Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
COUNCIL REGULATION (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Articles 43 and 235 thereof,
Having regard to Council Regulation (EEC) No 729/70 of the Council of 21 April 1970 on the financing of the common agricultural policy (1), and in particular Article 8 (3) thereof,
Having regard to the proposal from the Commission (2),
Having regard to the opinion of the European Parliament (3),
Having regard to the opinion of the Economic and Social Committee (4),
Whereas combating fraud in the context of the customs union and the common agricultural policy calls for close cooperation between the administrative authorities responsible in each Member State for the application of provisions adopted in those fields; whereas it also calls for appropriate cooperation between these national authorities and the Commission, which is responsible for ensuring the application of the Treaty and the provisions adopted by virtue thereof; whereas effective cooperation in this field strengthens the protection of the financial interests of the Community;
Whereas rules should therefore be drawn up whereby the Member States' administrative authorities assist each other and cooperate with the Commission in order to guarantee the proper application of customs and agricultural regulations and legal protection for the Community's financial interests, in particular by preventing and investigating breaches of those regulations and by investigating operations which are or appear contrary to those regulations;
Whereas Council Regulation (EEC) No 1468/81 of 19 May 1981 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs or agricultural matters (5) established close cooperation between the said authorities and the Commission; whereas that system has proved effective;
Whereas it is nevertheless necessary, in the light of the experience gained, to replace Regulation (EEC) No 1468/81 in its entirety with the aim of strengthening cooperation both among the administrative authorities of the Member States responsible for the application of the provisions adopted in the field of customs union and the common agricultural policy and between those authorities and the Commission; whereas, to that end, new rules should be laid down at Community level;
Whereas the introduction of Community provisions on mutual assistance between Member States' administrations and their cooperation with the Commission in order to guarantee the proper application of customs or agricultural regulations is without prejudice to the application of the 1967 Convention for mutual assistance between customs administrations in fields which remain the sole province of the Member States; whereas these Community provisions are not such as to affect the application in the Member States of rules on judicial cooperation in criminal cases;
Whereas, furthermore, the general Community rules establishing a system of mutual assistance and cooperation among the administrative authorities of the Member States and between them and the Commission do not apply where they overlap with those laid down by specific regulations, save where the general rules improve or reinforce administrative cooperation; whereas, in particular, the implementation of the customs information system does not in any way affect the Member States' obligations to provide information to the Commission, laid down inter alia under Regulations (EEC, Euratom) No 1552/89 (6) and (EEC) No 595/91 (7), or the established use of fraud information sheets to circulate information of Community interest;
Whereas greater cooperation between the Member States requires the coordination of enquiries and other activities carried out by the bodies concerned; whereas it is therefore essential that the Commission should be given more detailed information concerning such activities by the Member States;
Whereas the Commission must ensure that economic operators are treated equally and that the application by the Member States of the mutual administrative assistance system does not lead to discrimination between economic operators in different Member States;
Whereas it is appropriate to define the Member States' obligations under the mutual administrative assistance system in respect of cases in which representatives of the Member States' national administrations conduct enquiries concerning the application of customs or agricultural legislation with a mandate from, or under the authority of, the legal authorities;
Whereas the powers of national representatives conducting enquiries in other Member States should be defined; whereas provision should also be made for Commission representatives to be present, where justified, at national enquiries concerning mutual administrative assistance, and for their powers to be defined;
Whereas it is necessary for the successful functioning of administrative cooperation that the Commission be informed of information exchanged between Member States and third countries in cases of particular interest for the Community;
Whereas, with a view to securing the rapid and systematic exchange of information forwarded to the Commission, there is a need to set up a computerized customs information system at Community level; whereas in that context sensitive data concerning frauds and irregularities in the customs and agricultural domains should be stored in a central database accessible to the Member States, while ensuring that the confidential nature of the information exchanged, in particular data of a personal nature, is respected; whereas, given the justifiable sensitivity of the issue, there should be clear and transparent rules to protect the freedom of the individual;
Whereas customs authorities have daily to apply both Community and non-Community provisions; whereas it is therefore desirable to have available a single infrastructure for applying these provisions;
Whereas the information exchanged may concern physical persons and this Regulation must therefore implement, in its scope, the principles of protection of persons with regard to processing, by automatic means or otherwise, of personal data; whereas these principles, as set out in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (8) should themselves, in compliance with the terms and conditions of this Directive, be specified and supplemented in this Regulation; whereas pending implementation of the national measures transposing that Directive certain Member States which have no protection rules for personal data exchanged by non-automatic means should be exempted from applying the provisions of this Regulation concerning the non-automatic exchange of data;
Whereas, in order to take part in the Customs Information System, the Member States and the Commission must adopt legislation on the rights and freedoms of individuals with regard to the processing of personal data; whereas, pending implementation of the national measures transposing Directive 95/46/EC, it is important that the Member States and the Commission guarantee a level of protection based on the principles contained in that Directive;
Whereas, in order to ensure that the rights of the persons concerned are sufficiently protected, there needs to be a guarantee of independent supervision of the processing of the personal data in the Customs Information System both a Member State level and in respect of the Commission;
Whereas the Commission, in close cooperation with the Member States, should facilitate the installation and management of computer systems in the Member States;
Whereas the Commission should be notified of legal and administrative proceedings brought for infringements of the law on customs or agricultural matters;
Whereas, with the aim of implementing certain provisions of this Regulation, enabling the installation and functioning of the Customs Information System and examining possible problems in connection with the development of administrative cooperation as provided for in this Regulation, it is necessary to establish a Committee;
Whereas the provisions of this Regulation refer both to the application of the rules of the common agricultural policy and to the application of customs legislation; whereas the system set up under this Regulation constitutes an integral Community entity; whereas, since the provisions of the Treaty specifically covering customs matters do not empower the Community to set up such a system, it is necessary to invoke Article 235,
HAS ADOPTED THIS REGULATION:
Article 1
1. This Regulation lays down the ways in which the administrative authorities responsible for implementation of the legislation on customs and agricultural matters in the Member States shall cooperate with each other and with the Commission in order to ensure compliance with that legislation within the framework of a Community system.
