Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52024PC0280

Proposal for a COUNCIL DECISION on the signing, on behalf of the Union, of an Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters

COM/2024/280 final

Brussels, 10.7.2024

COM(2024) 280 final

2024/0154(NLE)

Proposal for a

COUNCIL DECISION

on the signing, on behalf of the Union, of an Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters


EXPLANATORY MEMORANDUM

The present proposal concerns the signature of an Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters (hereafter “the Agreement”).

1.CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

The European Union Agency for Criminal Justice Cooperation (Eurojust) coordinates investigations and prosecutions of serious cross-border crime in Europe and beyond. As the European Union’s (EU) hub for judicial cooperation in criminal matters, Eurojust supports national investigating and prosecuting authorities.

In a globalised world, the need for cooperation between judicial authorities involved in the investigation and prosecution of serious crimes does not stop at Union borders. With the increase of cross-border crime, it is crucial to obtain information from outside one’s jurisdiction. Therefore, Eurojust should be able to cooperate closely and exchange personal data with judicial authorities of selected third countries to the extent necessary for the accomplishment of its tasks within the framework of the requirements set out in Regulation (EU) 2018/1727 1 (hereafter “Eurojust Regulation). At the same time, it is important to ensure that adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals are in place for the protection of personal data.

Eurojust can exchange operational personal data with third countries where one of the requirements set out in Article 56(2) points (a) to (c), of the Eurojust Regulation is met:

·The Commission has decided pursuant to Article 57 that the third country or international organisation in question ensures an adequate level of protection, or in the absence of such an adequacy decision, appropriate safeguards have been provided for or exist in accordance with Article 58(1), or in the absence of both an adequacy decision and of such appropriate safeguards, a derogation for specific situations applies pursuant to Article 59(1);

·a cooperation agreement allowing for the exchange of operational personal data has been concluded before 12 December 2019 between Eurojust and the third country or international organisation, in accordance with Article 26a of Decision 2002/187/JHA 2 ; or

·an international agreement has been concluded between the Union and the third country or international organisation pursuant to Article 218 of the Treaty on the Functioning of the European Union (TFEU), that provides for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals.

At present, Eurojust has cooperation agreements based on Article 26a of Decision 2002/187/JHA, which allow for exchanges of personal data, in place with Montenegro, Ukraine, Moldova, Liechtenstein, Switzerland, North Macedonia, the USA, Iceland, Norway, Georgia, Albania and Serbia. Under Article 80(5) of the Eurojust Regulation these cooperation agreements remain valid.

Since the entry into application of the Eurojust Regulation on 12 December 2019 and pursuant to the Treaties, the Commission is responsible, on behalf of the Union, for negotiating international agreements with third countries for the cooperation and exchange of personal data with Eurojust. In so far as necessary for the performance of its tasks, in line with Chapter V of the Eurojust Regulation, Eurojust may establish and maintain cooperative relations with external partners through working arrangements. However, these cannot by themselves be a legal basis for the exchange of personal data.

In order to strengthen the judicial cooperation between Eurojust and selected third countries, the Commission adopted a Recommendation for a Council Decision authorising the opening of negotiations for Agreements between the European Union and Algeria, Armenia, Bosnia and Herzegovina, Egypt, Israel, Jordan, Lebanon, Morocco, Tunisia and Turkey on cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of those third States 3 .

The Council granted that authorisation on 1 March 2021 and adopted a set of negotiating directives and appointed a special committee to assist the Council in this task 4 .

Negotiations with Lebanon began in December 2022. After the second and last round of negotiations, which was held in July 2023, the negotiators reached a preliminary agreement on 11 October 2023. The chief negotiators initialled the draft text of the Agreement on [xx.xx.xxxx].

Consistency with existing policy provisions in the policy area

The Agreement was negotiated taking into account the comprehensive negotiating directives adopted by the Council together with the authorisation to negotiate on 1 March 2021. The present Agreement is also consistent with existing Union policy in the area of judicial cooperation.

In recent years, progress was made to improve the exchange of information cooperation between Member States and between Union agencies and third countries. Regulation (EU) 2023/2131 amending Regulation (EU) 2018/1727 and Council Decision 2005/671/JHA, as regards the digital information exchange in terrorism cases, 5 strengthens the framework for cooperation with third countries on the side of Eurojust by providing for a solid legal basis for the secondment of a third country liaison prosecutor to Eurojust and the cooperation with Eurojust.

Also, Regulation (EU) 2022/838 amending Regulation (EU) 2018/1727, as regards the collection, preservation and analysis of evidence relating to genocide, crimes against humanity and war crimes at Eurojust, 6 has a strong nexus to third countries. Both legislative acts underline the importance of close cooperation with third countries to investigate and prosecute serious crimes. 

Consistency with other Union policies

The proposal is also consistent with other Union policies.

Judicial cooperation in criminal matters was one of the actions set out in the first EU-Lebanon Action Plan 7 , which supported the implementation of the Euro-Mediterranean Agreement establishing an association between the European Community and its Member States and the Republic of Lebanon, which entered into force on 1 April 2006. Particular attention was paid to judicial cooperation in the context of combating terrorism and organised crime. The development of judicial cooperation in criminal matters between Lebanon’s and EU member states’ courts was one of the planned actions.

In the EU-Lebanon Partnership Priorities adopted at the EU-Lebanon Association Council on 11 November 2016 8 , both parties agreed that for the stability of Lebanon, progress on good governance and the rule of law is required. The EU committed itself to cooperate with Lebanon for the promotion of shared values of democracy and the rule of law and the pursuit of reform in the justice system, as well as the fight against corruption.

Lebanon has been the beneficiary of several EU-funded projects in justice reform and strengthening of the rule of law, including in the criminal justice sector.

In the 9 February 2021 Joint Communication on the Renewed Partnership with the Southern Neighbourhood, A new Agenda for the Mediterranean, 9 strengthened judicial cooperation between the EU and the Southern Neighbourhood partner countries, with the assistance of Eurojust is planned, including through negotiating cooperation agreements between the EU and Southern Neighbourhood countries. It is recognised that major security threats such as terrorism, hybrid threats as well as cybercrime and organised crime that destabilise the region can only be addressed through joint efforts.

Existing Commission strategic documents underpin the necessity of improving the efficiency and effectiveness of law enforcement and judicial cooperation in the EU, as well as of expanding the cooperation with third countries. These include, among others, the Security Union Strategy 10 , the Counter-Terrorism Agenda for the EU 11 , and the EU Strategy to tackle organised crime 12 .

In line with these strategic documents, international cooperation has also been enhanced in the area of law enforcement. Based on the authorisation by the Council 13 , the Commission has negotiated an Agreement with New Zealand on the exchange of personal data with the European Union Agency for Law Enforcement Cooperation (Europol).

At the same time, it is crucial that judicial cooperation with third states is fully in line with the fundamental rights enshrined in the EU Treaties and in the Charter of Fundamental Rights of the European Union.

