EUR-Lex Access to European Union law

Back to EUR-Lex homepage

This document is an excerpt from the EUR-Lex website

Document 52021PC0177

Recommendation for a COUNCIL DECISION authorising the opening of negotiations for a cooperation agreement between the European Union and the International Criminal Police Organisation (ICPO-INTERPOL)

COM/2021/177 final

Brussels, 14.4.2021

COM(2021) 177 final

Recommendation for a

COUNCIL DECISION

authorising the opening of negotiations for a cooperation agreement between the European Union and the International Criminal Police Organisation (ICPO-INTERPOL)


EXPLANATORY MEMORANDUM

1. CONTEXT OF THE RECOMMENDATION

Terrorism and serious and organised crime are now increasingly dynamic, globalised, and complex phenomena that require a robust and coordinated response by the European Union’s law enforcement authorities. In addition, terrorism and serious crime are becoming increasingly mobile, transnational and cross-border phenomena. This requires engaging in deeper and more effective cooperation with international bodies, such as Interpol, that can provide a bridge between the EU and international law enforcement communities.

Context of the current EU-Interpol cooperation

The International Criminal Police Organisation (Interpol) 1 is the largest global criminal police inter-governmental organisation, with 194 member countries. It facilitates law enforcement cooperation, for example by enabling the sharing of and access to law enforcement-related data. Interpol has multiple cooperation agreements with a range of international organisations, in areas of mutual interest. All EU Member States are members of Interpol.

Since the adoption of its first Rules of Processing of Police Information in 1983, Interpol has updated its procedures over the years under the principle that respect for the privacy of individuals is core to information sharing in the context of law enforcement. Interpol’s current rules on processing personal data were recently updated in 2019. 2

The EU and Interpol already have long-standing and deep cooperation in a range of law enforcement-related areas. Interpol is a key partner for the EU in the field of internal and external security, including countering terrorism and organised crime, as well as in integrated border management.

For instance, Council Common Position 2005/69/JHA 3 calls on Member States to take the measures necessary to improve cooperation between their competent law enforcement authorities and between them and such authorities in third countries by exchanging passport data 4 with Interpol in order to prevent and combat serious and organised crime, including terrorism.

Interpol also participates actively in the operational implementation of the EU policy cycle/EMPACT 5 by supporting the operational actions of the Member States in cooperation with EU Justice and Home Affairs Agencies 6 , which work closely with Interpol based on a number of agreements or arrangements 7 . When the European Public Prosecutor’s Office (the EPPO) 8 was set up in 2017, a further EU body was created in the area of cross-border investigation and prosecution. Cooperation between the EPPO and Interpol needs to be set up and regulated, as the EPPO is due to become operational shortly.

Lastly, the EU is one of the largest donor of funds to Interpol. These funds are allocated to projects implemented by Interpol, or where Interpol is a project partner. In particular they are for information exchange, law enforcement, including border management cooperation and capacity building activities, and projects and programmes targeting a range of terrorism and serious crime areas, with a regional focus mostly on Africa, Asia and Latin America.

The need for a cooperation agreement between the EU and Interpol

The 2020 EU Security Union strategy 9 calls on the Member States to step up cooperation between the EU and Interpol, as essential to enhance cooperation and information exchange. The strategy recognises that Interpol, one of the largest inter-governmental criminal police organisations, has an important role to play in this respect. The Commission will therefore look at ways to step up cooperation with Interpol, including possible access to Interpol databases and strengthening operational and strategic cooperation. Furthermore, the 2020 EU Counter Terrorism Agenda 10 acknowledges that Interpol is a key partner on counterterrorism, for example due to their expertise in foreign terrorist fighters, that there are areas where cooperation should be set up or increased, and that several EU bodies are faced with the operational need to have access to Interpol databases to perform their tasks.

Despite existing cooperation with Interpol, there are areas where cooperation could and should be stepped up or even set up in new areas to address a series of indispensable operational needs and to implement existing legal acts, the aim being to better support Member States in preventing and combating terrorism and organised crime. These operational needs require concluding a cooperation agreement with Interpol.

The following paragraphs specify these needs in detail.

First there is a need for a new cooperation agreement between the European Union Agency for Law Enforcement Cooperation (Europol 11 ) and Interpol. Europol already has a cooperation agreement with Interpol that provides for the exchange of personal data, concluded in 2001 12 , well before the Europol Regulation came into force on 1 May 2017. However, this agreement does not give direct or indirect access by Europol to information and Interpol’s databases, in particular its Notices containing information on terrorists. 13 In addition, the Agency only exchanges information with Interpol and accesses Interpol’s databases for the performance of the Agency’s tasks through Interpol’s Liaison Officer at Europol or the Agency’s Liaison Officer at Interpol. A new agreement 14 governing relations between the Agency and Interpol is therefore needed both to take into account the latest developments in combating terrorism and cross-border and transnational serious organised crime and to manage present-day operational needs, Europol’s mandate 15 , and the EU’s latest data protection regime 16 .

Second, there is a need to ensure interoperability. The EU and Interpol have held exploratory talks on the need to enter into a cooperation agreement following the adoption of regulations 17 on interoperability between EU information systems in the fields of borders and visa and of police and judicial cooperation, asylum and migration, and the Regulation on the European Travel Information Authorisation System (ETIAS) 18 .

The interoperability and European Travel Information Authorisation System Regulations provide controlled access to two Interpol databases 19 by an EU Member State or an EU agency, via the European Search Portal (ESP). The two Interpol databases are the Stolen and Lost Travel Documents (SLTD) and the Travel Documents Associated with Notices (TDAWN) databases. These databases contain a large volume of data on third-country nationals’ travel documents. Using the databases can minimise information gaps, maximise positive matches and subsequently improve the operational results of the European Travel Information Authorisation System.

