1. The administrative file in an investigation concerning an alleged infringement of Regulation (EU) 2016/679 shall consist of the documents which have been obtained or produced by the lead supervisory authority and the other supervisory authorities concerned and assembled by the lead supervisory authority during the investigation procedure, including all inculpatory and exculpatory evidence.
The administrative file shall not include internal communications within a supervisory authority.
2. Upon request of a party under investigation, or a complainant where the decision is liable to affect his or her interests adversely, the lead supervisory authority shall grant access to the administrative file to the parties under investigation, or the complainant, enabling them to exercise their right to be heard.
The first subparagraph shall be without prejudice to more favourable rules on granting access to the administrative file under the national law of the lead supervisory authority.
Where access is granted in accordance with the first subparagraph, the party under investigation shall be provided with such access by the lead supervisory authority, while the complainant shall be provided with such access by the supervisory authority with which the complaint has been lodged.
3. The following documents or parts of the following documents shall be excluded from access, notwithstanding whether access is granted under Union or national law:
|
(a) |
correspondence or deliberations between the supervisory authorities; |
|
(b) |
confidential information pursuant to Article 25(1). |
4. The lead supervisory authority shall grant access to relevant and reasoned objections submitted pursuant to Article 60(4) of Regulation (EU) 2016/679 on the basis of which that supervisory authority intends to adopt a revised draft decision only where such access is necessary to enable the parties under investigation or the complainant to make their views known and defend their rights.
1. Any information, documents or parts of documents shall be considered confidential in so far as they contain trade secrets as defined in Directive (EU) 2016/943 of the European Parliament and the Council(5) or other confidential information in accordance with Union or national law.
2. Unless otherwise provided for by Union or national law, information collected, produced or obtained by a supervisory authority in a case concerning cross-border processing under Regulation (EU) 2016/679, which is considered confidential pursuant to paragraph 1, shall not be communicated or made accessible to a party under investigation, a complainant or any third person.
3. A party under investigation, a complainant, or a third person submitting information that it considers to be confidential shall clearly identify that information, giving reasons for the confidentiality claimed. The party under investigation, complainant, or third person shall always provide the full version of the information. Where possible, it shall also provide a proposed non-confidential version.
4. Without prejudice to paragraph 3, the supervisory authority to which the information is submitted may require the parties under investigation, or any other person that submits documents, to identify the documents or parts of documents that they consider to contain trade secrets or other confidential information belonging to them and to identify the persons concerned with regard to the confidentiality of those trade secrets or other confidential information.
5. The supervisory authority to which the information is submitted shall set an appropriate time-limit no longer than six weeks for parties under investigation and any other person claiming that the information submitted is confidential to:
|
(a) |
substantiate their claims that the information submitted contains trade secrets or other confidential information for each individual document or part of document, statement, or part of statement; |
|
(b) |
propose, where possible, a non-confidential version of the documents and statements, in which the trade secrets or other confidential information are redacted; |
|
(c) |
provide a concise, non-confidential, description of each piece of redacted information. |
6. If the parties under investigation or any other person fails to comply with paragraphs 4 and 5, the supervisory authority to which the information is submitted may assume that the documents or statements concerned do not contain trade secrets or other confidential information.
7. The supervisory authority to which the information is submitted shall determine whether or not the information or relevant and specific parts of documents are confidential, in accordance with paragraph 1. It shall ensure that the redaction of documents is limited to what is necessary and proportionate to protect the confidential information. The supervisory authority to which the information is submitted shall inform the other supervisory authorities about the confidential nature of the information when transmitted.
8. Information regarded as confidential information under the national law of the supervisory authority to which the information is submitted and exchanged between supervisory authorities in the application of Regulation (EU) 2016/679, shall continue to be treated as confidential by the supervisory authority receiving it.
(5)Directive (EU) 2016/943 of the European Parliament and of the Council of 8 June 2016 on the protection of undisclosed know-how and business information (trade secrets) against their unlawful acquisition, use and disclosure (OJ L 157, 15.6.2016, p. 1, ELI: http://data.europa.eu/eli/dir/2016/943/oj).
1. For the purpose of exchanging relevant information between the lead supervisory authority and other supervisory authorities concerned in accordance with Article 9, the lead supervisory authority shall ensure such relevant information is made available through a cooperation file dedicated to each complaint or investigation. The cooperation file shall include all information exchanged pursuant to Article 9.
2. The cooperation file shall be maintained in electronic form and shall, by means of a common electronic tool, be remotely accessible to supervisory authorities and, upon referral of a matter to dispute resolution under Article 65(1), point (a), of Regulation (EU) 2016/679, and, where applicable, when an urgent opinion or an urgent binding decision is requested pursuant to Article 66 of that Regulation, to the Board. The cooperation file shall not be directly accessible to parties under investigation, complainants or third persons.