You have a complaint against an EU institution or body?

Decision in case 1782/2019/EWM on the refusal of the European Commission to make public records of payments made to farmers under the Common Agricultural Policy

The case concerned a request from a journalist to the European Commission to give public access to the detailed contents of a database used to audit how Member States pay Common Agricultural Policy subsidies to farmers. The Commission stated that the database was not designed to provide the detailed individualised information sought by the complainant.

The Ombudsman inquired into the matter and, while she understood the strong public service need for detailed oversight of CAP funds, she also found that the Commission is subject to a number of legal constraints regarding public access to records of payments made to individual farmers. She considered that the Commission’s statement that the database has been designed to allow the Commission to extract aggregated data for auditing purposes only and not for the scrutiny of individual payments, was factually correct. EU access to documents rules do not require the Commission to create new search tools for the sole purpose of dealing with requests for access to the contents of a database. While she considered that the Commission gives appropriate access to the aggregated data contained in the database, she accepts the complainant’s view that a gap exists vis-a-vis the appropriate transparency of these payments. She will bring this to the attention of the legislators through the forwarding of this decision.

The Ombudsman therefore closed the inquiry with a finding of no maladministration.

Background to the complaint

1. The complaint, submitted to the Ombudsman by an investigative journalist working for the New York Times, concerned a request to the European Commission for public access to records of payments made to individual farmers under the European Union’s Common Agricultural Policy (CAP). The complainant was of the view that these records were contained in a Commission database known as the Clearance of Accounts Audit Trail System (the ‘CATS’ database). The Commission informed him that the CATS database was not designed to provide the detailed records he sought and that it could not therefore provide him with the data he had requested.

2. CATS is a very large database collecting all information related to European agricultural funds payments that includes comprehensive annual data relating to payments, beneficiaries, declarations/applications, products, inspections, export refunds and public storage. The Commission receives from the Member States, on an annual basis, the details of all individual payments made to the beneficiaries of these EU funds. This information is loaded into the CATS database for purposes of clearance of accounts by the Commission and for monitoring developments and providing forecasts in the agricultural sector. Data relating to an identified or identifiable natural person - including the final beneficiary identification code, name and address - may be stored in the CATS database and other additional personal data may be collected by DG AGRI in the course of an audit and on-the-spot checks. The CATS database may be accessed by the European Anti-Fraud Office (OLAF) for investigation purposes.[1]

The inquiry

3. The Ombudsman opened an inquiry into the issue of public access to the content of the CATS database.

4. In the course of the inquiry, the Ombudsman’s inquiry team met with the Commission staff to better understand the IT-related and audit-related aspects of the CATS database and to pose questions to the Commission. A report of this meeting was sent to the complainant for comment.

Arguments presented to the Ombudsman

5. The Commission noted that according to the European Courts’ case law, “anything that can be extracted from a database by means of a normal or routine search may be subject of an application for access” to documents. The Commission explained that the data requested by the complainant could not, however, be extracted from the relevant database by means of normal or routine search operations.

6. The Commission noted that significant information falling under the access request is already publicly available elsewhere. Member States have to publish information on the beneficiaries of the European Agricultural Guarantee Fund (EAGF) and the European Agricultural Fund for Rural Development (EAFRD), and the amounts received per beneficiary under each of these funds. The Commission also publishes some information on the distribution of direct payments in the context of the CAP.

7. According to the complainant, the assertion that no individual records exist appears implausible, given that EU law (Regulation 2390/1999) requires that the Member States provide the Commission with digitalized files concerning details of all individual payments made to CAP recipients every year.

8. The complainant stated that the Commission had extracted data from CATS and provided it to the World Bank.

9. The complainant added in response to the report of the meeting between the Commission and the Ombudsman’s inquiry team, that it defies logic that the same database cannot reliably produce the disaggregated underlying data if the database can reliably produce the aggregated data.

The Ombudsman's assessment

10. The Ombudsman considers that there is a strong public interest in transparency as regards CAP payments. A transparent and accountable administration must be in a position to account for the public funds for which it is responsible. At EU level, the EU institutions - and notably the European Commission - must monitor spending, identify irregularities and, where appropriate, impose sanctions to address wrongdoing. The Ombudsman believes it is important that the Commission carries out these duties as transparently as possible, thus strengthening the confidence and trust of EU citizens as regards how the EU spends their money.

11. The Ombudsman notes that there is already a certain amount of transparency as regards the identities of the recipients of CAP funds. EU law requires Member States to publish the full name of each beneficiary, the municipality where the beneficiary is resident or registered and the amounts of payments corresponding to each measure financed by the funds[2] received by each beneficiary in the year concerned. This information must be made available on a single website per Member State and must remain available for two years from the date of the initial publication.[3]

12. As regards public access to records of accounting information that the Member States send to the Commission for the clearance of accounts[4], however, the Ombudsman recognises that the Commission is subject to a number of legal constraints regarding the extraction and use of information transferred to the CATS database by the Member States.

13. In accordance with EU law[5], the Commission must use the records of accounting information received from the Member States for the sole purpose of carrying out its functions in the context of the clearance of accounts.[6] Any personal data included in the accounting information collected must be processed only for these purposes. The Commission must also ensure that the accounting information is kept confidential and secure.

14. In addition, in accordance with the EU rules on the processing of personal data by the EU institutions,[7] the Commission may extract the personal data made available by the Member States only provided specific conditions are fulfilled. In particular, such processing must be necessary for the performance of a task carried out by the Commission in the public interest or for compliance with a legal obligation. In order to carry out its functions in the context of the clearance of accounts, the Commission does not process records of payments made to individual beneficiaries. Rather, its audits are done on the basis of aggregated data. It therefore has a need for aggregated data, which it extracts and uses for its functions in the context of the clearance of accounts.

