Considerations on COM(2021)756 - Collaboration platform to support the functioning of Joint Investigation Teams - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2021)756 - Collaboration platform to support the functioning of Joint Investigation Teams. |
---|---|
document | COM(2021)756 |
date | May 10, 2023 |
(2) That is especially challenging where crime takes a cross-border dimension on the territory of several Member States and/or third countries. In such situations, Member States need to be able to join their forces and operations to allow for effective and efficient cross-border investigations and prosecutions for which the exchange of information and evidence is crucial. One of the most successful tools for such cross-border cooperation are Joint Investigation Teams (‘JITs’) that allow for direct cooperation and communication between the judicial and law enforcement authorities of several Member States and possibly third countries to organise their actions and investigations in the most efficient way. JITs are set up for a specific purpose and a limited time-period by the competent authorities of two or more Member States and possibly third countries, to carry out jointly criminal investigations with a cross-border impact.
(3) The Union aquis provides for two legal frameworks to set up JITs with the participation of at least two Member States: Council Framework Decision 2002/465/JHA 19 and Article 13 of the Convention established by the Council in accordance with Article 34 of the Treaty on European Union on Mutual Assistance in Criminal Matters between the Member States of the European Union 20 . Third countries can be involved in JITs as parties where there is a legal basis for such involvement, such as Article 20 of the Second Additional Protocol of the 1959 Council of Europe Convention 21 and Article 5 of the Agreement on Mutual Legal Assistance between the European Union and the United States of America 22 .
(4) The existing legal frameworks at Union level do not set out how the entities participating in JITs exchange information and communicate. Those entities reach an agreement on such exchange and communication on the basis of the needs and available means. However, there is a lack of dedicated secure and effective channel to which all participants could have recourse and through which they could promptly exchange large volumes of information and evidence or allow for secure and effective communication. Furthermore, there is no system that would support daily management of JITs, including the traceability of evidence exchanged among the participants.
(5) In light of the increasing possibilities of crime infiltrating Information Technology (IT) systems, the current state of play could hamper the effectiveness and efficiency of cross-border investigations, as well as jeopardise and slow down such investigations and prosecutions, making them more costly. The judiciary and law enforcement in particular need to ensure that their systems are as safe as possible and that all JIT members can connect and interact easily, independently of their national systems.
(6) The speed and efficiency of the exchanges between the entities participating in JITs could be considerably enhanced by creating a dedicated IT platform to support their functioning. Therefore it is necessary to lay down rules establishing a centralised IT platform (‘JITs collaboration platform’) at Union level to help JITs collaborate, securely communicate and share information and evidence.
(7) The JITs collaboration platform should only be used where one of the Union legal bases is, among others, a legal basis for the JIT. For all JITs based solely on international legal bases, the platform, financed by the Union budget and developed on basis of Union legislation, should not be used. However, where a third country is part of a JIT agreement that lists one of the Union legal bases besides an international one, its competent authorities should be considered JIT members.
(8) The use of the JITs collaboration platform should be on a voluntary basis. However, in view of its added value for cross-border investigations its use is strongly encouraged. The use or non-use of the JITs collaboration platform should not prejudice or affect the legality of other forms of communication or exchange of information and should not change the way the JITs are set up, organised or function. The establishment of the JITs collaboration platform should not impact the underlying legal bases for JITs nor the applicable national procedural legislation regarding the collection and use of the obtained evidence. The platform should only provide a secure IT tool to improve the cooperation and the effectiveness of the JITs.
(9) The JITs collaboration platform should cover the operational and post-operational phases of a JIT, starting from the moment the relevant JIT agreement is signed by its members, and finishing once the JIT evaluation is over. Due to the fact that the actors participating in the JIT set-up process are different from the actors who are members of JIT once it is established, the process of setting up a JIT, especially the negotiation of the content and the signature of the JIT agreement, should not be managed by the JITs collaboration platform. However, following a need for an electronic tool to support the process of signing up a JIT, the Commission should consider covering that process by the e-Evidence Digital Exchange System (eEDES).
