Regulation (EC) No 766/2008 of the European Parliament and of the Council of 9 July 2008 amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
Regulation (EC) No 766/2008 of the European Parliament and of the Councilof 9 July 2008amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural mattersTHE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,Having regard to the Treaty establishing the European Community, and in particular Articles 135 and 280 thereof,Having regard to the proposal from the Commission,Having regard to the opinion of the Court of AuditorsOJ C 101, 4.5.2007, p. 4.,Acting in accordance with the procedure laid down in Article 251 of the TreatyOpinion of the European Parliament of 19 February 2008 (not yet published in the Official Journal) and Council Decision of 23 June 2008.,Whereas:(1)Council Regulation (EC) No 515/97OJ L 82, 22.3.1997, p. 1. Regulation amended by Regulation (EC) No 807/2003 (OJ L 122, 16.5.2003, p. 36). improved the earlier legal mechanism, in particular by allowing information to be stored in the Community database Customs Information System (CIS).(2)However, experience gained since Regulation (EC) No 515/97 entered into force has shown that the use of the CIS for the sole purposes of sighting and reporting, discreet surveillance or specific checks does not make it possible to achieve fully the system's objective, which is to assist in preventing, investigating and prosecuting operations that are in breach of customs or agricultural legislation.(3)The changes introduced when the European Union was enlarged to include 27 Member States require a reconsideration of Community customs cooperation in a broader framework and with modernised mechanisms.(4)Commission Decision 1999/352/EC, ECSC, Euratom of 28 April 1999 establishing the European Anti-Fraud Office (OLAF)OJ L 136, 31.5.1999, p. 20. and the Convention on the use of information technology for customs purposesOJ C 316, 27.11.1995, p. 34., drawn up by Council Act of 26 July 1995OJ C 316, 27.11.1995, p. 33., modified the general framework for cooperation between the Member States and the Commission as regards preventing, investigating and prosecuting offences under Community legislation.(5)The results of strategic analysis should help those responsible at the highest level to determine projects, objectives and policies for combating fraud, to plan activities and to deploy the resources needed to achieve the operational objectives laid down.(6)The result of an operational analysis concerning the activities, resources and intentions of certain persons or businesses that do not comply or appear not to comply with customs or agricultural legislation should help the customs authorities and the Commission take the appropriate measures in specific cases to achieve the objectives laid down as regards the fight against fraud.(7)Under the current mechanism set out in Regulation (EC) No 515/97, personal data entered by a Member State can be copied from CIS into other data-processing systems only with the prior authorisation of the CIS partner which entered them and subject to the conditions imposed by it in accordance with Article 30(1). The amendment of the Regulation is designed to derogate from that principle of prior authorisation only where the data are to be processed by the national authorities and the Commission services responsible for risk management with a view to targeting controls on movements of goods.(8)The current mechanism needs to be supplemented by a legal framework establishing a customs files identification database covering past and current files. The creation of such a database follows up the intergovernmental customs cooperation initiative which led to the adoption of the Council Act of 8 May 2003 drawing up the Protocol amending, as regards the creation of a customs files identification database, the Convention on the use of information technology for customs purposesOJ C 139, 13.6.2003, p. 1..(9)It is necessary to ensure that, in order to strengthen customs cooperation between Member States and between Member States and the Commission, and without prejudice to other provisions of Regulation (EC) No 515/97, certain data may be exchanged in pursuit of the objectives of that Regulation.(10)In addition, it is necessary to ensure greater complementarity with action in the context of intergovernmental customs cooperation and of cooperation with the other bodies and agencies of the European Union and other international and regional organisations. Such action follows on from the Council Resolution of 2 October 2003 concerning a strategy for customs cooperationOJ C 247, 15.10.2003, p. 1. and the Council Decision of 6 December 2001 extending the mandate of Europol to the fight against the serious forms of international crime listed in the Annex to the Europol ConventionOJ C 362, 18.12.2001, p. 1..