This Decision lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may obtain access for consultation of the Visa Information System (VIS) for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences.
Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences
Council Decision 2008/633/JHA of 23 June 2008 concerning access for consultation of the Visa Information System (VIS) by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences
THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty on European Union, and in particular Article 30(1)(b) and Article 34(2)(c) thereof,
Having regard to the proposal from the Commission,
Having regard to the Opinion of the European Parliament,
Whereas:
Council Decision 2004/512/EC of 8 June 2004 establishing the Visa Information System (VIS)(1) established the VIS as a system for the exchange of visa data between Member States. The establishment of the VIS represents one of the key initiatives within the policies of the European Union aimed at establishing an area of freedom, security and justice. The VIS should have the purpose of improving the implementation of the common visa policy and should also contribute towards internal security and to combating terrorism under clearly defined and monitored circumstances.
During its meeting of 7 March 2005 the Council adopted conclusions stating that ‘in order to achieve fully the aim of improving internal security and the fight against terrorism’, Member State authorities responsible for internal security should be guaranteed access to the VIS, ‘in the course of their duties in relation to the prevention, detection and investigation of criminal offences, including terrorist acts and threats’, ‘subject to strict compliance with the rules governing the protection of personal data’.
It is essential in the fight against terrorism and other serious crimes for the relevant services to have the fullest and most up-to-date information in their respective fields. The Member States' competent national services need information if they are to perform their tasks. The information contained in the VIS may be necessary for the purposes of preventing and combating terrorism and serious crimes and should therefore be available, subject to the conditions set out in this Decision, for consultation by the designated authorities.
Moreover, the European Council has stated that Europol has a key role with respect to cooperation between Member States' authorities in the field of cross-border crime investigation in supporting Union-wide crime prevention, analyses and investigation. Consequently, Europol should also have access to VIS data within the framework of its tasks and in accordance with the Convention of 26 July 1995 on the Establishment of a European Police Office(2).
This Decision complements Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on 7 stay-visas (VIS Regulation)(3) insofar as it provides for a legal base under Title VI of the Treaty on European Union authorising access to the VIS for designated authorities and for Europol.
It is necessary to designate the competent Member States' authorities as well as the central access points through which access is done and to keep a list of the operating units within the designated authorities that are authorised to access the VIS for the specific purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences as referred to in Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States(4). It is essential to ensure that the duly empowered staff with a right to access the VIS is limited to those who ‘have a need to know’ and possess appropriate knowledge about data security and data protection rules.
Requests for access to the VIS should be made by the operating units within the designated authorities to the central access points. These central access points should then process the requests for access to the VIS following a verification whether all conditions for access are fulfilled. In an exceptional case of urgency the central access points should process the request immediately and only do the verification afterwards.
For the purposes of protection of personal data, and in particular to exclude routine access, the processing of VIS data should only be on a case-by-case basis. Such a specific case exists in particular when the access for consultation is connected to a specific event or to a danger associated with serious crime, or to (a) specific person(s) in respect of whom there are serious grounds for believing that the person(s) will commit or has (have) committed terrorist offences or other serious criminal offences or that the person(s) has (have) a relevant connection with such (a) person(s). The designated authorities and Europol should thus only search data contained in the VIS when they have reasonable grounds to believe that such a search will provide information that will substantially assist them in preventing, detecting or investigating serious crime.
Once the proposed Framework Decision on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters has entered into force it should apply to the personal data which are processed pursuant to this Decision. However, until the rules set out in that Framework Decision are applicable and in order to supplement them, adequate provisions have to be provided for to ensure the necessary data protection. Each Member State should ensure an adequate data protection level in its national law which at least corresponds to that resulting from the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the corresponding case law pursuant to Article 8 of the Convention for the Protection of Human Rights and Fundamental Freedoms and, for those Member States which have ratified it, the Additional Protocol of 8 November 2001 to that Convention, and should take into account Recommendation No R (87) 15 of 17 September 1987 of the Committee of Ministers of the Council of Europe Regulating the Use of Personal Data in the Police Sector.
The effective monitoring of the application of this Decision should be evaluated at regular intervals.
Since the objectives of this Decision, namely the creation of obligations and conditions for access for consultation of VIS data by Member States' designated authorities and by Europol, cannot be sufficiently achieved by the Member States and can, therefore, by reason of the scale and effects of the action, be better achieved at the level of the European Union, the Council may adopt measures in accordance with the principle of subsidiarity, referred to in Article 2 of the Treaty on European Union and defined in Article 5 of the Treaty establishing the European Community. In accordance with the principle of proportionality, as set out in that Article, this Decision does not go beyond what is necessary in order to achieve those objectives.
