Explanatory Memorandum to JAI(2008)12 - Initiative of France with a view to adopting a Council decision on the use of information technology for customs purposes - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | JAI(2008)12 - Initiative of France with a view to adopting a Council decision on the use of information technology for customs purposes. |
|---|---|
| source | JAI(2008)12 |
| date | 05-02-2009 |
| 5.2.2009 | EN | Official Journal of the European Union | C 29/6 |
Contents
- Initiative of the French Republic with a view to adopting a Council decision on the use of information technology for customs purposes
- CHAPTER I
- CHAPTER II
- CHAPTER III
- Article 4
- Article 5
- Article 6
- Article 7
- Article 8
- Article 9
- Article 10
- Article 11
- Article 12
- CHAPTER IV
- CHAPTER V
- CHAPTER VI
- CHAPTER VII
- Article 17
- Article 18
- CHAPTER VIII
- CHAPTER IX
- Article 21
- Article 22
- CHAPTER X
- CHAPTER XI
- Article 25
- CHAPTER XII
- Article 27
- CHAPTER XIII
- Article 29
- CHAPTER XIV
- Article 31
- Article 32
- Article 33
- Article 34
- Article 35
- 2. It shall apply from …
Initiative of the French Republic with a view to adopting a Council decision on the use of information technology for customs purposes
(2009/C 29/05)
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on European Union, and in particular Article 30(1)(a) and Article 34(2)(c) thereof,
Having regard to the initiative of the French Republic,
Having regard to the Opinion of the European Parliament (1),
Whereas:
| (1) | At the external frontiers of the Community and within Community territory, customs administrations are responsible, together with other competent authorities, for the prevention, investigation and suppression of offences against not only Community rules, but also against national laws. |
| (2) | The developing trend towards illicit trafficking of all kinds constitutes a serious threat to public health, morality and security. |
| (3) | It is necessary to reinforce cooperation between customs administrations, by laying down procedures under which customs administrations may act jointly and exchange personal and other data concerned with illicit trafficking activities, using new technology for the management and transmission of such information, subject to the provisions of the Council of Europe Convention on the Protection of Individuals with Regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981, and the principles contained in Recommendation R (87) 15 of the Committee of Ministers of the Council of Europe of 17 September 1987, regulating the use of personal data in the police sector. |
| (4) | It is also necessary to enhance complementarity with actions in the context of cooperation with the European Police Office (Europol) and Eurojust, by granting those agencies access to the Customs Information System. |
| (5) | Since customs administrations have to implement both Community and non-Community provisions in their day-to-day work, it is necessary to ensure that the provisions on mutual assistance and administrative cooperation evolve in parallel. Account should therefore be taken of the provisions on the Customs Information System and the customs files identification database in Regulation (EC) No 766/2008 of the European Parliament and of the Council of 9 July 2008 amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters (2). |
| (6) | Experience gained since the Convention of 26 July 1995 on the use of information technology for customs purposes (hereinafter ‘the CIS convention’) (3) entered into force has shown that the use of the Customs Information System for the sole purposes of sighting and reporting, discreet surveillance or specific checks does not make it possible to achieve fully the system's objective, which is to assist in preventing, investigating and prosecuting serious contraventions of national laws. |
| (7) | A strategic analysis should help those responsible at the highest level to determine projects, objectives and policies for combating fraud, to plan activities and to deploy the resources needed to achieve the operational objectives laid down. |
| (8) | An operational analysis of the activities, resources and intentions of certain persons or businesses that do not comply or appear not to comply with national laws should help the customs authorities to take the appropriate measures in specific cases to achieve the objectives laid down as regards the fight against fraud. |
| (9) | The CIS convention should therefore be replaced. |
| (10) | This Decision respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, |
HAS DECIDED AS FOLLOWS:
ESTABLISHMENT OF A CUSTOMS INFORMATION SYSTEM
Article 1
1. The customs administrations of the Member States shall set up and maintain a joint automated information system for customs purposes, hereinafter referred to as the ‘Customs Information System’.
2. The aim of the Customs Information System, in accordance with this Decision, shall be to assist in preventing, investigating and prosecuting serious contraventions of national laws by making information available more rapidly, thereby increasing the effectiveness of the cooperation and control procedures of the customs administrations of the Member States.