(11)In order to promote coherence between the action taken by the Commission, the other bodies and agencies of the European Union and other international and regional organisations, the Commission should be authorised to provide training and all forms of assistance other than financial assistance for the liaison officers of third countries and of European and international organisations and agencies, including the exchange of best practice with those bodies, and, for example, with Europol and the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union (Frontex).(12)The conditions should be created under Regulation (EC) No 515/97 for the implementation of joint customs operations in the Community context. The Committee provided for by Article 43 of Regulation (EC) No 515/97 should be empowered to determine the mandate for Community joint customs operations.(13)A permanent infrastructure must be created within the Commission so that joint customs operations can be coordinated throughout the calendar year and representatives of the Member States and, if necessary, liaison officers from third countries or European or international organisations and agencies, in particular Europol and the World Customs Organisation (WCO) and Interpol, can be hosted for the time needed to carry out one or more individual operations.(14)In order to address CIS-related supervision issues, the European Data Protection Supervisor should convene a meeting with national data protection supervisory authorities at least once a year.(15)The Member States must have the possibility of reusing that infrastructure for joint customs operations organised by way of customs cooperation as provided for in Articles 29 and 30 of the Treaty on European Union, without prejudice to the role of Europol. In that event, joint customs operations should be conducted under the mandate determined by the relevant Council working party as regards customs cooperation under Title VI of the Treaty on European Union.(16)In addition, the development of new markets, the increasing internationalisation of trade and the rapid expansion thereof, combined with the increase in the speed of the carriage of goods, require customs administrations to keep up with movement so as not to harm the development of Europe's economy.(17)The ultimate objectives are that all operators should be able to provide all necessary documentation in advance and fully computerise their connections with the customs authorities. Meanwhile, the current situation will continue to exist, with various levels of development of national computer systems, and anti-fraud mechanisms must be improved since deflections of trade can still occur.(18)For the purpose of the fight against fraud, it is therefore necessary, together with the reform and modernisation of customs systems, to seek information at the furthest possible point upstream. In addition, in order to help the competent authorities of the Member States to detect movements of goods that are the object of operations in potential breach of customs or agricultural legislation and means of transport, including containers, used for that purpose, data from the principal service suppliers worldwide, public or private, that are active in the international supply chain should be pooled in a European central data directory.(19)The protection of natural persons in the processing of personal data is governed by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataOJ L 281, 28.11.1995, p. 31. Directive as amended by Regulation (EC) No 1882/2003 (OJ L 284, 31.10.2003, p. 1). and by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)OJ L 201, 31.7.2002, p. 37. Directive as amended by Directive 2006/24/EC (OJ L 105, 13.4.2006, p. 54)., which are fully applicable to information society services. Those Directives already establish a Community legal framework in the field of personal data and therefore it is not necessary to cover the issue in this Regulation in order to ensure the smooth functioning of the internal market, in particular the free movement of personal data between Member States. This Regulation must be implemented and applied in accordance with the rules on the protection of personal data, in particular as regards the exchange and storage of information in support of action to prevent and detect fraud.(20)The exchange of personal data with third countries should be subject to prior verification that data protection rules in the receiving country offer a degree of protection equivalent to that provided by Community law.(21)As Directive 95/46/EC has been transposed by the Member States since the adoption of Regulation (EC) No 515/97, and the Commission has established an independent authority to ensure that freedoms and fundamental rights of persons are respected by Community institutions and bodies in the processing of personal data in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such dataOJ L 8, 12.1.2001, p. 1., the personal data protection control measures should be aligned and the reference to the European Ombudsman should be replaced by a reference to the European Data Protection Supervisor, without prejudice to the powers of the Ombudsman.