Availability Principle, Horizontal Cooperation and Exchange of PNR data - Paolo Troisi - Euweb
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Availability Principle, Horizontal Cooperation
and Exchange of PNR data
Paolo Troisi
Lecturer of Criminal Procedure Law, University “Tor Vergata” of Rome
23 April 2021
with the support of Lidia Iannibelli – EUWEB Secretariat1. Information Cooperation in Criminal Matters
“Collection, archiving, processing, analysis and exchange of
information relevant to the prevention, detection or investigation
of criminal offences” (Art. 87(2)(a) TFEU).
Principle of availability
Each State is obliged to make available to the competent
authorities of the other Member States the data it collects for
the prevention, detection and investigation of criminal offences
committed by persons freely moving within the territory of the
Union (Para 2.1, Part III, of the Hague Programme as formulated
by the Brussels European Council of 4 and 5 November 2004).
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedFactors
• Upsurge, following the attacks in New York and Madrid in 2001 and 2004,
of international terrorism;
• technological development, which has increased the possibilities to
collect, store and transmit data.
Two ways of implementation
1. Horizontal information cooperation “direct” information exchange
between Member States, to be achieved, depending on the type of
information, through mutual access or interoperability between national
databases;
2. vertical information cooperation information circulation promoted by
supranational bodies, through the gradual creation of European
databases for security and justice purposes, to be made accessible
online to national law enforcement bodies.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedFallout
• Implementation of data collection and archiving activities, both through
the establishment of new national databases (or the harmonisation of
existing ones) and through the development of European databases;
• development of a common European privacy and data protection
framework (Framework Decision 2008/977/JHA and Directive (EU)
2016/680).
Horizontal information cooperation
Implementation milestones:
• Prüm Treaty, signed on 27 May 2005 by Belgium, Germany, Spain, France,
Luxembourg, the Netherlands and Austria, subsequently incorporated into
the EU legal framework through Decisions 2008/615/JHA and
2008/616/JHA (the so-called Prüm Decisions);
• Framework Decision 2006/960/JHA (the so-called “Swedish Framework
Decision”).
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedPrüm decisions
Approach for individual data fields:
• direct online access to indexes of national DNA and fingerprint databases;
• direct full online access to national vehicle databases;
• on-demand access to information related to events of cross-border
relevance.
Swedish Framework Decision
General system of transmission of information and intelligence, for the
purpose of prevention and investigation of criminal offences, directly
between law enforcement authorities of the Member States.
Transmission: 1) takes place on request; 2) shall not be subject to stricter
conditions than those applicable at national level.
They are set: A) strictly defined time limits for replying; B) strict grounds for
refusal.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reserved2. Further Interconnection Circuits
Between National Databases
Main guidelines:
• computerised mutual exchange system of information
extracted from criminal records (ECRIS);
• circulation of information on organised crime and
terrorism;
• exchange of financial and bank account information;
• exchange of passenger name record data on flights
arriving in or departing from the territory of the
Member States.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedECRIS
It is a decentralised, distributed networked information system:
• data extracted from criminal records are stored only in national
databases;
• there is no direct online access to the files of other States;
• circulation takes place via State of nationality, which acts as a centre
for collecting and sorting information on convictions handed down
in other Member States against its own nationals;
• the owner of the data remains the convicting State: it is obliged to
communicate any change or deletion of information to the State of
the person's nationality, which in turn must make an identical
change or deletion in its national file (Framework Decision
2009/315/JHA).
Regulation (EU) 2019/816 Supplementing ECRIS with a centralised
system for identifying EU countries holding information on convictions
of third-country nationals and stateless persons (ECRIS-TCN).
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedCirculation of information on organised and terrorist crime
• Decision 2005/671/JHA on the exchange of information and
cooperation concerning terrorist offences;
• Decision 2007/845/JHA of 2007 concerning cooperation
between Asset Recovery Offices (AROs) of the Member States
in the field of tracing and identification of proceeds from, or
other property related to, crime;
• 2010 Agreement between the European Union and the
United States on the processing and transfer of financial
messaging data from the European Union to the United States
for purposes of the Terrorist Finance Tracking Programme
(TFTP).
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedDirective (EU) 2019/1153
Content on-demand exchange of financial information and
information extracted from national centralised registers of bank
accounts, for the prevention, detection, investigation or prosecution of
offences related to terrorism, organised crime and money laundering,
between:
• Member States' Financial Intelligence Units (FIUs);
• specially designated authorities of the Member States;
• FIUs (or designated national authorities) and Europol.
Directive (EU) 2016/681
Content circulation of Passenger Name Record data of passengers
on flights arriving in or departing from the territory of the Member
States for the purposes of the prevention, detection, investigation and
prosecution of terrorist offences and other serious criminal offences.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reserved3. Operation
• The airlines must send the PNR data electronically, 24 to 48 hours
before departure and immediately after the flight has ended, to
the National Passenger Information Unit set up in the Member
State on whose territory the flight lands or from whose territory
the flight departs;
• the unit which receives the data carries out an initial automated
analysis in real time, using pre-established risk criteria and
computer comparison with information stored in other
databases. The purpose is to check travelers before the arrival or
departure of the flight, in order to identify persons who might be
involved in acts of terrorism or other serious crimes (so-called
real-time screening);
ed. Paolo Troisi, ©Copyright2021 - All rights
are reserved• a possible “positive finding” must be followed by
a non-automated individual examination, aimed
at verifying the need for proper action;
• if also this individual examination is positive, the
PIU transmits the PNR data and the results of the
relative processing to the competent national
authorities (of police, judiciary and intelligence),
as well as to the Units of all the other Member
States (in order to forward it to the respective
judicial, police and intelligence bodies);
ed. Paolo Troisi, ©Copyright2021 - All rights
are reserved• irrespective of the outcome of the analysis in real time, all the
PNR data obtained from the airline companies are conserved, by
the national Unit which receives them, in a special database, for
a period of five years and, six months after the transfer, are
rendered anonymous, by masking the elements which could
serve to identify the passenger or other persons;
• this storage is intended, first and foremost, to enable the
national unit to respond to duly justified requests made, in
relation to specific cases, by state law enforcement authorities,
the intelligence units of other Member States, Europol or third
countries (so-called reactive control). The transmission of full
data, after the first six months, is only allowed if necessary and
subject to the approval of a judicial or other competent national
authority;
ed. Paolo Troisi, ©Copyright2021 - All rights
are reserved• in addition, stored data are analysed to define or
update risk criteria to be used to identify persons
involved in serious criminal activities (so-called
“proactive control”);
• processing and exchange is, in any case, only
allowed for the purpose of preventing and
suppressing terrorist offences or other specifically
listed serious crimes;
• processing of sensitive data and automated or
discriminatory individual decisions is strictly
prohibited.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedDoubts about the necessity and proportionality of the system
1. It achieves an important exception to the purpose limitation
principle, as data collected for commercial purposes are reused
for law enforcement purposes;
2. it results in large-scale interference with individual privacy,
through automated and systematic monitoring, evoking scenarios
of mass surveillance;
3. It interferes with the rights of liberty and the presumption of
innocence: just because individuals travel by air within or outside
the EU, they become potential suspects of past or future
wrongdoing and their personal data are then included in a
database managed for law enforcement purposes;
4. it is not clear what probative value the PNR data and the results of
the relative processing have in criminal proceedings and in
prevention proceedings.
ed. Paolo Troisi, ©Copyright2021 - All rights
are reservedYou can also read