The above two regulations state that queries of Interpol databases must be carried out in a way that no information is revealed to the owner of the Interpol alert. A cooperation agreement with Interpol will provide the required legal basis, including data protection safeguards and guarantees, and authorising the European Search Portal to connect with Interpol databases. A cooperation agreement will also provide scope to establish a secure connection of the European Search Portal and the European Travel Information Authorisation System with Interpol’s IT infrastructure, enabling access to Interpol’s databases. The aim is to help prevent and investigate terrorist offences.

In the same context, the Commission issued a proposal 20 in 2018 to revise the Visa Information System Regulation 21 , which – similarly to the European Travel Information Authorisation System – will authorise automated queries of EU systems for border management and security, and of Interpol databases. In December 2020 the European Parliament and the Council reached a political agreement on this proposal; the formal adoption will follow in the coming months. The political agreement includes a similar provision as the provision contained in the European Travel Information Authorisation System Regulation. The revision of the Visa Information System regulation should therefore also be taken into account in the negotiations with Interpol for the conclusion of a cooperation agreement. This will also help prevent and investigate terrorist offences.

Third, law enforcement and judicial authorities need up-to-date information on criminals and crimes. Interpol manages a wide range of databases containing this information at a global scale, contributed by Interpol’s 194 member countries. Interpol’s 18 databases 22  contain over 100 million law enforcement records with information on individuals such as names and fingerprints, stolen property such as passports and vehicles, weapons and firearms.

This information is valuable for Europol, Frontex 23 , Eurojust and the EPPO to carry out their tasks in line with their mandates. It increases their effectiveness by providing operational added value, especially when supporting Member States in detecting, preventing and combating terrorism and other serious crimes. These sources of information enable the agencies and the EPPO to improve the accuracy and quality of information already available to them, to identify connections or other links between information, to close information gaps and thus to provide holistic and unified intelligence to the Member States. However, although the databases are directly accessible by EU Member States as member countries of Interpol, Frontex, Eurojust and the EPPO currently do not have access in line with their mandates (either direct access or on a hit/no-hit basis), due to the lack of an agreement with Interpol 24 .

Agency-specific issues are detailed below.

Europol

The Agency currently exchanges information with Interpol and accesses Interpol databases to carry out its tasks via Interpol’s Liaison Officer at Europol or the Agency’s Liaison Officer at Interpol, as part of the cooperation agreement in force between Europol and Interpol 25 . However, practice has shown that this procedure should be improved, accelerated and streamlined to facilitate swift access to this information, especially information in Interpol databases related to countering terrorism, notably its Notices containing information on terrorists. This would allow the operational support provided by Europol to the Member States – especially its analytical capability – to draw on information held by Interpol. Access to Interpol databases, either direct or indirect, would therefore improve operational cooperation, whilst duly taking into account of the restrictions imposed by the data owners.

Frontex

Frontex has the mandate to ensure integrated border management at the EU’s external borders, with a view to managing those borders efficiently and in full compliance with fundamental rights 26 . One of the components of the European integrated border management border control includes measures to facilitate legitimate border crossings and, where appropriate, measures related to preventing and detecting cross-border crime at external borders, in particular terrorism, migrant smuggling and trafficking in human beings 27 . In this context, there is an operational need for category 1 staff (statutory staff 28 ) of the Frontex standing corps to access Interpol databases to perform their tasks. More specifically, Article 82(1) of Regulation (EU) 2019/1896  provides that the members of category 1 teams must have the authority to perform tasks and exercise powers for border control 29 provided for in Regulation (EU) 2016/399 30 (Schengen Borders Code). This includes checking third-country nationals against Interpol databases (in particular the Stolen and Lost Travel Documents database) at the external borders, under Article 8(3), subparagraph (a), point (i) 31 , 8(3), subparagraph (a), point (ii) 32 and 6(1), point (e) 33 of the Schengen Borders Code. This will help prevent and investigate terrorist offences, especially in border checks at the external EU borders.

Eurojust

The Agency has an essential operational need to step up cooperation with Interpol 34 and acquire the legal basis to exchange personal data in order to perform its tasks 35 . More specifically, there is a need for structured and structural involvement of Interpol in Eurojust cases, including coordination meetings, coordination centres and joint investigation teams 36 . Especially when Eurojust’s support is sought to coordinate the implementation of judicial measures and individuals have to be arrested in third countries, the involvement of Interpol would bring added value, speed up the judicial process and facilitate the work of Eurojust 37 . There is also a need for Eurojust to exchange information with Interpol on suspected foreign terrorist fighters 38 , in particular taking into account the Counter Terrorism Register 39 at Eurojust. Interpol channels are already used to transmit extradition requests 40 and may soon be available for transmitting requests for mutual legal assistance 41 .

EPPO

The EPPO is an independent EU body responsible for investigating, prosecuting and bringing to judgment the perpetrators of, and accomplices to, criminal offences affecting the financial interests of the EU. It has the authority to undertake investigations, implement prosecution orders and exercise the functions of prosecutor in the competent courts of the Member States. In this context, the operational needs of the EPPO in terms of cooperation with Interpol are the same as those of any national investigatory and prosecutorial authorities in the Member States, which includes access to information held in Interpol databases 42 and exchanging information with Interpol and third countries via Interpol. This need has become even greater, given the cross-border nature of crimes for which the EPPO is competent and the need to cooperate with third countries. Moreover, the EPPO is expected to require the assistance of Interpol to facilitate information exchange, especially in relation to mutual legal assistance. Cooperation between the EPPO and Interpol has yet to be set up and regulated, in line with the provisions of EPPO’s mandate on cooperation with international organisations, in so far as necessary for it to carry out its tasks 43 .