(22)The measures necessary for the implementation of Regulation (EC) No 515/97 should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the CommissionOJ L 184, 17.7.1999, p. 23. Decision as amended by Decision 2006/512/EC (OJ L 200, 22.7.2006, p. 11)..(23)In particular, the Commission should be empowered to decide on items to be included in the CIS and to determine operations concerning the application of agricultural legislation in respect of which information is to be entered therein. Since those measures are of general scope and are designed to amend non-essential elements of Regulation (EC) No 515/97, inter alia, by supplementing it with new non-essential elements, they must be adopted in accordance with the regulatory procedure with scrutiny provided for in Article 5a of Decision 1999/468/EC.(24)The report on the implementation of Regulation (EC) No 515/97 should be integrated in the report submitted each year to the European Parliament and to the Council on the measures taken in implementation of Article 280 of the Treaty.(25)Regulation (EC) No 515/97 should be amended accordingly.(26)Since the objective of this Regulation, namely the coordination of the fight against fraud and any other illegal activity to the detriment of the Community's financial interests, cannot be sufficiently achieved by the Member States and can therefore, by reason of its scale and effects, be better achieved at Community level, the Community may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective.(27)This Regulation respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European UnionOJ C 364, 18.12.2000, p. 1.. In particular, this Regulation aims to ensure full respect for the right to the protection of personal data (Article 8 of the Charter of Fundamental Rights of the European Union).(28)The European Data Protection Supervisor has been consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 22 February 2007OJ C 94, 28.4.2007, p. 3.,HAVE ADOPTED THIS REGULATION:
Article 1Regulation (EC) No 515/97 is hereby amended as follows:1.in Article 2(1), the following indents shall be added:"—"operational analysis" means analysis of operations which constitute, or appear to constitute, breaches of customs or agricultural legislation, involving the following stages in turn:(a)the collection of information, including personal data;(b)evaluation of the reliability of the information source and the information itself;(c)research, methodical presentation and interpretation of links between these items of information or between them and other significant data;(d)the formulation of observations, hypotheses or recommendations directly usable as risk information by the competent authorities and by the Commission to prevent and detect other operations in breach of customs and agricultural legislation and/or to identify with precision the person or businesses implicated in such operations,—"strategic analysis" means research and presentation of the general trends in breaches of customs and agricultural legislation through an evaluation of the threat, scale and impact of certain types of operation in breach of customs and agricultural legislation, with a view to subsequently setting priorities, gaining a better picture of the phenomenon or threat, reorienting action to prevent and detect fraud and reviewing departmental organisation. Only data from which identifying factors have been removed may be used for strategic analysis,—"regular automatic exchange" means the systematic communication of predefined information, without prior request, at pre-established regular intervals,—"occasional automatic exchange" means the systematic communication of predefined information, without prior request, as and when that information becomes available.";2.the following Article shall be inserted:"Article 2aWithout prejudice to other provisions of this Regulation, and in pursuit of the objectives thereof, in particular where no customs declaration or simplified declaration is presented or where it is incomplete or where there is a reason to believe that the data contained therein are false, the Commission or the competent authorities of each Member State may exchange with the competent authority of any other Member State or the Commission the following data:(a)business name;(b)trading name;(c)address of the business;(d)VAT identification number of the business;(e)excise duties identification numberAs provided for in Article 22(2)(a) of Council Regulation (EC) No 2073/2004 of 16 November 2004 on administrative cooperation in the field of excise duties (OJ L 359, 4.12.2004, p. 1.).";;(f)information as to whether the VAT identification number and/or the excise duties identification number is in use;(g)names of the managers, directors and, if available, principal shareholders of the business;(h)number and date of issue of the invoice; and(i)amount invoiced.This Article shall apply only to movements of goods as described in the first indent of Article 2(1).
