Category Archives: Police and customs cooperation

The protection of citizens requires better mutual assistance and exchanges of information between the law enforcement agencies of Member States. In particular, it is imperative that cooperation between national police as well as customs authorities be stepped-up to effectively fight crime at both local and European levels.
Mutual assistance between police services is based on bodies such as Europol and the European Police College (Cepol). Customs cooperation is based on the Naples II Convention.
In addition, various instruments have been put in place to achieve police and customs cooperation targets. These include the specific programme “Prevention of and fight against crime”, the Customs 2013 programme and the modernised customs code.

Police and customs cooperation

Police and customs cooperation

Outline of the Community (European Union) legislation about Police and customs cooperation

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Police and customs cooperation

The protection of citizens requires better mutual assistance and exchanges of information between the law enforcement agencies of Member States. In particular, it is imperative that cooperation between national police as well as customs authorities be stepped-up to effectively fight crime at both local and European levels.
Mutual assistance between police services is based on bodies such as Europol and the European Police College (Cepol). Customs cooperation is based on the Naples II Convention.
In addition, various instruments have been put in place to achieve police and customs cooperation targets. These include the specific programme “Prevention of and fight against crime”, the Customs 2013 programme and the modernised customs code.

POLICE COOPERATION

  • Standing Committee on operational cooperation on internal security
  • Cooperation between special intervention units
  • Stepping up cross-border cooperation (Prüm Decision)
  • Cooperation in criminal matters: protection of personal data
  • Simplifying the exchange of information between law enforcement authorities
  • Joint investigation teams
  • Sharing of information on terrorist kidnappings
  • A global approach to PNR data transfers
  • Information management in the area of freedom, security and justice
  • The external dimension of the area of freedom, security and justice
  • Exchange of information between the law enforcement authorities of the Member States
  • Enhancing police and customs cooperation in the European Union
  • Improved effectiveness, enhanced interoperability and synergies between European databases

Action programmes

  • Specific programme: Preventing and combating crime (2007-2013)
  • Framework programme concerning police and judicial cooperation in criminal matters (AGIS)
  • Robert Schuman project (1998-2000)

Europol

  • European Police Office – Europol (from 1.1.2010)
  • Access to the Visa Information System (VIS) by the national authorities and Europol
  • Protecting the euro against counterfeiting: the role of Europol
  • The European Police College (CEPOL)
  • Secretariat for the joint supervisory data-protection bodies
  • Democratic control over Europol
  • Transmission of personal data by Europol
  • Europol: European Police Office (until 31.12.2009)

Maintaining public order and safety

  • European network for the protection of public figures
  • Security in connection with football matches with an international dimension
  • Exchange of information on movements of groups
  • Prevention and control of hooliganism

CUSTOMS COOPERATION

  • Customs 2013 (2008-2013)
  • Action programme: Customs 2007 (2003-2007)
  • Money laundering: prevention through customs cooperation
  • International convention on the simplification and harmonisation of customs procedures
  • Convention on mutual assistance and cooperation between customs administrations (Naples II)
  • Strategy for the evolution of the Customs Union
  • The role of customs in the integrated management of external borders
  • Strategy for the Customs Union

Agreements with non-EU countries

  • Customs Agreement with Japan
  • Agreement with China
  • Agreement with India
  • Agreement with Hong Kong
  • Agreement with Canada
  • Agreement with the Republic of Korea

Cooperation between special intervention units

Cooperation between special intervention units

Outline of the Community (European Union) legislation about Cooperation between special intervention units

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Cooperation between special intervention units

Document or Iniciative

Council Decision 2008/617/JHA of 23 June 2008 on the improvement of cooperation between the special intervention units of the Member States of the European Union in crisis situations.

Summary

This Decision sets out the general rules and conditions for the cooperation of Member States’ special intervention units* in situations of crisis*. Cooperation is based on the provision of assistance and/or on the carrying out of operations on the territory of the requesting Member State. The details for implementing the practical aspects of the cooperation are settled between the requesting and the requested Member States directly.

The competent authority* of a Member State processes the request for assistance from another Member State’s special intervention unit. The request must specify the nature of and the operational necessity for the assistance. The requested Member State’s competent authority may either accept or refuse the request, or propose assistance in another form.

The assistance provided may consist of:

  • equipment;
  • expertise;
  • carrying out operations on the requesting Member State’s territory.

When carrying out operations, the requested Member State’s special intervention unit has a supporting role. It is to provide the assistance under the responsibility, authority and direction of the requesting Member State. While the operations fall under the jurisdiction of the requesting Member State, the requested Member State’s officers may act only within the limits of their powers as defined by their national law.

The Member States taking part in this form of cooperation must ensure that experience, expertise and information on managing crisis situations are exchanged. To this end, the special intervention units are to hold meetings and joint trainings and exercises. These may be funded from certain Community financial programmes. Hence, the responsibility for the organisation of these events lies with the Member State holding the Presidency of the Council of the European Union. All operational costs however, including those of the requested Member State’s special intervention unit, are to be borne by the requesting Member State, unless the cooperating Member States decide otherwise.

An up-to-date list of the Member States’ competent authorities is maintained by the General Secretariat of the Council.

Background

The Council Declaration on Solidarity against Terrorism of 25 March 2004 established the basis for cooperation between Member States in the event of terrorist attacks.

