Accept Refuse

EUR-Lex Access to European Union law

This document is an excerpt from the EUR-Lex website

Document 52008DC0502

Report from the Commission to the Council - Second Monitoring and Evaluation Report on the Operation Council Common Position 2005/69/JHA

/* COM/2008/0502 final */

In force

52008DC0502

Report from the Commission to the Council - Second Monitoring and Evaluation Report on the Operation Council Common Position 2005/69/JHA /* COM/2008/0502 final */


[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |

Brussels, 1.8.2008

COM(2008) 502 final

REPORT FROM THE COMMISSION TO THE COUNCIL

Second Monitoring and Evaluation Report on the Operation Council Common Position 2005/69/JHA

REPORT FROM THE COMMISSION TO THE COUNCIL

Second Monitoring and Evaluation Report on the Operation Council Common Position 2005/69/JHA

INTRODUCTION

One of the key objectives of the Union is to provide citizens with a high level of safety within an area of freedom, security and justice. In order to achieve this aim, Member States need to cooperate more closely, particularly in respect of the exchange of information between their competent law enforcement authorities and between them and such authorities in third countries.

Issued and blank, stolen, lost or misappropriated passports are used to elude law enforcement with the objective of carrying out illicit activities capable of jeopardising the security of the Union and of each of the Member States. Meaningful action can only be taken at Union level by reason of the very nature of the threat.

All Member States are affiliated to the International Criminal Police Organisation (“Interpol”). In order to fulfil its mission, Interpol created a l database on stolen travel documents (SLTD) that permits Interpol’s members to share between themselves data on lost and stolen passports.

Common Position 2005/69/JHA obliges Member States to ensure that their competent law enforcement authorities exchange data on issued and blank passports that are stolen, lost or misappropriated and formatted for integration in a specific information system, whilst at the same time ensuring that the fundamental rights of data subjects are respected.

1. KEY REQUIREMENTS OF THE COMMON POSITION

The Common Position stipulates 5 obligations for Member States:

- To exchange all present and future passport data (as defined) with Interpol;

- To ensure that such data is exchanged with Interpol immediately after it has been entered into the national database or SIS;

- To only share such data with Interpol members that have an adequate level of protection for personal data and that respect the fundamental rights and liberties regarding the automatic processing of personal data;

- To ensure that their competent law enforcement authorities use the Interpol database to access such information when appropriate for the performance of their task and to set up the required infrastructures to facilitate consultation;

- To ensure that they take up the required action in case that a positive identification (hit) occurred.

2. PURPOSE OF THE REPORT AND METHOD OF EVALUATION

In 2006 the European Commission has submitted a report to the Council on the operation of the Common Position within the Member States[1] ("the 2006 Report"). The 2006 Report concluded that implementation of the Common Position by the Member States is still incomplete and made certain recommendations to the Member States. Therefore the Council instructed the Commission to submit a second report to assess the extent to which Member States have taken appropriate action in the meantime[2].

Pursuant to this task, on 1st June 2007 the Commission sent a questionnaire to the Member States,aimed at ascertaining the extent, mode and method of operation of the Common Position, as well as the improvements, if any, following the 2006 Report.

All Member States had returned answers to this questionnaire. Some of the information received by the Commission was ambiguous, incomplete, makes reference to domestic law and other provisions without providing further details, and has been provided on the basis of diverging interpretations of the questions asked by the Member States. Therefore, the Commission invited specialists from the Member States to a meeting, aimed at clarifying the replies to the questionnaire and drawing conclusions from such replies. The meeting was held in Brussels on 17 and 18 September 2007.

The present report provides an overview of the written replies to the questionnaire, as well as the oral explanations and information provided by the specialists of the Member States at the above meeting, and on that basis assesses the level of implementation of the Common Position.

3. SUMMARY OF REPLIES

3.1. Did your Member State implement the Common Position on exchanging certain data with Interpol (2005/69/JHA)?

- If the answer is positive, in what way did your Member States implement it? Please transmit the relevant implementing measure where appropriate.

- If the answer is negative, does your Member State intend to implement it?

- For the Member States which replied to the questionnaire on the implementation of the Common Position which was sent in 2006, has there been any change to your situation during the year 2006/2007?

The replies of the Member States to this question showed that all Member States have taken steps to implement the Common Position, but that implementation is at a variety of stages. Even though at the time of submitting their replies to the questionnaire, Latvia and Slovakia had not fully implemented the Common Position, they were expecting to do so by the end of 2007.The replies demonstrate that, in general, there has been significant progress in the implementation and operation of the Common Position since the 2006 Report.