----------------------
As provided for in Article 22(2)(a) of Council Regulation (EC) No 2073/2004 of 16 November 2004 on administrative cooperation in the field of excise duties (OJ L 359, 4.12.2004, p. 1.).";3.Article 15 shall be amended as follows:(a)the existing paragraph shall be numbered as paragraph 1;(b)the following paragraph shall be added:"2.The competent authorities of each Member State may also, by regular automatic exchange or occasional automatic exchange, communicate to the competent authority of any other Member State concerned information received concerning the entry, exit, transit, storage and end-use of goods, including postal traffic, moved between the customs territory of the Community and other territories, and the presence and movement within the customs territory of the Community of non-community and end-use goods, where necessary to prevent or detect operations which constitute, or appear to constitute, breaches of customs or agricultural legislation.";4.Article 18 shall be amended as follows:(a)paragraph 1 shall be amended as follows:(i)the first indent shall be replaced by the following:"—when they have, or might have, ramifications in other Member States or in third countries, or";(ii)the following subparagraph shall be added:"Within six months of the receipt of the information conveyed by the Commission, the competent authorities of the Member States shall forward to the Commission a summary of the anti-fraud measures taken by them on the basis of that information. The Commission shall, on the basis of those summaries, regularly prepare and convey to the Member States reports on the results of measures taken by the Member States.";(b)the following paragraphs shall be added:"7.Without prejudice to the provisions of the Community Customs Code relating to the establishment of a common framework for risk management, the data exchanged between the Commission and the Member States pursuant to Articles 17 and 18 may be stored and used for the purpose of strategic and operational analysis.8.The Member States and the Commission may exchange the results of operational and strategic analyses carried out under this Regulation.";5.in Title III, the following Articles shall be added:"Article 18a1.Without prejudice to the competences of the Member States, with a view to assisting the authorities referred to in Article 1(1) to detect movements of goods that are the object of operations in potential breach of customs and agricultural legislation and means of transport, including containers, used for that purpose, the Commission shall establish and manage a directory of data received from public or private service providers active in the international supply chain. That directory shall be directly accessible to those authorities.2.In managing that directory, the Commission shall be empowered:(a)to access or extract the contents of the data, by any means or in any form, and to reuse data in compliance with legislation applicable to intellectual property rights; the terms and procedures for data access or extraction shall be governed by a technical arrangement between the Commission, acting on behalf of the Community, and the service provider;(b)to compare and contrast data that are accessible in or extracted from the directory, to index them, to enrich them from other data sources and to analyse them in compliance with Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such dataOJ L 8, 12.1.2001, p. 1.";;(c)to make the data in this directory available using electronic data-processing techniques to the authorities referred to in Article 1(1).3.The data referred to in this Article concern in particular movements of containers and/or means of transport and goods and persons concerned with those movements. Those shall include, where available, the following data:(a)for movements of containers:container number,container loading status,date of movement,type of movement (loaded, unloaded, transhipped, entered, left, etc.),name of vessel or registration of means of transport,number of voyage/journey,place,freight bill or other transport document;(b)for movements of means of transport:name of vessel or registration of means of transport,freight bill or other transport document,number of containers,weight of load,description and/or coding of goods,reservation number,seal number,place of first loading,place of final unloading,places of transhipment,expected date of arrival at place of final unloading;(c)for persons involved in the movements to which points (a) and (b) apply: the name, maiden name, forenames, former surnames, aliases, date and place of birth, nationality, sex and address;(d)for businesses involved in the movements to which points (a) and (b) apply: the business name, trading name, address of the business, registration number, VAT identification number and excise duties identification number and address of the owners, shippers, consignees, freight forwarders, carriers and other intermediaries or persons involved in the international supply chain.4.Within the Commission, only designated analysts shall be empowered to process personal data to which paragraphs 2(b) and 2(c) apply.Personal data which are not necessary for the purpose of achieving the aim in question shall be deleted immediately or have any identifying factors removed. In any event, they may be stored for no more than three years.Article 18b1.The Commission shall be authorised to provide training and all forms of assistance other than financial assistance for the liaison officers of third countries and of European and international organisations and agencies.2.The Commission may make expertise, technical or logistical assistance, training or communication activity or any other operational support available to the Member States both for the achievement of the objectives of this Regulation and in the performance of Member States’ duties in the framework of the implementation of the customs cooperation provided for by Articles 29 and 30 of the Treaty on European Union.