Council Decision 2008/617/JHA complements Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, whose article 18 lays down the obligation for Member States to provide one another assistance in connection with mass gatherings, disasters and serious accidents.

Key terms used in the act

  • Special intervention unit: any law enforcement unit of a Member State that is specialised in the control of a crisis situation.
  • Crisis situation: any situation in which the competent authorities of a Member State have reasonable grounds to believe that there is a criminal offence presenting a serious direct physical threat to persons, property, infrastructure or institutions of that Member State.
  • Competent authority: the national authority that may make requests and give authorisations regarding the deployment of the special intervention units.

References

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Decision 2008/617/JHA

23.12.2008

OJ L 210 of 6.8.2008

Stepping up cross-border cooperation

Stepping up cross-border cooperation

Outline of the Community (European Union) legislation about Stepping up cross-border cooperation

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Stepping up cross-border cooperation (Prüm Decision)

Document or Iniciative

Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime.

Summary

The purpose of this decision is to step up cross-border police and judicial cooperation between European Union (EU) countries in criminal matters. In particular, it aims to improve the exchanges of information between the authorities responsible for the prevention and investigation of criminal offences. The decision sets out provisions with regard to:

  • the automated access to DNA profiles *, dactyloscopic data * and certain national vehicle registration data;
  • supply of data in relation to major events;
  • supply of information in order to prevent terrorist offences;
  • other measures for stepping up cross-border police cooperation.

Establishment of national databases and automated access to data

EU countries are to establish national DNA analysis files for the purpose of investigating criminal offences. Reference data, consisting of the non-coding part of the DNA * and of a reference number that does not enable an individual to be identified, must be made available to other EU countries to carry out automated searches *. These searches are performed via national contact points by comparing DNA profiles, but only on the basis of individual cases and in a hit/no-hit * manner. If the search provides a match, the national contact point carrying out the search receives the reference data in an automated manner. If no profile is found for a particular individual who is under investigation or against whom criminal proceedings have been brought, the requested EU country may be obliged to establish a DNA profile for that individual.

EU countries must also make available reference data from the national automated fingerprint identification systems (AFIS). For this purpose, the reference data will consist only of dactyloscopic data and a reference number. The searches are carried out by comparing dactyloscopic data and, similarly to DNA searches, only in individual cases on a hit/no-hit basis. Confirmation of the match is conducted by the national contact point of the requesting EU country. Supply of further available personal data for matching DNA or dactyloscopic data and other information relating to the reference data is governed by national law, including the mutual legal assistance (MLA) in the requested EU country.

The national contact points shall also be given access to certain national vehicle registration data via automated online searches. These searches may only be conducted with a full chassis or registration number.

Supply of data in relation to major events

In relation to any major events that have a cross-border dimension, EU countries must provide each other non-personal data via their national contact points, as required for the purpose of preventing criminal offences and maintaining public order and security. Personal data may be supplied only if the data subjects are considered a threat to public order and security or if it is believed that they will commit criminal offences at the events. However, this data may only be used in relation to the event it was provided for and must be deleted once it has served its purpose, but no later than a year after it was supplied.

Supply of information to fight terrorism

For the purpose of preventing terrorist offences, but only in individual cases and to the extent required by the conditions leading to the supposition that criminal offences will be committed, EU countries may provide the following data to each other via the national contact points:

  • surname and first names;
  • date and place of birth;
  • description of the conditions leading to the supposition that criminal offences will be committed.

The country providing this data may impose certain binding conditions on the receiving country for the data usage.

Other measures for enhancing cross-border police cooperation

EU countries may effectuate joint patrols and other joint operations to prevent criminal offences and to maintain public order and security on a given EU country’s territory. In such cases, designated officers and officials from the seconding country participate in the hosting country’s operations. The seconding officers may be conferred executive powers, or they may be allowed to exercise their executive powers, but only under the guidance and in the presence of the host officers. The competent authority of the host country is responsible for the command and actions of the seconding officers.

With regard to mass gatherings and other comparable major events, disasters and serious accidents, EU countries are to provide mutual assistance to each other. This assistance should consist of information exchanges, coordination of police measures and contribution of material and physical resources.

An EU country must provide assistance and protection to the other country’s officers on duty, which is equivalent to that provided for its own officers.

Provisions on data protection

EU countries must guarantee that personal data processed according to this decision is protected by their national laws. Only the relevant competent authorities may process personal data. They must ensure the accuracy and current relevance of the data. Steps must be taken to rectify or delete incorrect data or data that was supplied when it should not have been. Personal data must be deleted if no longer needed for the purpose it was made available or if the storage time, as provided by national law, has expired.

The relevant authorities must take technical and organisational measures to protect personal data against destruction, loss, unauthorised access, alteration or disclosure. For the purpose of verifying the permissibility of the non-automated processing of personal data, this processing must be logged. Similarly, the automated processing of personal data must be recorded. The independent data protection authorities in EU countries are responsible for the legal examinations of the processing of personal data.

Any individual has the right to information on the data that has been processed in relation to his/her person, including information on the origin of the data, the recipients of the data and the purpose and legal basis for the processing of the data. The individual may request corrections to or the deletion of inaccurate or unlawfully processed data. If the individual’s rights with regard to data protection have been violated, he/she may lodge a complaint with an independent court or a tribunal and claim for damages or other legal compensation.