DEFINITIONS
Article 2
For the purposes of this Decision:
| 1. | the term ‘national laws’ means laws or regulations of a Member State, in the application of which the customs administration of that Member State has total or partial competence, concerning:
|
| 2. | the term ‘personal data’ means any information relating to an identified or identifiable individual; |
| 3. | the term ‘supplying Member State’ means a State which includes an item of data in the Customs Information System; |
| 4. | ‘operational analysis’ means analysis of operations which constitute, or appear to constitute, breaches of national laws, involving the following stages:
|
| 5. | ‘strategic analysis’ means research and presentation of the general trends in breaches of national laws through an evaluation of the threat, scale and impact of certain types of operation in breach of national laws, with a view to setting priorities, gaining a better picture of the phenomenon or threat, reorienting action to prevent and detect fraud and reviewing departmental organisation. Only data from which identifying factors have been removed may be used for strategic analysis. |
OPERATION AND USE OF THE CUSTOMS INFORMATION SYSTEM
Article 3
1. The Customs Information System shall consist of a central database facility, accessible via terminals in each Member State. It shall comprise exclusively data necessary to achieve its aim as stated in Article 1(2), including personal data, in the following categories:
| (a) | commodities; |
| (b) | means of transport; |
| (c) | businesses; |
| (d) | persons; |
| (e) | fraud trends; |
| (f) | availability of expertise; |
| (g) | items detained, seized or confiscated. |
2. The Commission shall ensure the technical management of the infrastructure of the Customs Information System in accordance with the rules provided for by the implementing measures adopted by the Council.
The Commission shall report on management to the Committee referred to in Article 23.
3. The Commission shall communicate to that Committee the practical arrangements adopted for technical management.
1. Member States shall determine the items to be included in the Customs Information System relating to each of the categories referred to in Article 3, to the extent that this is necessary to achieve the aim of the system. No items of personal data shall be included in any event within category set out in point (e) of Article 3.
2. With regard to categories set out in points (a) to (d) of Article 3, the items of information included in respect of persons shall comprise no more than:
| (a) | name, maiden name, forenames, former surnames and aliases; |
| (b) | date and place of birth; |
| (c) | nationality; |
| (d) | sex; |
| (e) | number and place and date of issue of the identity papers (passports, identity cards, driving licences); |
| (f) | address; |
| (g) | any particular objective and permanent physical characteristics; |
| (h) | reason for inclusion of data; |
| (i) | suggested action; |
| (j) | a warning code indicating any history of being armed, violent or escaping; |
| (k) | registration number of the means of transport. |
3. With regard to category set out in point (f) of Article 3, the items of information included in respect of persons shall comprise no more than the experts' surnames and forenames.
4. With regard to category set out in point (g) of Article 3, the items of information included in respect of persons shall comprise no more than:
| (a) | name, maiden name, forenames, former surnames and aliases; |
| (b) | date and place of birth; |
| (c) | nationality; |
| (d) | sex; |
| (e) | address. |
5. In any case personal data listed in Article 6, first sentence, of the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981, hereinafter referred to as the ‘1981 Strasbourg Convention’, shall not be included.
1. Data in the categories referred to in Article 3 shall be included in the Customs Information System only for the purpose of sighting and reporting, discreet surveillance, specific checks, or operational analysis.
2. For the purpose of the suggested actions referred to in paragraph 1, namely sighting and reporting, discreet surveillance, specific checks, or operational analysis, personal data within any of the categories referred to in Article 3 may be included in the Customs Information System only if, especially on the basis of prior illegal activities, there are real indications to suggest that the person concerned has committed, is in the act of committing, or will commit serious contraventions of national laws.
1. If the suggested actions referred to in Article 5(1) are carried out, the following information may in whole or in part be collected and transmitted to the supplying Member State:
| (i) | the fact that the commodity, means of transport, business or person reported has been found; |
| (ii) | the place, time and reason for the check; |
| (iii) | the route and destination of the journey; |
| (iv) | persons accompanying the person concerned or occupants of the means of transport; |
| (v) | the means of transport used; |
| (vi) | objects carried; |
| (vii) | the circumstances under which the commodity, means of transport, business or person was found. |
When such information is collected in the course of discreet surveillance steps must be taken to ensure that the discreet nature of the surveillance is not jeopardised.
