Data Protection in the Public Procurement Process
DOI:
https://doi.org/10.18662/eljpa/7.2/142Keywords:
Public procurement, data protection, transparency, data protection officer, Electronic Public Procurement System, bidders data, award criterion, competition law, associations, corrective measures, data transferAbstract
Transparency is one of the fundamental principles in public procurement. At the same time, the General Data Protection Regulation (GDPR) requires all operators, whether public or private, to respect privacy and data protection. The study starts from the premise of avoiding sanctions and of complying with the obligations of the contracting authority by knowing the hierarchy of values protected by the regulations in force. An important role in ensuring compliance with the law is to correlate the activity of the data protection officer with the procurement department. The stages of the public procurement procedure will be analyzed in the most relevant aspects, from the publication in the Electronic Public Procurement System and the management of personal data submitted by bidders in the procurement procedures until the publication of the results. We will observe whether data protection can become an award criterion and the influence of bidding data breaches in procurement procedures. A sensitive issue is the protection of data transferred outside the European Union and, from the point of view of competition law, the consequences of the associations, and we will finally discuss some aspects regarding the corrective measures that the data protection authority may impose.
References
Agencia Española de Protección de Datos. (2021). Resolución No. R/00032/2021. https://www.aepd.es/es/documento/td-00206-2020.pdf
Agenţia Naţională pentru Achiziţii Publice. (n.d.). Protecţia datelor cu caracter personal. http://anap.gov.ro/web/protectia-datelor-cu-caracter-personal/
Alexe, I. (2018d). Regimul sancţionator prevăzut de Regulamentul (UE) 2016/679 privind protecţia datelor cu caracter personal. Revista Curierul Judiciar, 1, 36-42.
Alexe, I. (2018a). Relaţia dintre operator şi persoana împuternicită, în domeniul protecţiei datelor personale. Revista Pandectele Române, 2, 71-79.
Alexe, I. (2018b). Principalele noutăţi privind responsabilul cu protecţia datelor, incluse în GDPR. Revista Pandectele Române, 1.
Alexe, I. (2018c). Responsabilul cu protecţia datelor (DPO) - funcţionar public sau personal contractual? Revista Română de Dreptul Muncii, 2, 53-65.
Alexe, I. (2019). Experienţe ale aplicării amenzilor administrative din România în domeniul GDPR. Pandectele române, 5, 79-95.
Alexe, I., & Şandru, D. -M. (2018). Consideraţii privind modificările aduse în anul 2017 legislaţiei achiziţiilor publice din România (pp. 9-31), In I. Alexe, & D. -M. Sandru (Eds.), Legislaţia achiziţiilor publice în România. Editura Universitară.
Alexe, I., Şandru, D. -M. (2019). Desemnarea unui responsabil cu protecţia datelor unic de către mai multe autorităţi sau organisme publice. Revista de drept public, 2, 47-56.
Ausloos, J. (2020). The Right to Erasure in EU Data Protection Law. Oxford University Press.
Bickerstaff, R. (2018). Effects of the new Data Protection Regulation on public procurement procedures. Practical examples. April 2018, EMEA Conferences. Communication for the conference Bid exclusion risks in Public Procurement Procedures. With focus on Competition and new Data Protection rules related breaches. https://emeaconferences.com/wp-content/uploads/2017/05/Roger-Bickerstaff-presentation-EMEA-Conferences-11April2017.pptx
Bucharest Court of Appeal, Section VIII, Administrative and Fiscal Court. (2015). Decision no. 4538/2015. http://rolii.ro/hotarari/58a021c7e4900948100013cf
Bucharest Court, Section II, Administrative and Fiscal Court, Civil Sentence no. 3903/2015 (2015). http://rolii.ro/hotarari/587d2d5ce490093c24001fee
C-465/11, Forposta and ABC Direct Contact. (2012). Judgement of the Court of 13 December 2012, ECLI:EU:C:2012:801.