One particularly important set of safeguards, notably those included in Chapter II of the Agreement, concerns the protection of personal data, which in the EU is a fundamental right. In accordance with Article 56(2), point (c), of the Eurojust Regulation, Eurojust may transfer personal data to an authority of a third country based on an international agreement concluded between the Union and that third country pursuant to Article 218 TFEU adducing adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals.

Chapter II of the Agreement provides for such safeguards, including in particular provisions ensuring a number of data protection principles and obligations that must be respected by both Parties (Articles 10ff.) as well as provisions ensuring enforceable individual rights (Article 14ff.), independent supervision (Article 21) and effective administrative and judicial redress for violations of the rights and safeguards recognised in the Agreement resulting from the processing of personal data (Article 22).

It is necessary to strike a balance between enhancing security and safeguarding human rights, including data and privacy. The Commission ensured that the Agreement provides a legal basis for the exchange of personal data for judicial cooperation in criminal matters while providing for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals.

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

Article 218(5) of the Treaty on the Functioning of the European Union (TFEU) provides for decisions ‘authorising the signing of the agreement and, if necessary, its provisional application before entry into force.’ Since the proposal’s aim is to receive an authorisation to sign the Agreement, the procedural legal basis is Article 218(5) TFEU.

The substantive legal basis depends primarily on the objective and content of the envisaged act. If the envisaged act pursues two aims or has two components and if one of those aims or components is identifiable as the main one, whereas the other is merely incidental, a legal act must be founded on a single substantive legal basis, namely that required by the main or predominant aim or component. The proposal has two main aims and components, namely the cooperation between Eurojust and Lebanon in criminal matters as well as the establishing adequate safeguards with respect to the protection of privacy and other fundamental rights and freedoms of individuals for this cooperation. Thus, the substantive legal basis needs to be Article 16(2) and Article 85 TFEU.

Therefore, this proposal is based on Article 16(2) and Article 85 TFEU in conjunction with Article 218(5) TFEU.

Subsidiarity (for non-exclusive competence)

The Eurojust Regulation lays down specific rules regarding transfers of personal data by Eurojust outside of the EU. Article 56(2) thereof lists situations where Eurojust can lawfully transfer personal data to judicial authorities of third countries. It follows from the provision that for structural transfers of personal data by Eurojust to Lebanon the conclusion of a binding international agreement between the EU and Lebanon, adducing adequate safeguards with respect to the protection of privacy and other fundamental rights and freedoms of individuals is required. In accordance with Article 3(2) TFEU, the Agreement thus falls within the exclusive external competence of the Union. Therefore, this proposal is not subject to subsidiarity check.

Proportionality

The Union’s objectives with regard to this proposal as set out above can only be achieved by entering into a binding international agreement providing for the necessary cooperation measures, while ensuring appropriate protection of fundamental rights. The provisions of the agreement are limited to what is necessary to achieve its main objectives. Unilateral action of the Member States towards Lebanon does not represent an alternative, as Eurojust has a unique role. Unilateral action would also not provide a sufficient basis for judicial cooperation between Eurojust and third countries and would not ensure the necessary protection of fundamental rights.

Choice of the instrument

In accordance with Article 56 of the Eurojust Regulation, in the absence of an adequacy finding Eurojust may engage in the structural transfer of operational personal data to a third country only based on an international agreement pursuant to Article 218 TFEU that provides for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals (Article 56(3)(c)). In accordance with Article 218(5) TFEU, the signing of such an agreement is authorised by a decision of the Council.

3.RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Ex-post evaluations/fitness checks of existing legislation

Not applicable.

Stakeholder consultations

Not applicable.

Collection and use of expertise

In the process of the negotiation, the Commission did not use external expertise.

Impact assessment

Not applicable.

Regulatory fitness and simplification

Not applicable.

Fundamental rights

The exchange of personal data and its processing by the authorities of a third country constitutes an interference with the fundamental rights to privacy and data protection. However, the Agreement ensures the necessity and proportionality of any such interference by guaranteeing the application of adequate data protection safeguards to the personal data transferred, in line with EU law.

Chapter II provides for the protection of personal data. On that basis, Articles 9 to 20 set out fundamental data protection principles, including purpose limitation, data quality and rules applicable to the processing of special categories of data, obligations applicable to controllers, including on retention, keeping of records, security and as regards onward transfers, enforceable individual rights, including on access, rectification and automated decision-making, independent and effective supervision as well as administrative and judicial redress.

The safeguards cover all forms of processing of personal data in the context of the cooperation between Eurojust and the Republic of Lebanon. The exercise of certain individual rights can be delayed, limited or refused where necessary and proportionate, taking into account the fundamental rights and interests of the data subject, on important public interest grounds, in particular to prevent risks to an ongoing criminal investigation or prosecution. This is in line with Union law.

Also, both the European Union and the Republic of Lebanon will ensure that an independent public authority responsible for data protection (supervisory authority) oversees matters affecting the privacy of individuals in order to protect the fundamental rights and freedoms of natural persons in relation to the processing of personal data under the Agreement.

In accordance with Article 29(3) of the Agreement, the Agreement shall not apply until both parties have notified each other of the fulfilment of the obligations contained in the Agreement, including those related to the protection of personal data, and this notification has been accepted. In addition to that, and to further strengthen the safeguards for the protection of personal data, article 29(4) of the Agreement states that a Party shall postpone the transfer of personal data for as long as the other Party has not provided for in law, and implemented in practice, the safeguards and obligations contained in Chapter II of the Agreement (Information exchange and data protection), or ceases to provide for such safeguards.

In addition to Article 29(4), Article 32(2) of the Agreement provides for the possibility to suspend the transfer of personal data in case of a systematic or material breach of the terms of the Agreement, or if such a breach is imminent. Furthermore, Article 32(3) similarly provides for the possibility to suspend, following consultation of the other Party, the application of the Agreement itself, in whole or in part, in case of an existing or imminent material breach or non-fulfilment of its terms. The combined provisions of Articles 29 and 32 ensures that the transfers of personal data may not start until all the necessary safeguards are effectively provided for and may be swiftly delayed or suspended should the necessary conditions cease to be met.

Furthermore, the Agreement guarantees that the exchange of personal data between Eurojust and the Republic of Lebanon is consistent with both the principle of non-discrimination and Article 52(1) of the Charter, which ensure that interferences with fundamental rights guaranteed under the Charter are limited to what is strictly necessary to genuinely meet the objectives of general interest pursued, subject to the principle of proportionality.

4.BUDGETARY IMPLICATIONS

There are no budgetary implications for the Union budget.

5.OTHER ELEMENTS

Implementation plans and monitoring, evaluation and reporting arrangements

There is no need for an implementation plan, as the Agreement will enter into force on the first day of the second month following the month during which both Parties have notified each other that the respective procedures have been completed.

With regard to monitoring, the European Union and the Republic of Lebanon shall jointly review the implementation of the Agreement one year after the date of entry into application, and at regular intervals thereafter, and additionally if requested by either Party and jointly decided. Moreover, the Parties shall jointly evaluate the Agreement four years after the date of entry into application.

