birgit Sippel, Sergei Stanishev, Josef Weidenholzer

VERTS/ALE

Julia Reda, Judith Sargentini

6

-

EFDD

Jonathan Bullock, Raymond Finch, Kristina Winberg

ENF

Lorenzo Fontana, Auke Zijlstra

NI

Udo Voigt

0

0

 

 

Key to symbols:

+  :  in favour

-  :  against

0  :  abstention

INFORMATION ON ADOPTION IN COMMITTEE RESPONSIBLE

Date adopted

20.3.2018

 

 

 

Result of final vote

+:

–:

0:

19

3

0

Members present for the final vote

Nedzhmi Ali, Inés Ayala Sender, Zigmantas Balčytis, Dennis de Jong, Tamás Deutsch, Martina Dlabajová, Raffaele Fitto, Ingeborg Gräßle, Cătălin Sorin Ivan, Jean-François Jalkh, Arndt Kohn, Notis Marias, José Ignacio Salafranca Sánchez-Neyra, Petri Sarvamaa, Claudia Schmidt, Bart Staes, Indrek Tarand, Marco Valli, Derek Vaughan, Tomáš Zdechovský, Joachim Zeller

Substitutes present for the final vote

Julia Pitera

FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

19

+

ALDE

Nedzhmi Ali, Martina Dlabajová

EFDD

Marco Valli

GUE/NGL

Dennis de Jong

PPE

Tamás Deutsch, Ingeborg Gräßle, Julia Pitera, José Ignacio Salafranca Sánchez-Neyra, Petri Sarvamaa, Claudia Schmidt, Tomáš Zdechovský, Joachim Zeller

S&D

Inés Ayala Sender, Zigmantas Balčytis, Cătălin Sorin Ivan, Arndt Kohn, Derek Vaughan

VERTS/ALE

Bart Staes, Indrek Tarand

3

-

ECR

Raffaele Fitto, Notis Marias

ENF

Jean-François Jalkh

0

0

 

 

Key to symbols:

+  :  in favour

-  :  against

0  :  abstention

(1)

  OJ L 48, 24.2.2016.

(2)

  OJ C 323, 28.9.2017, p. 1.

(3)

  OJ C 322, 28.9.2017, p. 1.

(4)

  OJ C 322, 28.9.2017, p. 10.

(5)

  OJ L 298, 26.10.2012, p. 1.

(6)

Directive (EU) 2016/680 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(7)

  Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

(8)

  European Data Protection Supervisor Decision of 3 December 2015 establishing an external advisory group on the ethical dimensions of data protection (‘the Ethics Advisory Group’) (OJ C 33/1, 28.1.2016, p. 1).

(9)

  Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

Last updated: 3 April 2018Legal notice