2. The provisions of this Regulation shall not apply where they overlap with the specific provisions of other legislation on mutual assistance between Member States' administrative authorities and cooperation between the latter and the Commission for the application of customs or agricultural legislation.
Article 2
1. For the purposes of this Regulation:
- 'customs legislation` means the body of Community provisions and the associated implementing provisions governing the import, export, transit and presence of goods traded between Member States and third countries, and between Member States in the case of goods that do not have Community status within the meaning of Article 9 (2) of the Treaty or goods subject to additional controls or investigations for the purposes of establishing their Community status,
- 'agricultural legislation` means the body of provisions adopted under the common agricultural policy and the special rules adopted with regard to goods resulting from the processing of agricultural products,
- 'applicant authority` means the competent authority of a Member State which makes a request for assistance,
- 'requested authority` means the competent authority of a Member State to which a request for assistance is made,
- 'administrative enquiry` means all controls, checks and other action taken by the staff of the administrative authorities specified in Article 1 (1) in the performance of their duties with a view to ensuring proper application of customs and agricultural legislation and, where necessary, checking the irregular nature of operations which appear to breach that legislation, except action taken at the request of or under a direct mandate from a judicial authority; the expression 'administrative enquiry` also covers the Community missions referred to in Article 20,
- 'personal data` means all information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity.
2. Each Member State shall communicate to the other Member States and the Commission a list of the competent authorities it has appointed for the purposes of applying this Regulation.
For the purposes of this Regulation 'competent authorities` means the authorities appointed in accordance with the preceding subparagraph.
Article 3
Where national authorities decide, in response to a request for administrative assistance or a communication based on this Regulation, to take action involving measures which may be implemented only with the authorization or at the demand of a judicial authority:
- any information thus obtained concerning the application of customs and agricultural legislation, or at least
- that part of the file required to put a stop to a fraudulent practice,
shall be communicated as part of the administrative cooperation provided for by this Regulation.
However, any such communication must have the prior authorization of the judicial authority if the necessity of such authorization derives from national law.
TITLE I
ASSISTANCE ON REQUEST
Article 4
1. At the request of the applicant authority, the requested authority shall transmit to it any information which may enable it to ensure compliance with the provisions of customs or agricultural legislation, and in particular those concerning:
- the application of customs duties and charges having equivalent effect together with agricultural levies and other charges provided for under the common agricultural policy or the special arrangements applicable to certain goods resulting from the processing of agricultural products,
- operations forming part of the system of financing by the European Agricultural Guidance and Guarantee Fund.
2. In order to obtain the information sought, the requested authority or the administrative authority to which it has recourse shall proceed as though acting on its own account or at the request of another authority in its own country.
Article 5
At the request of the applicant authority, the requested authority shall supply it with any attestation, document or certified true copy of a document in its possession or obtained in the manner referred to in Article 4 (2) which relates to operations covered by customs or agricultural legislation.
Article 6
1. At the request of the applicant authority, the requested authority shall, while observing the rules in force in the Member State in which it is based, notify the addressee or have it notified of all instruments or decisions which emanate from the administrative authorities and concern the application of customs or agricultural legislation.
2. Requests for notification, mentioning the subject of the instrument or decision to be communicated, shall be accompanied by a translation in the official language or an official language of the Member State in which the requested authority is based, without prejudice to the latter's right to waive such a translation.
Article 7
At the request of the applicant authority, the requested authority shall as far as possible keep a special watch or arrange for a special watch to be kept within its operational area:
(a) on persons, and more particularly their movements, where there are reasonable grounds for believing that they are breaching customs or agricultural legislation;
(b) on places where goods are stored in a way that gives grounds to suspect that they are intended to supply operations contrary to customs or agricultural legislation;
(c) on the movements of goods indicated as being the object of potential breaches of customs or agricultural legislation;
(d) on means of transport, where there are reasonable grounds for believing that they are being used to carry out operations in breach of customs or agricultural legislation.
Article 8
At the request of the applicant authority, the requested authority shall make available any information in its possession or obtained in the manner referred to in Article 4 (2), and particularly reports and other documents or certified true copies or extracts thereof, concerning operations detected or planned which constitute, or appear to the applicant authority to constitute, breaches of customs or agricultural legislation or, where applicable, concerning the findings of the special watch carried out pursuant to Article 7.
However, original documents and items shall be provided only where this is not contrary to the legislation in force in the Member State in which the requested authority is based.
Article 9
1. The requested authority shall at the request of the applicant authority carry out, or arrange to have carried out, the appropriate administrative enquiries concerning operations which constitute, or appear to the applicant authority to constitute, breaches of customs or agricultural legislation.
The requested authority or the administrative authority to which it has recourse shall conduct administrative enquiries as though acting on its own account or at the request of another authority in its own country.
The requested authority shall communicate the results of such administrative enquiries to the applicant authority.
2. By agreement between the applicant authority and the requested authority, officials appointed by the applicant authority may be present at the administrative enquiries referred to in paragraph 1.
Administrative enquiries shall at all times be carried out by staff of the requested authority. The applicant authority's staff may not, of their own initiative, assume powers of inspection conferred on officials of the requested authority. They shall, however, have access to the same premises and the same documents as the latter, through their intermediary and for the sole purpose of the administrative enquiry being carried out.
In so far as national provisions on criminal proceedings reserve certain acts to officials specifically designated by national law, the applicant authority's staff shall not take part in such acts. In any event, they shall not participate in particular in searches of premises or the formal questioning of persons under criminal law. They shall, however, have access to the information thus obtained subject to the conditions laid down in Article 3.
Article 10
By agreement between the applicant authority and the requested authority and in accordance with the arrangements laid down by the latter, officials duly authorized by the applicant authority may obtain, from the offices where the administrative authorities of the Member State in which the requested authority is based exercise their functions, information concerning the application of the law on customs and agricultural matters which is needed by the applicant authority and which is derived from documentation to which the staff of those offices have access. These officials shall be authorized to take copies of the said documentation.