Background

The conclusions of the Tampere European Council of October 1999 asserted the need to enhance the exchange of law enforcement information between EU countries, which was further confirmed by the Hague Programme of November 2004.

The Prüm Treaty of 27 May 2005 on the stepping up of cross-border cooperation, particularly on combating terrorism, cross-border crime and illegal migration, signed between Belgium, Germany, Spain, France, Luxembourg, the Netherlands and Austria, lays down procedures for more efficient exchanges of information in the framework of criminal investigations. This decision aims to incorporate the provisions of that Treaty into the EU legal framework.

Key terms used in the act
  • Dactyloscopic data: fingerprint images, images of fingerprint latents, palm prints, palm print latents and templates of such images that are stored and dealt with in an automated database.
  • Non-coding part of DNA: chromosome regions that are not expressed genetically.
  • DNA profile: a letter or number code that represents a set of identification characteristics of the non-coding part of an analysed human DNA sample.
  • Automated searching: an online access procedure for consulting the databases of one, several, or all of the EU countries.
  • Hit/no-hit procedure: in this procedure the parties grant each other limited access to the reference data in their national DNA and fingerprint databases and the right to use these data to conduct automated checks of fingerprints and DNA profiles. The personal information related to the reference data is not available to the requesting party.

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Decision 2008/615/JHA

26.8.2008

26.8.2009
(26.8.2011 for Chapter 2 provisions)

OJ L 210 of 6.8.2008

Related Acts

Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime [Official Journal L 210 of 6.8.2008].

This decision provides the administrative and technical provisions that are indispensable for implementing Decision 2008/615/JHA. The focus is especially on the automated exchanges of DNA, dactyloscopic and vehicle registration data, as well as on other forms of cooperation. The technical provisions are set out in the annex to the decision.

Council Decision 2010/482/EU of 26 July 2010 on the conclusion of the Agreement between the European Union and Iceland and Norway on the application of certain provisions of Council Decision 2008/516/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime and Council Decision 2008/616/JHA on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime, and the Annex thereto [Official Journal L 238 of 9.9.2010].

Secretariat for the joint supervisory data-protection bodies

Secretariat for the joint supervisory data-protection bodies

Outline of the Community (European Union) legislation about Secretariat for the joint supervisory data-protection bodies

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Secretariat for the joint supervisory data-protection bodies

Document or Iniciative

Council Decision 2000/641/JHA of 17 October 2000 establishing a secretariat for the joint supervisory data-protection bodies set up by the Convention on the Establishment of a European Police Office (Europol Convention), the Convention on the Use of Information Technology for Customs Purposes and the Convention implementing the Schengen Agreement on the gradual abolition of checks at the common borders (Schengen Convention).

Summary

The aim of this decision is to establish a single, independent joint secretariat for the existing supervisory bodies. In the performance of its tasks, the new secretariat will be bound only by instructions from the data-protection bodies set up by the Europol Convention, the Schengen Convention and the Convention on the use of Information Technology for Customs Purposes. This marks the first step towards the creation of a single supervisory body with legal personality and its own budget.

The data-protection secretariat will be headed by a secretary appointed by the Deputy Secretary-General of the Council, acting on a proposal by the joint supervisory bodies, for a renewable term of three years. It will be entirely independent in the performance of its duties, subject only to instructions from the joint supervisory bodies and their chairmen.

The secretary will have to meet certain requirements: he must be a national of an EU Member State, offer every guarantee of independence, have full civil and political rights, and have the experience and expertise required for the performance of his duties. He may not engage in any other occupation, gainful or not.

He may be removed from office by the Deputy Secretary-General of the Council for serious misconduct or if he no longer fulfils the conditions required for the performance of his duties.

During and after his period of office, the data-protection secretary will be bound by professional secrecy. He will be assisted by the necessary staff, who will not be allowed to receive instructions from any authority or organisation apart from the joint supervisory bodies, the chairmen of these bodies and the secretary himself.

The General Secretariat of the Council will provide the data-protection secretariat with the infrastructure (offices, equipment, etc.) and human resources (interpreters) it needs.

The overheads of the data-protection secretariat will be charged to the section of the general budget of the European Union relating to the Council. The costs relating to meetings will be borne by the Council and by Europol (in the case of meetings relating to matters of implementation of the Europol Convention).

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Council Decision 2000/641/JHA 18.10.2000
applicable from 01.09.2001
OJ L 271 of 24.10.2000

 

Simplifying the exchange of information between law enforcement authorities

Simplifying the exchange of information between law enforcement authorities

Outline of the Community (European Union) legislation about Simplifying the exchange of information between law enforcement authorities

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Simplifying the exchange of information between law enforcement authorities

Document or Iniciative

Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union.

Summary

Law enforcement authorities * may exchange information * in the framework of:

  • the performance of their duties;
  • a criminal investigation * or a criminal intelligence operation *.

Legal rules for the exchange of information

Information may be exchanged via any existing international channel of cooperation, and also with Europol and Eurojust if it falls within the scope of their respective mandates.

The requesting law enforcement authority sets out the factual reasons leading it to request the information from the other agency, and the exchange then takes place according to the data protection rules:

  • of the international channel of cooperation;
  • of the Member State receiving the request, if the exchange is made directly.