The need for a cooperation agreement is also recognised and confirmed by Interpol and its members. The 88th Interpol General Assembly adopted in October 2019 Resolution 5, authorising Interpol’s General Secretariat to enter into negotiations with the EU to conclude a cooperation agreement.

Other forms of cooperation

In parallel, there is a need to cover other forms of cooperation with Interpol, which the Commission in cooperation with the High Representative for CFSP aspects will aim to maintain, on behalf of the EU, as part of a separate instrument with Interpol, based on Article 220 TFEU. This cooperation will be in line with Article 220(2) TFEU in terms of outlining the overall cooperation framework and setting up a framework for structured dialogue at senior and technical level, between the EU and Interpol. This cooperation will also provide the security services of the Commission, the European External Action Service, the Council and Parliament access to specific Interpol databases for background security checks, inquiries and internal investigations on third-country nationals, and authorising the Commission to enter and to issue controlled notifications of lost, stolen and revoked EU laissez-passers in Interpol’s Stolen and Lost Travel Documents database.

2.THE ENVISAGED COOPERATION AGREEMENT

The envisaged EU-Interpol cooperation agreement will pursue the following aims.

Regulate cooperation between Europol and Interpol, taking into account the latest developments in combating terrorism, cross-border and transnational serious, organised crime, the current operational needs, Europol’s mandate, and the EU’s latest data protection regime.

Provide the safeguards and guarantees needed to give controlled access to Interpol’s Stolen and Lost Travel Document (SLTD) and Travel Document Associated With Notices (TDAWN) databases via the European Search Portal, by EU Member States and EU agencies, as necessary to carry out their tasks, in line with their access rights, with EU or national law covering such access and in full compliance with EU data protection requirements and with fundamental rights.

Provide the necessary safeguards and guarantees to enable EU Member States and Frontex (its European Travel Information and Authorisation System Central Unit) to access Interpol databases via the European Search Portal in compliance with EU data protection requirements and with fundamental rights.

Provide the necessary safeguards and guarantees to implement a revised Visa Information System Regulation enabling EU Member States to access Interpol Stolen and Lost Travel Documents (SLTD) and the Travel Documents Associated with Notices (TDAWN) databases through the European Search Portal when examining applications for visas or residence permits, in full compliance with EU data protection requirements and with fundamental rights.

Set up and regulate cooperation between the European Public Prosecutor’s Office (‘the EPPO’), as established by Regulation (EU) 2017/1939 and Interpol, in line with their mandates, and in full compliance with EU data protection requirements and with fundamental rights.

Provide the legal basis to authorise Europol, Frontex category 1 staff (statutory staff of the standing corps) and EPPO to access relevant Interpol databases 44 to carry out their tasks, in full compliance with EU data protection requirements and with fundamental rights.

Provide the legal basis to authorise Eurojust and EPPO to exchange operational information with Interpol, in full compliance with EU data protection requirements and with fundamental rights.

All the aims listed above must fully comply with the EU data protection regime 45 .

3.EU COMPETENCE

Article 3(2) TFEU provides that the EU has exclusive competence “for the conclusion of an international agreement ... in so far as its conclusion may affect common rules or alter their scope.” An international agreement may affect common rules or alter their scope where the area covered by the agreement overlaps with EU legislation or is covered to a large extent by EU law. The European Union has adopted common rules based on Articles 16, 77, 79, 85, 86, 87(1),(2) and 88 of the Treaty on the Functioning of the European Union on the aspects to cover in the cooperation agreement.

The current European Union legal framework includes:

Regulations (EU) 2016/794, (EU) 2019/1896, (EU) 2018/1727, (EU) 2017/1939 on Europol, Frontex, Eurojust and the EPPO, respectively, including provisions for cooperation with international organisations such as Interpol;

Regulations (EU) 2019/817, (EU) 2019/818 and (EU) 2018/1240, which provide for controlled access to Interpol Stolen and Lost Travel Documents and the Travel Documents Associated with Notices databases by an EU Member State or EU agency;

Regulation (EU) 2017/458 amending Regulation (EU) 2016/399 (Schengen Borders Code), aiming at increasing the checks against relevant databases at external borders includes Interpol Stolen and Lost Travel Documents as one of the databases to be consulted;

This Recommendation is consistent with the provisions of the above-mentioned legal acts.

4.    LEGAL BASIS

The objective of this Recommendation is to obtain authorisation from the Council for the Commission to negotiate the future EU-Interpol cooperation agreement on behalf of the EU. The legal basis for the Council to authorise the opening of negotiations is Article 218(3) and (4) TFEU.

5.    THE NEGOTIATIONS

In line with Article 218 TFEU, the Commission will be nominated as the EU negotiator for the cooperation agreement between the EU and Interpol.

The Commission will conduct the negotiations in line with the negotiating directives set out in the annex to the decision and in consultation with a special committee appointed by the Council.

The Commission will keep the European Parliament fully informed of the negotiations in a timely manner.