Detailed explanation of the specific provisions of the proposal

Article 1 includes the objectives of the Agreement.

Article 2 defines the scope of the cooperation.

Article 3 includes the definitions of important terms of the Agreement.

Article 4 establishes the obligation of Lebanon to designate at least one contact point within its domestic competent authorities, who cannot be identical to the Liaison Prosecutor. A contact point shall be designated also for terrorism matters.

Article 5 provides for the secondment of the Liaison Prosecutor to Eurojust.

Article 6 provides for the conditions for the participation of representatives of Lebanon in operational and strategic meetings at Eurojust.

Article 7 provides that Eurojust may assist Lebanon to establish Joint Investigation Teams and may be requested to provide financial or technical assistance.

Article 8 provides for the option of Eurojust to post a Liaison Magistrate to Lebanon.

Article 9 sets out the purposes of data processing under the Agreement.

Article 10 lists the general data protection principles applicable under the Agreement.

Article 11 guarantees additional safeguards for the processing of special categories of personal data and different categories of data subject.

Article 12 limits fully automated decision-making using personal data transferred under the Agreement.

Article 13 restricts the onward transfer of the personal data received.

Article 14 provides for the right of access, including to obtain confirmation on whether personal data relating to the data subject are processed under the Agreement as well as essential information on the processing.

Article 15 provides for the right to rectification, erasure, and restriction of processing, under certain conditions.

Article 16 provides for the notification of a personal data breach affecting personal data transferred under the Agreement, ensuring that the respective competent authorities notify each other as well as their respective supervisory authority of such breach without delay, and to take measures to mitigate its possible adverse effects.

Article 17 provides for the communication to the data subject of a personal data breach likely to have a serious effect upon his or her rights and freedoms.

Article 18 includes rules as regards storage, review, correction and deletion of personal data.

Article 19 requires the keeping of logs of the collection, alteration, access, disclosure including onward transfers, combination and erasure of personal data.

Article 20 includes obligations regarding data security, ensuring the implementation of technical and organizational measures to protect personal data exchanged under this Agreement.

Article 21 requires effective supervision and enforcement of compliance with the safeguards set out in the Agreement, ensuring that there is an independent public authority responsible for data protection (supervisory authority) to oversee matters affecting the privacy of individuals, including the domestic rules relevant under the Agreement to protect the fundamental rights and freedoms of natural persons in relation to the processing of personal data.

Article 22 provides for administrative and judicial redress, ensuring that data subjects have the right to effective administrative and judicial redress for violations of the rights and safeguards recognized in the Agreement resulting from the processing of their personal data.

Article 23 provides that the exchange and protection of EU classified and sensitive non-classified information is regulated by a working arrangement on confidentiality concluded between Eurojust and the competent authorities of Lebanon.

Article 24 provides for the responsibility of the competent authorities. E.g. the competent authorities shall be liable for any damage caused to an individual as a result of legal or factual errors in information exchanged.

Article 25 provides that, in principle, each Party shall bear its own expenses associated with the implementation of this Agreement.

Article 26 provides for the conclusion of a working arrangement between Eurojust and the competent authorities of Lebanon.

Article 27 provides for the relation with other international instruments, ensuring that the Agreement will not prejudice or affect the legal provisions with regard to the exchange of information foreseen in any treaty, agreement, or arrangement between Lebanon and any Member State of the European Union.

Article 28 provides for the notification of the implementation of the Agreement.

Article 29 provides for entry into force and application of the Agreement.

Article 30 provides for amendments to the Agreement.

Article 31 provides for the review and evaluation of the Agreement.

Article 32 provides for a settlement of disputes and suspension clause.

Article 33 includes provisions on the termination of the Agreement.

Article 34 provides for the way in which notifications in accordance with this Agreement are made.

Article 35 refers to the authentic texts.

2024/0154 (NLE)

Proposal for a

COUNCIL DECISION

on the signing, on behalf of the Union, of an Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2) and Article 85 in conjunction with Article 218(5) thereof,

Having regard to the proposal from the European Commission,

Whereas:

(1)Articles 47 and 52 of Regulation (EU) 2018/1727 of the European Parliament and of the Council 14 provide that Eurojust may establish and maintain cooperation with authorities of third countries based on a cooperation strategy.

(2)Article 56 of Regulation (EU) 2018/1727 of the European Parliament and of the Council also provides that Eurojust may transfer personal data to an authority of a third country inter alia based on an international agreement concluded between the Union and that third country pursuant to Article 218 of the Treaty on the Functioning of the European Union (TFEU), setting out adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals.

(3)On 1 March 2021, the Council authorised the Commission to open negotiations with the Republic of Lebanon for an agreement on cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters.

(4)The negotiations on the Agreement between the European Union and Lebanon on the cooperation between Eurojust and the authorities of Lebanon competent for judicial cooperation in criminal matters (‘the Agreement’) were successfully finalised, at the level of the negotiation teams, in July 2023. The text of the Agreement was initialled on [xx.xx.xxxx].

(5)The Agreement enables the transfer of personal data between Eurojust and the competent authorities of Lebanon, with a view to fighting serious crime and terrorism and protecting the security of the Union and its citizens.

(6)The Agreement ensures full respect of the Charter of Fundamental Rights of the European Union, in particular the right to respect for private and family life, recognised in Article 7, the right to the protection of personal data, recognised in Article 8, and the right to an effective remedy and a fair trial recognised by Article 47. In particular, the Agreement includes adequate safeguards for the protection of personal data transferred by Eurojust under the Agreement.

(7)Ireland is bound by Regulation (EU) 2018/1727 and is therefore taking part in the adoption of this Decision.

(8)In accordance with Articles 1 and 2 of Protocol No 22 on the position of Denmark, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Decision and is not bound by it or subject to its application.

(9)The European Data Protection Supervisor delivered its Opinion [xxx] on [xx.xx.xxxx].

(10)Therefore, the Agreement should be signed on behalf of the Union, subject to its conclusion at a later date,

(11)In accordance with the Treaties, it is for the Commission to ensure the signing of the Agreement, subject to its conclusion at a later date,

HAS ADOPTED THIS DECISION:

Article 1

The signing of the Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters (‘the Agreement’) is hereby approved on behalf of the Union, subject to the conclusion of the said Agreement.

The text of the Agreement to be signed is attached to this Decision.

Article 2

This Decision shall enter into force on the date of its adoption.