Requests for information regarding offences referred to in Article 2(2) of the framework decision instituting the European arrest warrant (offences to which the rule of dual criminality does not apply) must be responded to within one week (within 8 hours, if the matter is urgent) when the requested information is held in a database that is directly accessible to the law enforcement authority addressed. Otherwise, the maximum period for response is 14 days.

The exchange of information between the law enforcement authorities of different Member States should not be subject to stricter conditions than those that apply between law enforcement authorities within a State.

Information can also be provided spontaneously. In this case, the law enforcement authority should provide only the information it considers relevant and necessary for the successful prevention of an offence.

Limits to the provision of information

The framework decision does not impose any obligation on law enforcement authorities to gather information in response to a request from an authority in another Member State or to obtain information by means of coercive measures. Likewise, there is no obligation to communicate information that is likely to be used as evidence before a judicial authority, although the agency supplying the information may expressly consent to this (Article 1(4) in fine).

Information that has been obtained from a third Member State or a third country can only be exchanged between the law enforcement authorities of two Member States with the consent of that third state.

If the exchange of information between law enforcement authorities within a State requires the agreement of a judicial authority, then the exchange of information between the law enforcement authorities of two different Member States also requires judicial authorisation.

A law enforcement authority may refuse to comply with a request for information if:

  • providing the information would be likely to harm essential national security interests or to jeopardise a criminal investigation, or if the information is clearly disproportionate or irrelevant with regard to the purpose for which its has been requested;
  • the request pertains to an offence punishable by a term of imprisonment of one year or less;
  • the judicial authority is opposed to it.

The Member States may conclude new bilateral agreements or continue to apply existing ones only if these help make information-exchanging procedures under the framework decision more flexible.

Background

This framework decision responds to a request made by the European Council at a meeting convened on 25 March 2004, following the terrorist attacks in Madrid. Its object is to modernise the exchange of information between the law enforcement authorities of the Member States by replacing the provisions of the convention implementing the Schengen Agreement on the transmission of information (Article 39) and the spontaneous provision of information (Article 46).

Key definitions
  • Law enforcement authority: national police, customs or other authority that is authorised to detect, prevent and investigate offences and to exercise authority and take coercive measures in that context.
  • Criminal investigation: a procedural stage within which measures are taken with a view to establishing and identifying facts, suspects and circumstances regarding one or several identified concrete criminal acts.
  • Criminal intelligence operation: a procedural stage, not yet having reached the stage of a criminal investigation, within which a law enforcement authority collects, processes and analyses information about crime or criminal activities.
  • Information or intelligence: any type of information held by law enforcement authorities, and any type of information held by public authorities or private entities and which is available to law enforcement authorities without taking coercive measures.

References

Act Date of entry into force Final date for implementation in the Member States Official Journal
Decision 2006/960/JHA 30.12.2006 19.12.2006 OJ L 386 of 29.12.2006

Cooperation in criminal matters: protection of personal data

Cooperation in criminal matters: protection of personal data

Outline of the Community (European Union) legislation about Cooperation in criminal matters: protection of personal data

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Cooperation in criminal matters: protection of personal data

Document or Iniciative

Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters.

Summary

This framework decision aims to protect the fundamental rights and freedoms of natural persons when their personal data are processed for the purposes of preventing, investigating, detecting or prosecuting a criminal offence or of executing a criminal penalty. It concerns personal data that are processed in part or entirely by automatic means, as well as personal data forming part of a filing system that are processed by non-automatic means.

Data processing

The competent authorities of Member States may collect personal data only for specified, explicit and legitimate purposes. The processing of these data is permitted only for the purposes for which they were collected. Processing for other purposes is allowed only under certain circumstances or when certain appropriate safeguards are in place.

In principle, personal data that reveals a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerns his/her health or sex life may not be processed. Their processing may be allowed only if it is absolutely necessary and if appropriate safeguards have been established.

Inaccurate personal data must be rectified and updated or completed if possible. Once the data are no longer needed for the purposes they were collected, they must be erased, made anonymous or, in certain cases, blocked. The need to store personal data must be reviewed regularly, with time limits set for their erasure.

The competent authorities of Member States must verify that the personal data to be transmitted or made available are accurate, up to date and complete. In order to be able to verify that the processing of data is lawful and to ensure the integrity and security of the data, their transmissions must be logged or documented.

Data transmission

Personal data received from another Member State are to be processed only for the purposes for which they were transmitted. In certain cases however, they may be processed for other purposes, for example for the prevention, investigation, detection or prosecution of other criminal offences, the execution of other criminal penalties or the prevention of threats to public security. The receiving Member State must respect any specific restrictions to the exchanges of data provided for in the law of the transmitting Member State.

Under certain circumstances, the receiving Member State may transfer personal data to third countries or to international bodies. To this end, the Member State that first made the data available must provide its consent. Only in urgent cases may data be transferred without a prior consent. Personal data may also be transferred to private parties in Member States for exclusive purposes, provided that the competent authority of the Member State from where the data was received has given its consent.

Rights of data subjects

The data subject is to be kept informed of any collection or processing of personal data relating to him/her. However, when data have been transmitted from one Member State to another, the first may demand that the second does not divulge any information to the subject.

The data subject may request to receive a confirmation on whether data concerning him/her have been transmitted, who the recipients are, what data are being processed, as well as a confirmation that the necessary verifications of that data have been made. In certain cases, Member States may restrict the subject’s access to information. Any decision restricting access must be given in writing to the data subject, together with the factual and legal reasons thereof. The data subject must also be given advice on his/her right to appeal such a decision.