----------------------
OJ L 8, 12.1.2001, p. 1.";6.Article 19 shall be replaced by the following:"Article 19Provided that the third country concerned has legally committed itself to providing the assistance necessary to assemble all the evidence of the irregular nature of operations which appear to be in breach of customs or agricultural legislation or to determine the extent of the operations which have been found to be in breach of such legislation, information obtained pursuant to this Regulation may be communicated to it:by the Commission or by the Member State concerned, subject, where appropriate, to the prior agreement of the competent authorities of the Member State which provided it, orby the Commission or the Member States concerned within the framework of a joint action if information is provided by more than one Member State, subject to the prior agreement of the competent authorities of the Member States which provided it.Such communication by a Member State shall be made in compliance with its domestic provisions applicable to the transfer of personal data to third countries.In all cases, it shall be ensured that the rules of the third country concerned offer a degree of protection equivalent to that provided for in Article 45(1) and (2).";7.in Article 20(2), point (d) shall be deleted;8.Article 23 shall be amended as follows:(a)paragraph 2 shall be replaced by the following:"2.The aim of the CIS, in accordance with the provisions of this Regulation, shall be to assist in preventing, investigating and prosecuting operations which are in breach of customs or agricultural legislation by making information available more rapidly and thereby increasing the effectiveness of the cooperation and control procedures of the competent authorities referred to in this Regulation.";(b)in paragraph 3, the terms "in Article K.1(8)" shall be replaced by the terms "in Articles 29 and 30";(c)in paragraph 4, the words "the procedure set out in Article 43(2)" shall be replaced by the words "the regulatory procedure with scrutiny referred to in Article 43(2)";(d)paragraph 5 shall be deleted;9.in Article 24, the following points shall be added:"(g)goods detained, seized or confiscated;(h)cash as defined in Article 2 of Regulation (EC) No 1889/2005 of the European Parliament and of the Council of 26 October 2005 on controls of cash entering or leaving the CommunityOJ L 309, 25.11.2005, p. 9."; detained, seized or confiscated.
----------------------
OJ L 309, 25.11.2005, p. 9.";10.Article 25 shall be replaced by the following:"Article 251.The items to be included in the CIS relating to each of the categories referred to in Article 24(a) to (h) shall be determined in accordance with the regulatory procedure with scrutiny referred to in Article 43(2) to the extent that this is necessary to achieve the aim of the System. Personal data may under no circumstances appear in the category referred to in Article 24(e).2.With regard to the categories referred to in Article 24(a) to (d), the items of information to be included in respect of personal data shall comprise no more than:(a)name, maiden name, forenames, former surnames and aliases;(b)date and place of birth;(c)nationality;(d)sex;(e)number and place and date of issue of the identity papers (passports, identity cards, driving licences);(f)address;(g)particular objective and permanent physical characteristics;(h)a warning code indicating any history of being armed or violent or of having escaped;(i)reason for inclusion of data;(j)suggested action;(k)registration number of the means of transport.3.With regard to the category referred to in Article 24(f), the items of information to be included in respect of personal data shall comprise no more than the experts’ names and forenames.4.With regard to the categories referred to in Article 24(g) and (h), the items of information to be included in respect of personal data shall comprise no more than:(a)name, maiden name, forenames, former surnames and aliases;(b)date and place of birth;(c)nationality;(d)sex;(e)address.5.In all cases, no personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning the health or sex life of an individual shall be included.";11.Article 27 shall be replaced by the following:"Article 271.Personal data which are included in the categories referred to in Article 24 shall be included in the CIS solely for the purposes of the following suggested actions:(a)sighting and reporting;(b)discreet surveillance;(c)specific checks; and(d)operational analysis.2.Personal data which are included in the categories referred to in Article 24 may be included in the CIS only if, in particular on the basis of prior illegal activities or of information provided by way of assistance, there is a real indication that the person in question has carried out, is carrying out or is about to carry out operations in breach of customs or agricultural legislation which are of particular relevance at Community level.";12.Article 34(3) shall be replaced by the following:"3.To ensure the correct application of the data protection provisions of this Regulation, the Member States and the Commission shall regard the CIS as a personal data-processing system which is subject to:national provisions implementing Directive 95/46/EC,Regulation (EC) No 45/2001, andany more stringent provisions of this Regulation.";13.Article 35 shall be replaced by the following:"Article 351.Subject to Article 30(1), CIS partners shall be prohibited from using personal data from the CIS for any purpose other than that stated in Article 23(2).2.Data may be duplicated only for technical purposes, provided that such duplication is required for the purpose of searches carried out by the authorities referred to in Article 29.3.Personal data included in CIS by a Member State or the Commission may not be copied in data-processing systems for which the Member States or the Commission are responsible, except in systems of risk management used to direct national customs controls or in an operational analysis system used to coordinate actions at Community level.In that case, only