Summaries of judgments made in collaboration with the Portuguese judges and référendaire of the General Court (Maria José Costeira, Ricardo Silva Passos and Esperança Mealha)
Judgment of the General Court (Third Chamber, Extended Composition) 18 December 2024,
Case T-776/22 TP v Commission
Public procurement – Financial Regulation – Exclusion from the proceedings of awarding of public contracts and the concession of grants financed by the Union’s budget and by the European Development Fund (EDF) for a period of two years – Significant deficiencies in complying with main obligations in the implementation of a prior contract – Article 136 (1)(e) of the Financial Regulation – No automatic link between a finding of a failure to comply with contractual obligations by the court having jurisdiction over the contract and the adoption of an exclusion measure by the authorising officer responsible – Obligation to conduct a specific and individual assessment of the conduct of the person concerned – Prior contract awarded to a group of economic operators – Joint and several contractual liability
Facts
The General Court (henceforth “GC”), ruling in extended composition, ruled, for the first time, on the question of whether article 136(1)(e) of Regulation 2018/1046[1] (henceforth “Regulation”) imposes on the authorising officer responsible, in order to apply contractual sanctions, the obligation to conduct a specific and individual assessment of the behaviour of the person concerned before deciding to exclude from participating in award procedures.
The European Commission (henceforth “Commission”) organized a procurement procedure for the award of a public works contract concerning the upgrading of a facility. The contract was awarded in 5 October 2009 to the consortium composed by the company TP, the applicant, and its partner company. The works began in November 2009 and were concluded two years later.
On February 2012, defects were detected in the facility, which were repaired by the partner company on behalf of the consortium. However, the Commission deemed the repairs carried out insufficient. After sending the consortium its anticipated notice of termination of the contract, the parties agreed to submit their dispute regarding the termination of the contract to a dispute adjudication board.
On 17 July 2017, the Commission initiated an arbitration proceeding under the rules of the International Chamber of Commerce, which appointed an arbitral tribunal for that purpose. In July 2022, the arbitral tribunal found that the applicant and its partner company were jointly and severally liable to pay the European Union an amount corresponding to the costs necessary to repair the facility.
On February 2021, the Commission referred the matter to an interinstitutional panel created pursuant to the Regulation, which is responsible for assessing requests and issuing of recommendations on the need to take decisions on the application of administrative sanctions of exclusion or of financial penalties in cases referred to it by the Commission or other EU institutions or bodies.
On 1 October 2022, following the recommendation of the interinstitutional panel, the Commission adopted the decision (henceforth “contested decision”) of excluding TP, on the one hand, of participating in award procedures under the Regulation or financed by the European Development Fund and, on the other hand, of being selected for implementing EU Funds.
As a result, TP launched an action for annulment against the contested decision under article 263 of the Treaty on the Functioning of the European Union.
Law
Addressing the plea of law raised by the applicant, that is, the alleged infringement of article 136(1)(e) of the Regulation, the GC interpreted this provison, regarding the exclusion of participation in award procedures due to failure to comply with essential obligations, according to a literal, contextual, historic and teleological interpretation. The GC found that there was no automatic link between the finding of a failure to comply with contractual obligations by the judge and the adoption of an exclusion measure by the authorising officer responsible.
In this regard, firstly, in the context of a literal interpretation, the GC observed that this provision refers to a failure to comply with obligations in the implementation of a legal commitment, so that it is applicable in case of a failure to comply with contractual obligations. However, the provision does not foresee that any failure to comply with a contractual obligation leads automatically to the adoption of a measure of exclusion, since reference is made to the need to show “significant deficiencies” in “complying with main obligations in the implementation”. As such, the GC found that these are additional conditions are specifically imposed by the Regulation for the adoption of an exclusion measure. Furthermore, the terms used are sufficiently imprecise to allow a margin of discretion to the authorising officer responsible for the legal classification of the facts, which confirms that, before adopting an exclusion measure, he should perform an autonomous legal classification thereof.