Recommendation for a

COUNCIL DECISION

authorising the opening of negotiations for a cooperation agreement between the European Union and the International Criminal Police Organisation (ICPO-INTERPOL)

THE COUNCIL OF THE EUROPEAN UNION

Having regard to the Treaty on the Functioning of the European Union (TFEU), and in particular Articles 218(3) and (4) thereof,

Having regard to the recommendation from the European Commission,

Whereas:

(1)Negotiations should be opened with a view to concluding a cooperation agreement (‘the Agreement’) between the Union and Interpol. The agreement will aim to regulate cooperation between the Union and Interpol in the area of law enforcement in accordance with Articles 87 and 88 TFEU, judicial cooperation in criminal matters in accordance with Article 82, 85 and 86 TFEU, and in the area of border security (as part of border management) in accordance with Article 77 TFEU.

(2)The Agreement should regulate the cooperation between the European Union Agency for Law Enforcement Cooperation (‘Europol’) and Interpol, taking into account the latest developments in combating terrorism, cross-border and transnational serious, organised crime, current operational needs and Europol’s mandate.

(3)The Agreement should provide the necessary safeguards and guarantees to authorise controlled access to Interpol’s Stolen and Lost Travel Document (‘SLTD’) and Travel Document Associated With Notices (‘TDAWN’) databases via the European Search Portal (‘ESP’), by Union Member States and Union agencies, in so far this is necessary for the performance of their tasks, in line with their access rights, with Union or national law covering such access.

(4)The Agreement should provide the necessary safeguards and guarantees to authorise Union Member States and the Central Unit of the European Travel Information and Authorisation System (‘ETIAS’) of the European Border and Coast Guard Agency (‘Frontex’) to access Interpol’s Stolen and Lost Travel Documents and the Travel Documents Associated with Notices databases via the European Search Portal.

(5)The Agreement should provide the safeguards and guarantees needed to implement a revised Visa Information System Regulation that authorises Union Member States to access Interpol’s databases via the European Search Portal when examining applications for visas or residence permits.

(6)The Agreement should facilitate establishing and regulating cooperation between the European Public Prosecutor’s Office (‘the EPPO’) and Interpol.

(7)The Agreement should provide the legal basis to authorise Europol, Frontex statutory staff of the standing corps (category 1 staff) and the European Public Prosecutor’s Office to access relevant Interpol databases for the performance of their tasks.

(8)The Agreement should provide the legal basis to authorise the European Union Agency for Criminal Justice Cooperation (‘Eurojust’) and the European Public Prosecutor’s Office to exchange operational information with Interpol.

(9)Article 23(1), (2) and (5) of Regulation (EU) 2016/794 of the European Parliament and of the Council 46 provide for the exchange of personal data between Europol and international organisations, to the extent necessary for the accomplishment of Europol’s tasks, as defined in Article 4 of Regulation (EU) 2016/794.

(10)In accordance with Article 5(9) of Regulation (EU) 2019/817 of the European Parliament and of the Council 47 , Article 5(9) of Regulation (EU) 2019/818 of the European Parliament and of the Council 48 and Article 12 of Regulation (EU) 2018/1240 of the European Parliament and of the Council 49 , queries of Interpol databases should be performed in such a way that no information is revealed to the owner of the Interpol alert. In accordance with Article 65 of Regulation (EU) 2018/1240 personal data shall not be transferred or made available to a third country, to an international organisation or to any private parties, with the exception of transfers to Interpol for the purpose of carrying out automated processing against Interpol Stolen and Lost Travel Documents and Travel Documents Associated with Notices databases, and provides that such transfers are subject to Regulation (EU) 2018/1725 50 .

(11)Articles 80, 99 and 104 of Council Regulation (EU) 2017/1939 51 set out in particular the relations and provide for the exchange of information between the European Public Prosecutor’s Office and international organisations.

(12)In view of recital 33 of Regulation (EU) 2016/794 and recital 46 of Regulation (EU) 2018/1727 of the European Parliament and of the Council 52 , it is appropriate to strengthen cooperation between Europol and Interpol, and Eurojust and Interpol respectively, by promoting the efficient exchange of personal data.

(13)Article 68(1) of Regulation (EU) 2019/1896 of the European Parliament and of the Council 53 provides for the possibility of Frontex to cooperate with international organisations, which specifically include Interpol. In accordance with Article 82(1) of Regulation (EU) 2019/1896 the members of teams from the standing corps of Frontex must have the capacity to perform tasks and exercise powers for border control set out in Regulation (EU) 2016/399 of the European Parliament and of the Council 54 (the Schengen Borders Code). Pursuant to Article 8(3)(a)(i) 55 , Article 8(3)(a)(ii) 56 and Article 6(1)(e) 57 of Regulation (EU) 2016/399, this includes checking third-country nationals against Interpol databases (in particular Interpol’s Stolen and Lost Travel Documents database) at the external borders of the Member States and third countries associated with the implementation, application and development of the Schengen acquis in relation to control on persons at the external borders.

(14)Article 47(1), Article 47(5 and 6), Article 52 and Article 56 of Regulation (EU) 2018/1727 set out the relations, and provide for the exchange of personal data, between Eurojust and international organisations.

(15)In view of recital 96 of Council Regulation (EU) 2017/1939, it is appropriate to strengthen cooperation between the Union and Interpol by promoting an efficient exchange of personal data.

(16)Article 94 of Regulation (EU) 2018/1725 of the European Parliament and of the Council 58 , sets out the conditions for the transfers of operational personal data to international organisations.

(17)The Agreement should be in full compliance with European Union provisions on data protection set out in Regulation (EU) 2016/679 of the European Parliament and of the Council 59 , Regulation (EU) 2018/1725 and Directive 2016/680 60 of the European Parliament and of the Council.

