Log in

Register



News

As we know, the revision of the PSI Directive is under way. The Commission issued the first proposal on 25 April 2018 and on 7 November 2018 the European Council agreed a compromise text taking into account the key concerns of the Member States.

Meanwhile, on 25 May 2018 a major reform of the European data protection framework, i.e. the General Data Protection Regulation (GDPR), entered into force.

At this stage, where the revision cycle of the new PSI Directive proposal is close to the end, it is interesting to analyse its relationship with the GDPR.


References to the GDPR in the text of the PSI Directive

Taking the text agreed by the European Council as a reference, Article 2, point 3a foresees full compliance to the provisions of the GDPR and the corresponding provisions of the individual Member States:

This Directive is without prejudice to the provisions of Union and national law, on the protection of personal data, in particular those of the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council and Directive 2002/58/EC of the European Parliament and of the Council, and corresponding provisions of the Member States.

Since the GDPR is explicitly mentioned, that reinforces the idea that any possible re-use of data must comply with the requirements of the Regulation.

Recital 47 suggests a way to go by introducing the concept of “anonymous information”.

This Directive should not affect the protection of individuals with regard to the processing of personal data under the provisions of Union and national law, particularly under Regulation (EU) 2016/679 of the European Parliament and of the Council and Directive 2002/58/EC of the European Parliament and of the Council including any supplementing provisions of law enacted by the Member States. Anonymous information is information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable. Rendering information anonymous is a means to reconcile the interests in making public sector information as re-usable as possible with the obligations under data protection legislation, but comes at a cost. It is appropriate to consider this cost as one of the cost items to be considered as part of the marginal cost of dissemination as defined in Article 6 of this Directive.

Article 6 “Principles governing charging” states that:

Re-use of documents shall be free of charge. However, Member States may provide that the marginal costs incurred for the reproduction, provision, and dissemination of documents, as well as anonymisation of personal data and measures taken to protect commercially confidential information, may be recovered.

Article 6 and Recital 47 establish two key concepts:

  • making information anonymous would solve any possible conflict between data re-use and data protection,
  • the cost of anonymisation can be included in the marginal costs

 Recital 33 foresees the same provision also for libraries, museums and archives. In other words, anonymisation is welcome, but it may increase re-use costs.

 

Anonymisation as a marginal cost. A crutch for the GDPR?

Regulation (EU) 2016/679 in Article 32 Security of processing recommends the adoption of security measures like pseudonymisation and encryption of personal data. Other measures are not excluded but it is clear that if you pseudonymise or encrypt your data, you are compliant with the Article 32.

GDPR defines pseudonymisation in Article 3 as “the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information.” The “additional information” must be “kept separately and subject to technical and organisational measures to ensure non-attribution to an identified or identifiable person.”

Pseudonymisation is thus a slight form of anonymisation. The difference is that pseudonymous data still allows the re-identification, while anonymous data cannot be re-identified. It is obvious that if you provide pseudonymous data as open data not including the “additional information”, the data become anonymised data.

What does this mean? It means that public sector bodies, libraries, museums and archives have an extra incentive to pseudonymise/anonymise their data by charging the relative costs to the re-users with the condition that they provide their data as open data.
This all sounds like a win-win strategy: the public sector bodies do not pay for anonymisation and the re-users have more data to re-use.

Evaluation by the Commission

Another sign of impact of the data protection rules on the PSI Directive is mentioned in Article 16  Evaluation, where on point 1 it is stated that the Commission shall carry out an evaluation of the Directive and on point 2 that:

  1. The evaluation shall in particular address the scope and impact of this Directive, including the extent of the increase in re-use of public sector documents to which this Directive applies, the effects of the principles applied to charging and the re-use of official texts of a legislative and administrative nature, the re-use of documents held by other entities than public sector bodies, the interaction between data protection rules and re-use possibilities, as well as further possibilities of improving the proper functioning of the internal market and the development of the European data economy.

The provision of including the interaction between data protection rules and re-use possibilities in the evaluation have already been added by Directive 2013/37/EU, nevertheless on the light of the points above described, now it has a greater importance.

Conclusion

The new PSI Directive has  not been finalized yet, but the last amendments show that the data protection has been taken into account by recommending compliance with the GDPR and encouraging the anonymization of information by including its cost between the marginal costs.


This week the series of articles on how to make a PSI request in the EU member states continues by analysing the case of Romania.