2. In the context of a specific check referred to in Article 5(1), persons, means of transport and objects may be searched to the extent permissible and in accordance with the laws, regulations and procedures of the Member State in which the search takes place. If the specific check is not permitted by the law of a Member State, it shall automatically be converted by that Member State into sighting and reporting or discreet surveillance.
1. Direct access to data included in the Customs Information System shall be reserved for the national authorities designated by each Member State. These national authorities shall be customs administrations, but may also include other authorities competent, according to the laws, regulations and procedures of the Member State in question, to act in order to achieve the aim stated in Article 1(2).
2. Each Member State shall send the other Member States and the committee referred to in Article 23 a list of its competent authorities which have been designated in accordance with paragraph 1 of this Article to have direct access to the Customs Information System stating, for each authority, which data it may have access to and for what purposes.
3. Notwithstanding the provisions of paragraphs 1 and 2, Member State may, by unanimous agreement, permit access to the Customs Information System by international or regional organisations. Such agreement shall take the form of a Council decision. In reaching this decision the Member States shall take account of any reciprocal arrangements and any opinion of the Joint Supervisory Authority referred to in Article 25 on the adequacy of data protection measures.
1. Member States may use data obtained from the Customs Information System only in order to achieve the aim stated in Article 1(2). However, they may use it for administrative or other purposes with the prior authorisation of, and subject to any conditions imposed by, the Member State which included it in the system. Such other use shall be in accordance with the laws, regulations and procedures of the Member State which seeks to use it and should take into account Principle 5.5 of Recommendation R (87) 15 of the Committee of Ministers of the Council of Europe of 17 September 1987, regulating the use of personal data in the police sector, hereinafter referred to as ‘Recommendation R (87) 15’.
2. Without prejudice to paragraphs 1 and 4 of this Article, Article 7(3) and Articles 11 and 12, data obtained from the Customs Information System shall only be used by national authorities in each Member State designated by the Member State in question, which are competent, in accordance with the laws, regulations and procedures of that Member State, to act in order to achieve the aim stated in Article 1(2).
3. Each Member State shall send the other Member States and the Committee referred to in Article 23 a list of the competent authorities it has designated in accordance with paragraph 2 of this Article.
4. Data obtained from the Customs Information System may, with the prior authorisation of, and subject to any conditions imposed by, the Member State which included it in the system, be communicated for use by national authorities other than those designated under paragraph 2, non-Member States, and international or regional organisations wishing to make use of them. Each Member State shall take special measures to ensure the security of such data when they are being transmitted or supplied to services located outside its territory. Details of such measures must be communicated to the Joint Supervisory Authority referred to in Article 25.
1. The inclusion of data in the Customs Information System shall be governed by the laws, regulations and procedures of the supplying Member State unless this Decision lays down more stringent provisions.
2. The use of data obtained from the Customs Information System, including performance of any action under Article 5(1) suggested by the supplying Member State, shall be governed by the laws, regulations and procedures of the Member State using such data, unless this Decision lays down more stringent provisions.
1. Each of the Member States shall designate a competent customs administration which shall have national responsibility for the Customs Information System.
2. The administration referred to in paragraph 1 shall be responsible for the correct operation of the Customs Information System within the Member State and shall take the measures necessary to ensure compliance with this Decision.
3. Member States shall inform one another of the administration referred to in paragraph 1.
1. Subject to Chapter IX of this Decision, the European Police Office (Europol) shall, within its mandate, have the right to have access to the data entered into the Customs Information System in accordance with Articles 2, 3, 4, 5 and 6, to search those data directly, and to enter data into the system.
2. Where a search by Europol reveals the existence of an alert in the Customs Information System, Europol shall, via the channels defined in Council Decision […] establishing a European Police Office (Europol Decision) (4), inform the Member State which issued the alert.
3. Use of information obtained from a search in the Customs Information System is subject to the consent of the Member State which entered the data into the system. If this Member State allows the use of such information, the handling thereof shall be governed by the Europol Decision. Europol may communicate such information to third countries and third bodies only with the consent of the Member State which entered the data into the system.