Done at Brussels,

   For the Council

   The President

(1)    Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA, OJ L 295, p. 138, 21.11.2018.
(2)    OJ L 063 , 06/03/2002 P. 0001 0013.
(3)    Recommendation for a Council Decision authorising the opening of negotiations for Agreements between the European Union and Algeria, Armenia, Bosnia and Herzegovina, Egypt, Israel, Jordan, Lebanon, Morocco, Tunisia and Turkey on cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of those third States, 19 November 2020, COM(2020) 743 final.
(4)    Council Decision authorising the opening of negotiations for Agreements between the European Union and Algeria, Argentina, Armenia, Bosnia and Herzegovina, Brazil, Colombia, Egypt, Israel, Jordan, Lebanon, Morocco, Tunisia and Turkey on cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of those third States, see 6153/21 + ADD 1, Council Decision adopted by written procedure on 1 March 2021 (CM 1990/21).
(5)    Regulation (EU) 2023/2131 of the European Parliament and of the Council of 4 October 2023 amending Regulation (EU) 2018/1727 of the European Parliament and of the Council and Council Decision 2005/671/JHA, as regards digital information exchange in terrorism cases.
(6)    Regulation (EU) 2022/838 of the European Parliament and of the Council of 30 May 2022 amending Regulation (EU) 2018/1727 as regards the preservation, analysis and storage at Eurojust of evidence relating to genocide, crimes against humanity, war crimes and related criminal offences.
(7)    Proposal for a Council Decision on the position to be adopted by the European Community and its Member States within the Association Council established by the Euro-Mediterranean Agreement establishing an association between the European Community and its Member States, of the one part, and the Republic of Lebanon, of the other part, with regard to the adoption of a Recommendation on the implementation of the EU-Lebanon Action Plan, COM/2006/0365 final. 
(8)    Decision No 1/2016 of the EU-Lebanon Association Council agreeing on EU-Lebanon Partnership Priorities.
(9)

    Joint Communication: Renewed partnership with the Southern Neighbourhood - A new agenda for the Mediterranean - JOIN(2021) 2 final.

(10)    COM(2020) 605 final, 24.7.2020.
(11)    COM(2020) 795 final, 9.12.2020.
(12)    COM(2021) 170 final, 14.4.2021.
(13)    Council Decision 7047/20, 23 April 2020, and Council Document CM 2178/20, 13 May 2020.
(14)    Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA, (OJ L 295, p. 138, 21.11.2018).
Top

Brussels, 10.7.2024

COM(2024) 280 final

ANNEX

to the Proposal for a

Council decision

on the signing, on behalf of the Union, of an Agreement between the European Union and the Republic of Lebanon on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters


ANNEX

(draft)

Agreement

between

the European Union and the Republic of Lebanon

on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the authorities of the Republic of Lebanon competent for judicial cooperation in criminal matters

THE EUROPEAN UNION, hereinafter referred to as ‘the Union’,

and

THE REPUBLIC OF LEBANON, hereinafter referred to as ‘Lebanon’

hereinafter jointly referred to as ‘the Parties’,

HAVING REGARD to Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust) and replacing and repealing Council Decision 2002/187/JHA 1 , “the Eurojust Regulation”, as applied in accordance with the Treaty on European Union and the Treaty on the Functioning of the European Union, in particular Article 47, Article 52 (1) and Article 56 (2) of the Eurojust Regulation,


HAVING REGARD, in particular, to Article 56 (2) point (c) of the Eurojust Regulation, which sets out the general principles for the transfer of personal data from Eurojust to third countries and international organisations, and pursuant to which Eurojust may transfer personal data to a third country based on an international agreement concluded between the Union and that third country pursuant to Article 218 of the Treaty on the Functioning of the European Union,

CONSIDERING the interests of both Eurojust and Lebanon in developing a close and dynamic judicial cooperation in criminal matters to address the challenges posed by serious crime, in particular organised crime and terrorism, while ensuring appropriate safeguards with respect to fundamental rights and freedoms of individuals, including privacy and the protection of personal data,

CONVINCED that judicial cooperation between Eurojust and Lebanon will be mutually beneficial and help develop the Union’s area of Freedom, Security and Justice; as well as Lebanon in tackling, in particular, corruption and money laundering/financial crime,

RESPECTING the Council of Europe Convention (ETS No 5) for the Protection of Human Rights and Fundamental Freedoms done at Rome on 4 November 1950, which is reflected in the Charter of Fundamental Rights of the European Union, and in the Constitution of Lebanon,

HAVE AGREED AS FOLLOWS:



Chapter I

Objectives, scope and common provisions

Article 1

Objectives

1.The overall objective of this Agreement is to enhance judicial cooperation between Eurojust and the competent authorities of Lebanon in combating serious crime.

2.This Agreement allows for the transfer of personal data between Eurojust and the competent authorities of Lebanon, in order to support and strengthen the action by the competent authorities of the Member States of the Union and those of Lebanon, as well as their cooperation in investigating and prosecuting serious crime, in particular organised crime and terrorism, while ensuring appropriate safeguards with respect to fundamental rights and freedoms of individuals, including privacy and the protection of personal data.

Article 2

Scope

The Parties shall ensure that Eurojust and the competent authorities of Lebanon cooperate in the fields of activities and within the competence and tasks of Eurojust, as set out in the Eurojust Regulation, as applied in accordance with the Treaty on European Union and the Treaty on the Functioning of the European Union, and in this Agreement.

Article 3

Definitions

For the purpose of this Agreement the following definitions apply:

(1)Eurojust means the European Union Agency for Criminal Justice Cooperation, established by the Eurojust Regulation including any subsequent amendments thereto;

(2)‘Member States’ means the Member States of the Union;

(3)competent authority means, for the Union, Eurojust and, for Lebanon a domestic authority with responsibilities under domestic law relating to the investigation and prosecution of criminal offences, including the implementation of judicial cooperation instruments in criminal matters; as listed in Annex II to this Agreement;

(4)Union bodies means institutions, bodies, offices and agencies as well as missions or operations established under the Common Security and Defence Policy, set up by, or on the basis of the Treaty on European Union and the Treaty on the Functioning of the European Union, as listed in Annex III to this Agreement;

(5)serious crime means the forms of crime with respect to which Eurojust is competent, in particular those listed in Annex I to this Agreement, including related criminal offences;

(6)‘related criminal offences’ means the criminal offences committed in order to procure the means of committing serious crimes, in order to facilitate or commit serious crimes or in order to ensure impunity for those committing serious crimes;

(7)‘Assistant’ means a person who may assist a National Member, as referred to in Chapter II, Section II, of the Eurojust Regulation, and the National Member’s Deputy, or the Liaison Prosecutor, as referred to in the Eurojust Regulation and in Article 5 of this Agreement respectively;

(8)‘Liaison Prosecutor’ means a person who holds the function of a public prosecutor, a judge or a person with equivalent competence in Lebanon in accordance with its domestic law and is seconded by Lebanon to Eurojust, pursuant to Article 5 of this Agreement;

(9)‘Liaison Magistrate’ means a magistrate as referred to in the Eurojust Regulation, posted by Eurojust to Lebanon pursuant to Article 8 of this Agreement;

(10)personal data means any data relating to a data subject;

(11)processing means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(12)‘data subject’ means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;

(13)genetic data means personal data relating to the genetic characteristics of an individual that have been inherited or acquired, which give unique information about the physiology or the health of that individual, resulting in particular from an analysis of a biological sample from the individual in question;

(14)‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;

(15)information means personal and non-personal data;

(16)personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

(17)‘Supervisory authority’ means, for the Union, the European Data Protection Supervisor and, for Lebanon, a domestic independent public authority responsible for data protection in accordance with Article 21, and which has been subject to notification pursuant to Article 28(3).