Article 11
Staff of the applicant authority present in another Member State in accordance with Articles 9 and 10 must at all times be able to produce written authority stating their identity and their official functions.
Article 12
Findings, certificates, information, documents, certified true copies and any intelligence obtained by the staff of the requested authority and communicated to the applicant authority in the course of the assistance provided for in Articles 4 to 11 may be invoked as evidence by the competent bodies of the Member States of the applicant authority.
TITLE II
SPONTANEOUS ASSISTANCE
Article 13
The competent authorities of each Member State shall, as laid down in Articles 14 and 15, provide assistance to the competent authorities of the other Member States without prior request.
Article 14
Where they consider it useful for ensuring compliance with customs or agricultural legislation, each Member State's competent authorities shall:
(a) as far as is possible keep, or have kept, the special watch described in Article 7;
(b) communicate to the competent authorities of the other Member States concerned all information in their possession, and in particular reports and other documents or certified true copies or extracts thereof, concerning operations which constitute, or appear to them to constitute, breaches of customs or agricultural legislation.
Article 15
The competent authorities of each Member State shall immediately send to the competent authorities of the other Member States concerned all relevant information concerning operations which constitute, or appear to them to constitute, breaches of customs or agricultural legislation, and in particular concerning the goods involved and new ways and means of carrying out such operations.
Article 16
Information obtained by staff of one Member State and communicated to another Member State in the course of the assistance provided for in Articles 13 to 15 may be invoked as evidence by the competent bodies of the Member State receiving the information.
TITLE III
RELATIONS WITH THE COMMISSION
Article 17
1. The competent authorities of each Member State shall communicate to the Commission as soon as it is available to them:
(a) any information they consider relevant concerning:
- goods which have been or are suspected of having been the object of breaches of customs or agricultural legislation,
- methods or practices used or suspected of having been used to breach customs or agricultural legislation,
- requests for assistance, action taken and information exchanged in application of Articles 4 to 16 which are capable of revealing fraudulent tendencies in the field of customs and agriculture;
(b) any information on shortcomings or gaps in customs and agricultural legislation that become apparent or may be deduced from the application of that legislation.
2. The Commission shall communicate to the competent authorities in each Member State, as soon as it becomes available, any information that would help them to enforce customs or agricultural legislation.
Article 18
1. Where a Member State's competent authorities become aware of operations which constitute, or appear to constitute, breaches of customs or agricultural legislation that are of particular relevance at Community level, and especially:
- where they have, or might have, ramifications in other Member States, or
- where it appears likely to the above authorities that similar operations have also been carried out in other Member States,
they shall communicate to the Commission as soon as possible, either on their own initiative or in response to a reasoned request from the Commission, any relevant information, be it in the form of documents or copies or extracts thereof, needed to determine the facts so that the Commission may coordinate the steps taken by the Member States.
The Commission shall convey this information to the competent authorities of the other Member States.
2. Where a Member State's competent authorities invoke paragraph 1, they need not communicate information as provided in Articles 14 (b) and 15 to the competent authorities of the other member States concerned.
3. In response to a reasoned request from the Commission, the Member State's competent authorities shall act in the manner laid down in Articles 4 to 8.
4. Where the Commission considers that irregularities have taken place in one or more Member States, it shall inform the Member State or States concerned thereof and that State or those States shall at the earliest opportunity carry out an enquiry, at which Commission officials may be present under the conditions laid down in Articles 9 (2) and 11 of this Regulation.
The Member State or States concerned shall, as soon as possible, communicate to the Commission the findings of the enquiry.
5. Officials of the Commission may collect the information specified in Article 10 under conditions laid down in that Article by common accord.
6. This Article is without prejudice to the Commission's right to information and scrutiny by virtue of other legislation in force.
TITLE IV
RELATIONS WITH THIRD COUNTRIES
Article 19
Provided the third country concerned has given a legal undertaking to provide the assistance required to gather proof of the irregular nature of operations which appear to constitute breaches of customs or agricultural legislation or to determine the scope of operations which have been found to constitute breaches of that legislation, information obtained under this Regulation may be communicated to that third country as part of a concerted action, subject to the agreement of the competent authorities supplying the information, in accordance with their internal provisions concerning the communication of personal data to third countries.
The information shall be communicated either by the Commission or by the Member States as part of the concerted action referred to in the first paragraph; in either case appropriate steps shall be taken in the third country concerned to ensure a degree of protection equivalent to that laid down by Article 45 (1) and (2).
Article 20
1. In pursuit of the objectives of this Regulation, the Commission may, under the conditions laid down in Article 19, conduct Community administrative and investigative cooperation missions in third countries in coordination and close cooperation with the competent authorities of the Member States.
2. The Community missions to third countries referred to in paragraph 1 shall be governed by the following conditions:
(a) they may be undertaken at the Commission's initiative, where appropriate on the basis of information supplied by the European Parliament, or at the request of one or more Member States;
(b) they shall be carried out by Commission officials appointed for that purpose and by officials appointed for that purpose by the Member State(s) concerned;
(c) they may also, by agreement with the Commission and the Member States concerned, be carried out on behalf of the Community by officials of a Member State, in particular under a bilateral assistance agreement with a third country; in that event the Commission shall be informed of the results of the mission;
(d) mission expenses shall be paid by the Commission.
3. The Commission shall inform the Member States and the European Parliament of the results of missions carried out pursuant to this Article.
Article 21
1. The findings and information obtained in the course of the Community missions referred to in Article 20 of this Regulation, and in particular documents passed on by the competent authorities of the third countries concerned, shall be handled in accordance with Article 45 of this Regulation.
2. Article 12 shall apply mutatis mutandis to the findings and information referred to in paragraph 1.
3. For the purposes of their use pursuant to Article 12, original documents obtained or certified true copies thereof shall be forwarded by the Commission to the competent authorities of the Member States if they so request.
