Legislative Observatory
European Parliament
Please fill in this field to find a procedure

EU/Russia agreement: drug precursors

2013/0005(NLE)

Opinion of the European Data Protection Supervisor on the proposal for a Council decision on the conclusion of the Agreement between the European Union and the

Russian Federation on drug precursors.

On 21 January 2013, the Commission adopted a proposal for a Council decision on the conclusion of the Agreement between the European Union and the Russian Federation on drug precursors. The proposal was sent to the EDPS for consultation on the same day. The EDPS had been previously consulted by the Commission. The present Opinion builds on the advice provided at that occasion and on the EDPS Opinion on the amendments to the Regulations on EU internal and external trade in drug precursors (the objective of which is to prevent the diversion from legitimate trade of the substances used to illicitly manufacture narcotic drugs and psychotropic substances).

Data protection: the EDPS welcomes the provisions on the protection of personal data in the text of the agreement and the inclusion in the Annex of data protection principles to be respected by the Parties. The EDPS suggests including an explicit reference to the applicability of EU national laws implementing Directive 95/46/EC to the transfers of personal data by the EU to Russian authorities and to the processing of personal data by EU authorities.

The EDPS also recommends specifying all the categories of personal data that might be exchanged. Furthermore, additional safeguards, such as shorter retention periods and stricter security measures should be included in the agreement or in Annex II for data relating to suspect transactions.

Additional provisions: the EDPS also recommends the inclusion of the following provisions:

·        adding the provisions on ‘data security’ and the specific requirements for processing ‘sensitive data’;

·        specifying the procedures for making effective the principles of ‘transparency’ and ‘rights of access, rectification, erasure and blocking of data’ in the text of the agreement or in the Annex;

·        as regards ‘onward transfers’, it should be added that the competent authorities of the Parties should not transfer personal data to other national recipients unless the recipient provides adequate protection and for the purposes for which the data have been transmitted;

·        as regards the principle of ‘redress’, it should be specified that the term ‘competent authorities’, used in the rest of the agreement in a different context, refers here to authorities competent for the protection of personal data and the supervision of their processing;

·        the relevant authorities and the practical information on existing remedies should be mentioned in the agreement or at least in letters exchanged between the parties or in documents accompanying the agreement;

·        as regards the principle on ‘exceptions to the rights of transparency and direct access’: it should be specified that, in cases where the right of access cannot be granted to data subjects, indirect access through EU national data protection authorities should be provided.

It should also be specified that the data protection supervisory authorities of the Parties should jointly review the implementation of the agreement, either in the framework of the joint follow-up expert group, or as a separate process. In addition, if the independence of the relevant Russian supervisory authority is not sufficiently established, it should be specified that EU national data protection authorities should be involved in the supervision of the implementation of the agreement by Russian authorities. The results of the review should be reported to the European Parliament and to the Council, where needed with full respect of confidentiality. The EDPS also recommends completing Article 12 of the agreement with a clause allowing any Party to suspend or terminate the agreement in the event of a breach of the other Party's obligations under the agreement, including as regards compliance with the data protection principles.