Article 4

Contact points

1.Lebanon shall designate at least one contact point within its domestic competent authorities to facilitate the communication and cooperation between Eurojust and the competent authorities of Lebanon. Lebanon shall designate that contact point as its contact point also for terrorism matters. The Liaison Prosecutor shall not be a contact point.

2.The contact point for Lebanon shall be notified to the Union. Lebanon shall inform Eurojust in the event that a contact point changes.

Article 5

Liaison Prosecutor and staff

1.To facilitate the cooperation provided for in this Agreement, Lebanon shall second a Liaison Prosecutor to Eurojust.

2.The Minister of Justice shall appoint the Liaison Prosecutor and his/her assistant(s). The mandate and the duration of the secondment of the Liaison Prosecutor shall be determined by Lebanon in agreement with Eurojust.

3.The Liaison Prosecutor may be assisted by one or more Assistants and other support staff, depending on the workload and in agreement with Eurojust. When necessary, the Assistants may replace the Liaison Prosecutor or act on the Liaison Prosecutor’s behalf.

4.Lebanon shall ensure that the Liaison Prosecutor and the Liaison Prosecutor’s Assistants are competent to act in relation to foreign judicial authorities.


5.The Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall have access to the information contained in the domestic criminal records, registers of arrested persons, investigation registers, DNA registers or other register(s) of public authorities of Lebanon where such information is necessary to fulfil their tasks, in accordance with its domestic law.

6.The Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall have the power to contact the competent authorities of Lebanon directly.

7.Lebanon shall inform Eurojust of the exact nature and extent of the judicial powers conferred to the Liaison Prosecutor and the Liaison Prosecutor’s Assistants within Lebanon to carry out their tasks in accordance with this Agreement.

8.The details of the tasks of the Liaison Prosecutor and the Liaison Prosecutor’s Assistants, their rights and obligations and the costs involved for Eurojust shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Lebanon in accordance with Article 26.

9.The working documents of the Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall be held inviolable by Eurojust.

Article 6

Operational and strategic meetings

1.The Liaison Prosecutor, the Liaison Prosecutor’s Assistants, and other representatives of competent authorities of Lebanon, including the contact points referred to in Article 4, may participate in meetings with regard to strategic matters upon the invitation of the President of Eurojust, and in meetings with regard to operational matters with the approval of the National Members concerned.

2.National Members, their Deputies and Assistants, the Administrative Director of Eurojust and Eurojust staff may attend meetings organised by the Liaison Prosecutor, the Liaison Prosecutor’s Assistant(s), or other representatives of competent authorities of Lebanon, including the contact points referred to in Article 4.



Article 7

Joint Investigation Teams

1.Eurojust may assist Lebanon to establish joint investigation teams (JITs) with the national authorities of a Member State pursuant to the legal basis applicable between them, enabling judicial cooperation in criminal matters, such as agreements on mutual assistance.

2.Eurojust may be requested to provide financial or technical assistance to operate a JIT that it supports operationally.

Article 8

Liaison Magistrate

1.For the purpose of facilitating judicial cooperation with Lebanon, Eurojust may post a Liaison Magistrate to Lebanon in accordance with the Eurojust Regulation.

2.The details of the Liaison Magistrate’s tasks, the Liaison Magistrate’s rights and obligations and the costs involved, shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Lebanon as referred to in Article 26.



Chapter II

Information exchange and data protection

Article 9

Purposes of processing personal data

1.Personal data requested and received under this Agreement shall be processed only for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, within the limits of Article 10(6) and the respective mandates of the competent authorities.

2.The competent authorities shall clearly indicate, at the latest at the moment of the transfer of personal data, the specific purpose or purposes for which the data are transferred.

Article 10

General data protection principles

1.Each Party shall provide for personal data transferred and subsequently processed under this Agreement to be:

(a)processed fairly, lawfully, in a transparent manner and only for the purposes for which they have been transferred in accordance with Article 9;

(b)adequate, relevant and not excessive in relation to the purpose(s) for which they are processed;

(c)accurate and where necessary, kept up to date; each Party shall provide that the competent authorities take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without undue delay;

(d)kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

(e)processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

2.The competent authority transferring the personal data (the “transferring authority”) may indicate, at the moment of transferring personal data, any restriction on access thereto or the use to be made thereof, in general or specific terms, including as regards their onward transfer, erasure or destruction after a certain period of time, or their further processing. Where the need for such restrictions becomes apparent after the transfer of personal data, the transferring authority shall inform the competent authority receiving the personal data (“the receiving authority”) accordingly.

3.Each Party shall ensure that the receiving authority complies with any restriction of the access to or the use of the personal data indicated by the transferring authority as referred to in paragraph 2.

4.Each Party shall provide that its competent authorities implement appropriate technical and organisational measures in order to be able to demonstrate that the data processing complies with this Agreement and that the rights of the data subjects concerned are protected.

5.Each Party shall comply with the safeguards provided for in this Agreement regardless of the nationality of the data subject concerned and without discrimination.

6.Each Party shall ensure that personal data transferred under this Agreement have not been obtained in violation of human rights recognised by international law binding on the Parties.

Each Party shall ensure that the personal data received are not used to request, hand down or execute a death penalty or any form of cruel or inhuman treatment. To facilitate compliance with the above provision, Lebanon will notify Eurojust of the list of criminal offences that are punishable by death in accordance with its national legal system, as well as any subsequent changes to that list.

7.Each Party shall ensure that a record is kept of all transfers of personal data under this Article and of the purposes of such transfers.

Article 11

Categories of data subjects and special categories of personal data

1.The transfer of personal data in respect of victims of a criminal offence, witnesses or other persons who can provide information concerning criminal offences shall be allowed only where strictly necessary and proportionate in individual cases for investigating and prosecuting a serious crime.

2.The transfer of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be allowed only where strictly necessary and proportionate in individual cases for investigating and prosecuting a serious crime.

3.The Parties shall ensure that the processing of personal data under paragraphs 1 and 2 is subject to additional safeguards, including restrictions of access, additional security measures and restrictions of onward transfers.

Article 12

Automated processing of personal data

Decisions based solely on automated processing of transferred personal data, including profiling, which produce an adverse legal effect on the data subject or significantly affect him or her, shall be prohibited, unless authorised by law for the investigation and prosecution of serious crime which provides appropriate safeguards for the rights and freedoms of the data subject, including at least the right to obtain human intervention.


Article 13

Onward transfer of the personal data received

1.Lebanon shall ensure that its competent authorities are prohibited from transferring personal data received under this Agreement to other authorities of Lebanon unless all of the following conditions are fulfilled:

(a)Eurojust has given its prior explicit authorisation;

(b)the onward transfer is only for the purposes for which the data were transferred in accordance with Article 9; and

(c)the transfer is subject to the same conditions and safeguards as those applying to the original transfer.