the analysts designated by the national authorities of each Member State and those designated by Commission services shall be empowered to process personal data obtained from the CIS within the framework respectively of a risk management system used to direct customs controls by national authorities or an operational analysis system used to coordinate actions at Community level.Member States shall send the Commission a list of the risk management departments whose analysts are authorised to copy and process personal data entered in the CIS. The Commission shall inform the other Member States accordingly. It shall also provide all Member States with the corresponding information regarding its own services responsible for operational analysis.The list of designated national authorities and Commission services shall be published for information by the Commission in the Official Journal of the European Union.Personal data copied from the CIS shall be kept only for the time necessary to achieve the purpose for which they were copied. The need for their retention shall be reviewed at least annually by the copying CIS partner. The storage period shall not exceed 10 years. Personal data which are not necessary for the continuation of the analysis shall be deleted immediately or have any identifying factors removed.";14.the second subparagraph of Article 36(2) shall be replaced by the following:"In any event, access may be denied to any person whose data are processed during the period in which actions are carried out for the purposes of sighting and reporting or discreet surveillance and during the period in which the operational analysis of the data or administrative enquiry or criminal investigation is ongoing.";15.Article 37 shall be amended as follows:(a)paragraph 2 shall be replaced by the following:"2.Any person may ask any national supervisory authority provided for in Article 28 of Directive 95/46/EC or the European Data Protection Supervisor provided for in Article 41(2) of Regulation (EC) No 45/2001 for access to the personal data concerning him in order to check that they are accurate and what use has been or is being made of them. This right shall be governed by the laws, regulations and procedures of the Member State in which the request is made or by Regulation (EC) No 45/2001, as the case may be. If the data were included by another Member State or by the Commission, the check shall be carried out in close cooperation with the national supervisory authority of that other Member State or with the European Data Protection Supervisor.";(b)the following paragraph shall be inserted:"3a.The European Data Protection Supervisor shall supervise compliance of the CIS with Regulation (EC) No 45/2001.";(c)paragraph 4 shall be replaced by the following:"4.The European Data Protection Supervisor shall convene a meeting at least once a year with all national data protection supervisory authorities competent for CIS-related supervisory issues.";16.in Title V, the title of Chapter 7 shall be replaced by the following: "Data security";17.in Article 38(1), the following point shall be added:"(c)by the Commission for the Community elements of the common communication network.";18.the following Title shall be inserted:"TITLE VaCUSTOMS FILES IDENTIFICATION DATABASECHAPTER 1Establishment of a customs files identification databaseArticle 41a1.The CIS shall also include a specific database called the "Customs files identification database" (FIDE). Subject to the provisions of this Title, all the provisions of this Regulation relating to the CIS shall also apply to the FIDE, and any reference to the CIS shall include that database.2.The objectives of the FIDE shall be to help to prevent operations in breach of customs legislation and of agricultural legislation applicable to goods entering or leaving the customs territory of the Community and to facilitate and accelerate their detection and prosecution.3.The purpose of the FIDE shall be to allow the Commission, when it opens a coordination file within the meaning of Article 18 or prepares a Community mission in a third country within the meaning of Article 20, and the competent authorities of a Member State designated as regards administrative enquiries in accordance with Article 29, when they open an investigation file or investigate one or more persons or businesses, to identify the competent authorities of the other Member States or the Commission departments which are or have been investigating the persons or businesses concerned, in order to achieve the objectives specified in paragraph 2 by means of information on the existence of investigation files.4.If the Member State or the Commission making a search in the FIDE needs fuller information on the registered investigation files on persons or businesses, it shall ask for the assistance of the supplier Member State.5.The customs authorities of the Member States may use the FIDE within the framework of customs cooperation provided for in Articles 29 and 30 of the Treaty on European Union. In such a case, the Commission shall ensure the technical management of the database.CHAPTER 2Operation and use of the FIDEArticle 41b1.The competent authorities may enter data from investigation files in the FIDE for the purposes defined in Article 41a(3) concerning cases which are in breach of customs legislation or agricultural legislation applicable to goods entering or leaving the customs territory of the Community and which are of particular relevance at Community level. The data shall cover only the following categories:(a)persons and businesses which are or have been the subject of an administrative enquiry or a criminal investigation by the relevant service of a Member State, andare suspected of committing or of having committed a breach of customs or agriculture legislation or of participating in or of having participated in an operation in breach of such legislation,have been the subject of a finding relating to such an operation, orhave been the subject of an administrative decision or an administrative penalty or judicial penalty