Considerations on COM(2021)782 - Information exchange between law enforcement authorities of Member States

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
 
(1) Transnational threats involving criminal activities call for a coordinated, targeted and adapted response. While national authorities operating on the ground are on the frontline in the fight against organised crime and terrorism, action at Union level is paramount to ensure efficient and effective cooperation, including as regards the exchange of information. Furthermore, organised crime and terrorism, in particular, are emblematic of the link between internal and external security. Those threats spread across borders and manifest themselves in organised crime and terrorist groups that engage in a wide range of criminal activities.

(2) In an area without internal border controls, police officers in one Member State should have, within the framework of the applicable Union and national law, the possibility to obtain equivalent access to the information available to their colleagues in another Member State. In this regard, law enforcement authorities should cooperate effectively and by default across the Union. Therefore, an essential component of the measures that underpin public security in an interdependent area without internal border controls is police cooperation on the exchange of relevant information for law enforcement purposes. Exchange of information on crime and criminal activities, including terrorism, serves the overall objective of protecting the security of natural persons.

(3) Exchange of information between Member States for the purposes of preventing and detecting criminal offences is regulated by the Convention Implementing the Schengen Agreement of 14 June 1985 47 , adopted on 19 June 1990, notably in its Articles 39 and 46. Council Framework Decision 2006/960/JHA 48 partially replaced those provisions and introduced new rules for the exchange of information and intelligence between Member States' law enforcement authorities.

(4) Evaluations, including those carried under Council Regulation (EU) 1053/2013 49 , indicated that Framework Decision 2006/960/JHA is not sufficiently clear and does not ensure adequate and rapid exchange of relevant information between Member States. Evaluations also indicated that that Framework Decision is scarcely used in practice, in part due to the lack of clarity experienced in practice between the scope of the Convention Implementing the Schengen Agreement and of that Framework Decision. 

(5) Therefore, the existing legal framework consisting of the relevant provisions of the Convention Implementing the Schengen Agreement and Framework Decision 2006/960/JHA should be updated and replaced, so as to facilitate and ensure, through the establishment of clear and harmonised rules, the adequate and rapid exchange of information between the competent law enforcement authorities of different Member States.

(6) In particular, the discrepancies between the relevant provisions of the Convention Implementing the Schengen Agreement and Framework Decision 2006/960/JHA should be addressed by covering information exchanges for the purpose of preventing, detecting or investigating criminal offences, thereby fully superseding, insofar as such exchanges are concerned, Articles 39 and 46 of that Convention and hence providing the necessary legal certainty. In addition, the relevant rules should be simplified and clarified, so as to facilitate their effective application in practice.

(7) It is necessary to lay down rules governing the cross-cutting aspects of such information exchange between Member States. The rules of this Directive should not affect the application of rules of Union law on specific systems or frameworks for such exchanges, such as under Regulations (EU) 2018/1860 50 , (EU) 2018/1861 51 , (EU) 2018/1862 52 , and (EU) 2016/794 53  of the European Parliament and of the Council, Directives (EU) 2016/681 54 and 2019/1153 55 of the European Parliament and of the Council, and Council Decisions 2008/615/JHA 56 and 2008/616/JHA 57 .

(8) This Directive does not govern the provision and use of information as evidence in judicial proceedings. In particular, it should not be understood as establishing a right to use the information provided under this Directive as evidence and, consequently, it leaves unaffected any requirement provided for in the applicable law to obtain the consent from the Member State providing the information for such use. This Directive leaves acts of Union law on evidence, such as Regulation (EU) …/… 58 [on European Production and Preservation Orders for electronic evidence in criminal matters] and Directive (EU) …/… 59 [laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings], unaffected.

(9) All exchanges of information under this Directive should be subject to three general principles, namely those of availability, equivalent access and confidentiality. While those principles are without prejudice to the more specific provisions of this Directive, they should guide its interpretation and application where relevant. For example, the principle of availability should be understood as indicating that relevant information available to the Single Point of Contact or the law enforcement authorities of one Member State should also be available, to the largest extent possible, to those of other Member States. However, the principle should not affect the application, where justified, of specific provisions of this Directive restricting the availability of information, such as those on the grounds for refusal of requests for information and judicial authorisation. In addition, pursuant to the principle of equivalent access, the access of the Single Point of Contact and the law enforcement authorities of other Member States to relevant information should be substantially the same as, and thus be neither stricter nor less strict than, the access of those of one and the same Member State, subject to the Directive’s more specific provisions.

(10) In order to achieve the objective to facilitate and ensure the adequate and rapid exchange of information between Member States, provision should be made for obtaining such information by addressing a request for information to the Single Point of Contact of the other Member State concerned, in accordance with certain clear, simplified and harmonised requirements. Concerning the content of such requests for information, it should in particular be specified, in an exhaustive and sufficiently detailed manner and without prejudice to the need for a case-by-case assessment, when they are to be considered as urgent and which explanations they are to contain as minimum.