(18)The Agreement should fully respect the fundamental rights and observe the principles recognised by the Charter of Fundamental Rights of the European Union (‘the Charter’), in particular the right to a private and family life, recognised in Article 7 of the Charter, the right to the protection of personal data, recognised in Article 8 of the Charter and the right to effective remedy and fair trial recognised by Article 47 of the Charter. The Agreement should be applied in line with all the rights and principles enshrined in the Charter.

(19)The Commission should consult the European Data Protection Supervisor during the negotiation of the agreement or, in any event, before the agreement is concluded.

(20)The Commission should be nominated as the Union negotiator.

HAS ADOPTED THIS DECISION:

Article 1

The Commission is hereby authorised to negotiate, on behalf of the European Union an Agreement between the European Union and the International Criminal Police Organization on cooperation and coordination in preventing and combating terrorism and serious crime and in ensuring a European integrated border management at the external borders of the Member States and third countries associated with the implementation, application and development of the Schengen acquis in relation to control on persons at the external borders, including on the necessary safeguards for the protection of personal data.

Article 2

The negotiating directives are set out in the Annex.

Article 3

The negotiations shall be conducted in consultation with the [name of the special committee to be inserted by the Council].

Article 4

This Decision is addressed to the Commission.

Done at Brussels,

   For the Council

   The President

(1)    Constitution of the ICPO-Interpol [I/CONS/GA/1956 (2017)].
(2)    Interpol’s Rules on the Processing of Data [III/IRPD/GA/2011 (2019)].
(3)    Council Common Position 2005/69/JHA of 24 January 2005 on exchanging certain data with Interpol, OJ L 27, 29.1.2005, p. 61.
(4)    Data on issued and blank passports that are stolen, lost or misappropriated and formatted for integration in a specific information system. Passport data entered in the Interpol database will consist only of the passport number, country of issuance and document type [Article 2(1) of Council Common Position 2005/69/JHA].
(5)    The multi-annual EU policy cycle aims to tackle the most important threats posed by organised and serious international crime to the EU in a coherent and methodological manner by improving and strengthening co-operation between the relevant services of the Member States, EU institutions and EU agencies as well as third countries and organisations, including the private sector where relevant.
(6)    Justice and Home Affairs Agencies are EU agencies established on the basis of Title V Area of freedom, security and justice of the TFEU. The European Union Agency for Law Enforcement Cooperation (Europol), the European Border and Coast Guard Agency (Frontex), the European Union Agency for Criminal Justice Cooperation (Eurojust), the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA), the European Union Agency for Law Enforcement Training (CEPOL) and the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA) are JHA agencies.
(7)    The cooperation agreement between Interpol and Europol was signed on 05-11-2001. The memorandum of understanding on cooperation between Eurojust and Interpol was signed on 15-07-2013. The working arrangement between Interpol and Frontex was signed on 27-05-2009. The working arrangement between CEPOL and the General Secretariat of Interpol was signed on 06-12-2017. The cooperation agreement between Interpol and EMCDDA was signed on 25-09-2001.
(8)    Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’), OJ L283, 31.10.2017, p.1.
(9)    Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and social Committee and the Committee of the Regions on the EU Security Union Strategy, Brussels, 24.7.2020, COM(2020) 605 final.
(10)    Communication from the Commission to the European Parliament, the European Council, the Council, the European Economic and Social Committee and the Committee of the Regions. A Counter-Terrorism Agenda for the EU: Anticipate, Prevent, Protect, Respond. Brussels, 9.12.2020 COM(2020) 795 final.
(11)    Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA. OJ L 135, 24.5.2016, p. 53.
(12)    The agreement was supplemented later by several cooperation-related documents agreed or concluded between the organisations, for instance on cooperation through Liaison Officers and the establishment, implementation and operation of a secure communication line for the exchange of information.
(13)    Interpol Notices are international requests for cooperation or alerts allowing law enforcement to share critical crime-related information, including information on terrorism. Notices include warnings about persons’ criminal activities -where these people are considered to be a potential threat to public safety-, warnings of events, people, objects or processes representing a serious and imminent threat to public safety, as well as information on modus operandi, objects, devices and concealment methods used by criminals.
(14)    Article 25 of the Europol regulation provides that the Commission must assess the provisions contained in cooperation agreements concluded before the entry into force of the Europol regulation, such as the agreement with Interpol. The Commission must inform the European Parliament and the Council about the outcome of that assessment, and may, if appropriate, submit to the Council a recommendation for a decision authorising the opening of negotiations to conclude international agreements pursuant to Article 218 TFEU, adducing adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals.
(15)    Since the conclusion of the cooperation agreement between Europol and Interpol, Europol’s mandate has changed twice, in 2009 and then in 2017 (Council Decision 2009/371/JHA, Regulation (EU) 2016/794). On 9 December 2020 the Commission proposed extending the mandate for Europol [Brussels, 09.12.2020, COM(2020) 796 final].
(16)    Since the entry into force of the 2001 cooperation agreement between Europol and Interpol, the EU data protection regime has significantly changed. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, OJ L 119, 4.5.2016, p. 1), Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39), Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89) (Data Protection Law Enforcement Directive). It should be also noted that data protection provisions in Europol’s mandate have been updated since the entry into force of the 2001 cooperation agreement between Europol and Interpol.
(17)    Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27) and Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).
(18)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1).
(19)    In the context of interoperability and ETIAS Regulations [Article 4(17) of Regulations (EU) 2019/817 and (EU) 2019/818 and Article 12 of Regulation (EU) 2018/1240], ‘Interpol Databases’ means only the Interpol Stolen and Lost Travel Document database (SLTD database) and the Interpol Travel Documents Associated with Notices database (TDAWN database).
(20)    COM (2018) 302 final, 16.5.2018.
(21)    Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), OJ L 218, 13.8.2008, p. 60.
(22)    Notices (details are stored in Interpol Criminal Information System-ICIS); Nominal data; International Child Sexual Exploitation image database ; Fingerprints, DNA profiling and Face Recognition; Stolen and Lost Travel Documents (SLTD); Stolen Administrative Documents (SAD); Counterfeit documents; Edison; Stolen Motor Vehicles (SMV), Vessels and Works of Art (WOA), Interpol Firearms Reference Table , Interpol illicit Arms Records and tracing Management System (iARMS), Interpol Ballistic Information Network (IBIN), Organized crime networks and Maritime Piracy.
(23)    Frontex refers to the European Border and Coast Guard Agency. Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624 (OJ L 295, 14.11.2019, p. 1–131).
(24)    According to Articles 6(2) and 27 of Interpol’s Rules on the Processing of Data [III/IRPD/GA/2011 (2019)], for international entities to access Interpol’s information system there is a need for an agreement with Interpol.
(25)    Article 3 of the 2009 Memorandum of Understanding as mentioned in Article 4(1) of the 2001 Agreement between Interpol and Europol foresees that the Liaison Officer to the other party is responsible for facilitating the practical exchange of information.
(26)    Article 1 of Regulation (EU) 2019/1896.
(27)    Article 3(1)(a) of Regulation (EU) 2019/1896.
(28)    According to Article 54 of Regulation (EU) 2019/1896, the European Border and Coast Guard standing corps must be composed of four categories of operational staff. Category 1 includes statutory staff deployed as members of the teams in operational areas in accordance with Article 55 of this Regulation. The Agency must contribute members of its statutory staff (category 1) to the standing corps to be deployed in operational areas as members of the teams with the tasks and powers provided for in Article 82 of this Regulation. Their tasks include countering cross-border crime and terrorism.