for such an operation;(b)the field concerned by the investigation file;(c)the name, nationality and details of the relevant service in the Member State and the file number.The data referred to in points (a), (b) and (c) shall be introduced separately for each person or business. The creation of links between those data shall be prohibited.2.The personal data referred to in paragraph 1(a) shall consist only of the following:(a)for persons: the name, maiden name, forename, former surnames and alias, date and place of birth, nationality and sex;(b)for businesses: the business name, trading name, address of the business, VAT identification number and excise duties identification number.3.Data shall be entered for a limited period in accordance with Article 41d.Article 41c1.The introduction and consultation of data in the FIDE shall be reserved exclusively to the authorities referred to in Article 41a.2.Any consultation of the FIDE must specify the following personal data:(a)for persons: the forename and/or name and/or maiden name and/or former surnames and/or alias and/or date of birth;(b)for businesses: the business name and/or trading name and/or VAT identification number and/or excise duties identification number.CHAPTER 3Storage of dataArticle 41d1.The period for which data may be stored shall depend on the laws, regulations and procedures of the Member State supplying them. The following are the maximum periods, calculated from the date of entry of the data in the investigation file, which may not be exceeded:(a)data concerning current investigation files may not be stored for more than three years without any operation in breach of customs and agricultural legislation being observed; data must be deleted before that time limit if one year has elapsed since the last observation;(b)data concerning administrative enquiries or criminal investigations in which an operation in breach of customs and agricultural legislation has been established but which have not given rise to an administrative decision, a conviction or an order to pay a criminal fine or an administrative penalty may not be stored for more than six years;(c)data concerning administrative enquiries or criminal investigations which have given rise to an administrative decision, a conviction or an order to pay a criminal fine or an administrative penalty may not be stored for more than 10 years.These periods shall not be cumulative.2.At all stages of an investigation file as referred to in paragraph 1(a), (b) and (c), as soon as a person to whom, or a business to which, Article 41b applies is cleared of suspicion under the laws, regulations and procedures of the supplier Member State, data concerning that person or business shall immediately be deleted.3.The FIDE shall delete the data automatically as soon as the maximum storage period provided for in paragraph 1 has elapsed.";19.Title VI shall be replaced by the following:"TITLE VIFINANCINGArticle 42a1.This Regulation is the basic act on which the financing of all Community action provided for herein is based, including:(a)all costs of installing and maintaining the permanent technical infrastructure making available to the Member States the logistical, office automation and IT resources to coordinate joint customs operations, in particular special surveillance operations provided for in Article 7;(b)the reimbursement of transport, accommodation and daily allowance costs of representatives of the Member States taking part in the Community missions provided for in Article 20, joint customs operations organised by or jointly with the Commission and training courses, ad hoc meetings and preparatory meetings for administrative investigations or operational actions conducted by the Member States, where they are organised by or jointly with the Commission.Where the permanent technical infrastructure referred to in point (a) is used for the purposes of the customs cooperation provided for in Articles 29 and 30 of the Treaty on European Union, the transport, accommodation costs and the daily allowances of the representatives of the Member States shall be borne by the Member States;(c)expenditure relating to the acquisition, study, development and maintenance of computer infrastructure (hardware), software and dedicated network connections, and to related production, support and training services for the purpose of carrying out the actions provided for in this Regulation, in particular preventing and combating fraud;(d)expenditure relating to the provision of information and expenditure on related actions allowing access to information, data and data sources for the purpose of carrying out the actions provided for in this Regulation, in particular preventing and combating fraud;(e)expenditure relating to use of the CIS provided for in instruments adopted under Articles 29 and 30 of the Treaty on European Union and in particular in the Convention on the use of information technology in customs matters drawn up by the Council Act of 26 July 1995OJ C 316, 27.11.1995, p. 33.";, in so far as those instruments provide that that expenditure shall be borne by the general budget of the European Union.2.Expenditure relating to the acquisition, study, development and maintenance of the Community components of the common communication network used for the purposes of paragraph 1(c) shall also be borne by the general budget of the European Union. The Commission shall conclude the necessary contracts on behalf of the Community to ensure the operational nature of those components.3.Without prejudice to the expenses relating to the operation of the CIS and the amounts provided for by way of compensation pursuant to Article 40, the Member States and the Commission shall waive all claims for the reimbursement of expenditure relating to the supply of information or of documents or to the implementation of an administrative investigation or of any other operational action pursuant to this Regulation which are carried out at the request of a Member State or the Commission, except as regards the allowances, if any, paid to experts.