Cârlan, V. C. (2017). Riscuri ce pot apărea pe parcursul derulării procedurii de achiziţie publice şi măsuri de prevenire a acestora. In D. -M. Şandru, I. Alexe, & R. -F, Hodoş (Coord.), Achiziţiile publice în România. Aplicarea şi interpretarea noii legislaţii europene. Editura Universitară. p. 250.
Case C-368/10, European Commission v Kingdom of the Netherlands. (2012). Judgement of the Court of 10 May 2012, ECLI:EU:C:2012:284
Case C-532/06, Lianakis and others. (2008). Judgement of the Court of 24 January 2008, ECR 2008 p. I-251, ECLI:EU:C:2008:40 and the amendment of the European legislation according to which there might be superposition between the selection and qualification requests and the awarding criteria.
Case T-437/05, Brink's Security Luxembourg SA v Commission of the European Communities, Judgement of 9.09.2009, points 215 and 216, ECR, p. II-3233. (2009). ECLI:EU:T:2009:318.
Directive 2014/55/EU of the European Parliament and of the Council of 16 April 2014 on electronic invoicing in public procurement, OJ, L, 133 of 6 May 2014 (2014).
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995. (1995). On the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Executive Summary of the Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and the Council on electronic invoicing in public procurement, OJ, 2014/C 038/5. (2014).
Farca, L. (2018). Conflict of interests under Romanian public procurement rules. Pros and Cons of the PREVENT. In C. M. Hinţea, B. A. Moldovan, B. V. Radu, & R. M. Suciu, Transylvanian International Conference in Public Administration, Cluj-Napoca 2 nd November, 2017. Ed. Accent.
Google Spain and Google, Judgement of the Court of 13 May 2014, C-131/12. (2014). ECLI:EU:C:2014:317.
Gov. (2018). Procurement Policy Note 02/18: Changes to Data Protection Legislation & General Data Protection Regulation. https://www.gov.uk/government/publications/procurement-policy-note-0218-changes-to-data-protection-legislation-general-data-protection-regulation
Government Decision no. 395/2016. (2016). On the approval of methodological norms concerning the award of public procurement contract/framework agreement of the Law no. 98/2016 on public procurement. Official Journal of Romania, 423.
Government Emergency Ordinance no. 114/2020. (2020). On the modification and completion of normative acts with impact in the field of public procurement. Official Journal of Romania, 614.
Government Emergency Ordinance no. 57/2019. (2019). On the Administrative Code, Official Journal of Romania, 555.
Guidelines on Data Protection Officers (‘DPOs’). (2016). 16/EN, WP 243 rev.01, adopted on 13 December 2016 at last Revised and Adopted on 5 April 2017.
Instruction no. 28 of 29 August 2019. (2019). of the Chief of the Managing Authority of the Competitiveness Operational Programme regarding the enforcement of the General Data Protection Regulation. http://mfe.gov.ro/wp-content/uploads/2019/08/b153da563961c2a18631ec663286e6c6.pdf
Judgment of 12 July 2012, Compass-Datenbank (2012), C‑138/11, EU:C:2012:449, para. 40-41.
Law no. 190/2018 on implementing measures to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of Romanian. nr. 651/2018. According to art. 14 of the law, the maximum amount of the fine is RON 200.000. (2014).
Manni C-398/15, Judgement of the Court of 9 March 2017 (2017), ECLI:EU:C:2017:197.
Maxim, M., & Bălănuţă, A. (2019). Prelucrarea datelor cu caracter personal în scopul evitării şi gestionării situaţiilor de conflict de interese. Dreptul 7, 36.
Micu, A., Beşleagă, Y., & Alecu, A. (2020). Confidenţialitatea informaţiilor în materia achiziţiilor publice în lumina O.U.G nr. 114/2020. JURIDICE.ro.