Without prejudice to Article 10(2), no prior authorisation is needed when personal data are shared among competent authorities of Lebanon.

2.Lebanon shall ensure that its competent authorities are prohibited from transferring personal data received under this Agreement to the authorities of a third country or to an international organisation, unless all of the following conditions are fulfilled:

(a)the onward transfer concerns personal data other than those covered by Article 11;

(b)Eurojust has given its prior explicit authorisation; and

(c)the purpose of the onward transfer is the same as the purpose of the transfer by Eurojust.

3.Eurojust shall give its authorisation pursuant to paragraph 2, point (b), only if and insofar as an adequacy decision, a cooperation agreement or an international agreement providing for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals, within the meaning of the Eurojust Regulation, in each case covering the onward transfer, is in place.

4.The Union shall ensure that Eurojust is prohibited from transferring personal data received under this Agreement to Union bodies not listed in Annex III, to the authorities of a third country or to an international organisation, unless all of the following conditions are fulfilled:

(a)the transfer concerns personal data other than those covered by Article 11;

(b)Lebanon has given its prior explicit authorisation;

(c)the purpose of the onward transfer is the same as the purpose of the transfer by the transferring authority of Lebanon; and

(d)in the case of an onward transfer to the authorities of a third country or to an international organisation, an adequacy decision, a cooperation agreement or an international agreement providing for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals within the meaning of the Eurojust Regulation, in each case covering the onward transfer, is in place.

The conditions referred to in the first subparagraph do not apply when the personal data are shared by Eurojust with Union bodies listed in Annex III or with authorities responsible in the Member States for investigating and prosecuting serious crime.

Article 14

Right of access

1.The Parties shall provide for the right of the data subject to obtain confirmation from the authorities processing the personal data transferred under this Agreement as to whether personal data relating to him or her are processed under this Agreement, and, where that is the case, access to at least information on the following:

(a)the purposes and legal basis for the processing, the categories of data concerned, and, where applicable, the recipients or categories of recipients to whom the personal data have been or will be disclosed;

(b)the existence of the right to obtain from the authority rectification or erasure, or restriction of the processing of personal data;

(c)where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;

(d)communication, using clear and plain language of the personal data undergoing processing and of any available information as to the sources of those data;

(e)the right to lodge a complaint with the supervisory authority referred to in Article 21 and its contact details.

In cases where the right of access referred to in the first subparagraph is exercised, the transferring authority shall be consulted on a non-binding basis before a final decision on the request for access is taken.

2.The Parties shall provide for the authority concerned to address the request without undue delay and in any case within three months of the receipt of the request.

3.The Parties may provide for the possibility of delaying, refusing or restricting the information referred to in paragraph 1, to the extent that and for as long as such delay, refusal or restriction constitutes a measure that is necessary and proportionate, taking into account the fundamental rights and interests of the data subject, in order to:

(a)avoid the obstruction of official or legal inquiries, investigations or procedures;

(b)avoid prejudice to the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;

(c)protect public security;

(d)protect national security; or

(e)protect the rights and freedoms of others, such as victims and witnesses.

4.The Parties shall provide for the authority concerned to inform the data subject in writing of:

(a)any delay, refusal or restriction of access and of the reasons therefore; and

(b)the possibility of lodging a complaint with the respective supervisory authority or of seeking a judicial remedy.

The information set out in the first subparagraph, point (a) of this paragraph, may be omitted where this would undermine the purpose of the delay, refusal or restriction under paragraph 3.

Article 15

Right to rectification, erasure or restriction

1.The Parties shall provide for any data subject to have the right to obtain from the authorities processing personal data transferred under this Agreement the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the right to obtain rectification includes the right to have incomplete personal data transferred under this Agreement completed.

2.The Parties shall provide for any data subject to have the right to obtain from the authorities processing personal data transferred under this Agreement the erasure of personal data concerning the data subject where the processing of the personal data infringes Article 10(1) or Article 11(2), or where the personal data have to be erased in order to comply with a legal obligation to which the authorities are subject.

3.The Parties may provide for the possibility of the authorities to grant restriction of processing rather than the rectification or erasure of personal data as referred to in paragraphs 1 and 2 where:

(a)the accuracy of the personal data is contested by the data subject and their accuracy or inaccuracy cannot be ascertained; or

(b)when the personal data have to be maintained for the purposes of evidence.

4.The transferring authority and the authority processing the personal data shall inform each other of cases referred to in paragraphs 1, 2 and 3. The authority processing the data shall rectify, erase or restrict the processing of the personal data concerned in accordance with the action taken by the transferring authority.

5.The Parties shall provide for the authority having received a request under paragraph 1 or 2 to inform the data subject in writing without undue delay that the personal data have been rectified, or erased, or that their processing has been restricted.

6.The Parties shall provide for the authority having received a request under paragraph 1 or 2 to inform the data subject in writing of:

(a)any refusal of the request and of the reasons therefor;

(b)the possibility of lodging a complaint with the respective supervisory authority; and

(c)the possibility of seeking a judicial remedy.

The information listed in the first subparagraph, point (a) of this paragraph, may be omitted under the conditions set out in Article 14(3).

Article 16

Notification of a personal data breach to the authorities concerned

1.The Parties shall provide, in the event of a personal data breach affecting personal data transferred under this Agreement, for their respective authorities to notify each other as well as their respective supervisory authority of that breach without delay, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons, and to take measures to mitigate its possible adverse effects.

2.The notification shall at least describe:

(a)the nature of the personal data breach, including, where possible, the categories and number of data subjects concerned and the categories and number of personal data records concerned;

(b)the likely consequences of the personal data breach;

(c)the measures taken or proposed to be taken by the authority processing the data to address the personal data breach, including the measures taken to mitigate its possible adverse effects.

3.Where, and in so far as, it is not possible to provide the information referred to in paragraph 2 at the same time, the information may be provided in phases without undue further delay.

4.The Parties shall provide for their respective authorities to document any personal data breach affecting personal data transferred under this Agreement, including the facts surrounding the breach, its effects and the remedial action taken, thereby enabling their respective supervisory authority to verify compliance with this Article.

Article 17

Communication of a personal data breach to the data subject

1.The Parties shall, where a personal data breach as referred to in Article 16 is likely to result in a high risk to the rights and freedoms of natural persons, provide for their respective authorities to communicate the personal data breach to the data subject without undue delay.

2.The communication to the data subject pursuant to paragraph 1 shall describe in clear and plain language the nature of the personal data breach and contain at least the elements provided for in Article 16 (2) points (b) and (c).

3.The communication to the data subject referred to in paragraph 1 shall not be required if:

(a)the personal data concerned by the breach were subject to appropriate technological and organisational protection measures that render the data unintelligible to any person who is not authorised to access them;

(b)subsequent measures have been taken which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise; or

(c)such communication would involve disproportionate effort, in particular owing to the number of cases involved. If so, the authority shall issue a public communication or similar measure whereby the data subjects are informed in an equally effective manner.

4.The communication to the data subject may be delayed, restricted or omitted under the conditions set out in Article 14(3).