The data subject may demand that personal data relating to him/her be rectified, erased or blocked. Any refusal to that end must be given in writing, along with information on the right to lodge a complaint or seek a judicial remedy.

Any person may demand compensation for the damages s/he has suffered due to an unlawful processing of personal data or any other act that is not compatible with this framework decision. In case a data subject’s rights are breeched, s/he has the right to a judicial remedy.

Safeguarding data processing

The competent authorities must take the necessary security measures to protect personal data against any unlawful form of processing. This includes accidental loss, alteration and unauthorised disclosure of, as well as access to, personal data. In particular, specific measures need to be taken with regard to the automated processing of data.

National supervisory authorities in Member States monitor and advise on the application of this framework decision. To that end, they are granted investigative powers, effective powers of intervention, as well as the power to pursue legal proceedings. For any infringements of the provisions of this framework decision, Member States must establish effective, proportionate and dissuasive penalties.

References

Act Entry into force Deadline for transposition in the Member States Official Journal

Framework Decision 2008/977/JHA

19.1.2009

27.11.2010

OJ L 350 of 30.12.2008

Access to the Visa Information System by the national authorities and Europol

Access to the Visa Information System by the national authorities and Europol

Outline of the Community (European Union) legislation about Access to the Visa Information System by the national authorities and Europol

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Access to the Visa Information System (VIS) by the national authorities and Europol

Document or Iniciative

Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

Summary

The designated national authorities responsible for the prevention, detection or investigation of terrorist or other serious criminal offences and Europol officials are authorised to access VIS data.

Access by the national authorities

The operating units within the designated national authorities may access VIS data through central access points assigned by Member States. Access to the data is applied for on a case-by-case basis with reasoned written or electronic requests. The requests are verified and processed by the central access points prior to querying the VIS. They transfer the data obtained from the query to the operation units. Only in urgent cases may the requests be submitted in written, electronic or oral form, with the verifications carried out ex-post.

The authorities designated by Member States are authorised to consult the VIS within the limits of their powers, provided that:

  • it is necessary for the purpose of investigating, preventing or detecting serious criminal offences;
  • it is necessary due to a specific case;
  • there are reasonable grounds for believing that the consultation will contribute to the prevention, detection or investigation of a serious criminal offence.

VIS data, which may be used for the search, are limited to:

  • surname, surname at birth, first names, sex and date, place and country of birth;
  • current nationality and nationality at birth of the visa applicant;
  • type and number of the travel document, the authority that issued it and the date of issue and expiry;
  • main destination and duration of the intended stay;
  • purpose of travel, and intended date of arrival and departure;
  • intended border of first entry or transit route;
  • residence;
  • fingerprints;
  • type of visa and number of the visa sticker;
  • details of the person that has either issued an invitation for the visa applicant or is liable for the applicant’s subsistence costs during his/her stay.

If the search with any of the above data is successful, the authorities may in addition access other data. This includes any other data on the visa application, photographs and any supplementary information added onto the application when the visa was issued, refused, annulled, revoked or extended.

Access by Europol

Access to the VIS for consultation by Europol takes place within the limits of that organisation’s mandate.

The officials of a specialist unit designated by Europol act as the central access point authorised to consult the VIS.

Processing of information obtained by Europol via the VIS is subject to the consent of the Member State that entered the data in question.

Protection of personal data

Personal data are processed by:

  • the national authorities as provided by national law, with a level of protection comparable to that granted by the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data;
  • Europol by virtue of the Europol Convention and the rules adopted for its implementation, under the supervision of the independent joint supervisory body.

Only in urgent cases, and for the purpose of preventing and detecting terrorist and other serious offences, may personal data be transferred to third-countries or to international organisations. However, in such cases, the consent of the Member State that entered the data into the VIS must be obtained.

Member States are responsible for adopting security measures to guarantee data security during transmission and retrieval. Similarly, they must take measures that provide for administrative and criminal penalties if the use of VIS data contravenes with this Decision.

VIS data may be kept in national files only in individual cases and only for the duration necessitated by that particular case.

Each Member State and Europol must keep records of all data processing operations so that checks can be made to ensure that operations are lawful. These records must be deleted one year after the expiry of the retention period referred to in Regulation (EC) No 767/2008.

Costs

Each Member State and Europol is to set up and maintain, at their expense, the technical infrastructure necessary to implement this Decision. They are also to bear the costs of accessing the VIS.

Monitoring and evaluation

Two years after the VIS starts operating, and every two years thereafter, the Management Authority referred to in Regulation (EC) No 767/2008 will submit to the European Parliament, the Council and the Commission a report on the technical aspects of its operations. Pending the Management Authority becoming operational, the Commission will be responsible for the task.

Three years after the VIS starts operating, and every four years thereafter, the Commission will produce an overall evaluation of the system.

Background

The VIS, which allows Member States to exchange visa data, was established by Council Decision 2004/512/EC of 8 June 2004. It not only contributes to the implementation of the common visa policy, but also to the Union’s internal security and especially to the fight against terrorism.

On 7 March 2005, the Council adopted conclusions stating that the authorities of the Member States responsible for internal security should be guaranteed access to the VIS “in order to achieve fully the aim of improving internal security and the fight against terrorism”.

