Legislative Observatory
European Parliament
Please fill in this field to find a procedure

Mutual assistance and cooperation between the administrative authorities of the Member States and the Commission concerning the application of the law on customs and agricultural matters

2006/0290(COD)

Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council amending Council Regulation (EC) No 515/97 on mutual assistance between administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters.

The EDPS welcomes being consulted on the proposal, which foresees the creation or updating of various systems containing personal data: European Data Directory, Custom Information System (CIS) and Customs Files Identification Database (FIDE) in order to strengthen the cooperation and information exchanges both between Member States and between them and the Commission.

The creation and upgrading of the various instruments intended to strengthen Community cooperation, i.e. CIS, FIDES and the European Data Directory, entail an increase in the share of personal information that will be originally collected and further exchanged with Member States' administrative authorities and, in some cases, also with third countries. From this perspective, the proposal has important effects as far as the protection of personal data is concerned.

1) On the substance, the EDPS concludes:

- the proposal does not provide sufficient arguments supporting the need for the creation of the European Data Directory. The EDPS calls upon the Commission to carry out a proper assessment of the necessity of the creation of the Directory and report about its findings;

- a new paragraph should be inserted in Article 18a.1 recalling the application of Regulation (EC) No 45/2001 to the European Data Directory;

- it should be clarified that national provisions implementing Directive 95/46/EC apply to uses of the European Data Directory carried out by Member States;

- the proposal is silent as far as security measures of the European Data Directory are concerned. The EDPS considers that it would be appropriate to add a new paragraph to Article 18a2 providing for the adoption of complementary administrative rules setting forth specific measures to ensure the confidentiality of the information. In adopting these rules, the EDPS should be consulted;

- the proposal fails to completely recognise the EDPS supervisory role as to the Custom Information

System (CIS). To solve this problem, Article 37.3 should be amended to state that ‘The European Data

Protection Supervisor will supervise CIS compliance with Regulation (EC) No 45/2001’;

- the supervision activities of the national supervisory authorities and the EDPS should be coordinated to a certain extent, in order to ensure a sufficient level of consistency and overall effectiveness in CIS supervision. To this end, the EDPS suggests as a first option including a new section in Article 37, establishing that ‘The EDPS shall convene a meeting with all national supervisory authorities, at least once a year to address CIS related supervision issues. The members of national data protection authorities and EDPS shall be referred to as supervisory authorities’. However, a better solution would be to follow the more developed model recently adopted for the second generation Schengen Information System (SIS II). In line with this approach in each case, Article 43.5 should also be amended as follows: ‘The committee together with the supervisory group shall examine all problems with the operation of the CIS which are encountered by the supervisory authorities referred to in Article 37. The Committee shall meet in its ad hoc formation at least once a year’;

- under Article 36.2, second paragraph concerning access to personal data stored in CIS, ‘access shall be denied during the period when sighting, reporting operations analysis or investigation is ongoing’. To ensure consistency with Regulation (EC) No 45/2001 the EDPS would favour an amendment which would read ‘access may be denied’;

- regarding the procedure to request access, whether access must be requested with the EDPS or with national supervisory authorities, the EDPS considers that the proposed system ex Article 37.2 whereby the competent authority depends on whether the data were included in the CIS by a Member State or the Commission, to be very cumbersome. It would also contradict other articles of the proposal. In order to solve this problem, amendments have been made;

- the EDPS considers that it would be appropriate for Article 41a to recall the application of Regulation (EC) No 45/2001 to the Customs Files Identification Directory (FIDE) and the EDPS supervisory competences to monitor and ensure compliance with the provisions of the Regulation;

- to ensure that personal data not needed is purged from FIDE, the EDPS suggest stipulating that the need for the retention of data shall be reviewed at least annually by the supplying Member State.

2) As to procedure, the EDPS:

- recommends that an explicit reference to this Opinion is made in the preamble of the proposal as follows: ‘After consulting the European Data Protection Supervisor’;

- reminds that, as the processing operations of the European Data Directory, CIS, and FIDE present specific risks to the rights and freedoms of data subject, because of the purpose of the database and the nature of the data, the EDPS must prior check the three systems.