(10) For each JIT making use of the JITs collaboration platform, the JIT members should be encouraged to conduct an evaluation of the JIT, either during the operational phase of the JIT or following its closure, using the tools provided for by the JITs collaboration platform.
(11) The JIT agreement should be a prerequisite for the use of the JITs collaboration platform. The content of all future JIT agreements should be adapted to take into account the relevant provisions of this Regulation.
(12) From an operational perspective, the JITs collaboration platform should be composed of isolated JIT collaboration spaces created for each individual JIT hosted by the platform.
(13) From a technical perspective, the JITs collaboration platform should be accessible via a secure connection over the internet and should be composed of a centralised information system, accessible through a web portal, communication software for mobile and desktop devices, and a connection between the centralised information system and relevant IT tools, supporting the functioning of JITs and managed by the JIT Secretariat.
(14) The purpose of the JITs collaboration platform should be to facilitate the daily coordination and management of a JIT, ensure the exchange and temporary storage of operational information and evidence, provide secure communication, provide for evidence traceability and support the process of the evaluation of a JIT. All entities participating in JITs should be encouraged to use all functionalities of the JITs collaboration platform and to replace as much as possible the communication and data exchange channels which are currently used.
(15) The JITs collaboration platform complements existing tools allowing for secure exchange of data among judicial authorities and law enforcement, such as the Secure Information Exchange Network Application (SIENA).
(16) Communication-related functionalities of the JITs collaboration platform should be provided by a software allowing for non-traceable communication stored locally at the devices of the users.
(17) A proper functionality allowing to exchange operational information and evidence, including large files, should be ensured through an upload/download mechanism designed to store the data centrally only for the limited period of time necessary for the technical transfer of the data. As soon as the data is downloaded by all addresses, it should be automatically deleted from the JITs collaboration platform.
(18) Given its experience with managing large-scale systems in the area of justice and home affairs, the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) established by Regulation (EU) 2018/1726 of the European Parliament and of the Council 23 should be entrusted with the task of designing, developing and operating the JITs collaboration platform making use of the existing functionalities of SIENA and other functionalities at Europol to ensure complementarity and interoperability. Therefore, its mandate should be amended to reflect those new tasks and it should be provided with the appropriate funding and staffing to meet its responsibilities under this Regulation. In that regard, rules should be established on the responsibilities of eu-LISA, as the Agency entrusted with the development, technical operation and maintenance of the JITs collaboration platform.
(19) When designing the JITs collaboration platform, eu-LISA should ensure technical interoperability with SIENA.
(20) Since the establishment of the Network of National Experts on Joint Investigation Teams (the ‘JITs Network’) in accordance with Council Document 11037/05 24 , the JIT Secretariat supports the work of the JITs Network by organising annual meetings, trainings, collecting and analysing the JIT evaluation reports and managing the Eurojust’s JIT funding programme. Since 2011, the JIT Secretariat is hosted by Eurojust as a separate unit. To allow the JIT Secretariat to support users in the practical application of the JITs collaboration platform, as well as to provide technical and administrative support to JIT space administrators, Eurojust should be provided with appropriate staff allocated to the JIT Secretariat.
(21) Given the currently existing IT tools supporting operations of JITs, which are hosted at Eurojust and managed by the JIT Secretariat, it is necessary to connect the JITs collaboration platform with those IT tools, in order to facilitate the management of JITs. To that end, Eurojust should ensure the necessary technical adaptation of its systems in order to establish such connection. Eurojust should be provided with the appropriate funding and staffing to meet its responsibilities in that regard.
(22) In order to ensure a clear allocation of rights and tasks, rules should be established on the responsibilities of Member States, Eurojust, Europol, the European Public Prosecutor’s Office, the European Anti-Fraud Office (OLAF) and other competent Union bodies, offices and agencies, including the conditions, under which they may use the JITs collaboration platform for operative purposes.
(23) This Regulation sets out the details about the mandate, composition and organisational aspects of a Programme Management Board which should be set up by the Management Board of eu-LISA. The Programme Management Board should ensure the adequate management of the design and development phase of the JITs collaboration platform. It is also necessary to set out the details of the mandate, composition and organisation aspects of an Advisory Group to be established by eu-LISA in order to obtain expertise related to the JITs collaboration platform, in particular in the context of preparation of its annual work programme and its annual activity report.