In accordance with Article 47 of the Treaty on European Union, this Decision does not affect the competences of the European Community, in particular as exercised in Regulation (EC) No 767/2008 and in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data(5).
This Decision constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis(6). The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.
This Decision constitutes a development of provisions of the Schengen acquis in which Ireland does not take part in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis(7). Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.
However, in accordance with Council Framework Decision 2006/960/JHA of 18 December 2006 on simplifying the exchange of information and intelligence between law enforcement authorities of the Member States of the European Union(8), information contained in the VIS can be provided to the United Kingdom and Ireland by the competent authorities of the Member States whose designated authorities have access to the VIS pursuant to this Decision. Information held in the national visa registers of the United Kingdom and Ireland can be provided to the competent law enforcement authorities of the other Member States. Any form of direct access for central authorities of the United Kingdom and Ireland to the VIS would, under the present state of their participation in the Schengen acquis, require an agreement between the Community and those Member States, possibly to be supplemented by other rules specifying the conditions and procedures for such access.
As regards Iceland and Norway, this Decision constitutes, with the exception of Article 7, a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the association of those two States with the implementation, application and development of the Schengen acquis(9) which fall within the area referred to in Article 1, point B of Council Decision 1999/437/EC(10) on certain arrangements for the application of that Agreement.
As regards Switzerland, this Decision constitutes, with the exception of Article 7, a development of the provisions of the Schengen acquis within the meaning of the Agreement signed by the European Union, the European Community and the Swiss Confederation concerning the association of the Swiss Confederation with the implementation, application and development of the Schengen acquis which fall within the area referred to in Article 1, point B of Decision 1999/437/EC read in conjunction with Article 4(1) of Council Decision 2004/849/EC(11).
This Decision, save Article 6, constitutes an act building on the Schengen acquis or otherwise related to it within the meaning of Article 3(2) of the 2003 Act of Accession and Article 4(2) of the 2005 Act of Accession.
This Decision respects the fundamental rights and observes the principles reflected in particular in the Charter of Fundamental Rights of the European Union,
HAS DECIDED AS FOLLOWS:
Article 1 Subject matter and scope
Article 2 Definitions
For the purposes of this Decision, the following definitions shall apply:
-
‘Visa Information System (VIS)’ means the Visa Information System as established by Decision 2004/512/EC;
-
‘Europol’ means the European Police Office as established by the Convention of 26 July 1995 on the Establishment of a European Police Office (the Europol Convention);
-
‘terrorist offences’ means the offences under national law which correspond or are equivalent to the offences in Articles 1 to 4 of Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism(12);
-
‘serious criminal offences’ means the forms of crime which correspond or are equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA;
-
‘designated authorities’ means authorities which are responsible for the prevention, detection or investigation of terrorist offences or of other serious criminal offences and designated by the Member States pursuant to Article 3.
The definitions in Regulation (EC) No 767/2008 shall also apply.
Article 3 Designated authorities and central access points
Member States shall designate the authorities referred to in Article 2(1)(e) which are authorised to access VIS data pursuant to this Decision.
Every Member State shall keep a list of the designated authorities. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their designated authorities and may at any time amend or replace its declaration by another declaration.
Every Member State shall designate the central access point(s) through which the access is done. Member States may designate more than one central access point to reflect their organisational and administrative structure in fulfilment of their constitutional or legal requirements. By 2 December 2008 every Member State shall notify in a declaration to the Commission and the General Secretariat of the Council their central access point(s) and may at any time amend or replace its declaration by another declaration.
The Commission shall publish the declarations referred to in paragraphs 2 and 3 in the Official Journal of the European Union.
At national level, each Member State shall keep a list of the operating units within the designated authorities that are authorised to access the VIS through the central access point(s).
Only duly empowered staff of the operational units as well as the central access point(s) shall be authorised to access the VIS in accordance with Article 4.
Article 4 Procedure for access to the VIS
Where the conditions of Article 5 are fulfilled the operating units referred to in Article 3(5) shall submit a reasoned written or electronic request to the central access points referred to in Article 3(3) to access the VIS. Upon receipt of a request for access the central access point(s) shall verify whether the conditions for access referred to in Article 5 are fulfilled. If all conditions for access are fulfilled, the duly authorised staff of the central access point(s) shall process the requests. The VIS data accessed shall be transmitted to the operating units referred to in Article 3(5) in such a way as not to compromise the security of the data.
In an exceptional case of urgency, the central access point(s) may receive written, electronic or oral requests. In such cases, the central access point(s) shall process the request immediately and only verify ex-post whether all the conditions of Article 5 are fulfilled, including whether an exceptional case of urgency existed. The ex-post verification shall take place without undue delay after the processing of the request.