Article 22
Member States shall notify the Commission of information exchanged within the framework of mutual administrative assistance with third countries wherever, within the meaning of Article 18 (1), it is particularly relevant to the effectiveness of customs or agricultural legislation pursuant to this Regulation and the information falls within the scope of this Regulation.
TITLE V
CUSTOMS INFORMATION SYSTEM
Chapter 1
Establishment of a Customs Information System
Article 23
1. An automated information system, the 'Customs Information System`, hereinafter referred to as the 'CIS`, is hereby established to meet the requirements of the administrative authorities responsible for applying the legislation on customs or agricultural matters, as well as those of the Commission.
2. The aim of the CIS, in accordance with the provisions of this Regulation, shall be to assist in preventing, investigating and prosecuting operations which are in breach of customs or agricultural legislation, by increasing, through more rapid dissemination of information, the effectiveness of the cooperation and control procedures of the competent authorities referred to in this Regulation.
3. The customs authorities of the Member States may use the technical infrastructure of the CIS in the performance of their duties in the framework of the customs cooperation referred to in Article K.1 (8) of the Treaty on European Union.
In such a case, the Commission shall ensure the technical management of the infrastructure.
4. Those operations in connection with the application of agricultural regulations which require the introduction of information into the CIS shall be determined by the Commission in accordance with the procedure set out in Article 43 (2).
5. The exchange of information provided for under Articles 17 and 18 is not covered by the provisions of this Title.
6. The Member States and the Commission, hereinafter referred to as the 'CIS partners`, shall take part in the CIS under the conditions laid down in this Title.
Chapter 2
Operation and use of the CIS
Article 24
The CIS shall consist of a central database facility and it shall be accessible via terminals in each Member State and at the Commission. It shall comprise exclusively data necessary to fulfil its aim as stated in Article 23 (2), including personal data, in the following categories:
(a) commodities;
(b) means of transport;
(c) businesses;
(d) persons;
(e) fraud trends;
(f) availability of expertise.
Article 25
The items to be included in the CIS relating to each of categories (a) to (f) in Article 24 shall be determined in accordance with the procedure provided for in Article 43 (2) to the extent that this is necessary to achieve the aim of the System. No items of personal data shall be included in any event in categories (e) and (f) of Article 24. In categories (a) to (d) of Article 24 the items to be included in respect of personal data shall comprise no more than:
(a) name, maiden name, forenames and aliases;
(b) date and place of birth;
(c) nationality;
(d) sex;
(e) any particular objective and permanent physical characteristics;
(f) reason for inclusion of data;
(g) suggested action;
(h) a warning code indicating any history of being armed, violent or escaping;
(i) registration number of the means of transport.
In all cases, personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning the health or sex life of an individual shall not be included.
Article 26
The following principles must be observed in the implementation of the CIS where personal data are concerned:
(a) collection and any other operation for processing personal data must be carried out fairly and lawfully;
(b) data must be collected for the purposes defined in Article 23 (2) and not subsequently processed in a manner incompatible with those purposes;
(c) data must be adequate, relevant and not excessive in relation to the purposes for which they are processed;
(d) data must be accurate and, where necessary, kept up to date;
(e) data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes in view.
Article 27
1. Data in categories (a) to (d) of Article 24 shall be included in the CIS only for the purpose of sighting and reporting, discreet surveillance or specific checks.
2. For the purposes of the actions referred to in paragraph 1, personal data within any of categories (a) to (d) of Article 24 may be included in the CIS only if, especially on the basis of prior illegal activities, there is evidence to suggest that the person concerned has committed, is committing or will commit actions which are in breach of customs or agricultural legislation and which are of particular relevance at Community level.
Article 28
1. If the actions referred to in Article 27 (1) are carried out, the following information may, in whole or in part, be collected and transmitted to the CIS partner which suggested the actions:
(a) the fact that the commodity, means of transport, business or person reported has been found;
(b) the place, time and reason for the check;
(c) route and destination of the journey;
(d) persons accompanying the person concerned or occupants of the means of transport;
(e) means of transport used;
(f) objects carried;
(g) the circumstances under which the commodity, means of transport, business or person was found.
When such information is collected in the course of discreet surveillance, steps must be taken to ensure that the secret nature of the surveillance is not jeopardized.
2. In the context of the specific checks referred to in Article 27 (1), persons, means of transport and objects may be searched to the extent permissible and in accordance with the laws, regulations and procedures of the Member State in which the search takes place. If the specific checks are not permitted by the law of a Member State, they shall automatically be converted by that Member State into sighting and reporting or discreet surveillance.
Article 29
1. Direct access to data included in the CIS shall be reserved exclusively for the national authorities designated by each Member State and the departments designated by the Commission. These national authorities shall be customs administrations, but may also include other authorities competent, according to the laws, regulations and procedures of the Member State in question, to act in order to achieve the aim stated in Article 23 (2).
2. Each Member State shall send the Commission a list of its designated competent authorities which have direct access to the CIS stating, for each authority, to which data it may have access and for what purposes.
The Commission shall inform the other Member States accordingly. It shall also inform all the Member States of the corresponding details concerning the Commission departments authorized to have access to the CIS.
The list of national authorities and Commission departments thus designated shall be published for information by the Commission in the Official Journal of the European Communities.
3. Notwithstanding the provisions of paragraphs 1 and 2, the Council, acting on a proposal from the Commission, may decide to permit access to the CIS by international or regional organizations, provided that, where relevant, a protocol is at the same time concluded with those organizations in conformity with Article 7 (3) of the Convention between Member States of the Community on the use of information technology for customs purposes. In reaching the decision account shall be taken in particular of any existing bilateral or Community arrangements and of the adequacy of the level of data protection.