Secondly, according to a contextual interpretation, the GC observed that, since article 136(2) of the Regulation does not foresee that the existence of a definitive judgment or decision adopted by an authority different from the authorising officer is to have an impact on its assessment under article 136(1)(e) of the Regulation, any automatic link between a finding by the court having jurisdiction over the contract of a failure to comply, by the person concerned, with its contractual obligations and the adoption by the authorising officer of an exclusion measure is excluded. On the contrary, regarding specifically to this provision, the authorising officer responsible should perform an autonomous legal classification of the conduct of the person concerned.
Thirdly, according to an historic and teleological interpretation, the GC observes that, in the situation foreseen in article 136(1)(e) of the Regulation, the absence of an automatic link is provided for in recital 76 of the Regulation. This recital establishes that the possibility of adopting exclusion measures or imposing financial penalties is independent from the possibility of applying contractual penalties, such as damages. Furthermore, the autonomous sanctions regime laid down by the Regulation pursues specific objectives of public interest, which are different from the proper performance of the contract or the protection and compensation of the contractual parties that a system of contractual liability seeks to ensure. The difference between the objectives pursued by the sanctions regime established by the Regulation and those pursued by a regime of contractual liability confirm the absence of an automatic link.
The GC thus held that it follows from the literal, contextual, historical and teleological interpretation of Article 136(1)(e) of the Regulation that there is no direct link between the declaration of non-compliance with contractual obligations made by finding by the court having jurisdiction over the contract and the adoption of an exclusion measure by the authorising officer responsible. The GC then examined whether Article 136(1)(e) of the Regulation should be interpreted as imposing an obligation on the authorising officer responsible to examine the behaviour of the person concerned individually when deciding to apply that provision.
In this matter, the GC notes, on the one hand, that according to a literal interpretation of the wording of the provision, it is the “person” or “entity” which failed to comply with its contractual obligations that is excluded by the authorising officer responsible. This presupposes, in principle, that the author of the behaviour and the addressee of the penalty are the same and, therefore, an individual failure to comply with its contractual obligations on the part of the addressee of the penalty.
On the other hand, regarding the contextual interpretation of article 136(1)(e) of the Regulation, the GC specified that such an interpretation can be based on the analysis of provisions pertaining to texts different from the one that the interpreted provision refers to. This is the case especially when the provisions are analogous or when the texts in which they appear share the same objectives. In this regard, there is a provision in Directive 2014/24[2] (henceforth “Directive”) that is analogous to article 136(1)(e), which is article 57(4)(g). In fact, that provision provides for the possibility of excluding any economic operator from participating in a procurement procedure due to significant or persistent deficiencies by the economic operator. Furthermore, the Union legislature sought to establish a coherence between the Regulation and the Directive, as it results from several recitals of the former. Therefore, applying, by analogy, the case law of the Court of Justice regarding the Directive, the GC found that it falls no the authorising officer responsible to conduct a specific and individual assessment of the behaviour of the person concerned when applying article 136(1)(e) of the Regulation.
Finally, regarding the nature of the examination that the Commission carried out in the contested decision, the GC observes that, for the purposes of the application of article 136(1)(e) of the Regulation, the Commission based itself on the joint and several liability of the applicant, as member of the consortium, without taking into account its individual behaviour.
Therefore, since the authorising officer responsible, before adopting an exclusion measure of a person or entity, should conduct a specific and individual assessment of the behaviour of that person or entity, in light of all the relevant elements and that, in the present case, the Commission only invoked the joint and several liability of the applicant, as a member of the consortium, without taking into account its individual behaviour, the GC annulled the contested decision.
*
Judgment of the General Court (First Chamber Extended Composition) of 8 January 2025,
Case T-354/22 – Bindl v Commission
Processing of personal data – Protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies – Regulation (EU) 2018/1725 – Concept of ‘transfer of personal data to a third country’ – Transfer of data when visiting a website – EU Login – Action for annulment – Act not open to challenge – Inadmissibility – Action for failure to act – Position taken ending the inaction – No need to adjudicate – Action for damages – Sufficiently serious breach of a rule of law conferring rights on individuals – Causal link – Non-material damage
Facts
A citizen living in Germany complained that the Commission had infringed his right to the protection of his personal data when, in 2021 and 2022, he visited the website of the Conference on the Future of Europe, which is managed by the Commission. Specifically, he had registered for the ‘GoGreen’ event through that website using the Commission’s EU Login authentication service, having selected the option of signing in using his Facebook account.
