52021PC0269

EUROPEAN COMMISSION

Brussels, 1.6.2021

COM(2021) 269 final

Recommendation for a

COUNCIL DECISION

authorising the opening of negotiations to amend the Agreement between the European Union and Japan on mutual legal assistance in criminal matters

EXPLANATORY MEMORANDUM

1.CONTEXT OF THE PROPOSAL

•Reasons for and objectives of the proposal

The Agreement between the European Union and Japan on mutual legal assistance in criminal matters 1 aims to establish more effective cooperation between the European Union and Japan in that area. Under the Agreement, the requested state shall, upon the request by the requesting state, provide legal assistance in connection with investigations, prosecutions and other proceedings (including judicial proceedings) in criminal matters. The scope of the Agreement includes modern cooperation tools such as videoconferencing and the exchange of bank information. It is the EU’s first such ‘self‑standing’ agreement with another country. No individual Member State had previously concluded a separate similar agreement with Japan.

The Data Protection Law Enforcement Directive (LED) 2 entered into force on 6 May 2016 and Member States were to transpose it into national law by 6 May 2018 (Article 63(1) LED). Compared with the Framework Decision that it repealed and replaced 3 , the LED is a much more comprehensive and complete horizontal data protection instrument. It applies to the domestic and cross-border processing of personal data by competent authorities for the purposes of preventing, investigating, detecting or prosecuting criminal offences and executing criminal penalties, including safeguarding against and preventing threats to public security (Article 1(1) LED).

Article 62(6) LED requires the Commission, by 6 May 2019, to review other EU legal acts that regulate the processing of personal data for law enforcement purposes, in order to assess the need for alignment with the LED and, where appropriate, propose amendments so as to ensure a consistent approach to the protection of personal data.

On 24 June 2020, the Commission fulfilled that obligation by adopting a Communication, Way forward on aligning the former third pillar acquis with data protection rules 4 . It listed 10 legal acts that should be aligned with the LED and set out a timetable for doing so. It identified the Agreement with Japan as one of the acts that require targeted amendment to ensure full alignment with the LED and indicated that it would make a recommendation to the Council in the first quarter of 2021. This is the recommendation.

•Consistency with existing policy provisions in the policy area

The purpose of this initiative is to align the data protection rules in the Agreement with the principles and rules laid down in the LED, in order to provide a strong and coherent data protection framework for the purposes of the Agreement.

•Consistency with other Union policies

n/a

2.LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

•Legal basis

This proposal is based on Article 218(3) and (4) of the Treaty on the Functioning of the European Union (TFEU).

Article 218(3) TFEU requires the Commission to submit recommendations to the Council, which then adopts a decision authorising the opening of negotiations and, depending on the subject of the envisaged agreement, nominating the Union negotiator or the head of the Union’s negotiating team. Article 218(4) TFEU provides that the Council may set out negotiating directives and designate a special committee in consultation with which the negotiations must be conducted.

•Subsidiarity (for non-exclusive competence)

Only the Union can conduct negotiations to amend the Agreement.

•Proportionality

This proposal is limited to what is necessary to ensure that the Agreement is compatible with existing Union legislation on the protection of personal data, in particular the LED, without changing the cooperation mechanisms under the Agreement. The recommendation does not go beyond what is necessary for achieving the objectives pursued, in accordance with Article 5(4) of the Treaty on European Union.

•Choice of the instrument

n/a

3.RESULTS OF EX POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

•Ex post evaluations/fitness checks of existing legislation

This recommendation follows the results of the Commission’s review under Article 62(6) LED, as presented in its Communication, Way forward on aligning the former third pillar acquis with data protection rules. The Communication lists points on which alignment is necessary. In particular, it identifies the need to improve the data protection safeguards in the Agreement.

Under the current provisions, in particular Articles 8 (requests for assistance) and 13 (confidentiality and use limitations):

requests must contain a description of the purpose of the assistance requested, together with the facts pertaining to the subject of the investigation, prosecution or other proceeding (including judicial proceeding); and

the requesting state must not process personal data for purposes other than that described in the request without prior consent from the requested state.