15. The Ombudsman accepts that the Commission’s CATS database has been designed to meet the Commission’s specific auditing needs. She accepts that it has not been designed to be used to extract and scrutinise systematically individual payments. Indeed, in order to comply with the EU’s data protection rules, it could not have designed CATS to allow it to process the personal data contained in the CATS.

16. As regards the complainant’s argument that the Commission provided the data covered by the request to the World Bank, the Commission clarified that the data provided to the World Bank was aggregated data similar to the data that it normally extracts from the database for auditing purposes. The complainant’s request in this case, however, related to individual records. The Ombudsman notes that the Commission has confirmed that it would provide aggregated data also to the complainant if he requested it.

17. Even without those legal constraints, there are technology challenges of extraction, which would be needed to fulfil the request, and which the Commission is not required by law to take on. The Commission confirmed in its meeting with the Ombudsman’s inquiry team that the mass extraction of individual entries would cause its IT systems to crash. This would occur because the CATS database is designed for audit purposes only. The Commission explained that the usual downloads made by the auditors are thousands of times smaller than the download requested by the complainant. The Commission clarified that the complainant’s request concerns approximately 76 billion data elements. The database is not designed to allow for such large downloads of data. The Commission thus considered that the technical difficulties associated with extracting the requested data would render it practically impossible to meet the request without making substantial IT investment.

18. This practical observation has a legal consequence. The European Courts have ruled that the content of a database[8] will constitute ‘documents’, for the purposes of applying the access to documents rules, if the content can be extracted from the database through pre-programmed search tools. Content whose extraction from a database calls for a ‘substantial investment‘ will not be considered ‘documents’ for the purposes of applying the access to documents rules[9]. In such circumstances, an institution is entitled to state that the requested documents are simply not in its ‘possession’.

19. The Ombudsman is of the view that the requested data cannot be extracted from an electronic database through pre-programmed existing search tools. Moreover, creating the technical tools to allow for the data to be extracted in bulk would require a substantial investment of resources by the Commission. Apart from the practical consequence of this observation, which in theory could be overcome, the data requested by the complainant cannot be considered an existing ‘document’ for the purposes of applying the EU rules on public access to documents. Moreover, and notwithstanding these observations, the Commission could not create the tools to extract, in bulk, the individual entries without infringing EU data protection rules.

20. The Ombudsman does understand the complainant’s frustration that the Commission did not engage with him to consider whether disclosure of a smaller dataset might be sufficient for him. However, the Commission would still have been subject to the same legal constraints. The Ombudsman therefore considers, overall, that the Commission committed no maladministration when dealing with the request for access to the content of the database.

21. The Ombudsman also understands the concerns of the complainant who is undertaking important investigative journalism in the public interest. She notes that an important reason for the complainant seeking access to individualised data in the CATS database was his frustration not only that information available at national level varies between Member States, but also that no Member State releases data that links individual payments to the land that the subsidy is for. This is an important piece of information when investigating possible fraud and misuse of EU funds. Also, where the beneficiary is a corporate body, the ultimate individual beneficiaries may not be identified.

22. The Ombudsman considers that spending of CAP funds could be monitored more effectively if EU law were updated to require Member States also to identify on the relevant national websites the specific land that is being subsidised, in the name of each beneficiary. The Ombudsman will forward this decision to the legislators for their consideration.

Conclusion

Based on the inquiry, the Ombudsman closes this case with the following conclusion:

There was no maladministration by the European Commission.

The complainant and the European Commission will be informed of this decision.

 

Emily O'Reilly

European Ombudsman

Strasbourg, 06/05/2020

 

[1] See letter from the European Data Protection Supervisor to the Commission’s Data Protection Officer of 9 February 2010, available at https://edps.europa.eu/sites/edp/files/publication/10-02-09_commission_cats_en.pdf.

[2] This applies to the Agricultural Guarantee Fund (EAGF) and to the European Agricultural Fund for Rural Development (EAFRD).

[3] See Article 111 of Regulation (EU) No 1306/2013 of the European Parliament and of the Council of 17 December 2013 on the financing, management and monitoring of the common agricultural policy, available at https://eur-lex.europa.eu/eli/reg/2013/1306/oj.

[4] See Article 51 of Regulation No 1306/2013, Article 30 of Regulation (EU) No 908/2014 of 6 August 2014 laying down rules for the application of Regulation (EU) No 1306/2013 of the European Parliament and of the Council with regard to paying agencies and other bodies, financial management, clearance of accounts, rules on checks, securities and transparency, available at https://eur-lex.europa.eu/legal-content/GA/TXT/?uri=CELEX:32014R0908.

[5] See Article 31 of Commission Implementing Regulation (EU) No 908/2014 of 6 August 2014 laying down rules for the application of Regulation (EU) No 1306/2013 of the European Parliament and of the Council with regard to paying agencies and other bodies, financial management, clearance of accounts, rules on checks, securities and transparency, available at https://eur-lex.europa.eu/legal-content/GA/TXT/?uri=CELEX:32014R0908, and Article 117 of Regulation (EU) No 1306/2013 .

[6] The Commission may process data for the purpose of monitoring developments and providing forecasts in the agricultural sector.

[7] Article 5 of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, available at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2018.295.01.0039.01.ENG.

[8] ‘According to Article 3(a) of Regulation 1049/2001, document’ shall mean any content whatever its medium (written on paper or stored in electronic form or as a sound, visual or audiovisual recording) concerning a matter relating to the policies, activities and decisions falling within the institution's sphere of responsibility.

[9] Judgment of the Court of Justice of 11 January 2017, Typke v Commission, C-491/15 P, EU:C:2017:5,paragraph 37, 39.