Legislative framework

The situation is quite straightforward, Romania is a unitary state and a semi-presidential republic.
Law no. 544/2001 regulates the right to information: free access to information of public interest (a sort of domestic FOIA). The law confers on any person the right to obtain information about the activities of any public authorities or institutions, including other entities using public resources. The law specifies the conditions under which the access to information is provided and guarantees to obtain the requested information. It also imposes an active and transparent behavior of public authorities and institutions by provisions on the obligation to publish certain information of interest on the public notice or on the website.

The country had the obligation to adopt the communitary acquis before entering into the European Union and, thus, in April 2007 adopted Law no. 109/2007 as transposition of Directive 2003/98/EC.

Following some observations by the European Commission, the law was amended in 2008 by Law no. 213/2008.

Law no. 299/2015 amending Law no. 109/2007 on the re-use of information from public institutions transposed Directive 2013/37/EU.

The unique national platform for the publication of data sets produced or held by public authorities or institutions in open format for re-use, data.gov.ro, was launched in October 2013.

In practice

We have seen that the legislative framework in Romania is in line with the last European amendments and that there is also a domestic FOIA law since 2001. Hence from a legislative point of view, they are well positioned.

Nonetheless, the country still struggles to implement the rules due to a combination of limited institutional capacity and a lack of knowledge. However the government is making considerable efforts to improve the situation, as evidenced by the National Plan 2016 - 2018.

In a practical way, it is hard to find a Romanian public sector body that provides guidance (in the shape of a form or a contact email address) on how to make a PSI request for reuse of information. We were able to find just some examples with regard to access to information based on Law no. 544/2001:

Inspectoratul Teritorial De Munca Teleorman

ANAF (Agentia Nationala de Administrare Fiscala)

General Inspectorate for Immigration

Primaria Lipova

What to do then? In this case, it is worth to stay stick to what the Law states about requests of re-use of information. An extract of the English version of the Law no 299/2015 transposing Directive 2013/37/EU is presented below.

Applications to re-use documents shall be submitted in writing, either on paper or electronically. An application shall indicate the following:

  1. the public institution to which it is addressed;
  2. the information requested, so that the public institution can identify the documents;
  3. the applicant's identification and authentication data, and the address to which the reply should be sent;
  4. the purpose for which the requested information is to be used.

So, the first thing to do is to pinpoint the public sector body and look for an email contact on its institutional website. Afterwards, you can send the request directly to the public sector body or

 add it to PSI Monitor and let Psi Monitor send it for you. 


In the latter case the advantage is that the request will be publicly consultable on the PSI Monitor repository and this may induce the public sector body to be more proactive in answering the request.

Another way to go is to leverage nuvasuparati.info, a website that helps you to make a request for access to information similar to the well known  whatdotheyknow.com

 

It is focused on requests based on the FOIA Law no. 544/2001 but it can be worth to try to use it for a re-use request mentioning the Law no. 299/2015 in the description of the request. As we already suggested here, you can add the tag #psimonitor to the description so that we can filter it and add it also to the PSI Monitor repository.

Continuing the series of articles about What is a “request for re-use” and how do we make it right?, this time we deal with the situation in UK.

 Legislative framework

Let’s take a look at the legislation. The Re-use of Public Sector Information Regulations 2015 (SI 2015 No. 1415) (the ‘2015 Regulations’) are in force from 18 July 2015 and transpose Directive 2003/98/EC as amended by Directive 2013/37/EC (the ‘Amending Directive’).

Access to public sector information is provided for under different regimes, such as  the Freedom of Information Act 2000, the Freedom of information (Scotland) Act 2002 and the Environmental Information Regulations 2004.

On The National Archives’ website there is a wealth of information on the PSI Directive transposition and re-use regulations. You will find some useful documents such as an implementation guidance for re-users and a template form for requesting re-use; there are also additional resources for public sector bodies.

Providing a kind of summary of the implementation guidance for re-users is beyond the scope of this article but it is worth mentioning and commenting some highlights.

Public sector body information is presumed to be re-usable once access is obtained, unless the information is otherwise restricted or excluded.

There is a distinction between access to, and re-use of public sector information, but once you have the first one, you have the second one. For instance, information published on a public sector body’s website would be exempt from an access request by virtue of being already reasonably accessible (section 21 of the Freedom of Information Act 2000). This information would be available for re-use.

If information is not under an open licence, you must make a request for re-use to the public sector body that holds the information.

If there is no open license, permission has to be sought.

 The guidance describes also how to make a request for re-use.

  • The request should be made in writing (paper, email, or via online form where provided)
  • It should be clear and specific about what information you want to re-use
  • It should describe how you intend to re-use the information
  • And it should be reasonable in volume and complexity

Of course, the request has to be addressed to the public sector body that produces, holds or disseminates the information. However if you do not know exactly which public sector body has the data you are interested in or you are afraid of doing something wrong there is an alternative.