This Decision follows from these conclusions. It builds on the bridging clause contained in Article 3 of Regulation (EC) No 767/2008 on the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) by establishing the legal basis for the national authorities’ and Europol’s access to the VIS.

References

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Council Decision 2008/633/JHA

2.9.2008

OJ L 218 of 13.8.2008


Another Normative about Access to the Visa Information System by the national authorities and Europol

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic

Justice freedom and security > Fight against terrorism

Access to the Visa Information System (VIS) by the national authorities and Europol

Document or Iniciative

Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.

Summary

The designated national authorities responsible for the prevention, detection or investigation of terrorist or other serious criminal offences and Europol officials are authorised to access VIS data.

Access by the national authorities

The operating units within the designated national authorities may access VIS data through central access points assigned by Member States. Access to the data is applied for on a case-by-case basis with reasoned written or electronic requests. The requests are verified and processed by the central access points prior to querying the VIS. They transfer the data obtained from the query to the operation units. Only in urgent cases may the requests be submitted in written, electronic or oral form, with the verifications carried out ex-post.

The authorities designated by Member States are authorised to consult the VIS within the limits of their powers, provided that:

  • it is necessary for the purpose of investigating, preventing or detecting serious criminal offences;
  • it is necessary due to a specific case;
  • there are reasonable grounds for believing that the consultation will contribute to the prevention, detection or investigation of a serious criminal offence.

VIS data, which may be used for the search, are limited to:

  • surname, surname at birth, first names, sex and date, place and country of birth;
  • current nationality and nationality at birth of the visa applicant;
  • type and number of the travel document, the authority that issued it and the date of issue and expiry;
  • main destination and duration of the intended stay;
  • purpose of travel, and intended date of arrival and departure;
  • intended border of first entry or transit route;
  • residence;
  • fingerprints;
  • type of visa and number of the visa sticker;
  • details of the person that has either issued an invitation for the visa applicant or is liable for the applicant’s subsistence costs during his/her stay.

If the search with any of the above data is successful, the authorities may in addition access other data. This includes any other data on the visa application, photographs and any supplementary information added onto the application when the visa was issued, refused, annulled, revoked or extended.

Access by Europol

Access to the VIS for consultation by Europol takes place within the limits of that organisation’s mandate.

The officials of a specialist unit designated by Europol act as the central access point authorised to consult the VIS.

Processing of information obtained by Europol via the VIS is subject to the consent of the Member State that entered the data in question.

Protection of personal data

Personal data are processed by:

  • the national authorities as provided by national law, with a level of protection comparable to that granted by the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data;
  • Europol by virtue of the Europol Convention and the rules adopted for its implementation, under the supervision of the independent joint supervisory body.

Only in urgent cases, and for the purpose of preventing and detecting terrorist and other serious offences, may personal data be transferred to third-countries or to international organisations. However, in such cases, the consent of the Member State that entered the data into the VIS must be obtained.

Member States are responsible for adopting security measures to guarantee data security during transmission and retrieval. Similarly, they must take measures that provide for administrative and criminal penalties if the use of VIS data contravenes with this Decision.

VIS data may be kept in national files only in individual cases and only for the duration necessitated by that particular case.

Each Member State and Europol must keep records of all data processing operations so that checks can be made to ensure that operations are lawful. These records must be deleted one year after the expiry of the retention period referred to in Regulation (EC) No 767/2008.

Costs

Each Member State and Europol is to set up and maintain, at their expense, the technical infrastructure necessary to implement this Decision. They are also to bear the costs of accessing the VIS.

Monitoring and evaluation

Two years after the VIS starts operating, and every two years thereafter, the Management Authority referred to in Regulation (EC) No 767/2008 will submit to the European Parliament, the Council and the Commission a report on the technical aspects of its operations. Pending the Management Authority becoming operational, the Commission will be responsible for the task.

Three years after the VIS starts operating, and every four years thereafter, the Commission will produce an overall evaluation of the system.

Background

The VIS, which allows Member States to exchange visa data, was established by Council Decision 2004/512/EC of 8 June 2004. It not only contributes to the implementation of the common visa policy, but also to the Union’s internal security and especially to the fight against terrorism.

On 7 March 2005, the Council adopted conclusions stating that the authorities of the Member States responsible for internal security should be guaranteed access to the VIS “in order to achieve fully the aim of improving internal security and the fight against terrorism”.

This Decision follows from these conclusions. It builds on the bridging clause contained in Article 3 of Regulation (EC) No 767/2008 on the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) by establishing the legal basis for the national authorities’ and Europol’s access to the VIS.

References

Act

Entry into force

Deadline for transposition in the Member States

Official Journal

Council Decision 2008/633/JHA

2.9.2008

OJ L 218 of 13.8.2008

Information management in the area of freedom, security and justice

Information management in the area of freedom, security and justice

Outline of the Community (European Union) legislation about Information management in the area of freedom, security and justice

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Information management in the area of freedom, security and justice

Document or Iniciative

Communication from the Commission to the European Parliament and the Council of 20 July 2010 – Overview of information management in the area of freedom, security and justice [COM(2010) 385 final – Not published in the Official Journal].