3.2. Does your MS exchange all data on issued and blank passports that are stolen, lost and misappropriated with Interpol as required in Article 3(1) of CP 2005/69/JHA? If your Member State does not exchange such passport data with Interpol, please provide some indication of an approximate percentage of such exchange.

The replies indicate that 22 Member States exchange all the required passport data with Interpol, whilst 1 Member State will be doing so imminently. Some Member States go even further than the requirements of the Common Position and exchange information with Interpol as regards lost or stolen identity cards.

The type of data that is exchanged is not always as complete as is required under the Common Position in 3 Member States. More specifically, Poland provides data only on passports which are lost or stolen as a result of crime, Hungary only on stolen passports and Portugal only on blank stolen documents.

3.3. Does your MS pursuant to Art. 3 (3) of CP 2005/69/JHA exchange all passport data immediately also with Interpol after it has been entered in your relevant national database or the SIS (if your Member State participates in the latter)? For Member States which defer the sending of data to Interpol, please describe your workflows that cause the interval between the recording of data into your relevant database or, where relevant, into SIS and the sending to Interpol.

Article 3(3) of the Common Position requires that the data be entered in the Interpol database immediately upon their entry into the national database or the SIS. It is noted that the Common Position does not aim to regulate the period between the reporting of the passport as lost and the entry of the information into the national database.

The replies to the questionnaire indicate that only 11 Member States have achieved such immediate entry, while 2 Member States will be doing so once their infrastructure is operational. 8 Member States exchange such data with Interpol on a daily basis, which even if not ideal, may be an acceptable practice. Italy and Hungary exchange data on a monthly basis and the Czech Republic on a weekly basis.

3.4. Does your MS distinguish between Interpol members to share this data with and those not to share this data with according Art. 3 (1) of the CP 2005/69/JHA? On what grounds does your Member State decide to make such distinction or not? Is reciprocity a consideration? For those Member States which answered the questionnaire contained in the 2006 Report: did you modify your approach?

Articles 3(1) and 3(5) of the Common Position require Member States to only share passport data with Interpol members that have an adequate level of protection for personal data and respect the fundamental rights and liberties regarding the automatic processing of personal data. The replies to the questionnaire show that only the Netherlands distinguishes between Interpol members, while all other Member States do not make such a distinction.

The Member State that do not make such a distinction justified their approach on two grounds: (a) they consider that the information that is sent to Interpol, in particular the number of the passport, does not contain any personal data, and (b) they believe that they have an interest in locating any of their passports in any other country. Member States have clarified during the specialists meeting that the adequate level of protection for personal data and the respect of fundamental rights and liberties is considered as part of a risk assessment where they are faced with requests for confirmation of a positive identification or for provision of background information.

3.5. What modalities has your MS agreed upon with Interpol for exchanging all passport data in its possession pursuant to Art. 3 (2) of CP 2005/69/JHA? For those Member States which have not agreed any such modalities, do you consider the Interpol regulations sufficient? For those Member States which answered the questionnaire contained in the 2006 Report: did you deploy the agreed modalities to effectively transfer legacy data?

None of the Member States agreed special modalities for the exchange of passport data with Interpol. Member States seem to consider that the Interpol regulations and systems, like I-24/7, provide sufficient safeguards.

3.6. Which competent law enforcement authorities have the right to query the Interpol database for the purpose of this CP in your Member Stare, according to Art. 3 (4) of CP 2005/69/JHA, and for which tasks do they consult the database? For those Member States which have already indicated such authorities in the replies to the questionnaire contained in the 2006 Report, please specify the tasks for which these authorities consult the Interpol database.

In all cases police authorities have the right to query the Interpol database, except in Greece where only the Interpol National Bureau (NCB) has such right. It should be noted that in most Member States, the national intelligence services are considered to be part of the police authorities.

In most Member States, in addition to the police, other law enforcement authorities have the right to query the Interpol database. For example, the Boarder Guard and the Customs Service have the right to query the database in Poland, the Border Guard and the Migration Department in Latvia, the Border Police in Italy and the Royal Military Police in the Netherlands.

3.7. Has your Member State developed guidance and/or training on the cases where consultation of the Interpol database is deemed appropriate? For those Member States which have already indicated such development in the replies to the questionnaire contained in the 2006 Report, how does your Member State ensure that suitable appropriate consultation takes place?

