Exclusive
Commission tried to hide details of 'WiFi4EU' glitch
-
Presentation of the WiFi4EU fund last March (Photo: European Commission)
By Peter Teffer
The European Commission has tried to hide information related to technical problems its free wifi fund portal suffered, by claiming that it was "out of scope".
It released documents to EUobserver following an access to documents request - but heavily redacted some of the key papers.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Don't miss out on
Our exclusive news stories and investigations. Influential. Investigative. Independent.
Why join?
Watch our founder Lisbeth Kirk explain the reasons in this 30-second video.
Already a member?
-
Left: leaked version of a note about the technical error of the WiFi4EU fund. Right: version released by the European Commission (Photo: EUobserver)
However, one of the documents has been leaked and published online. A comparison between the leaked version and the one released by the commission clearly shows that the commission went too far with its redactions.
"It is of great concern that the commission redacted information that is clearly directly relevant to the request," said Helen Darbishire, executive director of Access Info Europe, a pro-transparency campaign group.
The case relates to the commission's "WiFi4EU" programme, which is a fund which European municipalities can use to pay for setting up free wifi hotspots.
Vouchers were set to be given out to a select number of municipalities on a first-come first-serve basis when the WiFi4EU portal launched on 15 May.
However, the portal was shut down within hours due to "a flaw in the software supplied by contractors".
EUobserver subsequently requested all documents "related to the technical issue which affected the first call for applications of the WiFi4EU portal".
At the end of July, the commission released a set of documents, some of which were heavily redacted, "because parts of these documents fall outside the scope of [the] application". A review of this decision is still pending.
Separately, a leaked version of one of the documents had already been published by news website New Europe on 4 June.
It was the note written by director of Electronic Communications Networks and Services, Anthony Whelan, in which he proposed a course of action that would prevent "possible criticisms" and "marginalise questions" - basically to cover up what went wrong.
This part of the note was released, but when comparing the leaked version with the one the commission released almost two months later, one can see that whole pieces that were redacted because they were supposedly "out of scope" in fact relate directly with the topic of the technical glitch.
One of the redacted paragraphs gave details about the vulnerabilities of the WiFi4EU portal.
It said that one vulnerability "could potentially enable unauthorised access to personal data of persons registering on behalf of municipalities and companies", while another "could potentially impact the time-stamping of the applications in the commission's central database".
Whelan wrote that the commission's informatics directorate-general had checked the potential data breach.
"These checks appear to indicate no inappropriate data access other than by the IT company which initially (and unilaterally) tested the portal and detected and reported the vulnerability," he wrote.
The commission also redacted a sentence that said there had been "around 5,500 [applicants] just one minute before and after 13:00, for 1,183 vouchers to be allocated in this call".
It also redacted references to Iceland being the only participating country where the guaranteed minimum quota of 15 vouchers was not reached.
Transparency campaigner Helen Darbishire told EUobserver that the redacted parts were in fact relevant to our request.
"To assert that data giving details on a matter is not related to that matter, is not only not credible, but is highly problematic because the Commission seems to be attempting to avoid providing the full document without evoking one of the exceptions in Regulation 1049/2001," she said, referring to the rules for access to documents in the EU.
She also criticised the long delays in answering.
According to the regulation, applications need to be answered within 15 working days. Under exceptional cases, an extension of the same period is allowed.
"It is also of concern that this request is taking so long to answer, that there have been a series of extensions to the time frame when the rules only provides for one extension of 15 working days, and when all that has been provided so far is basically is standard cut and paste language about redaction of personal data with a failure even to acknowledge the other part of the confirmatory application," said Darbishire.
EUobserver's request for a review was filed on 7 August, and normally should have been replied to by 29 August.
The commission asked for a new deadline of 19 September, but again failed to reply by then.
On 27 September, the commission disclosed an additional document, but did not address the request for a review of the redacted items.
The last email is from 28 September.
"We are well aware that you did not yet get a response to the second issue you mention below and confirm that we are currently working on it," wrote the commission.
"Due to consultations, we were not able to respond yet, but please be assured that we do everything we can in order to finalise this second issue and provide you with a response as quickly as possible. We sincerely regret the delay and thank you for your understanding," the letter concluded.