----------------------
OJ C 316, 27.11.1995, p. 33.";20.Article 43 shall be amended as follows:(a)paragraph 2 shall be replaced by the following:"2.Where reference is made to this paragraph, Article 5a(1) to (4) and Article 7 of Decision 1999/468/EC shall apply, having regard to the provisions of Article 8 thereof.";(b)paragraph 3 shall be replaced by the following:"3.The following measures, designed to amend non-essential elements of this Regulation, inter alia, by supplementing it, shall be adopted in accordance with the regulatory procedure with scrutiny referred to in paragraph 2:(a)decisions on items to be included in the CIS as provided for in Article 25;(b)determination of operations concerning the application of agricultural legislation in respect of which information is to be entered in the CIS, as provided for in Article 23(4).";(c)paragraph 4 shall be replaced by the following:"4.The committee shall examine all matters relating to the application of this Regulation which may be raised by its chairman, either on his own initiative or at the request of the representative of a Member State, in particular concerning:the general working of the mutual assistance arrangements provided for in this Regulation,the adoption of practical arrangements for forwarding the information referred to in Articles 15, 16 and 17,the information sent to the Commission pursuant to Articles 17 and 18 to ascertain if anything can be learnt from it, to decide on the measures required to put an end to practices found to be in breach of customs or agricultural legislation and, where appropriate, to suggest amendments to existing Community provisions or the drafting of additional ones,the organisation of joint customs operations, in particular special surveillance operations provided for in Article 7,the preparation of investigations carried out by the Member States and coordinated by the Commission and Community missions as provided for in Article 20,measures taken to safeguard the confidentiality of information, in particular personal data, exchanged under this Regulation, other than that provided for in Title V,the implementation and proper operation of the CIS and all the technical and operational measures required to ensure the security of the system,the need to store information in the CIS,the measures taken to safeguard the confidentiality of information entered in the CIS under this Regulation, particularly personal data, and to ensure compliance with the obligations of those responsible for processing,the measures adopted pursuant to Article 38(2).";(d)paragraph 5 shall be replaced by the following:"5.The committee shall examine all problems with the operation of the CIS which are encountered by the national supervisory authorities referred to in Article 37. The committee shall meet in its ad hoc formation at least once a year.";21.in Articles 44 and 45(2), the terms "in Title V on the CIS" shall be replaced by the terms "in Titles V and Va";22.the following Article shall be inserted:"Article 51aThe Commission, in cooperation with the Member States, shall report each year to the European Parliament and to the Council on the measures taken in implementation of this Regulation.";23.Article 53 shall be amended as follows:(a)the numbering of paragraph 1 shall be deleted;(b)paragraph 2 shall be deleted.Article 2This Regulation shall enter into force on the third day following its publication in the Official Journal of the European Union.This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Strasbourg, 9 July 2008.For the European ParliamentThe PresidentH.-G. PötteringFor the CouncilThe PresidentJ.-P. Jouyet