4. Europol may request further information from the Member States concerned, in accordance with the provisions of the Europol Decision.
5. Without prejudice to paragraphs 3 and 4, Europol shall not connect the parts of the Customs Information System to which it has access to any computer system for data collection and processing operated by or at Europol, nor transfer the data contained therein to any such system, nor download or otherwise copy any part of the Customs Information System.
Europol shall limit access to data entered into the Schengen Information System to duly authorised staff of Europol.
Europol shall allow the Joint Supervisory Body, set up under Article 34 of the Europol Decision, to review the activities of Europol in the exercise of its right to accede to and to search data entered into the Customs Information System.
1. Subject to Chapter IX, the national members of Eurojust and their assistants shall, within their mandate, have the right to have access to the data entered into the Customs Information System in accordance with Articles 2, 3, 4, 5 and 6, and to search those data.
2. Where a search by a national member of Eurojust reveals the existence of an alert in the Customs Information System, he or she shall inform the Member State having issued the alert thereof. Any communication of information obtained from such a search may be communicated to third countries and third bodies only with the consent of the Member State which issued the alert.
3. Nothing in this Article shall be interpreted as affecting the provisions of Council Decision 2002/187/JHA of 28 February 2002 setting up Eurojust with a view to reinforcing the fight against serious crime (5) which concern data protection and the liability for any unauthorised or incorrect processing of such data by national members of Eurojust or their assistants, or as affecting the powers of the Joint Supervisory Body set up pursuant to that Decision.
4. No parts of the Customs Information System to which the national members or their assistants have access shall be connected to any computer system for data collection and processing in operation by or at Eurojust, nor shall any data contained in the former be transferred to the latter, nor shall any part of the Customs Information System be downloaded.
5. Access to data entered in the Customs Information System shall be limited to the national members and their assistants and not be extended to Eurojust staff.
AMENDMENT OF DATA
Article 13
1. Only the supplying Member State or Europol shall have the right to amend, supplement, correct or delete data which it has entered in the Customs Information System.
2. Should a supplying Member State or Europol note, or have drawn to its attention, that the data it included are factually inaccurate or were included, or are stored contrary to this Decision, it shall amend, supplement, correct or delete the data, as appropriate, and shall advise the other Member States and Europol accordingly.
3. If one of the Member States or Europol has evidence to suggest that an item of data is factually inaccurate, or was included or is stored on the Customs Information System, contrary to this Decision, it shall advise the supplying Member State or Europol as soon as possible. The latter shall check the data concerned and, if necessary, correct or delete the item without delay. The supplying Member State or Europol shall advise the other Member States and Europol of any correction or deletion effected.
4. If, when entering data in the Customs Information System, a Member State or Europol notes that its report conflicts with a previous report as to content or suggested action, it shall immediately advise the Member State or Europol which made the previous report. The two Member States or the Member State and Europol shall then attempt to resolve the matter. In the event of disagreement, the first report shall stand, but those parts of the new report which do not conflict shall be included in the System.
5. Subject to the provisions of this Decision, where in any Member State a court, or other competent authority within that Member State, makes a final decision as to amendment, supplementation, correction or deletion of data in the Customs Information System, the Member States and Europol undertake mutually to enforce such a decision. In the event of conflict between such decisions of courts or other competent authorities in different Member States, including those referred to in Article 22 i concerning correction or deletion, the Member State which included the data in question or Europol shall delete them from the System.
RETENTION OF DATA
Article 14
1. Data included in the Customs Information System shall be kept only for the time necessary to achieve the purpose for which it was included. The need for their retention shall be reviewed at least annually by the supplying Member State, or by Europol if the latter entered the data.
2. The supplying Member State, or Europol if the latter entered the data, may, within the review period, decide to retain data until the next review if their retention is necessary for the purposes for which they were included. Without prejudice to Article 22, if there is no decision to retain data, they shall automatically be transferred to that part of the Customs Information System to which access shall be limited in accordance with paragraph 4 of this Article.
3. The Customs Information System shall automatically inform the supplying Member State, or Europol if the latter entered the data, of a scheduled transfer of data from the Customs Information System under paragraph 2, giving one month's notice.