(29)    Under Article 8(1) of Regulation (EU) 2016/399, cross-border movements at external borders must be subject to checks by border guards. The checks may also cover the means of transport and objects in the possession of the persons crossing the border.
(30)    Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code), OJ L 77, 23.3.2016, p. 1–52, consolidated version, as amended by Regulations (EU) 2016/1624, (EU) 2017/458 and (EU) 2019/817.
(31)    On entry and exit, third-country nationals must be subject to thorough checks, which includes verifying the identity and the nationality of the third-country national and of the authenticity and validity of the travel document for crossing the border. This involves consulting the relevant databases, in particular (but not only) Interpol’s SLTD database.
(32)    The above check includes verifying that the travel document is accompanied, where applicable, by the requisite visa or residence permit.
(33)    The entry conditions of the third-country nationals include that they are not considered to be a threat to public policy, internal security, public health or the international relations of any of the Member States, in particular where no alert has been issued in Member States’ national databases for the purposes of refusing entry on the same grounds.
(34)    Recital (46) of Regulation (EU) 2018/1727 provides that it is appropriate to strengthen cooperation between the EU and Interpol by promoting an efficient exchange of personal data while ensuring respect for fundamental rights and freedoms regarding the automatic processing of personal data. Where operational personal data are transferred from Eurojust to Interpol, and to countries that have delegated members to Interpol, Regulation (EU) 2018/1727, in particular the provisions on international transfers, should apply.
(35)    Under Article 2(1), (3) of Regulation (EU) 2018/1727, Eurojust must support and strengthen coordination and cooperation between national investigating and prosecuting authorities in relation to serious crime which Eurojust is competent to deal with, where that crime affects two or more Member States, or requires prosecution on common bases, on the basis of operations conducted and information supplied by the Member States’ authorities, by Europol, by the EPPO and by OLAF. Eurojust must carry out its tasks at the request of the competent authorities of the Member States, on its own initiative or at the request of the EPPO, within the scope of the EPPO’s competence.
(36)    Under Article 4(1) of Regulation (EU) 2018/1727, Eurojust must assist the competent authorities of the Member States in ensuring the best possible coordination of investigations and prosecutions, provide operational and technical support to Member State cross-border operations and investigations, including to joint investigation teams, and support Member State action in combating forms of serious crime for which the Agency is competent.
(37)    According to Article 2(2), subparagraph (b) of Regulation (EU) 2018/1727, Eurojust must facilitate the execution of requests for, and decisions on, judicial cooperation, including requests and decisions based on instruments that give effect to the principle of mutual recognition.
(38)    Foreign Terrorist Fighters (FTFs) are defined as ‘individuals who travel to a State other than their State of residence or nationality for the purpose of the perpetration, planning or preparation of, or participation in, terrorist acts or the providing or receiving of terrorist training, including in connection with armed conflict’ [United Nations Security Council Resolution 2178(2014)].
(39)    The Counter-Terrorism Register (CTR) was launched in 2019 at Eurojust to reinforce the judicial response in Member States to terrorist threats and to improve security for citizens. The CTR centralises key judicial information to establish links in proceedings against suspects of terrorist offences. The CTR is managed by Eurojust in The Hague on a 24-hour basis and provides proactive support to national judicial authorities. This centralised information will help prosecutors to coordinate more actively and to identify the suspects or networks being investigated in specific cases with potential cross-border implications.
(40)    The General Assembly of Interpol adopted the legal instrument governing the use of the e-Extradition system (the e-Extradition Rules) at its 83rd session (Monaco, 3-7 November 2014, Resolution AG-2014-RES-20).
(41)    The e-MLA initiative aims to develop an Interpol tool for the secure electronic transmission of mutual legal assistance (MLA) exchanges. Resolution GA-2018-87-RES-04 (Dubai, United Arab Emirates, 18-21 November 2018) tasked the General Secretariat, in consultation with Interpol member countries, to report on the technical development of the e-MLA System and, to submit an appropriate set of rules governing the use of this new Interpol capability to the General Assembly for approval at a future session, should adequate funding be guaranteed.
(42)    For instance notices on individuals, which are especially relevant in corruption and fraud cases, the SLTD database, the Dial-Doc database, which shares new forms of document counterfeiting, the various databases on stolen property for investigative and asset recovery purposes.
(43)    Articles 99(3) and 104 of the EPPO Regulation (EU) 2017/1939 provide for cooperation between the EPPO and international organisations, such as Interpol, in so far as necessary for the performance of EPPO’s tasks. Recital (96) of the EPPO Regulation stipulates: ‘All Member States of the European Union are affiliated to the International Criminal Police Organisation (Interpol). To fulfil its mission, Interpol receives, stores and circulates personal data to assist competent authorities in preventing and combating international crime. It is therefore appropriate to strengthen cooperation between the Union and Interpol by promoting an efficient exchange of personal data whilst ensuring respect for fundamental rights and freedoms regarding the automatic processing of personal data. Where operational personal data are transferred from the EPPO to Interpol, and to countries that have delegated members to Interpol, this Regulation, in particular the provisions on international transfers, should apply.’ Moreover, according to recital (97) of the EPPO Regulation, ‘When the EPPO transfers operational personal data to an authority of a third country or to an international organisation or Interpol by virtue of an international agreement concluded pursuant to Article 218 TFEU, appropriate safeguards for the protection of privacy and the fundamental rights and freedoms of individuals should ensure that the data protection provisions of this Regulation are complied with.’
(44)    In addition to access to SLTD and TDAWN through ESP, the Interpol databases that the EU will negotiate with Interpol for Europol, Frontex, Eurojust and the EPPO to have access to, will be further specified in line with the respective mandates of those bodies and with their operational needs.
(45)    Regulation (EU) 2018/1725, Regulation (EU) 2018/1725 and Directive (EU) 2016/680. 
(46)    Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).
(47)    Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27).
(48)    Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).
(49)    Regulation (EU) 2018/1240 of the European Parliament and of the Council of 12 September 2018 establishing a European Travel Information and Authorisation System (ETIAS) and amending Regulations (EU) No 1077/2011, (EU) No 515/2014, (EU) 2016/399, (EU) 2016/1624 and (EU) 2017/2226 (OJ L 236, 19.9.2018, p. 1)
(50)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39.
(51)    Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office (‘the EPPO’) (OJ L 283, 31.10.2017, p. 1).
(52)    Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ L 295, 21.11.2018, p. 138).
(53)    Regulation (EU) 2019/1896 of the European Parliament and of the Council of 13 November 2019 on the European Border and Coast Guard and repealing Regulations (EU) No 1052/2013 and (EU) 2016/1624 (OJ L 295, 14.11.2019, p. 1).
(54)    Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders (Schengen Borders Code) (OJ L 77, 23.3.2016, p. 1).
(55)    On entry and exit, third-country nationals shall be subject to thorough checks, which includes verifying the identity and the nationality of the third-country national and of the authenticity and validity of the travel document for crossing the border. This involves consulting the relevant databases, in particular (but not only) Interpol’s SLTD database.
(56)    The above check includes verifying that the travel document is accompanied, where applicable, by the requisite visa or residence permit.
(57)    The entry conditions of the third-country nationals include that they are not considered to be a threat to public policy, internal security, public health or the international relations of any of the Member States, in particular where no alert has been issued in Member States’ national databases for the purposes of refusing entry on the same grounds.
(58)    Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).
(59)    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, OJ L 119, 4.5.2016, p. 1).
(60)    Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89) (Data Protection Law Enforcement Directive).
Top