Summary

The communication presents an overview of European Union (EU) level instruments that regulate the collection, storage or cross-border exchange of personal data for law enforcement or migration management purposes. It describes the main purpose and structure of these instruments, as well as the types of personal data they cover, the authorities that have access to these data and the rules for data protection and retention. It also sets out the main principles to take into consideration when designing and evaluating such instruments in future.

Instruments in force, under implementation or consideration

The current EU level instruments consist of those that aim to improve the functioning of the Schengen area and the customs union, such as the:

  • Schengen Information System (SIS) and the second generation Schengen Information System (SIS II), which is currently under development;
  • Eurodac system;
  • Visa Information System (VIS);
  • directive on the transmission of Advance Passenger Information (API);
  • Naples II Convention;
  • Customs Information System (CIS) and its Customs File Identification Database (FIDE).

There are also EU level instruments aimed at preventing and combating terrorism and other forms of serious cross-border crime, such as the:

  • framework decision on simplifying the exchange of information between law enforcement authorities;
  • decision on stepping up cross-border cooperation;
  • Data Retention Directive 2006/24/EC;
  • framework decisions on taking account of previous convictions in new criminal proceedings and on exchanging information from criminal records, including the European Criminal Records Information System (ECRIS) for the latter;
  • Council Decision 2000/642/JHA on exchanging information between EU countries’ Financial Intelligence Units;
  • decision on cooperation between Asset Recovery Offices (AROs);
  • Cybercrime Alert Platforms.

In addition, EU agencies and bodies have been established to assist EU countries in preventing and combating serious cross-border crime, such as the European Police Office (Europol) and the EU’s Judicial Cooperation Unit (Eurojust).

As to cooperation with non-EU countries to prevent and combat terrorism and other forms of serious transnational crime, the Commission has signed Passenger Name Record (PNR) agreements with the United States, Australia and Canada. However, the European Parliament is critical of the content of these agreements and has, therefore, requested the Commission to renegotiate them. The Commission has also signed an agreement with the United States on the transfer of financial messaging data (EU-US TFTO Agreement).

Instruments envisaged in the Stockholm Programme action plan

In its action plan on the Stockholm Programme, the Commission has committed to presenting in the course of 2011 three legislative proposals:

  • a PNR package;
  • an Entry/Exit System (EES) for non-EU country nationals entering the Union for stays of a maximum of three months;
  • a Registered Travellers Programme (RTP) for simplifying border checks for certain groups of frequent travellers from non-EU countries.

The Stockholm Programme action plan also includes initiatives that the Commission is to study, with a view to presenting a communication on their feasibility:

  • an EU Terrorist Finance Tracking Programme (EU TFTP), for facilitating data transfers from the EU to the United States;
  • an Electronic System of Travel Authorisations (ESTA), for facilitating the entry of non-EU nationals who are not subject to visa requirements;
  • a European Police Record Index System (EPRIS), for facilitating the location of information across the EU by law enforcement officers.

Analysis of instruments

Only six of the above mentioned instruments involve the collection and storage of personal data at EU level: SIS, VIS, Eurodac, CIS, Europol and Eurojust. The other instruments regulate the exchange or transfer of personal information that has been collected at national level. With the exception of SIS and VIS, these instruments have a single purpose. Similarly, the personal information collected may only be used for the single purpose defined by the instrument in question, except for that collected through SIS and VIS.

Access to information from instruments that aim at combating terrorism and serious crime is limited to the police and border control and customs authorities. Access to information from Schengen-related instruments is limited to immigration authorities and, in certain circumstances, to the police and border control and customs authorities. The information flow for centralised instruments is controlled by national interfaces and for decentralised instruments by national contact points or central coordinating units.

Set of core principles for future

There is a need to establish a set of core principles for future policy developments as well as for the evaluation of the current instruments. These should consist of substantive principles, such as:

  • the safeguarding of fundamental rights, especially of the right to privacy and personal data protection via “privacy by design”;
  • an assessment of the necessity of the new instrument in terms of its impact on an individual’s right to privacy and personal data protection;
  • compliance with the principles of subsidiarity and proportionality;
  • management of risk via risk profiles.

The set of core principles should also consist of process-oriented principles, such as:

  • cost-effectiveness, taking into consideration existing instruments;
  • bottom-up policy design, taking into consideration the interests of end-users;
  • clear allocation of responsibilities, paying particular attention to governance structures;
  • reporting and review obligations to ensure the instruments serve the purposes they were designed for.

Transmission of personal data by Europol

Transmission of personal data by Europol

Outline of the Community (European Union) legislation about Transmission of personal data by Europol

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

Transmission of personal data by Europol

The European Union’s fight against organised crime is supported by Europol, the European police office, whose task it is to improve cooperation between the relevant departments of the Member States. This Act enables Europol to transmit personal data to third States and bodies and thereby to contribute effectively to combating organised crime.

Document or Iniciative

Council Act of 12 March 1999 adopting the rules governing the transmission of personal data by Europol to third States and third bodies [Official Journal C 88 of 30.03.1999] [See amending acts].

Summary

This act defines certain key terms relating to the transmission of personal data, including “third States”, “third bodies”, “agreement” and “competent authorities”. In particular, “personal data” is defined as any information relating to an identified or directly or indirectly identifiable natural person (identification number or data concerning his/her physical, physiological, mental, economic or cultural/social identity). “Processing of personal data” is defined as any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, retaining, disclosure, alteration, consultation, use and adaptation.

