Considerations on COM(2021)757 - Amendment of Regulation 2018/1727 Council Decision 2005/671/JHA, as regards the digital information exchange in terrorism cases - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2021)757 - Amendment of Regulation 2018/1727 Council Decision 2005/671/JHA, as regards the digital information exchange in terrorism ... |
---|---|
document | COM(2021)757 |
date | October 4, 2023 |
(2) Council Decision 2005/671/JHA 33 sets out that in order to combat terrorism it is essential to have the fullest and most up-to-date information possible. It obliges Member States’ competent national authorities to provide Eurojust with information on prosecutions and convictions for terrorist offences, which affect or may affect two or more Member States.
(3) Inconsistencies in the interpretation of Decision 2005/671/JHA cause that information is not shared at the right time, not the appropriate information is shared or information is not shared at all. Eurojust needs to receive sufficient information to identify links between cross-border investigations.
(4) Assisting the competent authorities of the Member States in ensuring the best possible coordination of investigations and prosecutions, including the identification of links, is an important task of Eurojust under Regulation (EU) 2018/1727. It enables Eurojust to take a more proactive approach and provide better services to the Member States, for example suggesting the initiation of investigations, identifying coordination needs, potential cases of ne bis in idem and prosecution gaps.
(5) In September 2019, Eurojust has set up the European Judicial Counter-Terrorism Register based on Decision 2005/671/JHA with the specific objective to identify potential links between judicial proceedings against suspects of terrorist offences and possible coordination needs stemming from these.
(6) As the register has been set up after Regulation (EU) 2018/1727 had already been adopted, the European Judicial Counter-Terrorism Register is neither technically well integrated at Eurojust nor legally well integrated in Regulation (EU) 2018/1727. Therefore, it is necessary to remedy that.
(7) To combat terrorism effectively, efficient exchange of information for investigation or prosecution of terrorist offences between competent authorities and Union agencies is crucial. It is essential to have the most complete and updated information possible. The persistence of the terrorist threat and the complexity of the phenomenon raise the need for an ever greater exchange of information.
(8) As terrorist organisations are increasingly involved in other forms of serious crimes, such as trafficking in human beings, drug trafficking or money laundering, it is also necessary to cross-check judicial proceedings against such serious crimes.
(9) In order to enable Eurojust to identify cross-links between cross-border judicial proceedings against suspects of terrorist offences as well as cross-links between judicial proceedings against suspects of terrorist offences and information processed at Eurojust relating to other cases of serious crimes, it is essential that Eurojust receives sufficient information to enable Eurojust to cross-check this data.
(10) The competent authorities need to know exactly what kind of information they have to transmit to Eurojust, at what stage of the national proceedings and in which cases, in order to provide such data. This is expected to increase the information Eurojust receives significantly.
(11) Directive (EU) 2017/541 of the European Parliament and of the Council 34 is the reference point for national authorities to define terrorist offences as implemented in national law.
(12) For the identification of cross-links between terrorism investigations and judicial proceedings against suspects of terrorist offences, reliable identification data is crucial. Due to the uncertainties regarding alphanumerical data especially for third country nationals, it should be possible to exchange biometric data. Due to the sensitive nature of biometric data and the impact processing of biometric data has on the respect for private and family life and the protection of personal data, as enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union, a strict necessity test should be applied by the competent authorities and Eurojust in each case.
(13) As information about existing cross-links to other judicial proceedings is most useful at an early stage of the investigation, it is necessary that the competent authorities provide information to Eurojust as soon as judicial authorities are involved. If the competent national authorities are already aware of cross-links, they should inform Eurojust accordingly.
(14) In order to ensure the accuracy of the data in the European Judicial Counter-Terrorism Register, to identify cross-links early and to ensure time limits are respected, the competent national authorities should update the information provided regularly. Such updates should include new information relating to the person under investigation, judicial decisions such as pre-trial detention or opening of the court proceedings and judicial cooperation requests or identified links with other jurisdictions.
(15) Given the sensitive nature of judicial proceedings against suspects of terrorist offences, it is not always possible for the competent national authorities to share the information on terrorist offences at the earliest stage. Such derogations from the obligation to provide information should remain an exception.
(16) For the purposes of exchanging and processing sensitive data between competent national authorities and Eurojust for protecting such data against unauthorised disclosure and cyber attacks, and without prejudice to future technological developments, secure communication channels, such as the secure communication connections referred to in Article 9 of Council Decision 2008/976/JHA 35 or the decentralised IT system as defined in Regulation (EU) […/…] of the European Parliament and of the Council 36 [Regulation on the digitalisation of judicial cooperation] should be used. In order to exchange data securely and protect the integrity of the communication and data exchange, the case management system should be connected to such secure communication systems and meet high cybersecurity standards.
