Considerations on COM(2009)344 - Requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
dossier COM(2009)344 - Requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement ...
document COM(2009)344 EN
date July  8, 2009
 
(1) The Hague Program on strengthening freedom, security and justice in the European Union, as adopted by the European Council on 4 November 2004, asked for improvement of the cross-border exchange of data, also by extending the access to existing data filing systems of the European Union.

(2) It is essential in the fight against terrorist offences and other serious criminal offences for the law enforcement authorities to have the fullest and most up-to-date information if they are to perform their tasks. The information contained in EURODAC established by the Council Regulation (EC) No …/… [ new Eurodac ][2] is necessary for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences. Therefore, the data in EURODAC should be available, subject to the conditions set out in this Decision, for comparison by the designated authorities of Member States and Europol.

(3) The Commission outlined in its Communication to the Council and the European Parliament on improved effectiveness, enhanced interoperability and synergies among European data bases in the area of Justice and Home Affairs[3] of 24 November 2005 that authorities responsible for internal security could have access to EURODAC in well defined cases, when there would be a substantiated suspicion that the perpetrator of a terrorist or other serious criminal offence has applied for asylum. In this Communication the Commission also found that the proportionality principle requires that EURODAC be queried for these purposes only once there is an overriding public security concern, that is, if the act committed by the criminal or terrorist to be identified is so reprehensible that it justifies querying a database that registers persons with a clean criminal record and it concluded that the threshold for authorities responsible for internal security to query EURODAC must therefore always be significantly higher than the threshold for querying criminal databases.

(4) Moreover, Europol has a key role with respect to cooperation between Member States' authorities in the field of cross-border crime investigation in supporting Union-wide crime prevention, analyses and investigation. Consequently, Europol should also have access to EURODAC data within the framework of its tasks and in accordance with the Decision establishing the European Police Office (Europol) No (2009/371/JHA) [4].

(5) This Decision complements Regulation (EC) No […/…] [new EURODAC] , insofar as it provides for a legal basis under Title VI of the Treaty establishing the European Union to authorise requests for comparison with EURODAC data by Member States authorities and Europol.

(6) Since EURODAC has been established to facilitate the application of the Dublin Regulation, access to EURODAC for the purposes of preventing, detecting or investigating terrorist offences and other serious criminal offences constitutes a change of the original purpose of EURODAC, which interferes with the right to respect the private life of individuals whose personal data are processed in EURODAC. Any such interference must be in accordance with the law, which must be formulated with sufficient precision to allow individuals to adjust their conduct and it must protect individuals against arbitrariness and indicate with sufficient clarity the scope of discretion conferred on the competent authorities and the manner of its exercise. Any interference must be necessary in a democratic society to attain a legitimate and proportionate interest and proportionate to the legitimate objective it aims to achieve.

(7) Even though the original purpose for the establishment of EURODAC did not require the facility of requesting comparisons of data with the database on the basis of a latent which is the dactyloscopic trace which may be found at a crime scene, such a facility is a fundamental one in the field of police cooperation. The possibility to compare a latent with the fingerprint data which is stored in EURODAC will provide the designated authorities of the Member States with a very valuable tool in preventing, detecting and investigating terrorist offences and other serious criminal offences, when for example the only evidence available at a crime scene are latents.

(8) This Decision lays down the conditions under which requests for comparison of fingerprint data with EURODAC data for the purposes of preventing, detecting or investigating terrorist offences and other serious criminal offences should be allowed and the necessary safeguards to ensure the protection of the fundamental right to respect for the private life of individuals whose personal data are processed in EURODAC.

(9) It is necessary to designate the competent Member States' authorities as well as the National Central Access Point through which the requests for comparison with EURODAC data are done and to keep a list of the operating units within the designated authorities that are authorised to request such comparison for the specific purposes of the prevention, detection and investigation of terrorist offences as referred to in the Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism[5] and of other serious criminal offences as referred to in the Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States[6].

(10) Requests for comparison with data stored in the EURODAC central database shall be made by the operating units within the designated authorities to the National Access Point, through the verifying authority and shall be reasoned. The verifying authorities should be responsible for ensuring strict compliance with the conditions for access as established in this Decision. The verifying authorities should then forward the request for comparison through the National Access Point to the EURODAC Central System following verification of whether all conditions for access are fulfilled. In the exceptional case of urgency the verifying authority should process the request immediately and only do the verification afterwards.

(11) For the purposes of protection of personal data, and in particular to exclude mass comparisons which should be forbidden, the processing of EURODAC data should only take place on a case-by-case basis and when it is necessary for the purposes of preventing, detecting and investigating terrorist offences and other serious criminal offences. In addition access should only be allowed when comparisons with the national databases of the Member State and with the Automated Fingerprint Databases of other Member States under the Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime[7] (Prüm Decision) have returned negative results. Such a specific case exists in particular when the request for comparison is connected to a specific and concrete situation or to a specific and concrete danger associated with a terrorist or other serious criminal offence, or to specific persons in respect of whom there are serious grounds for believing that the persons will commit or have committed terrorist offences or other serious criminal offences. A specific case also exists when the request for comparison is connected to a person who is a victim of a terrorist or other serious criminal offence. The designated authorities and Europol should thus only request a comparison with EURODAC when they have reasonable grounds to believe that such a comparison will provide information that will substantially assist them in preventing, detecting or investigating a terrorist or other serious criminal offence.

(12) The Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters [8] applies to the personal data which are processed pursuant to this Decision.

(13) Transfers of data obtained pursuant to this Decision to third countries or international organisations or private entities should be prohibited, in order to ensure the right to asylum and to safeguard applicants for international protection from having their data disclosed to any third country. This prohibition shall be without prejudice to the right of Member States to transfer such data to third countries to which the Dublin Regulation applies, in order to ensure that Member States have the possibility of cooperating with such third countries for the purposes of this Decision.

(14) National competent authorities for the supervision of the processing of personal data should monitor the lawfulness of the processing of personal data by the Member States, and the Joint Supervisory Body set up by the Europol Decision should monitor the lawfulness of data processing activities performed by EUROPOL.

(15) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[9] and in particular Articles 21 and 22 thereof concerning confidentiality and security of processing apply to the processing of personal data by the Community institutions and bodies when carrying out their responsibilities in the operational management of EURODAC in the exercise of activities all or part of which fall within the scope of Community law.

(16) The effective application of this Decision should be evaluated at regular intervals.

(17) Since the objectives of this decision, namely the creation of conditions for requests for comparison with data stored in the EURODAC central database by Member States' designated authorities and by Europol cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and effects of the action, be only achieved at the level of the European Union, the Council may adopt measures in accordance with the principle of subsidiarity, referred to in Article 2 of the Treaty on European Union and defined in Article 5 of the Treaty establishing the European Community. In accordance with the principle of proportionality as set out in those Articles, this Decision does not go beyond what is necessary in order to achieve those objectives.

(18) In accordance with Article 47 of the Treaty on the European Union, this Decision does not affect the competences of the European Community, in particular as exercised in Regulation (EC) No […/…] [new EURODAC] [10] and in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the movement of such data[11].

(19) This Decision respects the fundamental rights and observes the principles reflected in particular in the Charter of Fundamental Rights of the European Union and notably the right to protection of personal data and the right to asylum. This Decision should be applied in accordance with these rights and principles.