Brussels, 14.4.2021

COM(2021) 177 final

ANNEX

to the

Recommendation for a Council Decision

authorising the opening of negotiations for a cooperation agreement between the European Union and the International Criminal Police Organisation (ICPO-INTERPOL)


ANNEX

In the course of the negotiations, the Commission should aim to achieve the objectives set out in detail below.

(1)To regulate cooperation between Europol and Interpol, taking into account the latest developments in combating terrorism, cross-border and transnational serious, organised crime, current operational needs, Europol’s mandate, in full respect of the EU data protection and fundamental rights requirements;

(2)To provide the safeguards and guarantees needed to authorise controlled access to Interpol’s Stolen and Lost Travel Document (SLTD) and Travel Document Associated With Notices (TDAWN) databases via the European Search Portal (ESP) for EU Member States and EU agencies, as necessary to carry out their tasks, in line with their access rights, with EU or national law covering such access and in full compliance with the EU data protection requirements and with fundamental rights;

(3)To provide the safeguards and guarantees needed to authorise EU Member States and Frontex (its European Travel Information and Authorisation System (ETIAS) Central Unit) to access Interpol’s Stolen and Lost Travel Document and Travel Document Associated With Notices databases via the European Search Portal, in compliance with EU data protection requirements and with fundamental rights;

(4)To provide the safeguards and guarantees needed to implement a revised Visa Information System Regulation that authorises EU Member States to access Interpol’s Stolen and Lost Travel Document and Travel Document Associated With Notices databases via the European Search Portal when examining applications for visas or residence permits, in full compliance with EU data protection requirements and with fundamental rights;

