Legal provisions of COM(2021)757 - Amendment of Regulation 2018/1727 Council Decision 2005/671/JHA, as regards the digital information exchange in terrorism cases - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2021)757 - Amendment of Regulation 2018/1727 Council Decision 2005/671/JHA, as regards the digital information exchange in terrorism ... |
|---|---|
| document | COM(2021)757  |
| date | October 4, 2023 |
Contents
Article 1 - Amendments to Regulation (EU) 2018/1727
(1) in Article 3, paragraph 5 is replaced by the following:
“5. Eurojust may also assist with investigations and prosecutions that only affect a Member State and a third country or a Member State and an international organisation, provided that a cooperation agreement or arrangement establishing cooperation pursuant to Article 52 has been concluded with that third country or that international organisation, or provided that in a specific case there is an essential interest in providing such assistance.”;
(2) in Article 20, the following paragraph 2a is inserted:
“2a. Each Member State shall designate a competent national authority as Eurojust national correspondent for terrorism matters. This national correspondent for terrorism matters shall be a judicial or other competent authority. Where the national legal system requires, more than one authority can be designated. The national correspondent for terrorism matters shall have access to all relevant information in accordance with Article 21a(1). It shall be competent to collect such information and to send it to Eurojust.”;
(3) Article 21 is amended as follows:
(a)paragraph 9 is replaced by the following:
“9. This Article shall not affect other obligations regarding the transmission of information to Eurojust.”;
(b)paragraph 10 is deleted;
(4) the following Article 21a is inserted:
“Article 21a
Exchange of information on terrorism cases
1. The competent national authorities shall inform their national members of any ongoing or concluded criminal investigations supervised by judicial authorities, prosecutions, court proceedings and court decisions on terrorist offences as soon as judicial authorities are involved.
2. Terrorist offences for the purpose of this Article are offences referred to in Directive (EU) 2017/541 of the European Parliament and of the Council*. The obligation referred to in paragraph 1 shall apply to all terrorist offences regardless whether there is a known link to another Member State or third country, unless the case, due to its specific circumstances, clearly affects only one Member State.
3. The information transmitted in accordance with paragraph 1 shall include the operational personal data and non-personal data listed in Annex III.
4. The competent national authorities shall inform their national member without delay about any relevant changes in the national proceedings.
Without prejudice to the first subparagraph, the national authorities shall review and provide an update on the information transmitted under paragraph 1 at least every three months.
5. Paragraph 1 shall not apply where the sharing of information would jeopardise current investigations or the safety of an individual, or when it would be contrary to essential interests of the security of the Member State concerned.
____________
* Directive (EU) 2017/541 of the European Parliament and of the Council of 15 March 2017 on combating terrorism and replacing Council Framework Decision 2002/475/JHA and amending Council Decision 2005/671/JHA (OJ L 88, 31.3.2017, p. 6).”;
(5) the following Articles 22a, 22b and 22c are inserted:
“Article 22a
Secure digital communication and data exchange between competent national authorities and Eurojust
1. The communication between the competent national authorities and Eurojust under this Regulation shall be carried out through the decentralised IT system as defined in Regulation (EU) [.../…] of the European Parliament and of the Council* [Regulation on the digitalisation of judicial cooperation].
2. Where exchange of information in accordance with paragraph 1 is not possible due to the unavailability of the decentralised IT system or due to exceptional circumstances, it shall be carried out by the swiftest, most appropriate alternative means. Member States and Eurojust shall ensure that the alternative means of communication are reliable and provide an equivalent level of security.
3. The competent national authorities shall transmit the information in accordance with Articles 21 and 21a to Eurojust in a semi-automated manner from national registers and in a structured way determined by Eurojust.
__________
* [Regulation (EU) […/…] of the European Parliament and of the Council on the digitalisation of judicial cooperation](OJ L…).
Article 22 - b Adoption of implementing acts by the Commission
1. The Commission shall adopt the implementing acts necessary for the establishment and use of the decentralised IT system for communication under this Regulation, setting out the following:(a)the technical specifications defining the methods of communication by electronic means for the purposes of the decentralised IT system;
(b)the technical specifications for communication protocols;
(c)the information security objectives and relevant technical measures ensuring minimum information security standards and a high level of cybersecurity standards for the processing and communication of information within the decentralised IT system;
(d)the minimum availability objectives and possible related technical requirements for the services provided by the decentralised IT system;
(e)the establishment of a steering committee comprising representatives of the Member States to ensure the operation and maintenance of the decentralised IT system in order to meet the objectives of this Regulation.
2. The implementing acts referred to in paragraph 1 shall be adopted by [2 years after entry into force] in accordance with the examination procedure referred to in Article 22c(2).