Article 30
1. CIS partners may use data obtained from the CIS only in order to achieve the aim stated in Article 23 (2); however, they may use it for administrative or other purposes with the prior authorization of the CIS partner which introduced the data into the system subject to conditions imposed by it or, where applicable, the Commission, which included it in the System. Such other use shall be in accordance with the laws, regulations and procedures of the Member State which seeks to use it and, where appropriate, the corresponding provisions applicable to the Commission in this connection and should take into account the principles set out in the Annex.
2. Without prejudice to paragraphs 1 and 4 of this Article and Article 29 (3), data obtained from the CIS shall be used only by national authorities or departments in each Member State and by departments designated by the Commission competent, in accordance with the laws, regulations and procedures applicable to them, to act in order to achieve the aim stated in Article 23 (2).
3. Each Member State shall send the Commission a list of the authorities or departments referred to in paragraph 2.
The Commission shall inform the other Member States accordingly. It shall also inform all the Member States of the corresponding details concerning the Commission departments authorized to have access to the CIS.
The list of the authorities or departments thus designated shall be published for information by the Commission in the Official Journal of the European Communities.
4. Data obtained from the CIS may, with the prior authorization of, and subject to any conditions imposed by, the Member State which included them in the System, be communicated for use by national authorities other than those referred to in paragraph 2, third countries and international or regional organizations wishing to make use of them. Each Member State shall take special measures to ensure the security of such data when they are being transmitted or supplied to departments located outside its territory.
The provisions referred to in the first subparagraph shall apply mutatis mutandis to the Commission where it has entered the data in the System.
Article 31
1. The inclusion of data in the CIS shall be governed by the laws, regulations and procedures of the supplying Member State and, where appropriate, the corresponding provisions applicable to the Commission in this connection, unless this Regulation lays down more stringent provisions.
2. The processing of data obtained from the CIS, including their use or performance of any action under Article 27 (1) suggested by the supplying CIS partner, shall be governed by the laws, regulations and procedures of the Member State processing or using such data and the corresponding provisions applicable to the Commission in this connection, unless this Regulation lays down more stringent provisions.
Chapter 3
Amendment of data
Article 32
1. Only the supplying CIS partner shall have the right to amend, supplement, correct or delete data which it has included in the CIS.
2. Should a supplying CIS partner note, or have drawn to its attention, that the data it included are factually inaccurate or were included or are stored contrary to this Regulation, it shall amend, supplement, correct or delete the data, as appropriate, and shall advise the other CIS partners accordingly.
3. If a CIS partner has evidence to suggest that an item of data is factually inaccurate, or was included or is stored in the CIS contrary to this Regulation, it shall advise the supplying CIS partner as soon as possible. The latter shall check the data concerned and, if necessary, correct or delete the item without delay. The supplying CIS partner shall advise the other partners of any correction or deletion affected.
4. If, when including data in the CIS, a CIS partner notes that its report conflicts with a previous report with regard to content or suggested action, it shall immediately advise the partner which made the previous report. The two partners shall then attempt to resolve the matter. In the event of disagreement, the first report shall stand but those parts of the new report which do not conflict shall be included in the System.
5. Subject to the other provisions of this Regulation, where in any Member State a court, or other authority designated for the purpose within that Member State, makes a final decision to amend, supplement, correct or delete data in the CIS, the CIS partners shall align their action thereon.
In the event of conflict between such decisions of courts or other authorities designated for the purpose including those referred to in Article 36 concerning correction or deletion, the Member State which included the data in question shall delete them from the System.
The provisions in the first subparagraph shall apply mutatis mutandis where a Commission decision on data contained in the CIS is declared void by the Court of Justice.
Chapter 4
Retention of data
Article 33
1. Data included in the CIS shall be kept only for the time necessary to achieve the purpose for which they were included. The need for their retention shall be reviewed at least annually by the supplying CIS partner.
2. The supplying CIS partner may, within the review period, decide to retain data until the next review if their retention is necessary for the purposes for which they were included. Without prejudice to Article 36, if there is no decision to retain data they shall automatically be transferred to that part of the CIS to which access shall be limited in accordance with paragraph 4.
3. The CIS shall automatically inform the supplying CIS partner of a scheduled transfer of data from the CIS under paragraph 2, giving one month's notice.
4. Data transferred under paragraph 2 shall continue to be retained for one year within the CIS but, without prejudice to Article 36, shall be accessible only to a representative of the Committee referred to in Article 43 in connection with the application of the seventh, eighth and ninth indents of paragraph 4 thereof, and paragraph 5 thereof, or to the supervisory authorities referred to in Article 37. During that period the data may be consulted only for the purposes of checking their accuracy and lawfulness. They must thereafter be deleted.
Chapter 5
Personal-data protection
Article 34
1. Each CIS partner intending to receive personal data from, or include them in, the CIS shall, no later than the date of application of this Regulation, adopt national legislation, or internal rules applicable to the Commission, guaranteeing the protection of the rights and freedoms of individuals with regard to the processing of personal data.
2. A CIS partner may receive personal data from, or include them in, the CIS only where the arrangements for the protection of such data provided for in paragraph 1 have entered into force. Each Member State shall also have previously designated a national supervisory authority or authorities as provided for in Article 37.
3. In order to ensure the proper application of the personal-data protection provisions in this Regulation, each Member State and the Commission shall regard the CIS as a system for processing personal data subject to the provisions referred to in paragraph 1 and the more stringent provisions contained in this Regulation.
The internal rules applicable to the Commission, as referred to in paragraph 1, shall be published in the Official Journal of the European Communities.
Article 35
1. Subject to Article 30 (1), CIS partners shall be prohibited from using personal data from the CIS other than for the purpose stated in Article 23 (2).
2. Data may be duplicated only for technical purposes, provided that such duplication is necessary for searching by the authorities referred to in Article 29. Subject to Article 30 (1), personal data included by other Member States or the Commission may not be copied from the CIS into other data files for which the Member States or the Commission have responsibility.
Article 36
1. The rights of persons with regard to the personal data in the CIS, in particular their right of access, shall be put into effect:
- in accordance with the laws, regulations and procedures of the Member State in which such rights are invoked,
- in accordance with the internal rules applicable to the Commission referred to in Article 34 (1).