4. Data transferred under paragraph 2 shall continue to be retained for one year within the Customs Information System, but, without prejudice to Article 22, shall be accessible only to a representative of the Committee referred to in Article 23 or to the supervisory authorities referred to in Articles 24(1) and 25(1). During that period they may consult the data only for the purposes of checking their accuracy and lawfulness, after which they must be deleted.
CREATION OF A CUSTOMS FILES IDENTIFICATION DATABASE
Article 15
1. The Customs Information System shall contain data in accordance with this Chapter, in addition to data in accordance with Article 3, in a special database, hereinafter referred to as ‘the customs files identification database’. Without prejudice to the provisions of this Chapter and of Chapters VII and VIII, all the provisions of this Decision shall also apply to the customs files identification database.
2. The aim of the customs files identification database shall be to enable the national authorities responsible for carrying out customs investigations designated pursuant to Article 7, when opening a file on or investigating one or more persons or businesses, to identify competent authorities of other Member States which are investigating or have investigated those persons or businesses, in order, through information on the existence of investigation files, to achieve the aim referred to in Article 1(2).
3. For the purposes of the customs files identification database, each Member State shall send the other Member States and the committee mentioned in Article 23 a list of serious infringements of its national laws.
This list shall comprise only infringements that are punishable:
| (a) | by deprivation of liberty or a detention order for a maximum period of not less than 12 months; or |
| (b) | by a fine of at least EUR 15 000. |
4. If the Member State retrieving data from the customs files identification database requires further information on the stored investigation file on a person or a business, it shall request the assistance of the supplying Member State on the basis of the instruments in force relating to mutual assistance.
OPERATION AND USE OF THE CUSTOMS FILES IDENTIFICATION DATABASE
Article 16
1. The competent authorities shall enter data from investigation files in the customs files identification database for the purposes set out in Article 15(2). The data shall cover only the following categories:
| (a) | a person or a business which is or has been the subject of an investigation file opened by a competent authority of a Member State, and which:
|
| (b) | the field covered by the investigation file; |
| (c) | the name, nationality and contact information of the Member State's authority handling the case, together with the file number. |
Data referred to in points (a) to (c) shall be entered in a data record separately for each person or business. Links between data records shall not be permitted.
2. The personal data referred to in paragraph 1(a) shall consist only of the following:
| (a) | for persons: the name, maiden name, forenames, former surnames and aliases, date and place of birth, nationality and sex, address; |
| (b) | for businesses: business name, name under which trade is conducted, registered office and VAT identifier, excise duties identification number, address. |
3. Data shall be entered for a limited period in accordance with Article 19.
A Member State shall not be obliged to make entries pursuant to Article 16 in any particular case if and for such time as this would harm public policy or other essential interests, in particular with regard to data protection, of the Member State concerned.
1. Entry of data in the customs files identification database and consultation thereof shall be reserved for the authorities referred to in Article 15(2).
2. Any consultation concerning the customs files identification database shall cover the following personal data:
| (a) | for persons: the forename and/or name and/or maiden name and/or former surnames and/or alias and/or date of birth and/or address; |
| (b) | for businesses: business name and/or name under which trade is conducted and/or VAT identifier and/or excise duties identification number and/or address. |
PERIOD OF RETENTION OF DATA IN THE CUSTOMS FILES IDENTIFICATION DATABASE
Article 19
1. Storage periods shall be determined in accordance with the laws, regulations and procedures of the Member State introducing the data. However, the following time-limits, starting on the date on which the data were entered in the file, shall on no account be exceeded:
| (a) | data relating to current investigation files shall not be retained beyond a period of three years if it has not been established that an infringement has taken place within that time. The data shall be deleted before then if one year has passed since the last investigative act; |
| (b) | data relating to investigation files which have established that an infringement has taken place but which have not yet led to a conviction or to imposition of a fine shall not be retained beyond a period of six years; |
| (c) | data relating to investigation files which have led to a conviction or a fine shall not be retained beyond a period of 10 years. |
2. At all stages of an investigation as referred to in points (a) to (c) of paragraph 1, as soon as a person or business within the scope of Article 16 is eliminated from an investigation pursuant to the laws and administrative regulations of the supplying Member State, all data relating to that person or business shall be deleted immediately.