The replies suggest that 17 Member States have developed some guidelines or training for the use of the Interpol database. In some other Member States general guidance is given to officers who have access to the database. In general, however, Member States seem to imply that the database is self-explanatory and that mere availability of the database is enough. They suggest that there is no special need for law enforcement authorities to be trained or guided in the use of the Interpol database.

3.8. Has your Member State already set up the infrastructure required to facilitate consultation according Art. 3(4) of the CP 2005/69/JHA)?

- If the answer is positive, please provide a description of the relevant infrastructure.

- For those Member States which replied to this question in the questionnaire contained in the 2006 Report, has there been a change in your situation since then?

- Do your competent authorities have direct access to the Interpol database? If the access is indirect, please describe the workflow.

Most Member States use the passport data in the Interpol database solely for investigation purposes. Only few Member States use the database for control purposes as well. The latter Member States provided or are in the process of providing access to border officers who are able to query the database manually or automatically at border crossings, using the I-24/7 and MIND & FIND tools provided by Interpol.

The replies suggest that Member States have not given a particularly proactive interpretation to Article 3(4), and for the most part consider that the simple provision of potential access to competent authorities is sufficient to satisfy the requirement set out in the Article. This seems at odds with the text of the Article, and particularly with Member States’ obligation to “ ensure ” law enforcement authorities consult the Interpol database where appropriate.

3.9. In addition to compliance with national legislation on data protection, does your Member States take any other measure to ensure an adequate level of protection of personal data in the relevant Interpol member country and the respect of fundamental rights and liberties regarding the automatic processing of personal data pursuant to Article 3(5) of the CP 2005/69/JHA? Have there been any complaints from individuals emanating from such an exchange of data?

The replies indicate that Member States do not take any special measures to ensure an adequate level of protection of personal data in the relevant Interpol member country and the respect of fundamental rights and liberties regarding the automatic processing of personal data, other than the Netherlands which limits the zones in which its data is available. All Member States consider that their national legislation is sufficient. Belgium, Cyprus, Bulgaria, Greece and Portugal consider that the passport data which is exchanged with Interpol is not personal data.

Member State did not report incidents of any complaints from citizens in relation to the exchange of data with Interpol.

3.10. Please provide statistics on the number of successful identifications (hits) made by your competent authorities against the Interpol database during the last 12 months. What is the average time your competent authorities have to wait to obtain a confirmation of the successful identification (hit) and to obtain background information following a hit?

Most Member States do not keep statistics of the number of positive identifications (hits) made by their competent authorities to the Interpol database, and were unable to provide any figures. Such data was made available by Interpol and showed that in the EU , between January and August 2007, there were 1,599 positive identifications, compared to 191 such identifications for the same period in 2005.

According to the replies to the questionnaire, the average time that competent authorities have to wait to obtain confirmation of a successful identification varied between “seconds” and “months” or even “no confirmation at all”, even though 13 Member States were not able to provide such averages at all.

The average time that competent authorities have to wait to obtain background information following a successful identification ranged between “24 hours” to “10 days” and to “no background information at all”. 17 Member States were not able to provide such statistics either because they do not have them or because the response time varies substantially depending on the third country concerned.

3.11. Please provide statistics on the average number of requests for confirmation of a successful identification (hit) that you were asked to make by competent authorities of other Member States following a hit against the Interpol database during the last 12 months. What is the average time for responding to such a request for confirmation and to provide background information following a hit?

The replies showed that 18 Member States do not keep statistics of the number of requests for confirmation of a successful identification that they receive from other Member States or from other Interpol member countries.The average time for responding to requests for confirmation of successful identifications varied between “minutes” and “few hours”, while the average time for providing background information was substantially longer, with one Member State noting that it may take up to 4 weeks.

4. CONCLUSIONS - SPECIFIC

In order to provide a general overview of the operation of the Common Decision, it is again necessary to return to the 5 core obligations of the Member States, as identified earlier.

4.1. To exchange all present and future passport data (as defined) with Interpol.

At the time of writing this report, it is assumed that all Member States have implemented the Common Position and exchange passport data with Interpol. This is verified by Interpol. This result shows that since the 2006 Report, all Member States took positive steps to comply with their obligations.

However, 3 Member States which do not exchange all the required types of passport data with Interpol. Namely, Poland provides data only on passports which are lost or stolen as a result of crime, Hungary only on stolen passports and Portugal only on blank stolen documents. On the other hand, in some cases Member States exceed the requirements of the Common Position by providing, for example, information on identity cards and driving licenses.