If laid down in the laws, regulations and procedures of the Member State concerned, the national supervisory authority provided for in Article 37 shall decide whether information is to be communicated and the procedure for doing so.
2. A CIS partner to which an application for access to personal data is made may refuse access if communication would be likely to prejudice the prevention, investigation and prosecution of operations which are in breach of customs or agricultural legislation. A Member State may also refuse access as provided for in its laws, regulations and procedures in relation to cases where such refusal constitutes a measure necessary to safeguard national security, defence, public safety and the rights and freedoms of others. The Commission may refuse access where such refusal constitutes a measure necessary to safeguard the rights and freedoms of others.
Access shall be refused in any event during the period in which action is taken for the purposes of sighting and reporting or discreet surveillance.
3. If the personal data for which an application for access has been made have been supplied by another CIS partner, access shall be permitted only if the supplying partner has been given the opportunity to state its position.
4. Any person may, in accordance with the laws, regulations and procedures of each Member State or with the internal rules applicable to the Commission, have personal data relating to himself corrected or deleted by each CIS partner if those data are factually inaccurate, or were included or are stored in the CIS contrary to the aim stated in Article 23 (2) or if the principles of Article 26 have not been observed.
5. In the territory of each Member State, any person may, in accordance with the laws, regulations and procedures of the Member State in question, bring an action or, if appropriate, a complaint before the courts or the authority designated for the purpose, in accordance with those laws, regulations and procedures, in connection with personal data relating to himself in the CIS, in order to:
(a) correct or delete factually inaccurate personal data;
(b) correct or delete personal data included or stored in the CIS contrary to this Regulation;
(c) obtain access to personal data;
(d) obtain compensation under Article 40 (2).
With regard to data included by the Commission, an action may be brought before the Court of Justice in accordance with Article 173 of the Treaty.
The Member States and the Commission undertake mutually to enforce the final decisions taken by a court, the Court of Justice or another authority designated to that end which concern points (a), (b) and (c) of the first subparagraph.
6. The references in this Article and in Article 32 (5) to a 'final decision` do not imply any obligation on the part of any Member State or the Commission to appeal against a decision taken by a court or other authority designated for the purpose.
Chapter 6
Personal-data protection supervision
Article 37
1. Each Member State shall designate a national supervisory authority or authorities responsible for personal-data protection to carry out independent supervision of such data included in the CIS.
The supervisory authorities, in conformity with their respective national legislations, shall carry out independent supervision and checks to ensure that the processing and use of data held in the CIS do not violate the rights of data subjects. For this purpose the supervisory authorities shall have access to the CIS.
2. Any person may ask any national supervisory authority to check personal data relating to himself in the CIS and the use which has been or is being made of those data. The right shall be governed by the laws, regulations and procedures of the Member State in which the request is made. If the data have been included by another Member State or the Commission, the check shall be carried out in close coordination with that Member State's national supervisory authority or with the authority provided for in paragraph 4.
3. The Commission shall take every step within its departments to ensure personal-data protection supervision which offers safeguards of a level equivalent to that resulting from paragraph 1.
4. Pending the appointment of any authority or authorities set up for the Community institutions and bodies, the Commission's activities as regards the data-protection rules laid down in Article 34 (1), Article 36 (1) and Article 37 (3) shall be supervised by the Ombudsman provided for in Article 138e of the Treaty establishing the European Community in the context of the task allotted to him by that Treaty.
Chapter 7
Security of the CIS
Article 38
1. All appropriate technical and organizational measures necessary to maintain security shall be taken:
(a) by the Member States and the Commission, each insofar as it concerns them, in respect of the terminals of the CIS located on their respective territories and in the Commission's offices;
(b) by the Committee referred to in Article 43 in respect of the CIS and the terminals located on the same premises as the CIS and used for technical purposes and the checks required by paragraph 3.
2. In particular, the Member States, the Commission and the Committee referred to in Article 43 shall take measures:
(a) to prevent any unauthorized person from having access to installations used for the processing of data;
(b) to prevent data and data media from being read, copied, modified or deleted by unauthorized persons;
(c) to prevent the unauthorized entry of data and any unauthorized consultation, modification or deletion of data;
(d) to prevent data in the CIS from being accessed by unauthorized persons by means of data-transmission equipment;
(e) to guarantee that, with respect to the use of the CIS, authorized persons have right of access only to data for which they have competence;
(f) to guarantee that it is possible to check and establish to which authorities data may be transmitted by data-transmission equipment;
(g) to guarantee that it is possible to check and establish ex post facto what data have been introduced into the CIS, when and by whom, and to monitor interrogation;
(h) to prevent the unauthorized reading, copying, modification or deletion of data during the transmission of data and the transport of data media.
3. In accordance with Article 43, the Committee shall verify that the searches carried out were authorized and were carried out by authorized users. At least 1 % of all searches made shall be verified. A record of such searches and verifications shall be entered into the system and shall be used only for the said verifications. It shall be deleted after six months.
Article 39
1. Each of the Member States shall designate a department which shall be responsible for the security measures set out in Article 38, in relation to the terminals located in its territory, the review functions set out in Article 33 (1) and (2), and, in general, for the proper implementation of this Regulation insofar as is necessary under its laws, regulations and procedures.
2. The Commission, for its part, shall designate those of its departments which are to be responsible for the measures referred to in paragraph 1.
Chapter 8
Responsibilities and publication
Article 40
1. Each CIS partner that has included data in the System shall be responsible for the accuracy, currency and lawfulness of those data. Each Member State or, where applicable, the Commission shall also be responsible for complying with the provisions of Article 26 of this Regulation.
2. Each CIS partner shall be liable, in accordance with national laws, regulations and procedures or the equivalent Community provisions, for injury caused to a person through the use of the CIS in the Member State concerned or at the Commission.
This shall also be the case where the injury was caused by the supplying CIS partner entering inaccurate data or entering data contrary to this Regulation.