 

WhatDoTheyKnow

If you are looking for a more supervised procedure the whatdotheyknow website is a great help in this context. Its repository contains more that 500.000 requests and more than 23.000 public authorities.  You can browse the repository to find similar requests to the one you plan to make or to find an authority you think might have the information. But not only. It provides you with a form to make a Freedom of Information (FOI) request and access information about public authorities.

First, you have to indicate to which public sector body you want to make a request.

A live search box helps you finding the public sector body while you type.

Then you are presented with a form where you have to insert the summary and the description of the request. Sometimes at the top of the form, you can find additional information on the public sector body chosen; for instance a description of the activities of the body and some useful hints to take care of.

 

PSI requests using WhatdoTheyKnow

As you may noticed WhatDoTheyKnow is focused on Freedom of Information (FOI) requests; there is no mention of the 2015 Regulations in the website. Nevertheless, this does not imply that you cannot make a PSI request using this route.

Simply put a reference to the 2015 Regulations in the description, something like this:

I am seeking permission under the Reuse of Public Sector Information Regulations 2015 to reuse the information you provide.

 

Add your PSI request to PSI Monitor

You can either add your request to both whatdotheyknow.com and psimonitor.eu or add it just to whatdotheyknow and take care to include in the description the tag #psimonitor.  

The tag will allow to automatically add the request to the PSI Monitor repository.

 

How to make a request for re-use in the different member states? This time we are in Italy, let’s see how things work.

 Legislative framework

Directive 2003/98/EC (PSI Directive) was transposed through Legislative Decree 36/2006 but this has not given rise to any particular initiatives for a while.

Only in the last few years, new developments in the Open Data legislation put Italy in the forefront of those member states who embrace the principles of openness and transparency of public sector information, as evidenced by the upgrading of Italy from the Followers level to the Trend-setter according to the Open Data Maturity Index.

In fact, Italy has transposed Directive 2013/37/EU amending Directive 2003/98/EC on time through the legislative Decree no 102 of 18 May 2015. In 2016 the country has also introduced the Freedom Of Information Act through Legislative Decree no 97 of 25 May 2016.

So, is everything okay? Not exactly.

The efforts made to increase transparency in the public administration have led to some overlaps. At the moment there are three different kinds of administrative right of access:

  • the original right of access to administrative documents (Law no. 241/1990), which states that the applicant must demonstrate a qualified interest
  • the right of civic access to documents, data and information (legislative Decree no 33 of 14 March 2013), which allows access only to information that falls within the publication obligations provided for by law
  • the “generalized” right of civic access introduced by the above mentioned Freedom Of Information Act Legislative Decree no 97 of 25 May 2016, that allows private parties to obtain disclosure beyond the borders of compulsory application imposed by the previous Decree.

 

The coexsistence of three different rights of access, described in three different laws, is something that does not help simplification of norms and rules.

Further to that, the generalized civic access introduced an interesting – from the re-users point of view – side effect.

 Since Legislative Decree no 97 is an amendment of Legislative Decree no 33, it has kept some articles unchanged while it has changed others. For instance, the unchanged article 7 says that all information that has been object of civic access as per article 5 can be re-used with no broader limitations than the duty to mention their source and to use them properly.

The updated article 5 defines now the civic access at point 1 and point 2. Point 1, as before, limits the right to access to data already published or data not yet published but for which there is the pre-requisite of compulsory publication. Instead, new point 2 extends the right of access to data and documents not subject to mandatory publication.

The result is that with the “generalized” civic access anyone can access and reuse data and information with the duty to mention their source and to use them properly.

The overlap with the PSI Directive is clear. However interesting thing is that the re-users have now another weapon at their disposal to obtain an answer to their requests for reuse of public sector information.

 

In practice

Basically, to address a reuse request to an Italian public sector body, it is worth to have a look at its website; often you can download a module to be compiled and sent to the mail address indicated. An example here.

In the other cases, you have to create your request bearing in mind some general rules:

  • clearly indicate your identity and contacts
  • the request should not be generic; you should describe it in a way that allow identification of the data, document or information you are requesting
  • there is no obligation to motivate your request
  • add a reference to the relevant legislation; as we already seen, you can either invoke articles 5 and 6 of Legislative Decree 36/2006 (transposing Directive 2003/98/EC) as amended by Legislative Decree 102/2015 or articles 5 and 7 of legislative Decree no 97 of 25 May 2016.

Which one is the most appropriated to use? It depends on the kind of data requested and on the public sector body involved. In general there are limitations on which data you can obtain in both cases, for instance with regards to the reuse of personal data, but their investigation is beyond the scope of this article.