3. Data shall automatically be deleted from the customs files identification database as from the date on which the data retention periods laid down in paragraph 1 are exceeded.
PERSONAL DATA PROTECTION
Article 20
1. Each Member State intending to receive personal data from, or include them in, the Customs Information System shall, no later than … (6), adopt national measures sufficient to achieve a level of protection of personal data at lea equal to that resulting from the principles of the 1981 Strasbourg Convention.
2. A Member State shall receive personal data from, or include them in, the Customs Information System only where the arrangements for the protection of such data provided for in paragraph 1 have entered into force in the territory of that Member State. The Member State shall also have previously designated a national supervisory authority or authorities in accordance with Article 24.
3. In order to ensure the proper application of the data protection provisions in this Decision, the Customs Information System shall be regarded in every Member State as a national data file subject to the national provisions referred to in paragraph 1 and any more stringent provisions contained in this Decision.
1. Subject to Article 8(1), each Member State shall ensure that it shall be unlawful under its laws, regulations and procedures for personal data from the Customs Information System to be used other than for the purposes set out in Article 1(2).
2. Data may be duplicated only for technical purposes, provided that such duplication is necessary for direct searching by the authorities referred to in Article 7.
3. Subject to Article 8(1), personal data included by other Member States may not be copied from the Customs Information System into other national data files, except those copies held in systems of risk management used to direct national customs controls or copies held in an operational analysis system used to coordinate actions.
4. In the two exceptional cases provided for in paragraph 3, only the analysts designated by the national authorities of each Member State shall be empowered to process personal data obtained from the Customs Information System within the framework of a risk management system used to direct customs controls by national authorities or of an operational analysis system used to coordinate actions.
5. Each Member States shall send each other Member State and the Committee referred to in Article 23 a list of the risk-management departments whose analysts are authorised to copy and process personal data entered in the Customs Information System.
6. The list of national authorities referred to in paragraph 4 shall be published for information in the Official Journal of the European Union.
7. Personal data copied from the Customs Information System shall be kept only for the time necessary to achieve the purpose for which they were copied. The need for their retention shall be reviewed at least annually by the partner in the Customs Information System which carried out the copying. The storage period shall not exceed ten years. Personal data which are not necessary for the continuation of the analysis shall be deleted immediately or have any identifying factors removed.
1. The rights of persons with regard to personal data in the Customs Information System, in particular their right of access, shall be put into effect in accordance with the laws, regulations and procedures of the Member State in which such rights are invoked.
If laid down in the laws, regulations and procedures of the Member State concerned, the national supervisory authority provided for in Article 23 shall decide whether information is to be communicated and the procedures for so doing.
A Member State which has not supplied the data concerned may communicate data only if it has first given the supplying Member State an opportunity to adopt its position.
2. A Member State, to which an application for access to personal data is made, shall refuse access if access may undermine the performance of the legal task specified in the report pursuant to Article 5(1), or in order to protect the rights and freedoms of others. Access shall be refused in any event during the period of discreet surveillance or sighting and reporting, and during the period in which the operational analysis of the data or administrative enquiry or criminal investigation is ongoing.
3. In each Member State, a person may, according to the laws, regulations and procedures of the Member State concerned, have personal data relating to himself corrected or deleted if those data are factually inaccurate, or were included or are stored in the Customs Information System contrary to the aim stated in Article 1(2) of this Decision or to the provisions of Article 5 of the 1981 Strasbourg Convention.
4. In the territory of each Member State, any person may, in accordance with the laws, regulations and procedures of the Member State in question, bring an action or, if appropriate, a complaint before the courts or the authority competent under the laws, regulations and procedures of that Member State concerning personal data relating to himself on the Customs Information System, in order to:
| (a) | correct or delete factually inaccurate personal data; |
| (b) | correct or delete personal data entered or stored in the Customs Information System contrary to this Decision; |
| (c) | obtain access to personal data; |
| (d) | obtain compensation pursuant to Article 28(2). |
The Member States concerned undertake mutually to enforce the final decisions taken by a court, or other competent authority, pursuant to points (a) to (c).
5. The references in this Article and in Article 13(5) to a ‘final decision’ do not indicate any obligation on the part of any Member State to appeal against a decision taken by a court or other competent authority.