Some Member States communicated some problems as regards the operation of the Common Position and the Interpol database. Latvia noted that there is no specific field in the Interpol database for "alien's passport" and that this poses a problem whenever such an entry needs to be made. Portugal raised similar concerns as regards fraudulent passports and Germany as regards misappropriated documents which are neither lost nor stolen. Member States suggested as a solution to these problems, the adoption of the FADO dictionary/list both for the Common Position, as well as for the Interpol database purposes.

Irrespective of the identified problems, Interpol statistics show that entries to its database from the EU states for the period January to August 2007 were 11,237,207, compared to 6,150,494 for the same period in 2005. These figures proved the substantial improvement in the exchange of data since the 2006 Report. Further, the entries of the EU Member States for the above period represent more than two thirds of the total number of entries, which demonstrates the huge growth in participation in this system, as well as the key role that EU states now play in enhancing Interpol’s capabilities.

4.2. To ensure that such data is exchanged with Interpol immediately after it has been entered into the national database of SIS.

Despite the fact that the replies of the Member States indicate a positive development since the 2006 Report, there is scope for further improvement in the implementation by the Member States.

Only 11 Member States have achieved an immediate entry to the Interpol database, upon entry to the national database, and 2 other Member States are expected to be doing so very soon. 8 Member States exchange such data on a daily basis. However,, in the law enforcement field, time is of the essence and nothing short of an immediate entry can be considered sufficient. The provision of data on a monthly or weekly basis is totally inappropriate for the purposes of this Common Position.

It is important that Member States exchange data with Interpol immediately, as this will enhance the value of the information, and collectively the value of the entire exchange mechanism. It is recommended that the concerned Member States take steps to remedy their non-compliance with this requirement of the Common Position.

4.3. To only share such data with Interpol members that have an adequate level of protection for personal data.

Articles 3(1) and 3(5) of the Common Position request Member States to ensure that the exchange of passport data is subject to the requirement that the recipient Interpol country has an adequate level of protection of personal data and respect of fundamental rights regarding the automatic processing of personal data. Of all the Member States, only the Netherlands chose to limit the recipients of its passport data in order to comply with the above obligation of the Common Position.

All other Member States invoke two reasons for not limiting such access to their passport data. First, the majority of Member States have indicated that they do not consider passport numbers to constitute ‘personal data’. Therefore, they believe that contributions to or consultations of the Interpol database will not result in any exchange of personal data. On this basis, most Member States do not believe to be breaching their obligations under the Common Position when they do not limit access to their passport data. Second, they consider that, from a law enforcement point of view and for the benefit of their citizens, they have an interest in knowing when one of their passports is detected in other parts of the world. All Member States believe that considerations of data protection adequacy and fundamental rights should come into play only at the stage of following-up a positive identification (hit), either to confirm it or to provide background information. Such follow-up is done on a case-by-case basis after carrying out a risk assessment of the situation based on proportionality and necessity.

In the case blank passports, contribution to or consultation of the Interpol database will not result in any exchange of personal data, in which case the issue of ensuring an adequate level of data protection of the recipient does not come into play. In the case of issued passports, even if such contribution or consultation will involve only passport numbers, measures for the protection of personal data are necessary since data on an issued passport is information relating to an identifiable person.

The fact that only one Member State makes the effort to distinguish with which countries to share passport data, shows great willingness on the part of the Member States to be relatively free with exchange of their data, and a lack of concern as to whether or not the countries they share data with have adequate personal data protection in place or not. Where no personal data is exchanged, this practice is obviously acceptable. In all other cases, the Commission recommends to Member States to ensure respect of the requirements as regards the protection of personal data from the very beginning of contributing to or consulting with the Interpol database and to chose to limit the recipients of its data on issued passports in order to comply with the obligation of Articles 3(1) and 3(5) of the Common Position.

Further, Article 3(1) gives Member States the choice to only exchange passport data with other Interpol countries that also exchange such data. Even though most Member States considered that such reciprocal treatment is important, they again consider that it comes into play only at the stage of following-up a positive identification (hit).

4.4. To ensure that their competent law authorities use the Interpol database to access such information when appropriate for the performance of their task and to set up the required infrastructures to facilitate consultation

Despite the fact the Common Position imposes a proactive obligation on Member States to set up the required infrastructures and to ensure that their competent law enforcement authorities query the Interpol database where appropriate, they do not seem to have taken serious steps to comply with their obligation.

The replies seem to suggest that most Member States use the passport data in the Interpol database solely for investigation purposes, reflecting a prevailing attitude that by simply providing access to the Interpol database to its law enforcement authorities, they are ‘ensuring’ that this valuable information resource is in fact used. In some Member States the database is accessible only via the NCBs, while some others have provided access to some specially authorised and trained police staff.

