6.6.2009   

EN

Official Journal of the European Union

C 128/13

1.

On 30 May 2008, the Communication from the Commission to the European Parliament, the Council and the European Economic and Social Committee ‘Towards a European e-Justice Strategy’ (hereinafter further the Communication) was adopted. In accordance with Article 41 of Regulation (EC) No 45/2001, the EDPS submits the present opinion.

2.

The Communication aims to propose an e-Justice Strategy that intends to increase citizens’ confidence in the European area of justice. E-Justice's primary objective should be to help justice to be administered more effectively throughout Europe, for the benefit of the citizens. The EU's action should enable citizens to access information without being hindered by the linguistic, cultural and legal barriers stemming from the multiplicity of systems. A draft action plan and timetable for the various projects are annexed to the Communication.

3.

This opinion of the EDPS comments upon the Communication as far as it relates to the processing of personal data, the protection of privacy in the electronic communications sector and the free movement of data.

4.

The JHA Council (3) identified several priorities for the development of e-Justice in June 2007:

5.

Work on e-Justice has steadily progressed since then. In the opinion of the Commission, work done in this framework must ensure that priority be given to operational projects and to decentralised structures, while providing for coordination at European level, drawing on existing legal instruments and employing IT tools to improve their effectiveness. The European Parliament has also expressed its support for the e-Justice project (4).

6.

Both in the civil and in the criminal field, the use of modern information technologies has consistently been encouraged by the Commission. This led to instruments such as the European payment order. The Commission has been managing since 2003 the ‘portal’ of the European Judicial Network in civil and commercial matters, accessible to the citizens in 22 languages. The Commission has also designed and set up the European Judicial Atlas. These tools are precursory elements of a future European framework for e-Justice. In the criminal area, the Commission has worked on a tool aiming to permit the exchange of information extracted from criminal records of the Member States (5). Not only the Commission but also Eurojust has developed secure communication systems with national authorities.

7.

E-Justice intends to offer many opportunities to make the European judicial area more concrete for citizens in coming years. In order to set up an overall strategy for this important issue the Commission adopted the present Communication on e-Justice. The Communication lays down objective criteria for identifying priorities, especially for future projects at European level, in order to achieve concrete results within a reasonable time.

8.

The Commission staff working document, an accompanying document to the Communication with an executive summary of the Impact Assessment, gives also some background information (6). The Impact Assessment report has been prepared taking into account the reactions of the Member States, judicial authorities, legal professions, citizens and business. The EDPS has not been consulted. The Impact Assessment report gave preference to a policy option to address the problems that combines European dimension and national competence. The Communication has opted for this policy option. The strategy will focus on the use of videoconference, creation of an е-Justice portal, improvement of translation facilities by developing automatic online translation tools, improvement of communication between judicial authorities, increased interconnection between national registers and online tools for European procedures (e.g. European Payment Order).

9.

The EDPS supports the focus on the abovementioned actions. In general he supports a comprehensive approach of e-Justice. He endorses the threefold need to improve access to justice, cooperation between European legal authorities and the effectiveness of the justice system itself. As a result of this approach several institutions and persons are affected:

10.

The Communication is closely linked to the proposal of a Council decision on the establishment of the European Criminal Records Information System (ECRIS). On 16 September 2008, the EDPS adopted an opinion on this proposal (7). He supported the proposal, provided that a number of considerations were taken into account. In particular, he pointed out that additional data protection guarantees should compensate the current lack of a comprehensive legal framework on data protection in the field of cooperation between police and judicial authorities. He therefore emphasised the need for effective coordination in the data protection supervision of the system, which involves authorities of the Member States and the Commission as provider of the common communication infrastructure.

11.

Some recommendations of this opinion that are worth recalling are:

12.

These recommendations are still illustrative for the context in which the current Communication will be analysed.

13.

E-Justice has a very wide-ranging scope, including in general the use of ICT in the administration of justice within the European Union. This covers a number of issues like projects providing litigants with information in a more effective way. This includes online information on judicial systems, legislation and case law, electronic communication systems linking litigants and the courts and the establishment of fully electronic procedures. It covers also European projects like the use of electronic tools to record hearings and projects involving information exchange or interconnection.

14.

Even if the scope is very wide, the EDPS has noticed that there will be information on criminal proceedings and on civil and commercial judicial systems, but not on administrative judicial systems. And there will be a link to a Criminal and a Civil Atlas, but not to an Administrative Atlas, although it might be better to have access by citizens and enterprises to judicial administrative systems, i.e. administrative law and complaint procedures. Also a link to the Association of Councils of State should be provided for. These additions could be better for the citizens trying to find their way through the forest — which is often administrative law with all its tribunals — in order to become better informed on administrative judicial systems.