(24) This Regulation establishes rules on access to the JITs collaboration platform and the necessary safeguards. The JIT space administrator or administrators should be entrusted with the management of the access rights to the individual JIT collaboration spaces. They should be in charge of granting access, during the operational and post-operational phases of the JIT, to JITs collaboration platform users. JIT space administrators should be able to transfer their role to the JIT secretariat.
(25) Bearing in mind the sensitivity of the operational data exchanged among the JITs collaboration platform users, the JITs collaboration platform should guarantee a high level of security. eu-LISA should take all necessary technical and organisational measures in order to ensure the security of the exchange of data by using strong end-to-end encryption algorithms to encrypt data in transit or at rest.
(26) This Regulation establishes rules on the liability of Member States, eu-LISA, Eurojust, Europol, the European Public Prosecutor’s Office, OLAF and other competent Union bodies, offices and agencies, in respect of material or non-material damage occurring as a result of any act incompatible with this Regulation. Concerning third countries, liability clauses in respect of material or non-material damage should be contained in respective JIT agreements.
(27) In addition, this Regulation provides specific data protection provisions, concerning both operational data and non-operational data, needed to supplement the existing data protection arrangements and to provide for an adequate overall level of data protection, data security and protection of the fundamental rights of the persons concerned.
(28) Directive (EU) 2016/680 of the European Parliament and of the Council 25 applies to the processing of personal data by competent national authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security. As regards the processing by Union institutions, bodies, offices and agencies, Regulation (EU) 2018/1725 of the European Parliament and of the Council 26 should apply in the context of this Regulation.
(29) Where appropriate, it should be possible for JIT space administrators to grant access to a JIT collaboration space to third countries which are parties to a JIT agreement. Any transfer of personal data to third countries or international organisations in the context of a JIT agreement is subject to compliance with the provisions set out in Chapter V of Directive (EU) 2016/680. Exchanges of operational data with third countries should be limited to those required to fulfil the purposes of the JIT agreement.
(30) Whenever a third country uploads operational information or evidence to a JIT collaboration space, the JIT space administrator should verify that such information or evidence is provided to fulfil the purposes of the JIT agreement, before it can be downloaded by other users of the platform.
(31) Where a JIT has multiple JIT space administrators, those JIT space administrators should agree among themselves, as soon as the JIT collaboration space including third countries is established, about one of them to be controller of the data uploaded by those third countries.
(32) eu-LISA should ensure that accessing the centralised information system and all data processing operations in the centralised information system are logged for the purposes of monitoring data integrity and security, the lawfulness of the data processing as well as for the purposes of self-monitoring.
(33) This Regulation imposes reporting obligations on eu-LISA regarding the development and functioning of the JITs collaboration platform in light of objectives relating to the planning, technical output, cost-effectiveness, security and quality of service. Furthermore, the Commission should conduct an overall evaluation of the JITs collaboration platform four years after the start of operations of the JITs collaboration platform and every four years thereafter.
(34) Each Member State as well as Eurojust, Europol, the European Public Prosecutor’s Office, OLAF and any other competent Union body, office and agency should bear its own costs arising from their use of the JITs collaboration platform.
(35) In order to establish conditions for the technical development and implementation of the JITs collaboration platform, implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and the Council 27 .
(36) The Commission should determine the date of the start of operations of the JITs collaboration platform once the relevant implementing acts necessary for the technical development of the JITs collaboration platform have been adopted and eu-LISA has carried out a comprehensive test of the JITs collaboration platform, in cooperation with the Member States.
(37) Since the objective of this Regulation, namely to enable the effective and efficient cooperation, communication and exchange of information and evidence among JIT members, Eurojust, Europol, OLAF and other competent Union bodies, offices and agencies, cannot be sufficiently achieved by the Member States, but can rather, by setting out common rules, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union (TEU). In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary to achieve that objective.
(38) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.
(39) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) No 2018/1725 and delivered an opinion on XXXX,