Article 18

Storage, review, correction and deletion of personal data

1.The Parties shall provide for appropriate time limits to be established for the storage of personal data received under this Agreement or for a periodic review of the need for the storage of such data, so that such data are stored for no longer than is necessary for the purposes for which they are transferred.

2.In any case, the need for continued storage shall be reviewed no later than three years after the transfer of the personal data.

3.Where a transferring authority has reason to believe that personal data previously transferred by it are incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the receiving authority, which shall rectify or erase the personal data, and provide notification thereof to the transferring authority.

4.Where a competent authority has reason to believe that personal data previously received by it are incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the transferring authority, which shall provide its position on the matter.

Where the transferring authority concludes that the personal data is incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the receiving authority, which shall rectify or erase the personal data, and provide notification thereof to the transferring authority.

Article 19

Logging and documentation

1.The Parties shall provide for the keeping of logs or other documentation of the collection of, alteration of, access to, disclosure of, including onward transfer, combination and erasure of personal data. For greater certainty, they shall ensure that it is possible to verify and establish what personal data have been accessed, by whom and when.

2.The logs or documentation referred to in paragraph 1 shall be made available to the supervisory authority on request and shall be used only for verification of the lawfulness of data processing, self-monitoring and ensuring proper data integrity and security.

Article 20

Data security

1.The Parties shall ensure the implementation of technical and organisational measures to protect personal data transferred under this Agreement.

2.In respect of automated data processing, the Parties shall ensure the implementation of measures designed to:

(a)deny unauthorised persons access to data processing equipment used for processing personal data (“equipment access control”);

(b)prevent the unauthorised reading, copying, modification or removal of data media (“data media control”);

(c)prevent the unauthorised input of personal data and the unauthorised inspection, modification or deletion of stored personal data (“storage control”);

(d)prevent the use of automated data processing systems by unauthorised persons using data- communication equipment (“user control”);

(e)ensure that persons authorised to use an automated data processing system have access only to the personal data covered by their access authorisation (“data access control”);

(f)ensure that it is possible to verify and establish to which entities personal data may be or have been transmitted using data communication equipment (“communication control”);

(g)ensure that it is possible to verify and establish which personal data have been input into automated data processing systems and when and by whom the personal data were input (“input control”);

(h)prevent the unauthorised reading, copying, modification or deletion of personal data during their transfer or during transportation of data media (“transport control”);

(i)ensure that installed systems may, in the event of interruption, be restored immediately (“recovery”);

(j)ensure that the functions of the system perform without fault, that the appearance of faults in the functions is immediately reported (reliability) and that stored personal data cannot be corrupted by system malfunctions (“integrity”).

Article 21

Supervisory authority

1.The Parties shall provide for one or more independent public authorities responsible for data protection to oversee the implementation of, and ensure compliance with this Agreement, for the purpose of protecting the fundamental rights and freedoms of natural persons in relation to the processing of personal data.

2.The Parties shall ensure that:

(a)each supervisory authority acts with complete independence in performing its tasks and exercising its powers;

(b)each supervisory authority is free from external influence, whether direct or indirect, and neither seeks nor accepts instructions;

(c)the members of each supervisory authority have a secure term of office, including safeguards against arbitrary removal.

3.The Parties shall ensure that each supervisory authority has the human, technical and financial resources, premises, and infrastructure necessary for the effective performance of its tasks and exercise of its powers.

4.The Parties shall ensure that each supervisory authority has effective powers of investigation and intervention to exercise oversight over the bodies it supervises, and to engage in legal proceedings.

5.The Parties shall ensure that each supervisory authority has powers to hear and address complaints from individuals about the use of their personal data.


Article 22

Right to an effective judicial remedy

1.The Parties shall ensure that, without prejudice to any other administrative or non-judicial remedy, each data subject has the right to an effective judicial remedy where he or she considers that his or her rights guaranteed under this Agreement have been infringed as a result of the processing of his or her personal data in non-compliance with this Agreement.

2.The right to an effective judicial remedy shall include the right to compensation for any damage caused to the data subject by such processing as a result of a violation of the Agreement and under the conditions set out in the respective legal framework of each Party.



Chapter III

Confidentiality of information

Article 23
Exchange of EU classified or sensitive non-classified information

The exchange of Union classified or sensitive non-classified information, if necessary under this Agreement, and its protection shall be regulated by a working arrangement concluded between Eurojust and the competent authorities of Lebanon.



Chapter IV

Liability

Article 24

Liability and compensation

1.The competent authorities shall be liable, in accordance with their respective legal frameworks, for any damage caused to an individual as a result of legal or factual errors in information exchanged. In order to avoid liability under their respective legal frameworks vis-à-vis an injured individual, neither Eurojust nor the competent authorities of Lebanon may plead that the other had transferred inaccurate information.

2.If a competent authority has paid compensation to an individual under paragraph 1, and its liability was a result of its use of information which had been erroneously communicated by the other competent authority or communicated as a result of a failure on the part of the other competent authority to comply with its obligations, the amount paid as compensation shall be repaid by the other competent authority, unless the information was used in breach of this Agreement.

3.Eurojust and the competent authorities of Lebanon shall not require each other to repay compensation for punitive or non-compensatory damages.



Chapter V

Final provisions

Article 25

Expenses

The Parties shall ensure that the competent authorities bear their own expenses, which arise during the implementation of this Agreement, unless otherwise stipulated in this Agreement, in the working arrangement or in a separate arrangement.

Article 26

Working arrangement

1.The details of the cooperation between the Parties to implement this Agreement shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Lebanon in accordance with the Eurojust Regulation.

2.The working arrangement shall replace any existing working arrangement concluded between Eurojust and the competent authorities of Lebanon.

Article 27

Relation to other international instruments

This Agreement is without prejudice to, and shall not otherwise affect or impact any bilateral or multilateral agreement on cooperation or mutual legal assistance treaty, any other cooperation agreement or arrangement, or working level judicial cooperation relationship in criminal matters between Lebanon and any Member State.



Article 28

Notification of implementation

1.The Parties shall provide for each competent authority to make publicly available its contact details as well as a document setting out, using clear and plain language, information regarding the safeguards for personal data guaranteed under this Agreement, including information covering at least the items referred to in Article 14(1), points (a) and (c), and the means available for the exercise of the rights of data subjects. Each Party shall ensure that a copy of that document be provided to the other.

2.Where not already in place, the Parties shall provide in law for the safeguards and obligations contained in Chapter II (Information exchange and data protection), and the competent authorities shall adopt rules specifying how compliance with such provisions will be enforced in practice. A copy of those legal provisions and implementation rules shall be sent to the other Party and their respective supervisory authority.

3.The Parties shall notify each other of the supervisory authority responsible for overseeing the implementation of, and ensuring compliance with, this Agreement in accordance with Article 21.

Article 29

Entry into force and application

1.This Agreement shall be approved by the Parties in accordance with their own procedures.

2.This Agreement shall enter into force on the first day of the second month following the month during which both Parties have notified each other that the procedures referred to in paragraph 1 have been completed.