(11) Whilst the Single Points of Contact of each Member State should in any event have the possibility to submit requests for information to the Single Point of Contact of another Member State, in the interest of flexibility, Member States should be allowed to decide that, in addition, their law enforcement authorities may also submit such requests. In order for Single Points of Contact to be able to perform their coordinating functions under this Directive, it is however necessary that, where a Member State takes such a decision, its Single Point of Contact is made aware of all such outgoing requests, as well as of any communications relating thereto, by always being put in copy.

(12) Time limits are necessary to ensure rapid processing of requests for information submitted to a Single Point of Contact. Such time limits should be clear and proportionate and take into account whether the request for information is urgent and whether a prior judicial authorisation is required. In order to ensure compliance with the applicable time limits whilst nonetheless allowing for a degree of flexibility where objectively justified, it is necessary to allow, on an exceptional basis, for deviations only where, and in as far as, the competent judicial authority of the requested Member State needs additional time to decide on granting the necessary judicial authorisation. Such a need could arise, for example, because of the broad scope or the complexity of the matters raised by the request for information.

(13) In exceptional cases, it may be objectively justified for a Member State to refuse a request for information submitted to a Single Point of Contact. In order to ensure the effective functioning of the system created by this Directive, those cases should be exhaustively specified and interpreted restrictively. When only parts of the information concerned by such a request for information relate to the reasons for refusing the request, the remaining information is to be provided within the time limits set by this Directive. Provision should be made for the possibility to ask for clarifications, which should suspend the applicable time limits. However, such possibility should only exist where the clarifications are objectively necessary and proportionate, in that the request for information would otherwise have to be refused for one of the reasons listed in this Directive. In the interest of effective cooperation, it should remain possible to request necessary clarifications also in other situations, without this however leading to suspension of the time limits.   

(14) In order to allow for the necessary flexibility in view of operational needs that may vary in practice, provision should be made for two other means of exchanging information, in addition to requests for information submitted to the Single Points of Contact. The first one is the spontaneous provision of information, that is, on the own initiative of either the Single Point of Contact or the law enforcement authorities without a prior request. The second one is the provision of information upon requests for information submitted either by Single Points of Contact or by law enforcement authorities not to the Single Point of Contact, but rather directly to the law enforcement authorities of another Member State. In respect of both means, only a limited number of minimum requirements should be set, in particular on keeping the Single Points of Contact informed and, as regards own-initiative provision of information, the situations in which information is to be provided and the language to be used.

(15) The requirement of a prior judicial authorisation for the provision of information can be an important safeguard. The Member States' legal systems are different in this respect and this Directive should not be understood as affecting such requirements established under national law, other than subjecting them to the condition that domestic exchanges and exchanges between Member States are treated in an equivalent manner, both on the substance and procedurally. Furthermore, in order to keep any delays and complications relating to the application of such a requirement to a minimum, the Single Point of Contact or the law enforcement authorities, as applicable, of the Member State of the competent judicial authority should take all practical and legal steps, where relevant in cooperation with the Single Point of Contact or the law enforcement authority of another Member State that requested the information, to obtain the judicial authorisation as soon as possible.

(16) It is particularly important that the protection of personal data, in accordance with Union law, is ensured in connection to all exchanges of information under this Directive. To that aim, the rules of this Directive should be aligned with Directive (EU) 2016/680 of the European Parliament and of the Council 60 . In particular, it should be specified that any personal data exchanged by Single Points of Contacts and law enforcement authorities is to remain limited to the categories of data listed in Section B point 2, of Annex II to Regulation (EU) 2016/794 of the European Parliament and of the Council 61 . Furthermore, as far as possible, any such personal data should be distinguished according to their degree of accuracy and reliability, whereby facts should be distinguished from personal assessments, in order to ensure both the protection of individuals and the quality and reliability of the information exchanged. If it appears that the personal data are incorrect, they should be rectified or erased without delay. Such rectification or erasure, as well as any other processing of personal data in connection to the activities under this Directive, should be carried out in compliance with the applicable rules of Union law, in particular Directive (EU) 2016/680 and Regulation (EU) 2016/679 of the European Parliament and of the Council 62 , which rules this Directive leaves unaffected.

(17) In order to allow for adequate and rapid provision of information by Single Points of Contact, either upon request or on their own initiative, it is important that the relevant officials of the Member States concerned understand each other. Language barriers often hamper the cross-border exchange of information. For this reason, rules should be established on the use of languages in which requests for information submitted to the Single Points of Contact, the information to be provided by Single Points of Contact as well as any other communications relating thereto, such as on refusals and clarifications, are to be provided. Those rules should strike a balance between, on the one hand, respecting the linguistic diversity within the Union and keeping costs of translation as limited as possible and, on the other hand, operational needs associated with adequate and rapid exchanges of information across borders. Therefore, Member States should establish a list containing one or more official languages of the Union of their choice, but containing also one language that is broadly understood and used in practice, namely, English. 

(18) The further development of the European Union Agency for Law Enforcement Cooperation (Europol) as the Union’s criminal information hub is a priority. That is why, when information or any related communications are exchanged, irrespective of whether that is done pursuant to a request for information submitted to a Single Point of Contact or law enforcement authority, or on their own-imitative, a copy should be sent to Europol, however only insofar as it concerns offences falling within the scope of the objectives of Europol. In practice, this can be done through the ticking by default of the corresponding SIENA box. 

