You have a complaint against an EU institution or body?

Decision of the European Ombudsman closing the own-initiative inquiry OI/4/2013/CK into the EU Agencies practices regarding disclosure of the names of Selection Board members

Summary of the decision on own-initiative inquiry OI/4/2013/CK into the EU Agencies

On 12 August 2013, the Ombudsman opened an own-initiative inquiry and invited the EU agencies to clarify their policy as regards disclosure of the names of selection board members and the compliance of such a policy with data protection requirements. After having thoroughly examined their replies, the Ombudsman decided to close the inquiry by issuing Good Practice Guidelines.

The objective of these Guidelines is to assist the EU Agencies to ensure the correct balance between transparency and the legitimate requirements of confidentiality in the work of selection boards, while also respecting EU data protection principles. She invited the EU agencies to endorse these Guidelines and to inform her within six months of any measures they have taken to comply with them.

On 12 August 2013, the Ombudsman opened an own initiative inquiry and invited the EU agencies to clarify their policy as regards disclosure of the names of selection board members and the compliance of such policy with data protection requirements. After having thoroughly examined their replies, the Ombudsman decided to close the inquiry by issuing Good Practice Guidelines. The objective of these Guidelines is to assist the EU Agencies to ensure the correct balance between transparency and the legitimate requirements of confidentiality in the work of selection boards, while also respecting EU data protection principles. She invited the EU agencies to endorse these Guidelines and to inform her within six months of any measures they have taken to comply with them.

The background

1. In the course of visits to a number of EU Agencies[1], the Ombudsman became aware of the diversity in the approaches adopted by the different Agencies in relation to the issue of disclosure of the names of Selection Board members. In the decision closing own-initiative inquiry OI/4/2012/CK concerning the European Centre for the Development of Vocational Training (Cedefop), the Ombudsman concluded that the best way forward was to open an own-initiative inquiry into the matter[2].

2. On 12 August 2013, the Ombudsman opened the inquiry and invited the EU agencies to clarify their policy as regards disclosure of the names of selection board members and the compliance of such policy with data protection requirements. In the months that followed, the Ombudsman received the Agencies' opinions. She also sought the opinion of the European Data Protection Supervisor ("EDPS") on the application of data protection principles in this field, in accordance with the Memorandum of Understanding of 30 November 2006 signed between the European Ombudsman and the EDPS[3].

The views presented to the Ombudsman

The EU Agencies' practices

3. From the Agencies' submissions[4], it became clear that:

- A significant number of Agencies include information relating to the composition of the selection board in the letters inviting short-listed candidates to interviews[5]. However, only two of these Agencies include similar information in letters sent to ineligible and non-short-listed candidates[6].

- Many Agencies have adopted the practice of introducing members of the selection board by name at the beginning of the interviews with short-listed candidates[7].

- A number of Agencies envisage disclosure of the names of selection board members upon request[8].

- A limited number of Agencies does not envisage any possibility of disclosure of the names of selection board members or do not have specific rules in this respect[9].

- Two Agencies have a proactive policy of making available to the public the names of selection board members through their website[10].

The EDPS's opinion

4. In the reply to the Ombudsman's request for advice, the EDPS noted that the disclosure of the names of selection board members constitutes a further processing of personal data, under Article 4 (1) (b) of Regulation 45/2001[11]. Such processing does not seem to be incompatible with the purposes for which personal data were originally collected, that is, for the selection and recruitment of EU staff. The EDPS nevertheless made it clear that such further processing must comply with the rules laid down in Regulation 45/2001. The EDPS also provided concrete advice on how to safeguard data protection in case Agencies opt for public disclosure, via their website, or for proactive privileged disclosure to candidates[12].

The Ombudsman's assessment

5. The information submitted in the course of the inquiry confirmed that there is diversity in the practices adopted by the EU. While some of these practices constitute good administrative practices and can be praised, some others fall short of the objective of effectively guaranteeing transparency and maintaining public trust in the EU administration. Such shortcomings are particularly harmful for the image of the EU administration, in an area like selection procedures where citizens may have their very first direct contact with an EU institution or body. Agencies, being decentralised bodies, are often the only point of contact that citizens in Member States may have with the EU administration. It is therefore important that Agencies are perceived by EU citizens as public bodies that work in a transparent way on their behalf and are accountable to them.

6. Taking into account the opinions submitted by the Agencies and the EDPS, the Ombudsman has decided to issue a set of Good Practice Guidelines, offering guidance to the EU Agencies as to how to ensure the correct balance between openness and the legitimate needs of confidentiality in the work of Selection Boards, while at the same time respecting EU data protection rules. She trusts that EU Agencies will endorse her guidelines and thus contribute in raising further the quality of EU administration.

Conclusion

The Ombudsman closes the own-initiative inquiry by issuing Good Practice Guidelines. She invites EU agencies to endorse the Guidelines and to inform her within six months of any measures they have taken to comply with them.

 

Emily O'Reilly

Done in Strasbourg on 20 May 2014


[1] http://www.ombudsman.europa.eu/en/activities/visits.faces

[2] http://www.ombudsman.europa.eu/en/activities/visitreport.faces/en/50148/html.bookmark

[3] OJ 2007 C 27, p. 21.

[4] The full text of the opinions of the Agencies are available on:

http://www.ombudsman.europa.eu/en/cases/initiatives.faces

[5] Community Plant Variety Office (CPVO), European Agency for Safety and Health at Work (EU-OSHA), European Banking Authority (EBA),European Chemicals Agency (ECHA), European Food Safety Authority (EFSA), European Foundation for the Improvement of Living and Working Conditions (Eurofound), European GNSS Agency (GSA), European Insurance and Occupational Pensions Authority (EIOPA), European Medicines Agency (EMA), European Union Agency for Network and Information Security (ENISA), European Securities and Markets Authority (ESMA),European Training Foundation (ETF), Office for Harmonization in the Internal Market (OHIM), European Systemic Risk Board (ESRB) REA.

[6] ECHA and ENISA.

[7] Agency for the Cooperation of Energy Regulators (ACER), Body of European Regulators for Electronic Communications (BEREC), European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union(Frontex), European Aviation safety Agency (EASA), Cedefop, European Institute for Gender Equality (EIGE), European Police College (Cepol), European Police Office (Europol), European Union Agency for Fundamental Rights (FRA), European Union's Judicial Cooperation Unit (Eurojust), The European Joint Undertaking for ITER and Development of Fusion Energy (Fusion for Energy), European Institute for Innovation and Technology (EIT), European Research Council Executive Agency (ERCEA), Research Executive Agency (REA).

[8] European Asylum Support Office (EASO), European Centre for Disease Prevention and Control (ECDC), European Fisheries Control Agency (EFCA), European Maritime Safety Agency (EMSA), European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), European Defence Agency (EDA), European Agency for Competitiveness and Innovation ( EACI), trans-European Transport Network Executive Agency (TEN-TEA), Education, Audiovisual and Culture Executive Agency (EACEA), Executive Agency for Health and Consumers (EAHC).

[9] European Railway Agency (ERA), Translation Centre for the Bodies of the European Union (CdT), European Union Institute for Security Studies (EUISS), European Union Satellite Centre (EUSC).

[10] European Environment Agency (EEA) regarding all selection procedures and REA for external selection procedures of temporary agents.

[11] Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ 2001 L 8, p. 1.

[12] The full text of the EDPS's opinion is available at:

http://www.ombudsman.europa.eu/en/cases/initiatives.faces