Europol may transmit personal data:

  • following the conclusion of an agreement with third States or third bodies;
  • exceptionally, in order to safeguard the essential interests of a Member State or to prevent imminent danger.

Agreements concluded between Europol and third States or bodies must contain provisions concerning the recipient of the data, the type of data to be transmitted and the purposes for which the data are to be transmitted. They must also contain provisions on liability in the event of unauthorised or incorrect data processing. Once Europol’s Management Board and Joint Supervisory Authority have given their opinion and with Council approval, the Director of Europol is required to enter into negotiations on these agreements

Data transmission within third States is restricted to the competent authorities responsible for preventing and combating criminal offences. Moreover, Europol must refuse to transmit any data requested without any indication of the purpose to which they will be put.

However, onward transmission of data by a third body that has concluded an agreement with Europol is allowed:

  • with the prior consent of Europol or,
  • after authorisation by the Director of Europol if he considers that such action is absolutely necessary to safeguard the essential interests of the Member States concerned within the scope of Europol’s objectives or in the interests of preventing imminent danger associated with crime.

No onward transmission of data communicated to Europol by a Member State is allowed without the consent of the Member State concerned.

The transmission of personal data revealing racial origin, political opinions or religious or other beliefs, or concerning health and sexual life, is limited to absolutely necessary cases.

The authority receiving the data must ensure that they will be used solely for the purposes indicated when the request was made. The same authority is responsible for correcting or deleting data in the event that errors appear. It must also delete data where they are no longer necessary for the purposes indicated in the request.

These rules entered into force the day following their adoption. As from 1 January 2005, they will be evaluated under the supervision of the Management Board, which must obtain the opinion of the Joint Supervisory Body.

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Council Act of 12 March 1999 13.03.1999 Official Journal C 88 of 30.03.1999
Amending act(s) Entry into force Deadline for transposition in the Member States Official Journal
Council Act of 28 February 2002 01.03.2002 Official Journal C 58 of 05.03.2002

 

The European Police College

The European Police College

Outline of the Community (European Union) legislation about The European Police College

Topics

These categories group together and put in context the legislative and non-legislative initiatives which deal with the same topic.

Justice freedom and security > Police and customs cooperation

The European Police College (CEPOL)

Document or Iniciative

Council Decision 2005/681/JHA of 20 September 2005 establishing the European Police College (CEPOL) and repealing Decision 2000/820/JHA.

Summary

CEPOL was initially set up by a Council Decision of 22 December 2000. The report on its first three years of operation revealed several difficulties. In its conclusions of 24 February 2005, the Council called for improvements in the functioning of the European Police College (CEPOL): it was apparent that CEPOL could operate more effectively if it were financed from the general budget and if the Staff Regulations of officials of the European Communities and the Conditions of employment of other servants of the European Communities applied to the staff of CEPOL. This decision establishes a European Police College as the successor to CEPOL, which was set up by Decision 2000/820/JHA. The decision confers on CEPOL the status of an agency financed from the budget of the European Communities. It lays down transitional measures on general legal succession.

Organisation of CEPOL

CEPOL takes the form of a network of national training institutes for senior police officers. It is administered by a Governing Board and a Director. A general secretariat carries out the administrative tasks.

The Governing Board is made up of directors of national training institutes. Each national delegation (consisting of one or more directors of national training institutes) has one vote on the Governing Board. Representatives of the General Secretariat of the Council, the Commission and Europol may take part in meetings of the Governing Board as non-voting observers.

The Governing Board shall act by a two-thirds majority of its members, except as regards the draft budget to be submitted to the Commission, which requires unanimity. It adopts programmes, training modules, common learning methods and the CEPOL annual report. It also adopts the decision appointing the Director.

The Director is appointed by the Governing Body from a list of at least three candidates. He is responsible for the day-to-day management of CEPOL. He also implements the budget, maintains contact with the relevant services in the Member States and coordinates implementation of the work programme. He is subject to the Staff Regulations of officials of the European Communities and the Conditions of employment of other servants of the European Communities.

The Secretariat assists CEPOL with administrative tasks and with implementing the annual programme. The staff of the Secretariat is subject to the Staff Regulations of officials of the European Communities and the Conditions of employment of other servants of the European Communities.

CEPOL enjoys legal and contractual capacity. The Director of CEPOL is its legal representative. The seat of CEPOL is in Bramshill, United Kingdom.

Financing CEPOL from the EU budget

CEPOL is financed by the Community budget. The expenditure financed from the Community budget includes staff, administrative, infrastructure and operational expenses. By 31 March each year at the latest, the Governing Board adopts the draft budgetary estimate and forwards it to the Commission and to the budgetary authority (the European Parliament and the Council) together with the preliminary draft budget of the European Union. The budgetary authority decides on the final CEPOL budget.

Regulation (EC) No 1073/1999 of the European Parliament and of the Council of 25 May 1999 concerning investigations conducted by the European Anti-Fraud Office (OLAF) applies without restriction to CEPOL. CEPOL abides by other provisions on the fight against fraud such as interinstitutional agreements in the area.

This Decision applies from 1 January 2006. Every five years from that date, the Governing Board shall commission an independent external evaluation of the implementation of this Decision.

References

Act Entry into force Deadline for transposition in the Member States Official Journal
Council Decision 2005/681/JAI

1.1.2006

OJ 256 of 1.10.2005