However, in acting in such way, the Member States, in addition to non-complying with the Common Position, they are missing the real advantages of this database in the fight against serious and organised crime and terrorism.

Only few Member States have extended the use of the database to control purposes. The provision of direct access to the database to border control officers is essential in order to maximise the benefits of the Common Position, since that is the point when a searched passport is likely to show up.

Austria, France, Germany, Sweden, Cyprus, Finland, Poland, Lithuania, Luxembourg and Ireland have provided or are in the process of providing access to border officers who are able to query the database manually or automatically at border crossings. Access is usually given using the I-24/7 and MIND&FIND tools provided by Interpol. This practice is recommended as the optimum use of the Interpol database. The Commission further recommends to Member States to provide the Commission with a list of “competent law enforcement authorities” under national law within the meaning of Articles 1and 3 of the Common Position.

Even though it is clear that there is still a long way to go to achieve full compliance of all Member States with the obligation to provide access to the Interpol database, Interpol statistics show that there has been remarkable increase in the searches to the database which are carried out by the Member States. During the period January to August 2007 Member States have carried out 4,202,000 searches compared to 6,692 searches for the same period in 2005.

4.5. To ensure that they take up the required action in case that a positive identification (hit) occurred.

Despite the fact that few Member States were able to provide statistics and averages in their replies, a dedicated session during the meeting of specialists was able to identify some issues and suggest some recommendations on this matter.

The Member States drew a distinction between requests for a confirmation of a positive identification (hit) and the provision of background information where the request came as a result of an investigation or as a result of a border check. They all agreed that the speed of responding to the request is mostly relevant in the latter case where the rights of a citizen might be affected.

One of the key issues which the Member States identified as of outmost importance in the efficient and speedy following-up of successful identifications is the increase in the staff of NCBs in order to enable them to work on a 24/7 basis, and to provide access to NCBs to their national passport databases and images of the passport holders,. These two steps would help increase dramatically the quick and efficient follow-up of requests for confirmation of successful identifications.

The Member States also noted that they would welcome the adoption of some standards as regards such responses, like agreeing on a maximum response time. This could be adopted initially between Member States and later be extended to all Interpol member countries.

5. CONCLUSION - GENERAL

We have noticed a substantial improvement in the operation of the Common Position since the 2006 Report. Member States have taken various steps in order to comply with their obligations. However, the implementation of the Common Position in the fullest sense of the term is still incomplete and requires a more proactive and committed effort on the part of the Member States.

Appendix 1

INTERPOL STATISTICS

1. Member State Participation in the Stolen Travel Document Database

2005 | 2007 |

18 | 27 |

2. Individual Member State Contributions to the Stolen Travel Document Database

Member State | Number of Documents Contributed |

Austria | 113,769 |

Belgium | 342,104 |

Bulgaria | 63 |

Cyprus | 3,743 |

Czech Republic | 611,814 |

Denmark | 120 |

Estonia | 100,126 |

Finland | 90,251 |

France | 15,179 |

Germany | 1,969,842 |

Greece | 24,194 |

Hungary | 17,996 |

Ireland | 88,021 |

Italy | 3,016,320 |

Latvia | 88,095 |

Lithuania | 341,738 |

Luxembourg | 4,496 |

Malta | 1,652 |

Netherlands | 1,641,360 |

Poland | 626,826 |

Portugal | 10,386 |

Romania | 832,927 |

Slovakia | 65 |

Slovenia | 90,054 |

Spain | 224 |

Sweden | 163,541 |

United Kingdom | 1,042,301 |

TOTAL | 11,237,207 |

3. Number of Documents Registered in the Stolen Travel Document Database

2005 | 2007 |

EU Member States | 6,394,305 | 11,237,207 |

Non-EU States | 2,449,300 | 4,484,545 |

Total | 8,843,605 | 15,721,752 |

4. Number of Searches Made of the Stolen Travel Document Database

2005 | 2007 |

EU Member States | 8520 | 4,202,000 |

Non-EU States | 34,796 | 6,232,469 |

Total | 43,316 | 10,434,469 |

5. Number of Successful Hits on the Stolen Travel Document Database

2005 | 2007 |

EU Member States | 381 | 1,599 |

Non-EU States | 457 | 2,180 |

Total | 838 | 3,779 |

[1] COM(2006) 167

[2] 910/1/06 ENFOPOL 108 SIRIS 108, 8 June 2006

Top