2015 European Insolvency Regulation – What’s new?
The recast of the European Insolvency Regulation (REGULATION (EU) 2015/848 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2015 on insolvency proceedings) entered into force on 26 June 2015 and will apply to proceedings that are opened from 26 June 2017.
The main steps in the legislative process and a document comparison between the 2002 European Insolvency Regulation and the new 2015 version can be found at http://www.schubra.de/en/internationalaffairs/EIR_Recast_2015.php
As part of our series of newsletters on the main new features of the European Insolvency Regulation, in today’s edition we would like to explain the recast data protection provisions.
We hope you find it interesting reading.
Manuela C. Becker
2015 European Insolvency Regulation – data protection within the EIR:
The European Commission introduces data protection in the area of insolvency law for the first time in the recast of the European Insolvency Regulation in order to facilitate the handling of cross-border insolvency proceedings. Prior to this, there was no obligation at the European level to register decisions on the opening of insolvency proceedings or to make them publicly known.
The publication of general information on debtors allows courts and creditors to ascertain whether proceedings have already been introduced in another Member State. It is essential to be aware if insolvency proceedings have been commenced, particularly for creditors having their habitual residence, domicile or registered office in the Union.
Electronic communication of this type makes it necessary to standardise provisions relating to data protection and system security for the exchange of information. The Data Protection Directive (95/46/EC) was introduced in 1995 and provides the starting point for the exercise of activities within data processing operations in the private and public spheres in the EU Member States. However, this is not implemented consistently in the various Member States and the different interpretative approaches mean further harmonisation is necessary.
I. Data protection under insolvency law at European and national level
Article 78 et seq. within the recast of the European Insolvency Regulation were introduced to guarantee the technical measures for ensuring the security, quality and accuracy of the data. Likewise, regulations should be applied that are designed to guarantee the updating of data and its collection, storage and accessibility in the European e-Justice Portal specifically established for this.
Data Protection Directive 95/46/EC in particular applies to the processing of data in individual Member States and thus within the competent national authorities. This Directive concerns the protection of individuals with regard to processing of personal data and free movement of such data in connection with national insolvency registers. By way of comparison, reference is made to Regulation (EC) No 45/2001 in situations involving processing of data within the European Commission’s area of responsibility and protection of individuals by EU institutions and bodies in connection with the interconnection of national insolvency registers.
The interconnection of national insolvency registers within the European e-Justice Portal is under the sole supervision of the European Commission. As controller pursuant to Regulation (EC) No 45/2001, it is required to implement guidelines for the technical measures concerning security of personal data and to ensure compliance with them.
In Germany, the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) implemented Directive 95/46.
II. Scope of the information published within the European e-Justice Portal
The European e-Justice Portal for legal practitioners, citizens, businesses and the judiciary provides the central electronic point of contact for information on justice systems and justice.
The European e-Justice Portal was designed as an access portal to European court proceedings and is intended to provide information in 22 languages along with numerous links to relevant websites and documents. This should provide information to practitioners and the judiciary within the European Union, in the quickest and most comprehensive and timely manner possible, about proceedings underway in other Member States and how their personal data is being used.
In the future, the European e-Justice Portal will provide information or a short overview of the insolvency registers of the respective Member States and of the various insolvency notifications for each individual Member State. However, as a general rule, national controllers are responsible for storing data and the European e-Justice Portal merely provides the search template and interface, so that every practitioner in Europe is able to access it.
The scope and type of data in individual insolvency registers varies from one Member State to another. In Member States with separate insolvency registers, for example, information is published on all stages of insolvency proceedings and on the parties to the proceedings. If the Member States provide insolvency details on other registers, the situation is more multi-faceted. Some countries publish only a company’s name and legal form, whereas other countries record and make available information about all stages of insolvency proceedings. Each Member State determines independently in its national law how long personal data is stored on its database. The data is then available only for that length of time for Union citizens and other Member States through the corresponding interconnection on the European e-Justice Portal. There are no European provisions on this.
The German data protection provisions in the BDSG on protection of insolvency debtors within data published in the German insolvency register (available at www.insolvenzbekanntmachungen.de) require, inter alia, that appropriate technical and organisational measures be ensured through the insolvency portal (and thus through the relevant courts and any portal users). For example, after a period of not later than two weeks from the date of first publication, data should only be retrievable if the request gives the location of the insolvency court and at least either the surname, the company name, the debtor’s address or domicile, the insolvency court’s file number or the registration number and address of the registration court (“detail query”). It therefore follows that general enquiries on judicial decisions in insolvency proceedings are possible for only two weeks after publication.
Pursuant to section 3 of the Regulation on Public Announcements in Insolvency Proceedings on the Internet (Verordnung zu öffentlichen Bekanntmachungen in Insolvenzverfahren im Internet), data published on insolvency proceedings including preliminary insolvency proceedings is to be deleted no later than six months after termination of the proceedings or the date on which the order discontinuing such proceedings became final. This also applies to decisions in residual debt discharge proceedings.
III. Further development of European data protection
At the European level, the European Data Protection Basic Regulation was passed in April 2016 by the European Parliament and Council, which will apply from 25 May 2018 (see Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ 2016 L 199/1) and Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ 2016 L119/89).
New data protection provisions within the German Insolvency Code (Insolvenzordnung, InsO) are already included in the Federal Government’s draft to implement the recast of the European Insolvency Regulation (Bundesrat document 18/12154 of 26 April 2017).
National data protection laws, based on Directive 95/46/EC, will continue to apply until 25 May 2018. These vary considerably, nor does the legislator of the European Insolvency Regulation include any additional undertakings for them.
Manuela C. Becker, Attorney-at-law in Germany
Our next newsletter in the series 2015 European Insolvency Regulation – What’s new? will present the secondary insolvency proceedings.
Schultze & Braun GmbH & Co. KG
Eisenbahnstr. 19-23, 77855 Achern/Germany
Phone: +49 7841 708-0
Fax: +49 7841 708-301
Susanne Grefkes, Schultze & Braun GmbH & Co.KG,
Eisenbahnstr. 19-23, 77855 Achern/Germany
Phone: +49 7841 708-0
Fax: +49 7841 708-301
You can object at any time and in any form to storage and use of your data for marketing purposes.