The review identified several areas in which provisions are needed. These areas include:

·provisions on data quality and security;

·rules on data retention and record keeping;

·safeguards applicable to the processing of special categories of personal data;

·restrictions on onward transfers; and

·rules on oversight and legal remedies available to individuals.

This recommendation seeks the authorisation of the Council to open negotiations on amending the Agreement with a view to agreeing new provisions that will allow the Union to ensure compliance with its obligations under the LED.

•Stakeholder consultations

In line with its ‘better regulation’ guidelines, the Commission published a roadmap outlining an initiative for a recommendation for a Council Decision on ‘EU-Japan Agreement on mutual legal assistance in criminal matters — proposed alignment with EU data protection rules’ 5 . Stakeholders were invited to provide feedback between 14 January and 11 February 2021. No submissions were received in that period.

•Collection and use of expertise

When conducting the review, the Commission took account of a study carried out as part of the European Parliament pilot project on ‘a fundamental rights review of EU data collection instruments and programmes’ 6 . The study included a mapping of Union acts covered by Article 62(6) LED and identified provisions potentially requiring alignment on data protection issues.

•Impact assessment

The impact of the present proposal is essentially limited to the processing of personal data by competent authorities in the context of Council Framework Decision 2002/465/JHA 7 . The impact of new obligations arising from the LED was assessed in the context of the preparatory works for the Directive. This renders a specific impact assessment for this proposal unnecessary.

•Regulatory fitness and simplification

n/a

•Fundamental rights

The right to the protection of personal data is enshrined in Article 8 of the Charter of Fundamental Rights of the European Union, Article 16 TFEU and Article 8 of the European Convention on Human Rights. Data protection is also closely linked to respect for private and family life, as protected by Article 7 of the Charter. EU data protection legislation aims to ensure a high level of protection of personal data.

The present recommendation seeks authorisation for the opening of negotiations with a view to amending the Agreement with Japan so as to provide for appropriate safeguards to ensure compliance with Member States’ obligations under the LED. This would positively impact the fundamental rights to privacy and data protection.

4.BUDGETARY IMPLICATIONS

n/a

Recommendation for a

COUNCIL DECISION

authorising the opening of negotiations to amend the Agreement between the European Union and Japan on mutual legal assistance in criminal matters

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 218(3) and (4) thereof,

Having regard to the recommendation from the European Commission,

Whereas:

(1)Negotiations should be opened with a view to amending the Agreement between the European Union and Japan on mutual legal assistance in criminal matters 8 .

(2)The processing of personal data under the Agreement should comply with the applicable data protection rules. The data protection provisions of the Agreement should be reviewed and new provisions agreed that allow the Union to ensure that such processing complies with Directive (EU) 2016/680 9 of the European Parliament and of the Council.

(3)The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council 10 and delivered an opinion on … 11 ,

HAS ADOPTED THIS DECISION:

Article 1

1.The Commission is hereby authorised to open negotiations to amend the Agreement between the European Union and Japan on mutual legal assistance in criminal matters.

Article 2

The negotiating directives are set out in the Annex.

Article 3

The negotiations shall be conducted in consultation with [a special committee to be designated by the Council].

Article 4

This Decision is addressed to the Commission.

Done at Brussels,

For the Council

The President

(1) Agreement between the European Union and Japan on mutual legal assistance in criminal matters (OJ L 39, 12.2.2010, p. 20), signed in Brussels on 30 November 2009 and in Tokyo on 15 December 2009. It entered into force on 2 January 2011.

(2) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(3) Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (OJ L 350, 30.12.2008, p. 60).

(4) COM(2020) 262 final.

(5) https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/12804-EU-Japan-mutual-legal-assistance-on-criminal-matters

(6)

The project was requested by the Parliament, managed by the Commission and carried out by a contractor (group of independent experts) selected by the Commission on the basis of criteria set out by the Parliament. The project deliverables reflect the views and opinions of the contractor only and the Commission cannot be held responsible for any use which may be made of the information contained therein;
http://www.fondazionebrodolini.it/en/projects/pilot-project-fundamental-rights-review-eu-data-collection-instruments-and-programmes

(7)

Council Framework Decision of 13 June 2002 on joint investigation teams (OJ L 162, 20.6.2002, p. 1).

(8) Agreement between the European Union and Japan on mutual legal assistance in criminal matters, OJ L 39, 12.2.2010, p. 20.

(9) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

(10) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39).

(11) OJ C ….

Top

EUROPEAN COMMISSION

Brussels, 1.6.2021

COM(2021) 269 final

ANNEX

to the

Recommendation for a

COUNCIL DECISION

authorising the opening of negotiations to amend the Agreement between the European Union and Japan on mutual legal assistance in criminal matters

ANNEX

Directives for the negotiations to amend the Agreement between the European Union and Japan on mutual legal assistance in criminal matters

The Commission should, in the course of the negotiations, aim to achieve the objectives set out in detail below:

(1)The general objective of the amendments is to support and strengthen the cooperation between the Member States and Japan in the area of mutual legal assistance in criminal matters by strengthening safeguards with respect to the protection of personal data. The amendments should not change the purpose and forms of cooperation under the Agreement.

(2)The Agreement, in particular Articles 8 (requests for assistance) and 13 (confidentiality and use limitations), already requires that:

–requests contain a description of the purpose of the assistance requested, together with the facts pertaining to the subject of the investigation, prosecution or other proceeding (including judicial proceeding); and

–the requesting state must not process personal data for purposes other than that described in the request without prior consent from the requested state.

This upholds the principles of purpose specification and purpose limitation.

(3)The amendments should ensure that the Agreement provides for appropriate data protection safeguards within the meaning of Directive (EU) 2016/680 1 for the transfer of personal data pursuant to the Agreement, irrespective of the nationality or place of residence of the individuals concerned.

(4)In particular, the amendments should comprise the following additional safeguards, to be applied to all authorities that participate in the investigation, prosecution or other proceeding (including judicial proceeding) that is described in the request:

(a)a requirement to ensure that any personal data to be transferred between the parties is necessary to achieve the purpose of the request in line with the objectives and scope of the agreement and that is adequate, relevant and not excessive in relation to that purpose;

(b)a requirement to ensure that personal data is accurate and, where necessary, kept up to date; that personal data which does not fulfil this requirement is erased or rectified; and the other party is informed where there are indications that personal data is or has become inaccurate or outdated;

(c)a requirement to ensure that personal data is not retained for longer than is necessary for the purpose(s) for which it has been transferred;

(d)a requirement that the transfer and further processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, is allowed only if such transfer and further processing is subject to appropriate safeguards addressing the specific risks entailed by the processing;

(e)a requirement to implement appropriate technical and organisational measures so as to be able to demonstrate compliance;

(f)a requirement to ensure the security of personal data through appropriate technical and organisational measures, including access restrictions, and to provide notification in the event of a personal data breach;

(g)a mechanism to ensure that the individual(s) concerned are notified of any data transfer and that basic information on the processing is made available to them, subject to any necessary and proportionate restrictions;

(h)a requirement to ensure that the individual(s) concerned have enforceable rights of access (including basic information on the processing), rectification and erasure, subject to any necessary and proportionate restrictions, and to provide for appropriate safeguards with respect to decisions based solely on the automated processing of transferred personal data that negatively affects them.

(i)where prior consent is required pursuant to Article 13(1) of the Agreement, a requirement of the requested state to assess all relevant factors, in particular:

–the initial purpose of processing;

–the purpose of further processing; and

–whether the receiving authority ensures a level of data protection for the personal data that is shared equivalent to that guaranteed by the Agreement;

(j)a requirement to ensure that compliance with the safeguards agreed between the parties is supervised by one or more independent oversight authorities with effective powers of investigation and enforcement, in particular the power to address individuals’ complaints about the use of their personal data, taking into account the specific context of data processing by courts acting in their judicial capacity; and

(k)a requirement to ensure that individuals are granted effective judicial redress in the event of violations of the above safeguards.

(5)The amended Agreement should contain definitions of key terms, including a definition of ‘personal data’ that is in line with Article 3(1) of Directive (EU) 2016/680.

(1) Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

Top

Text