According to the individual concerned, during his visits to that website his personal data, including his IP address and information about his browser and terminal, were transferred to recipients established in the United States. The data were, he claims, transferred to the US undertaking Amazon Web Services, in its capacity as operator of the content delivery network Amazon CloudFront, which was used by the website in question. Moreover, when he registered for the ‘GoGreen’ event using his Facebook account, his personal data were transferred to the US undertaking Meta Platforms, Inc. However, according to the individual concerned, the United States do not have an adequate level of protection.
He maintains that those transfers gave rise to a risk of his data being accessed by the US security and intelligence services. The Commission had not indicated any of the appropriate safeguards that might justify those transfers.
On that basis, he seeks payment of €400 in compensation for the non-material damage which he claims to have sustained because of the transfers at issue.
He also seeks annulment of the transfers of his personal data, a declaration that the Commission unlawfully failed to define its position on a request for information and an order that the Commission pay him €800 in compensation for the non-material damage which he claims to have sustained as a result of the infringement of his right of access to information.
Decision
The General Court dismisses the application for annulment as inadmissible and finds that there is no longer any need to adjudicate on the claim for a declaration of failure to act.
The General Court also dismisses the claim for damages based on infringement of the right of access to information, finding that there is no non-material damage as alleged.
As regards the claim for damages based on the disputed transfers of data, the General Court dismisses that claim in relation to the transfers of data via Amazon CloudFront. Communications Directorate Press and Information Unit curia.europa.eu The General Court finds that, during one of the connections at issue, data were transferred, according to the principle of proximity, to a server located in Munich in Germany, rather than to the United States. According to the contract concluded between the Commission and the Luxembourg undertaking, Amazon Web Services, which manages Amazon CloudFront, Amazon Web Services was required to ensure that data remain, at rest and in transit, in Europe.
In the case of another connection, it was the individual concerned who was responsible for its redirection, via the Amazon CloudFront routing mechanism, to servers in the United States. As a result of a technical adjustment, he appeared to be located in the United States.
However, as regards that person’s registration for the ‘GoGreen’ event, the General Court finds that, by means of the ‘Sign in with Facebook’ hyperlink displayed on the EU Login webpage, the Commission created the conditions for the transmission of his IP address to Facebook. That IP address constitutes personal data which, by means of that hyperlink, were transmitted to Meta Platforms, an undertaking established in the United States. That transfer must be imputed to the Commission.
At the time of that transfer, on 30 March 2022, there was no Commission decision finding that the United States ensured an adequate level of protection for the personal data of EU citizens. Furthermore, the Commission has neither demonstrated nor claimed that there was an appropriate safeguard, in particular a standard data protection clause or contractual clause.
The displaying of the ‘Sign in with Facebook’ hyperlink on the EU Login website was entirely governed by the general terms and conditions of the Facebook platform. The Commission did not, therefore, comply with the conditions set by EU law for the transfer by an EU institution, body, office or agency of personal data to a third country.
The General Court finds that the Commission committed a sufficiently serious breach of a rule of law that is intended to confer rights on individuals.
The individual concerned suffered non-material damage, in that he found himself in a position of some uncertainty as regards the processing of his personal data, in particular of his IP address.
There is, moreover, a sufficiently direct causal link between the Commission’s infringement and the non material damage sustained by the individual concerned.
Since the conditions for establishing the European Union’s non-contractual liability are satisfied, the General Court orders the Commission to pay the individual concerned the sum of €400 claimed.
[1] Regulation (EU, Euratom) 2018/1046 of the European Parliament and of the Council of 18 July 2018, on the financial rules applicable to the general budget of the Union.
[2] Directive 2014/24/EU of the European Parliament and of the Council of 26 February 2014, on public procurement.