15.

Therefore, the EDPS recommends including administrative procedures in e-Justice. As part of this new element, e-Justice projects should be initiated to enhance the visibility of data protection rules as well as national data protection authorities, in particular in relation to the kinds of data processed in the framework of e-Justice This would be in line with the so-called ‘London initiative’, which was launched by data protection authorities in November 2006 and is aimed at ‘Communicating Data Protection and Making It More Effective’.

16.

Further to the increasing exchange of personal data between judicial authorities envisaged by the Communication, the applicable data protection legal framework acquires even more importance. In this context, the EDPS notes that, three years after the initial Commission proposal, the Council of the European Union adopted on 27 November the framework decision on the protection of personal data in the field of police and judicial cooperation in criminal matters (8). This new piece of legislation will provide a general data protection legal framework for ‘third pillar’ matters, in addition to the ‘first pillar’ data protection provisions of Directive 95/46/EC.

17.

The EDPS welcomes this legal instrument as a first considerable step forward for data protection in police and judicial cooperation. However, the level of data protection achieved in the final text is not fully satisfactory. In particular, the framework decision only covers police and judicial data exchanged between Member States, EU authorities and systems, and does not include domestic data. Furthermore, the adopted framework decision does not lay down the obligation to distinguish between different categories of data subjects, such as suspects, criminals, witnesses and victims, to ensure that their data are processed with more appropriate safeguards. It does not provide full consistency with Directive 95/46/EC, in particular with regard to limiting the purposes for which personal data may be further processed. Nor does it provide for an independent group of relevant national and EU data protection authorities, which could ensure both better coordination between data protection authorities as well as a substantive contribution to the uniform application of the Framework decision.

18.

This would mean that, in a context in which many efforts are put to develop common systems of cross-border exchange of personal data, divergences still exist with regard to the rules according to which these data are processed and the citizens can exercise their rights in different EU countries.

19.

Once again the EDPS recalls that ensuring a high level of data protection in police and judicial cooperation, as well as consistency with Directive 95/46/EC, represents a necessary complement to other measures introduced or envisaged to facilitate the cross-border exchange of personal data in law enforcement. This stems not only from the citizens’ right to the respect of the fundamental right to the protection of personal data, but also from the need of law enforcement authorities to ensure the quality of exchanged data — as confirmed by the annex to the Communication with regard to interconnection of criminal records — trust between authorities in different countries, and ultimately the legal validity of the evidence collected in a cross-border context.

20.

Therefore, the EDPS, encourages the EU institutions to take these elements specifically into account not only when implementing the measures envisaged in the Communication but also with a view to starting as soon as possible the reflections on further improvements of the legal framework for data protection in law enforcement.

21.

The EPDS acknowledges that exchanges of personal data are essential elements of the creation of an area of Freedom, Security and Justice. For that reason the EDPS supports the proposal to an e-Justice strategy, while highlighting the importance of data protection in this context. Indeed, respect for data protection is not only a legal obligation, but also a key element for success of the envisaged systems, e.g. ensuring quality of data exchanges. This is equally valid for the institutions and bodies when they process personal data as when new policies are developed. Rules and principles should be applied and followed in practice and especially taken into account in the design and building phase of information systems. Privacy and data protection are in essence ‘key success factors’ for a prosperous and balanced information society. It therefore makes sense to invest in them and do it as early as possible.

22.

In this context, the EDPS underlines that the Communication does not provide for a central European database. He welcomes the preference for decentralised architectures. The EDPS recalls that he issued an opinion on ECRIS (9) and on the Prüm Initiative (10). In his opinion on ECRIS, the EDPS expressed that a decentralised architecture avoids additional duplication of personal data in a central database. In his opinion on the Prüm Initiative, he advised to properly take into account the scale of the system when discussing the interconnection between databases. In particular specific formats for communication of data, such as online requests for criminal records, also taking into account the language differences, should be established, and the accuracy of the data exchanges should be constantly monitored. These elements should be taken into account also in the context of initiatives stemming from the e-Justice strategy.

23.

The European Commission intends to contribute to the reinforcement and development of e-Justice tools at European level, in close coordination with the Member States and other partners. At the same time as supporting Member States’ efforts, it intends to develop a number of computer tools on its own to increase the interoperability of systems, facilitate the public's access to justice and communication among judicial authorities and achieve substantial economies of scale at European level. As to interoperability of the software used by the Member States, not all Member States must necessarily use the same software — although this would be the most practical option — but the software must be fully interoperable.