INSTITUTIONAL FRAMEWORK
Article 23
1. A Committee consisting of representatives from the customs administrations of the Member States shall be set up. The Committee shall take its decisions unanimously where the provisions of point (a) of paragraph 2 are concerned and by a two-thirds majority where the provisions of point (b) of paragraph 2 are concerned. It shall adopt its rules of procedure by unanimity.
2. The Committee shall be responsible:
| (a) | for the implementation and correct application of the provisions of this Decision, without prejudice to the powers of the authorities referred to in Articles 24(1) and 25(1); |
| (b) | for the proper functioning of the Customs Information System with regard to technical and operational aspects. The Committee shall take all necessary steps to ensure that the measures set out in Articles 14 and 26 are properly implemented with regard to the Customs Information System. For the purpose of applying this paragraph, the Committee may have direct access to, and use of, data from the Customs Information System. |
3. The Committee shall report annually to the Council, in accordance with Title VI of the Treaty on European Union, regarding the efficiency and effectiveness of the Customs Information System, making recommendations as necessary.
4. The Commission shall be party to the Committee's proceedings.
PERSONAL DATA PROTECTION SUPERVISION
Article 24
1. Each Member State shall designate a national supervisory authority or authorities responsible for personal data protection to carry out independent supervision of such data included in the Customs Information System.
The supervisory authorities, in accordance with their respective national laws, shall carry out independent supervision and checks, to ensure that the processing and use of data held in the Customs Information System do not violate the rights of the person concerned. For this purpose the supervisory authorities shall have access to the Customs Information System.
2. Any person may ask any national supervisory authority to check personal data relating to himself on the Customs Information System and the use which has been or is being made of those data. That right shall be governed by the laws, regulations and procedures of the Member State in which the request is made. If the data have been included by another Member State, the check shall be carried out in close coordination with that Member State's national supervisory authority.
1. A Joint Supervisory Authority shall be set up, consisting of two representatives from each Member State drawn from the respective independent national supervisory authority or authorities.
2. The Joint Supervisory Authority shall perform its task in accordance with the provisions of this Decision and of the 1981 Strasbourg Convention taking into account Recommendation R (87) 15.
3. The Joint Supervisory Authority shall be competent to supervise operation of the Customs Information System, to examine any difficulties of application or interpretation which may arise during its operation, to study problems which may arise with regard to the exercise of independent supervision by the national supervisory authorities of the Member States, or in the exercise of rights of access by individuals to the System, and to draw up proposals for the purpose of finding joint solutions to problems.
4. For the purpose of fulfilling its responsibilities, the Joint Supervisory Authority shall have access to the Customs Information System.
5. Reports drawn up by the Joint Supervisory Authority shall be forwarded to the authorities to which the national supervisory authorities submit their reports.
SECURITY OF THE CUSTOMS INFORMATION SYSTEM
Article 26
1. All necessary administrative measures to maintain security shall be taken:
| (a) | by the competent authorities of the Member States in respect of the terminals of the Customs Information System in their respective States; |
| (b) | by the Committee referred to in Article 23 in respect of the Customs Information System and the terminals located on the same premises as the System and used for technical purposes and the checks required by paragraph 3 of this Article. |
2. In particular the competent authorities and the committee referred to in Article 23 shall take measures:
| (a) | to prevent any unauthorised person from having access to installations used for the processing of data; |
| (b) | to prevent data and data media from being read, copied, modified or removed by unauthorised persons; |
| (c) | to prevent the unauthorised entry of data and any unauthorised consultation, modification, or deletion of data; |
| (d) | to prevent data in the Customs Information System from being accessed by unauthorised persons by means of data transmission equipment; |
| (e) | to guarantee that, with respect to the use of the Customs Information System, authorised persons have right of access only to data for which they have competence; |
| (f) | to guarantee that it is possible to check and establish to which authorities data may be transmitted by data-transmission equipment; |
| (g) | to guarantee that it is possible to check and establish a posteriori what data have been entered in the Customs Information System, when and by whom, and to monitor searches; |
| (h) | to prevent the unauthorised reading, copying, modification or deletion of data during the transmission of data and the transport of data media. |
3. The Committee referred to in Article 23 shall monitor interrogation of the Customs Information System for the purpose of checking that searches made were admissible and were made by authorised users. At least 1 % of all searches made shall be checked. A record of such searches and checks shall be maintained in the System and shall be used only for the abovementioned purpose by the said Committee and the supervisory authorities referred to in Articles 24 and 25. It shall be deleted after six months.