Nechimiş, R. (2017). Impactul reglementărilor privind prelucrarea datelor cu caracter personal – inclusiv al noului Regulament nr. 679 din 27 aprilie 2016 privind protecţia persoanelor fizice în ceea ce priveşte prelucrarea datelor cu caracter personal (“Regulamentul”) - asupra procedurilor de achiziţii publice. In D. -M. Şandru, I. Alexe, & R. -F. Hodoş (Coord.), Achiziţiile publice în România. Aplicarea şi interpretarea noii legislaţii europene (pp. 183-184). Editura Universitară.
Popa, A. (2018). Protecţia confidenţialităţii documentelor depuse de operatorii economici în cadrul procedurilor de atribuire a unor contracte de achiziţie publică. Hotnews.ro. https://www.hotnews.ro/stiri-specialisti_tuca_zbarcea_asociatii-22542411-protec-confiden-ialit-documentelor-depuse-operatorii-economici-cadrul-procedurilor-atribuire-unor-contracte-achizi-public.htm
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), OJ 2016, L 119, p. 1. (2016).
Roşu, A. (2017). Excluderea din procedura de atribuire a contractelor de achiziţie publică a candidatului /ofertantului condamnat / investigat pentru săvârşirea unei infracţiuni, In D. -M. Şandru, I. Alexe, & R. -F. Hodoş (Coord.), Achiziţiile publice în România. Aplicarea şi interpretarea noii legislaţii europene (p. 149 and the following). Editura Universitară.
Şandru, A. -M. (2018). Privire critică asupra jurisprudenţei Curţii de Justiţie a UE referitoare la interpretarea art. 8 privind protecţia datelor cu caracter personal din Carta drepturilor fundamentale a Uniunii Europene (CDFUE). Pandectele Române, 1, 26-33.
Şandru, A. -M. (2018d). Inovări şi reevaluări în privinţa drepturilor persoanei vizate în Regulamentul 2016/679. Revista română de drept al afacerilor, 4, 42-48.
Şandru, D. -M. (2017). Curtea de Justiţie a Uniunii Europene şi protecţia datelor personale ale angajaţilor în relaţiile de muncă. Revista română de drept european, 4, 92-101.
Şandru, D. -M. (2018a). La vremuri noi, principii vechi. Observaţii critice privind două expresii nou introduse în art. 5 al Regulamentului General privind Protecţia Datelor, în R.R.D.A., nr. 1/2018, p. 79-84;
Şandru, D. -M. (2018b). Principiile protecţiei datelor – de la teorie la practică. Curierul Judiciar, 6, 364-366.
Şandru, D. -M. (2018c). Principiul transparenţei în protecţia datelor cu caracter personal. Pandectele române, 4, 59-69. The list of articles concerning the principles is available at mihaisandru.ro
Şandru, D. -M. (2018e). Reflectarea izvoarelor dreptului european al achiziţiilor publice în practica administrativă şi jurisdicţionala din România. In D. -M. Sandru, & I. Alexe (Eds.), Legislaţia Uniunii Europene în materia achiziţilor publice (pp. 7-24). Ed. Universitară.
Şandru, M., Banu, M., & Călin, D. (2013). Procedura trimiterii preliminare. Principii de drept al Uniunii Europene şi experienţe ale sistemului român de drept. C. H. Beck.
The author discusses the exclusion criteria, as well as the relevant case law such as C-465/11, Forposta and ABC Direct Contact, Judgement of the Court of 13 December 2012, ECLI:EU:C:2012:801, case C-368/10, European Commission v Kingdom of the Netherlands, Judgement of the Court of 10 May 2012, ECLI:EU:C:2012:284.
The Law 184/2016 to establish a mechanism top prevent conflict of interests in public procurement contract awarding. (2016). Official Journal of Romania, 831.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Stefan cel Mare University of Suceava, Faculty of Law and Administrative Sciences, Romania & LUMEN Publishing House
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication, with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work, with an acknowledgement of the works authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g. post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in European Journal of Law and Public Administration.
- Authors are permitted and encouraged to post their work online (e.g. in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as an earlier and greater citation of published work (See The Effect of Open Access).
EJLPA Journal has an Attribution-NonCommercial-NoDerivs
CC BY-NC-ND