24.

The EDPS recommends that the interconnection and interoperability of systems should duly take into account the purpose limitation principle and be built around data protection standards (privacy by design). Any form of interaction between different systems should be thoroughly documented. Interoperability should never lead to a situation where an authority, not entitled to access or use certain data, can obtain this access via another information system. The EDPS wants to stress again that interoperability should not by itself justify circumventing the purpose limitation principle (11).

25.

Furthermore, another crucial point is ensuring that enhanced trans-border exchange of personal data is accompanied by enhanced supervision and cooperation by data protection authorities. The EDPS has already highlighted, in his opinion of 29 May 2006 on the framework decision on the exchange of criminal records (12), that the proposed Framework decision should not only address the cooperation between the central authorities but also the cooperation between the various competent data protection authorities. This need has become even more important since the negotiations on the recently adopted framework decision on the protection of personal data processed in the framework of police and judicial cooperation (13) led to the deletion of the provision establishing a working group reuniting EU data protection authorities and coordinating their activities with regard to the processing of data in the framework of police and judicial cooperation in criminal matters. Therefore, with a view to ensure effective supervision as well as good quality of the trans-border circulation of data extracted from criminal records, mechanisms of effective coordination between data protection authorities should be provided (14). These mechanisms should also take into account the supervisory competence of the EDPS with regard to the s-TESTA infrastructure (15). E-justice tools could support these mechanisms which could be developed in close cooperation with the data protection authorities.

26.

In § 4.2.1, the Communication points out that it will be important for exchange of information extracted from criminal records to go beyond judicial cooperation so as to incorporate other objectives, e.g. access to certain posts. The EDPS stresses that any processing of personal data for purposes other than those for which they were collected should respect the specific conditions laid down by the applicable data protection legislation. In particular, processing of personal data for further purposes should be allowed only if it is necessary to pursue interests listed in Community data protection legislation (16) and provided that they are laid down by legislative measures.

27.

The Communication states, with regard to the interconnection of criminal records, that as part of preparations for the entry into force of the framework decision on the exchange of information extracted from criminal records, the Commission will launch two feasibility studies in order to organise the project as it develops and to extend the exchange of the information to cover third-country nationals convicted of criminal offences. In 2009, the Commission will provide the Member States with software designed to enable all criminal records to be exchanged within a short time frame. This reference system, combined with the use of s-TESTA to exchange information, will generate economies of scale because Member States will not have to do their own development work. It will also make it easier to run the project.

28.

In this perspective, the EDPS welcomes the use of the s-TESTA infrastructure, which has proved to be a reliable system for the exchange of data, and recommends that the statistical elements relating to the envisaged data-exchange systems should be defined in detail and duly take into account the need to ensure data protection supervision. For example, statistical data might explicitly include elements such as the number of requests for access or rectification of personal data, the length and the completeness of the update process, the quality of persons having access to these data as well as the cases of security breaches. Furthermore, statistical data and the reports based on them should be made fully available to competent data protection authorities.

29.

The use of automatic translation is a useful instrument and is likely to favour mutual understanding between relevant actors in Member States. However, the use of automatic translation should not result in diminishing the quality of the information exchanged, especially when this information is used to take decisions having legal effects for concerned persons. The EDPS points out that it is important to clearly define and circumscribe the use of the automatic translation. The use of automatic translation for the transmission of information which has not been accurately pre-translated, such as additional comments or specifications added in individual cases, is likely to affect the quality of the information transmitted — and thus of the decisions taken on their basis — and should in principle be excluded (17). The EDPS suggests taking into account this recommendation in the measures stemming from the Communication.

30.

The Communication wants to create a database of legal translators and interpreters so that there will be an improvement of the quality of legal translation and interpretation. The EDPS subscribes to this aim, but reminds that this database will be subject to the application of relevant data protection law. In particular, should the database contain evaluation data about the performance of translators, it might be subject to prior checking by competent data protection authorities.

31.

In paragraph 5, the Communication points out that responsibilities must be clearly allocated among the Commission, the Member States and other actors involved in judicial cooperation. The Commission will assume a general role of coordination by encouraging the exchange of practices and will design, set up and coordinate the information on the e-Justice portal. Besides, the Commission will continue to work to interconnect criminal records and will continue to assume direct responsibility for the civil legal network and support the criminal legal network. The Member States will have to update the information on their judicial systems that appears on the e-Justice site. Other actors are the civil and criminal legal networks and Eurojust. They will develop the tools necessary for more effective judicial cooperation, in particular automated translation tools and the secure exchanging system, in close contact with the Commission. A draft action plan and timetable for the various projects are annexed to the Communication.