The competent customs administration referred to in Article 10(1) shall be responsible for the security measures set out in Article 26, in relation to the terminals located in the territory of the Member State concerned, the review functions set out in Article 14(1) and (2) and Article 18, and otherwise for the proper implementation of this Decision so far as is necessary under the laws, regulations and procedures of that Member State.
RESPONSIBILITIES AND LIABILITIES
Article 28
1. Each Member State shall be responsible for the accuracy, currency and lawfulness of data it has included in the Customs Information System. Each Member State shall also be responsible for complying with the provisions of Article 5 of the 1981 Strasbourg Convention.
2. Each Member State shall be liable, in accordance with its laws, regulations and procedures, for injury caused to a person through the use of the Customs Information System in the Member State concerned. This shall also be the case where the injury was caused by the supplying Member State entering inaccurate data or entering data contrary to this Decision.
3. If the Member State against which an action in respect of inaccurate data is brought is not the Member State which supplied it, the Member States concerned shall seek agreement as to what proportion, if any, of the sums paid out in compensation shall be reimbursed by the supplying Member State to the other Member State. Any such sums agreed shall be reimbursed on request.
1. Costs relating to the acquisition, study, development and maintenance of central computer infrastructure (hardware), software and dedicated network connections, and to related production, support and training services, which cannot be kept separate from the operation of the Customs Information System for the purpose of applying the customs and agricultural rules of the Community, and costs relating to the use of the Customs Information System by the Member States in their territories shall be borne by the general budget of the European Communities.
2. Other expenditure incurred in the implementation of this Decision shall be borne by the Member States. Each Member State's share shall be determined according to the proportion of its gross national product to the sum total of the gross national products of the Member States for the year preceding the year in which the costs are incurred.
For the purpose of applying this paragraph, the expression ‘gross national product’ means the gross national product determined in accordance with Council Directive 89/130/EEC, Euratom of 13 February 1989 on the harmonisation of the compilation of gross national product at market prices (7) or any Community instrument amending or replacing it.
IMPLEMENTATION AND FINAL PROVISIONS
Article 30
The information provided for under this Decision shall be exchanged directly between the authorities of the Member States.
The Member States shall ensure that their national law conforms to this Decision by … (6).
This Decision replaces the Convention on the use of information technology for customs purposes, as well as the Protocol of 12 March 1999 on the scope of the laundering of proceeds in the Convention on the use of information technology for customs purposes and the inclusion of the registration number of the means of transport in the Convention (8) (hereinafter referred to as the ‘protocol on the scope of the laundering of proceeds’) and the Protocol of 8 May 2003 established in accordance with Article 34 of the Treaty on European Union, amending, as regards the creation of a customs files identification database, the Convention on the use of information technology for customs purposes (9) (hereinafter referred to as the ‘Protocol on the creation of a customs files identification database’), with effect from … (6).
Unless otherwise provided in this Decision, measures implementing the Convention on the use of information technology for customs purposes and the respective protocols on the scope of the laundering of proceeds and on the creation of a customs files identification database shall be repealed with effect from … (6).
Any dispute between Member States on the interpretation or application of this Decision shall, in an initial stage, be examined by the Council in accordance with the procedure set out in Title VI of the Treaty on European Union with a view to reaching a solution.
If no solution is found within six months, the matter may be referred to the Court of Justice of the European Communities by a party to the dispute.
1. This Decision shall take effect on the twentieth day following its publication in the Official Journal of the European Union.
Done at
For the Council
The President
(1) Opinion of … (not yet published in the Official Journal).
(2) OJ L 218, 13.8.2008, p. 48.
(3) OJ C 316, 27.11.1995, p. 33.
(4) OJ …
(5) OJ L 63, 6.3.2002, p. 1.
(6) Date of application of this Decision.
(7) OJ L 49, 21.2.1989, p. 26.
(8) OJ C 91, 31.3.1999, p. 2.
(9) OJ C 139, 13.6.2003, p. 2.