(17) In order to ensure uniform conditions for the implementation of this Regulation as regards the establishment and use of the decentralised IT system for the cases not covered by Regulation (EU) […/…] of the European Parliament and of the Council 37 [Regulation on the digitalisation of judicial cooperation], implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council 38 .
(18) The transmission of unstructured data makes manual intervention necessary, creates additional administrative burden, and reduces the quality of the results of cross-checking. Therefore, national competent authorities should transmit the data in a structured manner while respecting minimal interoperability requirements as defined in the European Interoperability Framework 39 . In addition, the transfer of data should be automated as much as possible to lessen the administrative burden of national authorities and to ensure the necessary data is provided regularly and quickly.
(19) A modernized case management system is necessary for Eurojust to process the sensitive personal data securely. The new system needs to integrate and enable the functionalities of the European Judicial Counter-Terrorism Register and improve the capacities of Eurojust regarding link detection.
(20) It is important to maintain the control and responsibility of the national members for the data, which they receive from the national competent authorities. No operational personal data should be shared with another Member State by default. Operational personal data should only be shared in as far as national competent authorities authorise the exchange of data. In order to digitalise and speed up the follow up on potential links while ensuring full control over the data, handling codes should be introduced.
(21) Terrorist activities often affect two or more Member States. Terrorism already had a strong transnational component in the past. However, with the use and availability of electronic communication, transnational collaboration between terrorist offenders has increased significantly. Therefore, terrorist offences should be considered per se transnational in their nature, if the specific circumstances of the case do not clearly indicate a purely national character.
(22) Investigations and prosecutions in terrorism cases are often impeded by the lack of information exchange between national investigation and prosecution authorities. In order to be able to cross check new terrorist investigations also with previous investigations and establish potential links, it is necessary to store the data on any previous investigations, not only on convictions and to extend the time limits for storing data in the European Judicial Counter-Terrorism Register. However, it is necessary to ensure that such data is processed for prosecution purposes only. The information may not be used for anything else but identifying links with ongoing investigations and prosecutions and for the support of those investigations and prosecutions.
(23) Eurojust has concluded twelve cooperation agreements with third countries, which allow for the transfer of operational personal data and the secondment of a third country liaison prosecutor to Eurojust. Moreover, the Trade and Cooperation Agreement between the European Union and the United Kingdom 40 allows for the secondment of a liaison prosecutor. In March 2021, the Council gave the Commission a mandate 41 to negotiate further cooperation agreements on the cooperation between Eurojust and thirteen further third states.
(24) While Regulation (EU) 2018/1727 provides a legal basis for the cooperation and exchange of data with third countries, it does not contain any rules on the formal and technical aspects of the cooperation with third country liaison prosecutors seconded to Eurojust, in particular their access to the case management system. In the interest of legal certainty, Regulation (EU) 2018/1727 should provide an explicit legal basis for the cooperation between Eurojust and the third country liaison prosecutors and their access to the Eurojust case management system. Eurojust should ensure adequate safeguards and security measures for the protection of data and fundamental rights through the technical setup and internal rules.
(25) In the interest of clarity, the relationship between the exchange of information between national competent authorities on terrorism cases with Eurojust under Decision 2005/671/JHA and Regulation (EU) 2018/1727 should be clarified. Therefore, the relevant provisions should be deleted from Decision 2005/671/JHA and be added to Regulation (EU) 2018/1727.
(26) While some Member States’ competent national authorities are already connected to secure telecommunication connection as referred to in Article 9 of Council Decision 2008/976/JHA 42 , many competent authorities are not yet connected to secure telecommunication connection or secure communication channels. In order to ensure that the Member States have sufficient time to provide such a connection for the competent authorities, a transitional period for implementation should be granted.
(27) [In accordance with Articles 1, 2 and 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.] OR [In accordance with Article 3 and Article 4a(1) of Protocol No 21 on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Ireland has notified [, by letter of …,] its wish to take part in the adoption and application of this Regulation.]
(28) In accordance with Articles 1 and 2 of Protocol No 22 on the Position of Denmark annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application.
(29) The European Data Protection Supervisor was consulted in accordance with Article 42 of Regulation (EU) 2018/1725 and delivered an opinion on XX/XX 20XX.