Article 22 - c Committee Procedure
1. The Commission shall be assisted by a committee. That committee shall be a committee within the meaning of Regulation (EU) No 182/2011 of the European Parliament and of the Council*.2. Where reference is made to this paragraph, Article 5 of Regulation (EU) No 182/2011 shall apply.
Where the committee delivers no opinion, the Commission shall not adopt the draft implementing act and Article 5(4), third subparagraph, of Regulation (EU) No 182/2011 shall apply.
__________
* Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).”;
(6) Articles 23, 24 and 25 are replaced by the following :
“Article 23
Case Management System
1. Eurojust shall establish a case management system for the processing of operational personal data listed in Annex II, the data listed in Annex III and non-personal data.
2. The purposes of the case management system shall be to:
(a)support the management and coordination of investigations and prosecutions for which Eurojust is providing assistance;
(b)ensure secure access to and exchange of information on on-going investigations and prosecutions;
(c)allow for the cross-checking of information and establishing cross-links;
(d)allow for the extraction of data for operational and statistical purposes;
(e)facilitate monitoring to ensure that the processing of operational personal data is lawful and complies with this Regulation and the applicable data protection rules.
3. The case management system may be linked to the secure telecommunications connection referred to in Article 9 of Council Decision 2008/976/JHA* and other secure communication channel(s) in accordance with applicable Union law.
4. In the performance of their duties, national members may process personal data on the individual cases, on which they are working, in accordance with this Regulation or other applicable instruments.
They shall allow the Data Protection Officer to have access to the personal data processed in the case management system.
5. For the processing of operational personal data, Eurojust may not establish any automated data file other than the case management system.
The national members may, however, temporarily store and analyse personal data for the purpose of determining whether such data are relevant to Eurojust’s tasks and can be included in the operational data management system. That data may be held for up to three months.
Article 24 - Management of the information in the case management system
1. The national member shall store the information transmitted to him or her in accordance with this Regulation or other applicable instruments in the case management system.The national member shall be responsible for the management of the data processed by that national member.
2. The national member shall decide, on a case-by-case basis, whether to keep access to the information restricted or to give access to it or to parts of it to other national members, to liaison prosecutors seconded to Eurojust, to authorised Eurojust staff or to any other person working on behalf of Eurojust who has received the necessary authorisation from the Administrative Director.
3. The national member shall indicate, in general or specific terms, any restrictions on the further handling, access and transfer of the information if a cross-link referred to in Article 23(2), point (c), has been identified.
Article 25 - Access to the case management system at national level
1. In so far as they are connected to the case management system, persons referred to in Article 20(3) shall only have access to:(a)data controlled by the national member of their Member State, unless the national member, who has decided to introduce the data in the case management system, expressly denied such access;
(b)data controlled by national members of other Member States and to which the national member of their Member State has received access, unless the national member who controls the data expressly denied such access.
2. The national member shall, within the limitations provided for in paragraph 1 of this Article, decide on the extent of access, which is granted in their Member State to the persons referred to in Article 20(3) in so far as they are connected to the case management system.
3. Each Member State shall decide, after consultation with its national member, on the extent of access, which is granted in that Member State to the persons referred to in Article 20(3) in so far as they are connected to the case management system.
Member States shall notify Eurojust and the Commission of their decision regarding the implementation of the first subparagraph. The Commission shall inform the other Member States thereof.
___________
* Council Decision 2008/976/JHA of 16 December 2008 on the European Judicial Network (OJ L 348, 24.12.2008, p. 130).”;
(7) Article 27 is amended as follows:
(a)paragraph 4 is replaced by the following:
“4. Eurojust may process special categories of operational personal data in accordance with Article 76 of Regulation (EU) 2018/1725. Where such other data refer to witnesses or victims within the meaning of paragraph 2 of this Article, the decision to process them shall be taken by the national members concerned.”;
(b)the following paragraph 5 is added:
“5. Where operational personal data is transmitted in accordance with Article 21a, Eurojust may process the operational personal data listed in Annex III of the following persons:
(a)persons to whom, in accordance with the national law of the Member State concerned, there are serious grounds for believing that they have committed or are about to commit a criminal offence in respect of which Eurojust is competent;
(b)persons who have been convicted of such offence.