(5)To set up and regulate cooperation between the European Public Prosecutor’s Office (EPPO) as established under Regulation (EU) 2017/1939 and Interpol, in line with their mandates, and in full compliance with EU data protection requirements and with fundamental rights;

(6)To provide the legal basis to authorise Europol, Frontex category 1 staff (statutory staff of the standing corps) and the European Public Prosecutor’s Office to access relevant Interpol databases to carry out their tasks, in full compliance with EU data protection requirements and with fundamental rights;

(7)To provide the legal basis to authorise Eurojust and the European Public Prosecutor’s Office to exchange operational information with Interpol, in full compliance with EU data protection requirements and with fundamental rights;

Specifically, the cooperation Agreement should:

(`)Establish agreed definitions of key terms, including on personal data, compliant with Regulations (EU) 2016/679 and 2018/1725, and Article 3(1) of Directive (EU) 2016/680;

(a)Provide that any automated queries of Interpol’s Stolen and Lost Travel Document and Travel Document Associated With Notices databases in the context of European Travel Information and Authorisation System, interoperability and a revised Visa Information System Regulations must be carried out in such a way that no information is revealed to the State owner of the Interpol alert;

(b)Spell out clearly and precisely the safeguards and controls needed on the protection of personal data, fundamental rights and freedoms of individuals, irrespective of nationality and place of residence, in the exchange of personal data with Interpol. In particular:

(`)The purposes of processing personal data in the context of the Agreement must be spelt out clearly and precisely by the Parties, and be no wider than what is necessary in individual cases for the purposes of the Agreement;

(a)Personal data transferred to Interpol by EU Justice and Home Affairs agencies and bodies in line with their mandates under the Agreement must be processed fairly, on a legitimate basis and only for the purposes for which they have been transferred. Any further data processing incompatible with the initial data processing must be prohibited (purpose limitation). The Agreement must provide scope to indicate, when the data is transferred, any restriction on access or use, including a restriction on data transfer, erasure or destruction;

(b)Transferred personal data must be adequate, relevant and limited to what is necessary for the purpose for which it has been transferred. It must be accurate and kept up to date. It must not be retained for longer than is necessary for the purpose for which it has been transferred. The Agreement must lay down rules on storage, including storage limitation, on review, correction and deletion of personal data;

(c)The Agreement must specify the criteria on the basis of which the reliability of the source and accuracy of the data shall be indicated;

(d)The transfer of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning a person's health and sex life or sexual orientation, must be allowed only where necessary and proportionate in individual cases for preventing or combating criminal offences as referred to in the Agreement, and subject to appropriate safeguards addressing the specific risks of processing. The Agreement should contain specific safeguards governing the transfer of personal data on minors and on victims of criminal offences, witnesses or other persons who can provide information concerning criminal offences;

(e)The Agreement must lay down rules on the information to be made available to individuals and must ensure enforceable rights of individuals whose personal data are processed, in the form of rules on the right of information, access, rectification and erasure, including the specific grounds that may allow any necessary and proportionate restrictions. The Agreement must also ensure enforceable rights of administrative and judicial redress for any person whose data are processed under the Agreement and guaranteeing effective remedies;

(f)The Agreement must lay down the rules on keeping records for the purposes of logging and documentation;

(g)The Agreement must provide for safeguards in respect to automated processing of personal data including on profiling, and to prohibit decisions based solely on the automated processing of personal information without human involvement.

(h)The Agreement must include the obligation to ensure security of personal data through appropriate technical and organisational measures, including by allowing only authorised persons to have access to personal data. It must also include the obligation to notify the competent authorities and, wherever necessary, data subjects, in the event of a personal data breach affecting data transferred under the Agreement. The Agreement must also include the obligation to implement data protection by default and by design measures designed to implement data protection principles in an effective manner;

(i)Onward transfers of information from Interpol to other international organisations or third countries must only be allowed for the purposes of the Agreement, must be made subject to appropriate conditions and must be allowed only with respect to third countries or international organisations ensuring an essentially equivalent level of protection of personal data as ensured under this Agreement, unless the onward transfer is necessary for the prevention and investigation of a serious and imminent threat to public security or to protect the vital interests of any natural person. In particular, such onward transfers may be allowed in case the international organisation or third country is covered by an adequacy decision of the Commission under Article 36 of Directive (EU) 2016/680 or by appropriate safeguards for the protection of personal data ensured by an international Agreement pursuant to Article 218 TFEU concluded between the Union and that international organisation or third country or by a cooperation Agreement allowing for the exchange of operational personal data between the Agency and the third country or international organisation in question that cover onward transfers and concluded before the date of application of the legal act establishing the Agency concerned.

(j)The Agreement must ensure a system of oversight over the use by Interpol of that personal data by one or more independent bodies responsible for data protection with effective powers of investigation and intervention. In particular, the body or bodies shall have powers to hear complaints from individuals about the use of their personal data. The Agreement must provide for the duty of cooperation between the oversight bodies for Interpol, on the one hand, and the relevant EU agency or Member States authority, on the other hand.

(c)The cooperation Agreement must provide for an effective dispute settlement mechanism with respect to its interpretation and application to ensure that the parties observe mutually agreed rules.

(d)The cooperation Agreement must include a provision on the entry into force and validity and a provision whereby a party may terminate or suspend it.

(e)The cooperation Agreement must include provisions on the monitoring and periodic evaluation of the Agreement.

(f)The cooperation Agreement must be equally authentic in the Bulgarian, Czech, Croatian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish languages and should include a language clause to that effect.

Top