3.This Agreement shall apply as from the first day after the date on which all of the following conditions have been fulfilled:

(a)the Parties have signed a working arrangement referred to in Article 26;

(b)the Parties have notified each other that the obligations laid down in this Agreement have been fully implemented, including those laid down in Article 28; and 

(c)each Party has informed the notifying Party that the notification pursuant to point (b) of this subparagraph has been accepted.

The Parties shall notify each other in writing confirming the fulfilment of the conditions set out in the first subparagraph.

4.A Party shall postpone the transfer of personal data in the event that, and for as long as, the other Party ceases to provide for, and implement, the safeguards and obligations contained in Chapter II (Information exchange and data protection) of this Agreement.

Article 30

Amendments

1.This Agreement may be amended in writing, at any time, by mutual consent between the Parties by written notification exchanged between them.

2.Updates to the Annexes to this Agreement may be agreed between the Parties, by exchange of diplomatic notes.

Article 31

Review and evaluation

1.The Parties shall jointly review the implementation of this Agreement one year after the date of entry into application, and at regular intervals thereafter, and whenever requested by either Party and agreed between the Parties.

2.The Parties shall jointly evaluate this Agreement four years after the date of entry into application.

3.The Parties shall decide in advance on the details of the review and shall communicate to each other the composition of their respective teams. Each team shall include relevant experts on data protection and judicial cooperation. Subject to applicable laws, any participants in the review shall be required to respect the confidentiality of the discussions and to have appropriate security clearances. For the purposes of any review, the Parties shall ensure access to relevant documentation, systems and staff.

Article 32

Settlement of disputes and suspension

1.If a dispute arises in connection with the interpretation, application or implementation of this Agreement, and any matters related thereto, the representatives of the Parties shall enter into consultations and negotiations with a view to reaching a mutually agreeable solution.

2.Notwithstanding paragraph 1, a Party is entitled to suspend the transfer of personal data to another Party if it has substantial evidence that the other Party is in systematic or material breach of the terms of this Agreement or that a material breach is imminent. The suspending Party shall immediately inform the other Party thereof.

3.Notwithstanding paragraphs 1 and 2, in the event of a material breach or of non-fulfilment of obligations under this Agreement or, if there is an indication that such a material breach or non-fulfilment of obligations is likely to occur in the near future, either Party may suspend the application of this Agreement in whole or in part by written notification to the other Party.

Such written notification shall not be made until after the Parties have engaged in consultations during a reasonable period without reaching a resolution. Suspension shall take effect 20 days from the date of receipt of such notification. Such suspension may be lifted by the suspending Party upon written notification to the other Party. The suspension shall be lifted immediately upon receipt of such notification.

4.Notwithstanding any suspension pursuant to paragraph 2 or 3, information falling within the scope of this Agreement and transferred prior to its suspension shall continue to be processed in accordance with this Agreement.

Article 33

Termination

1.Either Party may notify in writing the other Party of its intention to terminate this Agreement. The termination shall take effect three months after the date of receipt of the notification.

2.Information falling within the scope of this Agreement transferred prior to its termination shall continue to be processed in accordance with this Agreement as in force on the date of termination.

3.In case of termination, the Parties shall agree on the continued use and storage of the information that has already been communicated between them. If no agreement is reached, either Party is entitled to require that the information which it has communicated be destroyed or returned to it.

Article 34

Notifications

1.Notifications made in accordance with Article 29(2) shall be sent:

(a)for Lebanon, to the Ministry of Justice of Lebanon;

(b)for the Union, to the Secretary-General of the Council of the European Union.

Any other notification made in accordance with this Agreement shall be sent:

(a)for Lebanon, to the Ministry of Justice of Lebanon;

(b)for the Union, to the European Commission.

2.The information about the addressee of notifications referred to in paragraph 1 might be updated through diplomatic channels.

Article 35

Authentic texts

This Agreement shall be drawn up in duplicate in the Bulgarian, Czech, Croatian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, Swedish and Arabic languages, all texts being equally authentic. In case of divergence, the English text shall prevail.

IN WITNESS WHEREOF, the undersigned Plenipotentiaries, duly authorised to this effect, have signed this Agreement.

For the European Union

For the Republic of Lebanon


ANNEX I

Forms of serious crime (Article 3, point (5))

terrorism,

organised crime,

drug trafficking,

money-laundering activities,

crime connected with nuclear and radioactive substances,

immigrant smuggling,

trafficking in human beings,

motor vehicle crime,

murder and grievous bodily injury,

illicit trade in human organs and tissue,

kidnapping, illegal restraint and hostage taking,

racism and xenophobia,

robbery and aggravated theft,

illicit trafficking in cultural goods, including antiquities and works of art,

swindling and fraud,

crime against the financial interests of the Union

insider dealing and financial market manipulation


racketeering and extortion,

counterfeiting and product piracy,

forgery of administrative documents and trafficking therein,

forgery of money and means of payment,

computer crime,

corruption,

illicit trafficking in arms, ammunition and explosives,

illicit trafficking in endangered animal species,

illicit trafficking in endangered plant species and varieties,

environmental crime, including ship-source pollution,

illicit trafficking in hormonal substances and other growth promoters.

sexual abuse and sexual exploitation, including child abuse material and solicitation of children for sexual purposes,

genocide, crimes against humanity and war crimes.

The forms of crime referred to in this Annex shall be assessed by the competent authorities of Lebanon in accordance with the law of Lebanon.



ANNEX II

Competent authorities of Lebanon and their competences

(Article 3, point (3))

The competent authorities of Lebanon to which Eurojust may transfer data are as follows:

Authority

Description of competences

Ministry of Justice

The Ministry of Justice is the central authority that receives the MLA requests from the Ministry of Foreign Affairs and transfers it to the General Prosecutor of the Court of Cassation.

General Prosecutor of the Court of Cassation

The General Prosecutor of the Court of Cassation is the Hierarchic president of all the Judges of the Prosecution Service, the reason why he shall receive all the International Requests of cooperation for cases relating to the Prosecution Service.

Criminal Courts and Judges

Criminal Courts are the Criminal Court of Cassation, the Courts of Felonies, the Chambers of Accusation, and the Courts of appeal for Misdemeanours in each Department of the Lebanese Territory.

The Criminal Judges are the Investigating Judges in each Department of the Lebanese Territory, and the Single Criminal Judges Competent on Misdemeanours Cases in each District.


ANNEX III

List of Union bodies

(Article 3, point (4))

Union bodies with which Eurojust can share personal data:

European Central Bank (ECB)

European Anti-Fraud Office (OLAF)

European Border and Coast Guard Agency (Frontex)

European Union Intellectual Property Office (EUIPO)

Missions or operations established under the Common Security and Defence Policy, limited to law enforcement and judicial activities

European Union Agency for Law Enforcement Cooperation (Europol)

European Public Prosecutor’s Office (EPPO)

(1)    Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ EU, 21.11.2018, L 295 p. 138).
Top