Eurojust may continue to process the operational personal data referred to in point (a) of the first subparagraph also after the proceedings have been concluded under the national law of the Member State concerned, even in case of an acquittal. Where the proceedings did not result in a conviction, processing of personal data may only take place in order to identify links with other ongoing or concluded investigations and prosecutions as referred to in Article 23(2), point (c).”;
(8) Article 29 is amended as follows:
(a)the following paragraph 1a is inserted:
“1a. Eurojust shall not store operational personal data transmitted in accordance with Article 21a beyond the first applicable date among the following dates:
(a)the date on which prosecution is barred under the statute of limitations of all the Member States concerned by the investigation and prosecutions;
(b)5 years after the date on which the judicial decision of the last of the Member States concerned by the investigation or prosecution became final, 3 years in case of an acquittal.”;
(b)paragraphs 2 and 3 are replaced by the following:
“2. Observance of the storage deadlines referred to in paragraphs 1 and 1a of this Article shall be reviewed constantly by appropriate automated processing conducted by Eurojust, particularly from the moment in which Eurojust ceases to provide support.
A review of the need to store the data shall also be carried out every three years after they were entered.
If operational personal data referred to in Article 27(4) are stored for a period exceeding five years, the EDPS shall be informed thereof.
3. Before one of the storage deadlines referred to in paragraphs 1 and 1a expires, Eurojust shall review the need for the continued storage of the operational personal data where and as long as this is necessary to perform its tasks.
It may decide by way of derogation to store those data until the following review. The reasons for the continued storage shall be justified and recorded. If no decision is taken on the continued storage of operational personal data at the time of the review, those data shall be deleted automatically.”;
(9) in Section III, the following Article 54a is inserted:
“Article 54a
Third country liaison prosecutors
1. A liaison prosecutor from a third country may be seconded to Eurojust based on a cooperation agreement concluded before 12 December 2019 between Eurojust and that third country or an international agreement between the Union and the third country pursuant to Article 218 TFEU allowing for the secondment of a liaison prosecutor.
2. The rights and obligations of the liaison prosecutor shall be set out in the cooperation agreement or international agreement referred to in paragraph 1 or working arrangement concluded in accordance with Article 47(3).
3. Liaison prosecutors seconded to Eurojust shall be granted access to the case management system for the secure exchange of data.
Transfers of operational personal data to third country liaison prosecutors through the case management system may only take place under the rules and conditions set out in this Regulation, the agreement with the respective country or other applicable legal instruments.
Article 24(1), the second sentence and Article 24(2) shall apply mutatis mutandis to liaison prosecutors.
The College shall lay down the detailed conditions of access.”;
(10) In Article 80, the following paragraphs 8, 9 and 10 are added:
“8. Eurojust may continue to use the case management system composed of temporary work files and of an index until [the first day of the month following the period of two years after the adoption of this Regulation], if the new case management system is not in place yet.
9. The competent authorities and Eurojust may continue to use other channels of communication than referred to in Article 22a(1) until [the first day of the month following the period of two years after the adoption of the implementing act referred to in Article 22b of this Regulation], if those channels of communication are not available for direct exchange between them yet.
10. The competent authorities may continue to provide information in other ways than semi-automatically in accordance with Article 22a(3) until [the first day of the month following the period of two years after the adoption of the implementing act referred to in Article 22b of this Regulation], if the technical requirements are not in place yet.”;
(11) the following Annex III is added:
“Annex III:
(a)information to identify the suspect, accused, convicted or acquitted person:
–surname (family name);
–first names (given name, alias);
–date of birth;
–place of birth (town and country);
–nationality or nationalities;
–identification document,
–gender;
(b)information on the terrorist offence:
–legal qualification of the offence under national law;
–applicable form of serious crime from the list referred to in Annex I;
–affiliation with terrorist group;
–type of terrorism, such as jihadist, separatist, left-wing, right-wing;
–brief summary of the case;
(c)information on the national proceedings:
–status of the national proceedings;
–responsible public prosecutor’s office;
–case number;
–date of opening formal judicial proceedings;
–links with other relevant cases;
(d)information to identify the suspect, where available, for the national competent authorities:
–fingerprint data that have been collected in accordance with national law during criminal proceedings;
–photographs.”.
Article 2 - Amendments to Decision 2005/671/JHA
(1) in Article 1 point (c) is deleted.
(2) Article 2 is amended as follows:
(a)paragraph 2 is deleted;
(b)paragraph 3 is replaced by the following:
“3. Each Member State shall take the necessary measures to ensure that at least the information referred to in paragraph 4 concerning criminal investigations for terrorist offences which affect or may affect two or more Member States, gathered by the relevant authority, is transmitted to Europol, in accordance with national law and with Regulation (EU) 2016/794 of the European Parliament and of the Council *.
_____________
* Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) (OJ L 135, 24.5.2016, p. 53).”;
(c)paragraph 5 is deleted.
Article 3 - Entry into force
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.