3. If the CIS partner against which an action in respect of inaccurate data is brought did not supply them, the partners concerned shall seek agreement as to what proportion, if any, of the sums paid out in compensation shall be reimbursed by the supplying partner to the other partner. Any such sums agreed shall be reimbursed on request.
Article 41
The Commission shall publish a communication in the Official Journal of the European Communities concerning the implementation of the CIS.
TITLE VI
PROTECTION OF DATA DURING THE NON-AUTOMATIC EXCHANGE OF DATA
Article 42
The provisions applying to the automatic exchange and processing of data shall apply mutatis mutandis to non-automatic exchange and processing of data.
TITLE VII
FINAL PROVISIONS
Article 43
1. The Commission shall be assisted by a Committee made up of representatives of the Member States and chaired by the representative of the Commission.
2. The representative of the Commission shall submit to the Committee a draft of the measures to be taken. The Committee shall deliver its opinion on the draft within a time limit which the Chairman may lay down according to the urgency of the matter. The opinion shall be delivered by the majority laid down in Article 148 (2) of the Treaty in the case of decisions which the Council is required to adopt on a proposal from the Commission. The votes of the representatives of the Member States within the Committee shall be weighted in the manner set out in that Article. The Chairman shall not vote.
The Commission shall adopt the measures envisaged if they are in accordance with the opinion of the Committee.
If the measures envisaged are not in accordance with the opinion of the Committee, or if no opinion is delivered, the Commission shall, without delay, submit to the Council a proposal relating to the provisions to be adopted. The Council shall act by a qualified majority.
If, on the expiry of a period of three months from the date of referral to the Council, the Council has not acted, the proposed measures shall be adopted by the Commission, except in cases where the Council has decided by a simple majority against such measures.
3. The procedure laid down in paragraph 2 shall apply in particular to:
(a) decisions on items to be included in the CIS as provided for in Article 25;
(b) determination of operations concerning the application of agricultural legislation in respect of which information is to be entered in the CIS, as provided for in Article 23 (4).
4. The committee shall examine all matters relating to the application of this Regulation which may be raised by its chairman, either on his own initiative or at the request of the representative of a Member State, in particular concerning:
- the general working of the mutual assistance arrangements provided for in this Regulation,
- the adoption of practical arrangements for forwarding the information referred to in Articles 16 and 17,
- the information sent to the Commission pursuant to Articles 17 and 18 to see if anything can be learnt from it, decide on the measures required to put an end to practices found to be in breach of customs or agricultural legislation and, where appropriate, suggest amendments to existing Community provisions or the drafting of additional ones,
- the preparation of enquiries carried out by the Member States and coordinated by the Commission and Community missions as provided for in Article 20,
- measures taken to safeguard the confidentiality of information, in particular personal data, exchanged under this Regulation, other than that provided for in Title V,
- the implementation and proper operation of the CIS and all the technical and operational measures required to ensure the security of the system,
- the necessity of storing information in the CIS,
- the measures taken to safeguard the confidentiality of information entered in the CIS under this Regulation, particularly personal data, and to ensure compliance with the obligations of those responsible for processing,
- the measures adopted pursuant to Article 38 (2).
5. The committee shall examine all problems connected with the operation of the CIS which are encountered by the supervisory authorities referred to in Article 37. In such cases, the committee shall meet in an ad hoc formation comprising representatives nominated by each Member State from its national supervisory authority or authorities. The Ombudsman referred to in Article 37 (4) or his representative may also participate, on his own initiative, insofar as he considers it compatible with his duties, in the meetings of the committee in such ad hoc formation. The committee shall meet in its ad hoc formation at least once a year.
6. For the purposes of this Article the committee shall have direct access to, and may make direct use of, data from the CIS.
Article 44
Without prejudice to the provisions in Title V on the CIS, the documents provided for in this Regulation may be replaced by computerized information produced in any form for the same purpose.
Article 45
1. Regardless of the form, any information transmitted pursuant to this Regulation shall be of a confidential nature, including the data stored in the CIS. It shall be covered by the obligation of professional secrecy and shall enjoy the protection extended to like information under both the national law of the Member States receiving it and the corresponding provisions applicable to Community authorities.
In particular, the information referred to in the first subparagraph may not be sent to persons other than those in the Member States or within the Community institutions whose functions require them to know or use it. Nor may it be used for purposes other than those provided for in this Regulation, unless the Member State, or the Commission, which supplied it or entered it in the CIS has expressly agreed, subject to the conditions laid down by that Member State or by the Commission and insofar as such communication or use is not prohibited by the provisions in force in the Member State in which the recipient authority is based.
2. Without prejudices to the provisions in Title V on the CIS, information concerning natural and legal persons shall be transmitted under this Regulation only where strictly necessary to prevent, investigate or take proceedings in respect of operations in breach of customs or agricultural legislation.
3. Paragraphs 1 and 2 shall not preclude the use of information obtained under this Regulation in any legal action or proceedings subsequently initiated in respect of failure to comply with customs or agricultural legislation.
The competent authority which supplied that information shall be notified of such use forthwith.
4. Where the Commission is notified by a Member State that further enquiries have exonerated from involvement in irregularities a natural or legal person whose name was transmitted under this Regulation, the Commission shall forthwith notify all parties to whom these personal data have been transmitted on the basis of this Regulation. The person concerned shall then cease to be regarded as being involved in the irregularity that gave rise to the initial notification.
Where the personal data relating to the person concerned are in the CIS, they shall be removed from it.
Article 46
For the purposes of applying this Regulation, Member States shall take all necessary steps to:
(a) ensure effective internal coordination between the administrative authorities referred to in Article 1 (1);
(b) establish in their mutual relations all necessary direct cooperation between the authorities empowered specifically for that purpose.
Article 47
Member States may decide by common accord whether procedures are needed to ensure the smooth operation of the mutual-assistance arrangements provided for in this Regulation, in particular in order to avoid any interruption of surveillance of persons or goods where this might be prejudicial to the detection of operations in breach of customs and agricultural legislation.
Article 48
1. This Regulation shall not bind Member States' administrative authorities to grant each other assistance where that would be likely to be injurious to public policy (ordre public) or other fundamental interests, in particular with regard to data protection, of the Member State in which they are based.
2. Reasons shall be stated for any refusal to grant assistance.
The Commission shall be informed as early as possible of any refusal to grant assistance and the reasons given for refusal.
Article 49
Without prejudice to the Commission's right to be notified under other regulations in force, Member States shall transmit to the Commission administrative or legal decisions or the main elements thereof relating to the application of penalties for breaches of customs or agricultural legislation in cases which have been the subject of communications under Articles 17 or 18.
Article 50
Without prejudice to the expenses associated with the implementation of the CIS or damages under Article 40, Member States and the Commission shall waive all claims for the reimbursement of expenses incurred under this Regulation save, where appropriate, in respect of fees paid to experts.
Article 51
This Regulation shall not affect the application in the Member States of rules on criminal procedure and mutual assistance in criminal matters, including those on secrecy of judicial inquiries.
Article 52
1. Regulation (EEC) No 1468/81 is hereby repealed.
2. References made to the repealed Regulation shall be understood as referring to the present Regulation.
Article 53
1. This Regulation shall enter into force on the third day following its publication in the Official Journal of the European Communities.
It shall apply from 13 March 1998.
2. However, Article 42 will not apply to Denmark, Ireland, Sweden or the United Kingdom until Community rules exist applicable to all the data covered by this Regulation.
As from the date when the rules referred to in the first subparagraph apply in all the Member States, Article 42 will be repealed and the derogation provided for in the first subparagraph will cease to have effect.
If after 5 years the rules in question have not yet become applicable, the Commission shall prepare a report, together with any proposals it deems necessary.
For as long as the four Member States concerned do not apply the provisions of Article 42, the Member States and the Commission may subject the non-automatic processing of personal data which they may communicate to those four Member States to compliance with rules on data protection equivalent to those which they apply themselves to the non-automatic processing of such data.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 13 March 1997.
For the Council
The President
M. PATIJN
(1) OJ No L 94, 28. 4. 1970, p. 13. Regulation as last amended by Regulation (EEC) No 2048/88 (OJ No L 185, 15. 7. 1988, p. 1).
(2) OJ No C 56, 26. 2. 1993, p. 1; OJ No C 262, 28. 9. 1993, p. 8, and OJ No C 80, 17. 3. 1994, p. 12.
(3) OJ No C 20, 24. 1. 1994, p. 85, and Opinion of 16 January 1997 (OJ No C 33, 3. 2. 1997).
(4) OJ No C 161, 14. 6. 1993, p. 15.
(5) OJ No L 144, 2. 6. 1981, p. 1. Regulation as amended by Regulation (EEC) No 945/87 (OJ No L 90, 2. 4. 1987, p. 3).
(6) Council Regulation (EEC, Euratom) No 1552/89 of 29 May 1989 implementing Decision 88/376/EEC, Euratom on the system of the Communities' own resources (OJ No L 155, 7. 6. 1989, p. 1). Regulation last amended by Regulation (EC, Euratom) No 2729/94 (OJ No L 293, 12. 11. 1994, p. 5).
(7) Council Regulation (EEC) No 595/91 of 4 March 1991 concerning irregularities and the recovery of money wrongly paid in connection with the financing of the common agricultural policy and the organization of an information system in this field and repealing Regulation (EEC) No 283/72 (OJ No L 67, 14. 3. 1991, p. 11).
(8) OJ No L 281, 23. 11. 1995, p. 31.
ANNEX
COMMUNICATION OF DATA (Article 30 (1))
1. Communication to other public bodies
Communication of data to public bodies should be permissible only if, in a particular case:
(a) there exists a clear legal obligation or authorization, or with the authorization of the supervisory authority; or
(b) these data are essential for the recipient to fulfil his own lawful task, provided that the aim of the collection or processing to be carried out by the recipient is not incompatible with the original aim and that it is not precluded by the legal obligations of the communicating body.
Communication is exceptionally permissible if, in a particular case:
(a) communication is undoubtedly in the interest of the data subject and the data subject has consented or if circumstances are such as to allow a clear presumption of such consent; or
(b) communication is necessary so as to prevent a serious and imminent danger.
2. Communication to private individuals
The communication of data to private individuals should be permissible only if, in a particular case, there is a clear legal obligation or authorization, or with the authorization of the supervisory authority.
Communication to private individuals is exceptionally permissible if, in a particular case:
(a) communication is undoubtedly in the interest of the data subject and the data subject has consented or circumstances are such as to allow a clear presumption of such consent; or
(b) communication is necessary so as to prevent a serious and imminent danger.
3. International communication
Communication of data to foreign authorities should be permissible only:
(a) if there exists a clear legal provision under national or international law;
(b) in the absence of such a provision, if communication is necessary for the prevention of a serious and imminent danger;
and provided that domestic regulations for the protection of the data subject are not prejudiced.
4.1. Requests for communication
Subject to specific provisions contained in national legislation or in international agreements, requests for communication of data should provide indications as to the body or person requesting them as well as the reason for the request and its objective.
4.2. Conditions governing communication
As far as possible, the quality of data should be verified at the latest before their communication. As far as possible, in all communications of data, judicial decisions, as well as decisions not to prosecute, should be indicated and data based on opinions or personal assessments should be checked at source before being communicated and their degree of accuracy or reliability indicated.
If it is discovered that the data are no longer accurate and up-to-date, they should not be communicated; if outdated or inaccurate data have been communicated, the communicating body should inform as far as possible all the recipients of the data of their non-conformity.
4.3. Safeguards for communication
The data communicated to other bodies, private individuals and foreign authorities should not be used for purposes other than those indicated in the request for communication.
Use of the data for other purposes should, without prejudice to paragraphs 1 to 4.2, be made subject to the agreement of the communicating body.