32.

In this context, the EDPS underlines that in the ECRIS system on the one hand no central European database is established and no direct access to databases such as those containing criminal records of other Member States is foreseen, whilst on the other hand on the national level the responsibilities for correct information are centralised with the central authorities of the Member States. Within this mechanism, Member States are responsible for the operation of national databases and for the efficient performance of the exchanges. It is not clear whether they are responsible for the interconnection software or not. The Commission will provide the Member States with software designed to enable all criminal records to be exchanged within a short timeframe. This reference system will be combined with the use of s-TESTA to exchange information.

33.

The EDPS understands that also in the context of analogous e-Justice initiatives similar systems might be implemented and the Commission will be responsible for the common infrastructure, although this is not specified in the Communication. The EDPS suggests clarifying this responsibility in the measures stemming from the Communication, for reasons of legal certainty.

34.

The annex lists a series of projects to be developed during the next five years. The first project, Development of e-Justice pages, is about the e-Justice portal. The action needs a feasibility study and development of the portal. Besides this, it needs an implementation of management methods and online information in all EU languages. The second and the third project are about the interconnection of criminal records. Project 2 is about interconnection of national criminal records. Project 3, envisages the creation of a European register of convicted third-country nationals, further to a feasibility study and the submission of a legislative proposal. The EDPS notes that the latter project is no longer mentioned in the Commission work programme, and wonders whether this reflects a change in the Commission's envisaged projects or just a postponement of this specific project.

35.

The Communication also lists three projects in the area of electronic exchanges and three projects in the field of aid for translation. A pilot project will start on gradual compilation of comparative multilingual legal vocabulary. Other relevant projects relate to the creation of dynamic forms to accompany European legislative texts as well as fostering the use of videoconferencing by judicial authorities. Finally, as part of e-Justice forums, annual meetings will be held on e-Justice themes and training of legal professional in judicial cooperation will be developed. The EDPS suggests that such meetings and trainings pay sufficient attention to laws and practices on data protection.

36.

The annex therefore envisages a broad range of European tools, with a view to facilitating exchange of information between actors in different Member States. Among these tools, an important role will be played by the e-Justice portal, for which the Commission will be mainly responsible.

37.

A common characteristic of many of these tools will be that information, and personal data, will be exchanged and managed by different actors both at national and EU level, which are subjects to data protection obligations and supervisory authorities established on the basis of Directive 95/46/EC or Regulation (EC) No 45/2001. In this respect, as the EDPS has already made clear in his opinion on the Internal Market Information (IMI) system (18), it is essential to ensure that responsibilities with regard to compliance with data protection rules is ensured in an efficient and seamless way.

38.

This requires basically on the one hand that responsibilities for processing of personal data within these systems are clearly defined and allocated; on the other hand, that appropriate coordination mechanisms — especially with regard to supervision — are laid down whenever necessary.

39.

The use of new technologies is one of the cornerstones of the e-Justice initiatives: the interconnection of national registers, the development of electronic signature, secure networks, virtual exchange platforms and the enhanced use of videoconferencing will be essential elements of e-Justice initiatives in the course of the next years.

40.

In this context, it is essential that data protection issues are taken into account at the earliest possible stage and are embedded into the architecture of the envisaged tools. In particular, both the architecture of the system and the implementation of adequate security measures are especially important. This ‘privacy-by-design’ approach would allow that the relevant e-Justice initiatives provide for effective management of personal data while ensuring compliance with data protection principles and security of data exchanges between different authorities.

41.

Furthermore, the EDPS highlights that technology tools should be used not only to ensure the exchange of information, but also to enhance the rights of the persons concerned. In this perspective, the EDPS welcomes that the Communication refers to the possibility of citizens to request their criminal records online and in the language of their choice (19). With regard to this issue, the EDPS recalls that he welcomed, in his opinion on the Commission proposal on exchange of criminal records, the possibility for the person concerned to request information on his/her own criminal records to the central authority of a Member State, provided that the person concerned is or has been a resident or a national of the requested or requesting Member State. The idea of using as a ‘one-stop-shop’ the authority which is closer to the person concerned was also put forward by the EDPS in the area of coordination of social security systems. Therefore, the EDPS encourages the Commission to go further on the same path, by fostering technology tools — and, in particular, online access — allowing citizens to be in better control of their personal data even when they move between different Member States.

42.

The EDPS supports the present proposal to establish e-Justice and recommends taking into account the observations made in this opinion, which includes: