This document is an excerpt from the EUR-Lex website
Document 32008R0766
Regulation (EC) No 766/2008 of the European Parliament and of the Council of 9 July 2008 amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
Regulation (EC) No 766/2008 of the European Parliament and of the Council of 9 July 2008 amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
Regulation (EC) No 766/2008 of the European Parliament and of the Council of 9 July 2008 amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
OJ L 218, 13.8.2008, p. 48–59
(BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV) This document has been published in a special edition(s)
(HR)
In force
13.8.2008 |
EN |
Official Journal of the European Union |
L 218/48 |
REGULATION (EC) No 766/2008 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 9 July 2008
amending Council Regulation (EC) No 515/97 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs and agricultural matters
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Articles 135 and 280 thereof,
Having regard to the proposal from the Commission,
Having regard to the opinion of the Court of Auditors (1),
Acting in accordance with the procedure laid down in Article 251 of the Treaty (2),
Whereas:
(1) |
Council Regulation (EC) No 515/97 (3) improved the earlier legal mechanism, in particular by allowing information to be stored in the Community database Customs Information System (CIS). |
(2) |
However, experience gained since Regulation (EC) No 515/97 entered into force has shown that the use of the CIS for the sole purposes of sighting and reporting, discreet surveillance or specific checks does not make it possible to achieve fully the system's objective, which is to assist in preventing, investigating and prosecuting operations that are in breach of customs or agricultural legislation. |
(3) |
The changes introduced when the European Union was enlarged to include 27 Member States require a reconsideration of Community customs cooperation in a broader framework and with modernised mechanisms. |
(4) |
Commission Decision 1999/352/EC, ECSC, Euratom of 28 April 1999 establishing the European Anti-Fraud Office (OLAF) (4) and the Convention on the use of information technology for customs purposes (5), drawn up by Council Act of 26 July 1995 (6), modified the general framework for cooperation between the Member States and the Commission as regards preventing, investigating and prosecuting offences under Community legislation. |
(5) |
The results of strategic analysis should help those responsible at the highest level to determine projects, objectives and policies for combating fraud, to plan activities and to deploy the resources needed to achieve the operational objectives laid down. |
(6) |
The result of an operational analysis concerning the activities, resources and intentions of certain persons or businesses that do not comply or appear not to comply with customs or agricultural legislation should help the customs authorities and the Commission take the appropriate measures in specific cases to achieve the objectives laid down as regards the fight against fraud. |
(7) |
Under the current mechanism set out in Regulation (EC) No 515/97, personal data entered by a Member State can be copied from CIS into other data-processing systems only with the prior authorisation of the CIS partner which entered them and subject to the conditions imposed by it in accordance with Article 30(1). The amendment of the Regulation is designed to derogate from that principle of prior authorisation only where the data are to be processed by the national authorities and the Commission services responsible for risk management with a view to targeting controls on movements of goods. |
(8) |
The current mechanism needs to be supplemented by a legal framework establishing a customs files identification database covering past and current files. The creation of such a database follows up the intergovernmental customs cooperation initiative which led to the adoption of the Council Act of 8 May 2003 drawing up the Protocol amending, as regards the creation of a customs files identification database, the Convention on the use of information technology for customs purposes (7). |
(9) |
It is necessary to ensure that, in order to strengthen customs cooperation between Member States and between Member States and the Commission, and without prejudice to other provisions of Regulation (EC) No 515/97, certain data may be exchanged in pursuit of the objectives of that Regulation. |
(10) |
In addition, it is necessary to ensure greater complementarity with action in the context of intergovernmental customs cooperation and of cooperation with the other bodies and agencies of the European Union and other international and regional organisations. Such action follows on from the Council Resolution of 2 October 2003 concerning a strategy for customs cooperation (8) and the Council Decision of 6 December 2001 extending the mandate of Europol to the fight against the serious forms of international crime listed in the Annex to the Europol Convention (9). |
(11) |
In order to promote coherence between the action taken by the Commission, the other bodies and agencies of the European Union and other international and regional organisations, the Commission should be authorised to provide training and all forms of assistance other than financial assistance for the liaison officers of third countries and of European and international organisations and agencies, including the exchange of best practice with those bodies, and, for example, with Europol and the European Agency for the Management of Operational Cooperation at the External Borders of the Member States of the European Union (Frontex). |
(12) |
The conditions should be created under Regulation (EC) No 515/97 for the implementation of joint customs operations in the Community context. The Committee provided for by Article 43 of Regulation (EC) No 515/97 should be empowered to determine the mandate for Community joint customs operations. |
(13) |
A permanent infrastructure must be created within the Commission so that joint customs operations can be coordinated throughout the calendar year and representatives of the Member States and, if necessary, liaison officers from third countries or European or international organisations and agencies, in particular Europol and the World Customs Organisation (WCO) and Interpol, can be hosted for the time needed to carry out one or more individual operations. |
(14) |
In order to address CIS-related supervision issues, the European Data Protection Supervisor should convene a meeting with national data protection supervisory authorities at least once a year. |
(15) |
The Member States must have the possibility of reusing that infrastructure for joint customs operations organised by way of customs cooperation as provided for in Articles 29 and 30 of the Treaty on European Union, without prejudice to the role of Europol. In that event, joint customs operations should be conducted under the mandate determined by the relevant Council working party as regards customs cooperation under Title VI of the Treaty on European Union. |
(16) |
In addition, the development of new markets, the increasing internationalisation of trade and the rapid expansion thereof, combined with the increase in the speed of the carriage of goods, require customs administrations to keep up with movement so as not to harm the development of Europe's economy. |
(17) |
The ultimate objectives are that all operators should be able to provide all necessary documentation in advance and fully computerise their connections with the customs authorities. Meanwhile, the current situation will continue to exist, with various levels of development of national computer systems, and anti-fraud mechanisms must be improved since deflections of trade can still occur. |
(18) |
For the purpose of the fight against fraud, it is therefore necessary, together with the reform and modernisation of customs systems, to seek information at the furthest possible point upstream. In addition, in order to help the competent authorities of the Member States to detect movements of goods that are the object of operations in potential breach of customs or agricultural legislation and means of transport, including containers, used for that purpose, data from the principal service suppliers worldwide, public or private, that are active in the international supply chain should be pooled in a European central data directory. |
(19) |
The protection of natural persons in the processing of personal data is governed by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (10) and by Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (11), which are fully applicable to information society services. Those Directives already establish a Community legal framework in the field of personal data and therefore it is not necessary to cover the issue in this Regulation in order to ensure the smooth functioning of the internal market, in particular the free movement of personal data between Member States. This Regulation must be implemented and applied in accordance with the rules on the protection of personal data, in particular as regards the exchange and storage of information in support of action to prevent and detect fraud. |
(20) |
The exchange of personal data with third countries should be subject to prior verification that data protection rules in the receiving country offer a degree of protection equivalent to that provided by Community law. |
(21) |
As Directive 95/46/EC has been transposed by the Member States since the adoption of Regulation (EC) No 515/97, and the Commission has established an independent authority to ensure that freedoms and fundamental rights of persons are respected by Community institutions and bodies in the processing of personal data in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (12), the personal data protection control measures should be aligned and the reference to the European Ombudsman should be replaced by a reference to the European Data Protection Supervisor, without prejudice to the powers of the Ombudsman. |
(22) |
The measures necessary for the implementation of Regulation (EC) No 515/97 should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission (13). |
(23) |
In particular, the Commission should be empowered to decide on items to be included in the CIS and to determine operations concerning the application of agricultural legislation in respect of which information is to be entered therein. Since those measures are of general scope and are designed to amend non-essential elements of Regulation (EC) No 515/97, inter alia, by supplementing it with new non-essential elements, they must be adopted in accordance with the regulatory procedure with scrutiny provided for in Article 5a of Decision 1999/468/EC. |
(24) |
The report on the implementation of Regulation (EC) No 515/97 should be integrated in the report submitted each year to the European Parliament and to the Council on the measures taken in implementation of Article 280 of the Treaty. |
(25) |
Regulation (EC) No 515/97 should be amended accordingly. |
(26) |
Since the objective of this Regulation, namely the coordination of the fight against fraud and any other illegal activity to the detriment of the Community's financial interests, cannot be sufficiently achieved by the Member States and can therefore, by reason of its scale and effects, be better achieved at Community level, the Community may adopt measures in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve that objective. |
(27) |
This Regulation respects fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union (14). In particular, this Regulation aims to ensure full respect for the right to the protection of personal data (Article 8 of the Charter of Fundamental Rights of the European Union). |
(28) |
The European Data Protection Supervisor has been consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 22 February 2007 (15), |
HAVE ADOPTED THIS REGULATION:
Article 1
Regulation (EC) No 515/97 is hereby amended as follows:
1. |
in Article 2(1), the following indents shall be added:
|
2. |
the following Article shall be inserted: ‘Article 2a Without prejudice to other provisions of this Regulation, and in pursuit of the objectives thereof, in particular where no customs declaration or simplified declaration is presented or where it is incomplete or where there is a reason to believe that the data contained therein are false, the Commission or the competent authorities of each Member State may exchange with the competent authority of any other Member State or the Commission the following data:
This Article shall apply only to movements of goods as described in the first indent of Article 2(1). (*1) As provided for in Article 22(2)(a) of Council Regulation (EC) No 2073/2004 of 16 November 2004 on administrative cooperation in the field of excise duties (OJ L 359, 4.12.2004, p. 1.).’;" |
3. |
Article 15 shall be amended as follows:
|
4. |
Article 18 shall be amended as follows:
|
5. |
in Title III, the following Articles shall be added: ‘Article 18a 1. Without prejudice to the competences of the Member States, with a view to assisting the authorities referred to in Article 1(1) to detect movements of goods that are the object of operations in potential breach of customs and agricultural legislation and means of transport, including containers, used for that purpose, the Commission shall establish and manage a directory of data received from public or private service providers active in the international supply chain. That directory shall be directly accessible to those authorities. 2. In managing that directory, the Commission shall be empowered:
3. The data referred to in this Article concern in particular movements of containers and/or means of transport and goods and persons concerned with those movements. Those shall include, where available, the following data:
4. Within the Commission, only designated analysts shall be empowered to process personal data to which paragraphs 2(b) and 2(c) apply. Personal data which are not necessary for the purpose of achieving the aim in question shall be deleted immediately or have any identifying factors removed. In any event, they may be stored for no more than three years. Article 18b 1. The Commission shall be authorised to provide training and all forms of assistance other than financial assistance for the liaison officers of third countries and of European and international organisations and agencies. 2. The Commission may make expertise, technical or logistical assistance, training or communication activity or any other operational support available to the Member States both for the achievement of the objectives of this Regulation and in the performance of Member States’ duties in the framework of the implementation of the customs cooperation provided for by Articles 29 and 30 of the Treaty on European Union. |
6. |
Article 19 shall be replaced by the following: ‘Article 19 Provided that the third country concerned has legally committed itself to providing the assistance necessary to assemble all the evidence of the irregular nature of operations which appear to be in breach of customs or agricultural legislation or to determine the extent of the operations which have been found to be in breach of such legislation, information obtained pursuant to this Regulation may be communicated to it:
Such communication by a Member State shall be made in compliance with its domestic provisions applicable to the transfer of personal data to third countries. In all cases, it shall be ensured that the rules of the third country concerned offer a degree of protection equivalent to that provided for in Article 45(1) and (2).’; |
7. |
in Article 20(2), point (d) shall be deleted; |
8. |
Article 23 shall be amended as follows:
|
9. |
in Article 24, the following points shall be added:
|
10. |
Article 25 shall be replaced by the following: ‘Article 25 1. The items to be included in the CIS relating to each of the categories referred to in Article 24(a) to (h) shall be determined in accordance with the regulatory procedure with scrutiny referred to in Article 43(2) to the extent that this is necessary to achieve the aim of the System. Personal data may under no circumstances appear in the category referred to in Article 24(e). 2. With regard to the categories referred to in Article 24(a) to (d), the items of information to be included in respect of personal data shall comprise no more than:
3. With regard to the category referred to in Article 24(f), the items of information to be included in respect of personal data shall comprise no more than the experts’ names and forenames. 4. With regard to the categories referred to in Article 24(g) and (h), the items of information to be included in respect of personal data shall comprise no more than:
5. In all cases, no personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership and data concerning the health or sex life of an individual shall be included.’; |
11. |
Article 27 shall be replaced by the following: ‘Article 27 1. Personal data which are included in the categories referred to in Article 24 shall be included in the CIS solely for the purposes of the following suggested actions:
2. Personal data which are included in the categories referred to in Article 24 may be included in the CIS only if, in particular on the basis of prior illegal activities or of information provided by way of assistance, there is a real indication that the person in question has carried out, is carrying out or is about to carry out operations in breach of customs or agricultural legislation which are of particular relevance at Community level.’; |
12. |
Article 34(3) shall be replaced by the following: ‘3. To ensure the correct application of the data protection provisions of this Regulation, the Member States and the Commission shall regard the CIS as a personal data-processing system which is subject to:
|
13. |
Article 35 shall be replaced by the following: ‘Article 35 1. Subject to Article 30(1), CIS partners shall be prohibited from using personal data from the CIS for any purpose other than that stated in Article 23(2). 2. Data may be duplicated only for technical purposes, provided that such duplication is required for the purpose of searches carried out by the authorities referred to in Article 29. 3. Personal data included in CIS by a Member State or the Commission may not be copied in data-processing systems for which the Member States or the Commission are responsible, except in systems of risk management used to direct national customs controls or in an operational analysis system used to coordinate actions at Community level. In that case, only the analysts designated by the national authorities of each Member State and those designated by Commission services shall be empowered to process personal data obtained from the CIS within the framework respectively of a risk management system used to direct customs controls by national authorities or an operational analysis system used to coordinate actions at Community level. Member States shall send the Commission a list of the risk management departments whose analysts are authorised to copy and process personal data entered in the CIS. The Commission shall inform the other Member States accordingly. It shall also provide all Member States with the corresponding information regarding its own services responsible for operational analysis. The list of designated national authorities and Commission services shall be published for information by the Commission in the Official Journal of the European Union. Personal data copied from the CIS shall be kept only for the time necessary to achieve the purpose for which they were copied. The need for their retention shall be reviewed at least annually by the copying CIS partner. The storage period shall not exceed 10 years. Personal data which are not necessary for the continuation of the analysis shall be deleted immediately or have any identifying factors removed.’; |
14. |
the second subparagraph of Article 36(2) shall be replaced by the following: ‘In any event, access may be denied to any person whose data are processed during the period in which actions are carried out for the purposes of sighting and reporting or discreet surveillance and during the period in which the operational analysis of the data or administrative enquiry or criminal investigation is ongoing.’; |
15. |
Article 37 shall be amended as follows:
|
16. |
in Title V, the title of Chapter 7 shall be replaced by the following: ‘Data security’; |
17. |
in Article 38(1), the following point shall be added:
|
18. |
the following Title shall be inserted: ‘TITLE Va CUSTOMS FILES IDENTIFICATION DATABASE CHAPTER 1 Establishment of a customs files identification database Article 41a 1. The CIS shall also include a specific database called the “Customs files identification database” (FIDE). Subject to the provisions of this Title, all the provisions of this Regulation relating to the CIS shall also apply to the FIDE, and any reference to the CIS shall include that database. 2. The objectives of the FIDE shall be to help to prevent operations in breach of customs legislation and of agricultural legislation applicable to goods entering or leaving the customs territory of the Community and to facilitate and accelerate their detection and prosecution. 3. The purpose of the FIDE shall be to allow the Commission, when it opens a coordination file within the meaning of Article 18 or prepares a Community mission in a third country within the meaning of Article 20, and the competent authorities of a Member State designated as regards administrative enquiries in accordance with Article 29, when they open an investigation file or investigate one or more persons or businesses, to identify the competent authorities of the other Member States or the Commission departments which are or have been investigating the persons or businesses concerned, in order to achieve the objectives specified in paragraph 2 by means of information on the existence of investigation files. 4. If the Member State or the Commission making a search in the FIDE needs fuller information on the registered investigation files on persons or businesses, it shall ask for the assistance of the supplier Member State. 5. The customs authorities of the Member States may use the FIDE within the framework of customs cooperation provided for in Articles 29 and 30 of the Treaty on European Union. In such a case, the Commission shall ensure the technical management of the database. CHAPTER 2 Operation and use of the FIDE Article 41b 1. The competent authorities may enter data from investigation files in the FIDE for the purposes defined in Article 41a(3) concerning cases which are in breach of customs legislation or agricultural legislation applicable to goods entering or leaving the customs territory of the Community and which are of particular relevance at Community level. The data shall cover only the following categories:
The data referred to in points (a), (b) and (c) shall be introduced separately for each person or business. The creation of links between those data shall be prohibited. 2. The personal data referred to in paragraph 1(a) shall consist only of the following:
3. Data shall be entered for a limited period in accordance with Article 41d. Article 41c 1. The introduction and consultation of data in the FIDE shall be reserved exclusively to the authorities referred to in Article 41a. 2. Any consultation of the FIDE must specify the following personal data:
CHAPTER 3 Storage of data Article 41d 1. The period for which data may be stored shall depend on the laws, regulations and procedures of the Member State supplying them. The following are the maximum periods, calculated from the date of entry of the data in the investigation file, which may not be exceeded:
These periods shall not be cumulative. 2. At all stages of an investigation file as referred to in paragraph 1(a), (b) and (c), as soon as a person to whom, or a business to which, Article 41b applies is cleared of suspicion under the laws, regulations and procedures of the supplier Member State, data concerning that person or business shall immediately be deleted. 3. The FIDE shall delete the data automatically as soon as the maximum storage period provided for in paragraph 1 has elapsed.’; |
19. |
Title VI shall be replaced by the following: ‘TITLE VI FINANCING Article 42a 1. This Regulation is the basic act on which the financing of all Community action provided for herein is based, including:
2. Expenditure relating to the acquisition, study, development and maintenance of the Community components of the common communication network used for the purposes of paragraph 1(c) shall also be borne by the general budget of the European Union. The Commission shall conclude the necessary contracts on behalf of the Community to ensure the operational nature of those components. 3. Without prejudice to the expenses relating to the operation of the CIS and the amounts provided for by way of compensation pursuant to Article 40, the Member States and the Commission shall waive all claims for the reimbursement of expenditure relating to the supply of information or of documents or to the implementation of an administrative investigation or of any other operational action pursuant to this Regulation which are carried out at the request of a Member State or the Commission, except as regards the allowances, if any, paid to experts. |
20. |
Article 43 shall be amended as follows:
|
21. |
in Articles 44 and 45(2), the terms ‘in Title V on the CIS’ shall be replaced by the terms ‘in Titles V and Va’; |
22. |
the following Article shall be inserted: ‘Article 51a The Commission, in cooperation with the Member States, shall report each year to the European Parliament and to the Council on the measures taken in implementation of this Regulation.’; |
23. |
Article 53 shall be amended as follows:
|
Article 2
This Regulation shall enter into force on the third day following its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Strasbourg, 9 July 2008.
For the European Parliament
The President
H.-G. PÖTTERING
For the Council
The President
J.-P. JOUYET
(2) Opinion of the European Parliament of 19 February 2008 (not yet published in the Official Journal) and Council Decision of 23 June 2008.
(3) OJ L 82, 22.3.1997, p. 1. Regulation amended by Regulation (EC) No 807/2003 (OJ L 122, 16.5.2003, p. 36).
(4) OJ L 136, 31.5.1999, p. 20.
(5) OJ C 316, 27.11.1995, p. 34.
(6) OJ C 316, 27.11.1995, p. 33.
(7) OJ C 139, 13.6.2003, p. 1.
(8) OJ C 247, 15.10.2003, p. 1.
(9) OJ C 362, 18.12.2001, p. 1.
(10) OJ L 281, 28.11.1995, p. 31. Directive as amended by Regulation (EC) No 1882/2003 (OJ L 284, 31.10.2003, p. 1).
(11) OJ L 201, 31.7.2002, p. 37. Directive as amended by Directive 2006/24/EC (OJ L 105, 13.4.2006, p. 54).
(13) OJ L 184, 17.7.1999, p. 23. Decision as amended by Decision 2006/512/EC (OJ L 200, 22.7.2006, p. 11).