Then you can send the request directly to the public sector body or let PSI Monitor do it for you: register to psimonitor.eu, click on add your request and fill the form. 

There are also other tools that you can leverage to make a request; for instance www.FOIAPop.it lets you create a pdf form in a few clicks. At this time it is still in beta and may not work as expected.

Another tool is chiedi.dirittodisapere.it which allows you to make a request according to the generalized civic access. It appears not so active at the moment (last request inserted is dated May 2018); we have tried to contact the administrators of the website without success, anyway might be worth to give a look to the requests registered there to get a feel of the situation.

 

This week the series of articles on how to make a PSI request in the EU member states continues by analysing the case of Austria.

 

Legislative framework

The legislative framework in Austria is similar to the one in Germany, i.e. multifaceted as we saw in our previous article.

The country is divided in 9 federal states (Länder in German) and each Land has a legislative body called Ladtag which legislates within the limits established by the constitution. Beside this state legislation there is the federal legislation which is produced by the National Council (Nationalrat) and the Federal Council (Bundesrat), the latter composed by representatives of the nine federal states.

In general, law initiatives are taken at National Council level and confirmed by the Federal Council. The Federal Council can initially veto them, but the National Council may still force them to be adopted by essentially just passing them again.

In view of the above, it becomes clear why the PSI Directive has been transposed by legislative measures at federal level and at Länder level.

 

Federal measures

 Federal Act amending the law on the re-use of public sector information  BGBl I nr. 76/2015, 9.07.2015

Original language version | EN translation

Federal Act amending the law on the re-use of public sector information  BGBl I nr. 76/2015, 9.07.2015

Original language version | EN translation

Länder measures

Vienna

Law on the re-use of public sector information of the Land of Vienna - LGBl. N° 52/2005, 20/09/2005

Original language version |  EN translation

Law amending the Law on re-use of public sector information of the Land of LGBI No. 29/2015, 24/07/2015

Original language version | EN translation

Carinthia

Act on accountability, privacy and statistics of the Land of Carinthia of 7/07/2005 LGBl. N° 70/2005, 17/10/2005

Original language version | EN translation 

Law No 22 of 29 October 2015 amending the Carinthian Information and Statistics Act, the Carinthian Provincial Archives Act and the Carinthian Provincial Museums

Original language version | EN translation

Vorarlberg

Act on the re-use of documents held by public bodies, consolidated version as per 18 August 2015 LGBl. (Provincial Law Gazette) No 42/2006*), 44/2013, 47/2015**)

Original language version | EN translation

Lower Austria

Information Act

Consolidated law in original language version | EN translation of 2006 amendment EN translation of the 2015 amendment

 Tirol

Law on the reuse of public sector information, consolidated version as per 10 November 2015

Original language version | EN translation

 Burgendland

Law on accountability, the re-use of public sector information and the statistics of the Land of Burgenland), LGBl. N° 14/2007, 12/02/2007

Original language version | EN translation 

 

Based on the table above, you can prepare a PSI request by citing the right acts provided that you know the details of the public body that owns the data you are looking for and its Land. Nevertheless, if you do not know these details or you want some guidance there is an online tool you can rely on.

Fragdenstaat.at

The FragDenStaat platform available at https://fragdenstaat.at it is very similar to its cousin https://fragdenstaat.de, which we talked about here. The main difference is that the Austrian platform is mainly focused on make requests under the access to information than to the reuse of it, while in the German counterpart this orientation is more mitigated.

A plus of using this platform is the database of more than 2100 public sector bodies details, among which you can search for those of your interest and address your request directly to them.

Our suggestion is to leverage this platform to make your PSI request by adopting the following steps.

1) Click on “Stellen Sie eine Anfrage” on the top menu and look for the public sector body you want to contact, the system will help you.

 

2) Select “Informationen aus Dokumenten oder Akten (Informationsfreiheitsanfrage)” and click on “zum nächsten Schritt” button.

3) Write the subject of the request and the description. Since the system does not include them automatically in the request, make explicit reference to the Federal laws and the laws of the relevant Land in the description. You can easily find them in the table above.

4) Optionally add the tag #psimonitor at the end of the request. It helps us in filtering and adding your PSI request to the PSI Monitor database without any action on your part.

5) Complete the other fields of the from, click on “Überprüfen und Absenden” button and you are done. 

 

 

Subcategories

Page 1 of 3

About

A transparent and publicly accessible database of requests for the re-use of public sector information (PSI).

Funded by the European Union

Keep in Touch

 
 

NEWSLETTER

 
© 2018 PSI Monitor

Quick search