(19) The proliferation of communication channels used for the transmission of law enforcement information between Member States and of communications relating thereto should be remedied, as it hinders the adequate and rapid exchange of such information. Therefore, the use of the secure information exchange network application called SIENA, managed by Europol in accordance with Regulation (EU) 2016/794, should be made mandatory for all such transmissions and communications under this Directive, including the sending of requests for information submitted to Single Points of Contact and directly to law enforcement authorities, the provision of information upon such requests and on their own initiative, communications on refusals and clarifications, as well as copies to Single Points of Contact and Europol. To that aim, all Single Points of Contact, as well as all law enforcement authorities that may be involved in such exchanges, should be directly connected to SIENA. In this regard, a transition period should be provided for, however, in order to allow for the full roll-out of SIENA.

(20) In order to simplify, facilitate and better manage information flows, Member States should each establish or designate one Single Point of Contact competent for coordinating information exchanges under this Directive. The Single Points of Contact should, in particular, contribute to mitigating the fragmentation of the law enforcement authorities' landscape, specifically in relation to information flows, in response to the growing need to jointly tackle cross-border crime, such as drug trafficking and terrorism. For the Single Points of Contact to be able to effectively fulfil their coordinating functions in respect of the cross-border exchange of information for law enforcement purposes under this Directive, they should be assigned a number of specific, minimum tasks and also have certain minimum capabilities.

(21) Those capabilities of the Single Points of Contact should include having access to all information available within its own Member State, including by having user-friendly access to all relevant Union and international databases and platforms, in accordance with the modalities specified in the applicable Union and national law. In order to be able to meet the requirements of this Directive, especially those on the time limits, the Single Points of Contact should be provided with adequate resources, including adequate translation capabilities, and function around the clock. In that regard, having a front desk that is able to screen, process and channel incoming requests for information may increase their efficiency and effectiveness. Those capabilities should also include having at their disposition, at all times, judicial authorities competent to grant necessary judicial authorisations. In practice, this can be done, for example, by ensuring the physical presence or the functional availability of such judicial authorities, either within the premises of the Single Point of Contact or directly available on call.

(22) In order for them to be able to effectively perform their coordinating functions under this Directive, the Single Points of Contact should be composed of representatives of national law enforcement authorities whose involvement is necessary for the adequate and rapid exchange of information under this Directive. While it is for each Member State to decide on the precise organisation and composition needed to meet that requirement, such representatives may include police, customs and other law enforcement authorities competent for preventing, detecting or investigating criminal offences, as well as possible contact points for the regional and bilateral offices, such as liaison officers and attachés seconded or posted in other Member States and relevant Union law enforcement agencies, such as Europol. However, in the interest of effective coordination, at minimum, the Single Points of Contact should be composed of representatives of the Europol national unit, the SIRENE Bureau, the passenger information unit and the Interpol National Central Bureau, as established under the relevant legislation and notwithstanding this Directive not being applicable to information exchanges specifically regulated by such Union legislation.

(23) The deployment and operation of an electronic single Case Management System having certain minimum functions and capabilities by the Single Points of Contact is necessary to allow them to carry out their tasks under this Directive in an effective and efficient manner, in particular as regards information management.

(24) To enable the necessary monitoring and evaluation of the application of this Directive, Member States should be required to collect and annually provide to the Commission certain data. This requirement is necessary, in particular, to remedy the lack of comparable data quantifying relevant information exchanges and also facilitates the reporting obligation of the Commission.

(25) The cross-border nature of crime and terrorism requires Member States to rely on one another to tackle such criminal offences. Adequate and rapid information flows between relevant law enforcement authorities and to Europol cannot be sufficiently achieved by the Member States acting alone. Due to the scale and effects of the action, this can be better achieved at Union level through the establishment of common rules on the exchange of information. Thus, the Union may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

(26) In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Directive and is not bound by it or subject to its application. Given that this Directive builds upon the Schengen acquis, Denmark should, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Directive whether it will implement it in its national law.

(27) This Directive constitutes a development of the provisions of the Schengen acquis in which Ireland takes part, in accordance with Council Decision 2002/192/EC 63 ; Ireland is therefore taking part in the adoption of this Directive and is bound by it.

(28) As regards Iceland and Norway, this Directive constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latter's association with the implementation, application and development of the Schengen acquis 64  which fall within the area referred to in Article 1, point H of Council Decision 1999/437/EC 65 .

(29) As regards Switzerland, this Directive constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis 66  which fall within the area referred to in Article 1, point H of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/146/EC 67  and with Article 3 of Council Decision 2008/149/JHA 68 .

(30) As regards Liechtenstein, this Directive constitutes a development of the provisions of the Schengen acquis within the meaning of the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis 69  which fall within the area referred to in Article 1, point H of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2011/350/EU 70  and with Article 3 of Council Decision 2011/349/EU 71 .