REGULATORY SCRUTINY BOARD OPINION Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) 2016/794, as regards Europol’s cooperation with private parties, the processing of personal data by Europol in support of criminal investigations, and Europol’s role on research and innovation

Tilhører sager:

Hovedtilknytning: Forslag til EUROPA-PARLAMENTETS OG RÅDETS FORORDNING om ændring af forordning (EU) 2016/794 for så vidt angår Europols samarbejde med private parter, Europols behandling af personoplysninger til støtte for strafferetlige efterforskninger og Europols rolle inden for forskning og innovation {SEC(2020) 545 final} - {SWD(2020) 543-44 final} ()
Hovedtilknytning: Forslag til EUROPA-PARLAMENTETS OG RÅDETS FORORDNING om ændring af forordning (EU) 2016/794 for så vidt angår Europols samarbejde med private parter, Europols behandling af personoplysninger til støtte for strafferetlige efterforskninger og Europols rolle inden for forskning og innovation {SEC(2020) 545 final} - {SWD(2020) 543-44 final} ()
Hovedtilknytning: Forslag til EUROPA-PARLAMENTETS OG RÅDETS FORORDNING om ændring af forordning (EU) 2016/794 for så vidt angår Europols samarbejde med private parter, Europols behandling af personoplysninger til støtte for strafferetlige efterforskninger og Europols rolle inden for forskning og innovation {SEC(2020) 545 final} - {SWD(2020) 543-44 final} ()

Aktører:

SEK (2020) 0545

https://www.ft.dk/samling/20201/kommissionsforslag/kom(2020)0796/forslag/1727069/2303431.pdf

EUROPEAN COMMISSION
25.11.2020
SEC(2020) 545
REGULATORY SCRUTINY BOARD OPINION
Proposal for a Regulation of the European Parliament and of the Council
amending Regulation (EU) 2016/794, as regards Europol’s cooperation with
private parties, the processing of personal data by Europol in support of
criminal investigations, and Europol’s role on research and innovation
{COM(2020) 796}
{SWD(2020) 543}
{SWD(2020) 544}
Europaudvalget 2020
KOM (2020) 0796
Offentligt
1
EUROPEAN COMMISSION
Regulatory Scrutiny Board
Brussels,
RSB
Opinion
Title: Impact assessment / Strengthening of Europol’s mandate
Overall 2nd
opinion: POSITIVE WITH RESERVATIONS
(A) Policy context
Europol’s mission is to support Member State authorities to prevent serious international
organised crime and terrorism. It does this through exchange of information and criminal
intelligence.
Since the last changes to Europol’s legal basis in 2016, security threats have become more
complex. Criminals exploit possibilities created by new technologies, globalisation and
mobility.
The present initiative is a key action of the EU Security Union Strategy. It aims to address
these new threats and some identified shortcomings of the Regulation. The most important
of these is a lack of legal clarity on the processing of personal data. It also aims to align the
procedures establishing cooperation with non-EU countries and with other EU Agencies.
(B) Summary of findings
The Board notes that the report has been substantially redrafted. It provides a
clearer assessment of the main trade-offs, notably between combatting crime and
personal data protection. It also better explains the context and the current mandate
of Europol.
However, the report still contains significant shortcomings. The Board gives a
positive opinion with reservations because it expects the DG to rectify the following
aspects:
(1) The main report does not cover an assessment of some key policy options. It is
still not sufficiently streamlined and includes repetition.
(2) The report does not explain some of the policy options well and how they differ
from the baseline.
(C) What to improve
(1) The presentation of the report should be further streamlined. It should reduce
repetition between sections, especially between the problem description and the related
2
drivers. Lengthy quotes from inter-institutional resolutions or conclusions should be
replaced with corresponding links in footnotes. This would free up space to bring in
relevant analysis from the annexes.
(2) The main report should integrate the assessment of the options concerning Europol’s
capability to issue alerts in the Schengen Information System or request the initiation of
criminal investigations, as far as they involve real policy choices. The preferred option
should include all measures involved.
(3) The report should explain the policy options with more precision to help understand
how they would work in practice. It should explain the origin of the policy options (e.g.
why it considers an intrusive policy option like a new category of data subjects including
persons unrelated to crime; whether certain groups of stakeholders have requested certain
policy options). Furthermore, the report should clearly justify the absence of alternatives
that do not necessitate changing Europol’s mandate (e.g. for the coordination of research).
(4) The report should clarify the differences between the policy options and the baseline.
For example, it is not clear how the option allowing Europol to process data received
directly from private parties differs from the current situation and how it affects the legal
deadline beyond which the data must be deleted. For the policy options in relation to
research, the report should clarify that enabling Europol to process personal data for the
purpose of innovation could also include persons unrelated to crime. It should explain how,
under this policy option, Europol would treat and protect personal data in comparison to
other options involving persons unrelated to crime.
(5) The report should describe stakeholder views more systematically. It should not limit
this information to percentages, but explain when stakeholder groups differ in their views.
Throughout the text, the report should indicate how the stakeholder views were taken into
account.
(6) When comparing the policy options, the report should distinguish between the costs
for businesses and those for public authorities. Annex 3 should provide more information
on the estimates for costs and benefits and provide precise references to the underlying
studies.
The Board notes the estimated costs and benefits of the preferred options in this initiative,
as summarised in the attached quantification tables.
(D) Conclusion
The DG may proceed with the initiative.
The DG must revise the report in accordance with the Board’s findings before
launching the interservice consultation.
If there are any changes in the choice or design of the preferred option in the final
version of the report, the DG may need to further adjust the attached quantification
tables to reflect this.
Full title Impact Assessment on a proposal to strengthen the Europol
mandate
3
Reference number PLAN/2020/6621
Submitted to RSB on 04 November 2020
Date of RSB meeting Written procedure
4
ANNEX: Quantification tables extracted from the draft impact assessment report
The following tables contain information on the costs and benefits of the initiative on which
the Board has given its opinion, as presented above.
If the draft report has been revised in line with the Board’s recommendations, the content of
these tables may be different from those in the final version of the impact assessment report,
as published by the Commission.
5
I. Overview of benefits (total of all provisions) – Preferred options (EUR million over a 10 year period)
Description Amount Comments
Direct benefits
Saving in administrative
costs
200 (Total) Main beneficiaries are public authorities in Member States and businesses.
Savings are based on the following factors:
Policy Option 2: Europol to process data received directly from private
parties, to request personal data held by private parties to establish
jurisdiction, as well as to tasks serve as a channel to transmit Member States’
requests containing personal data to private parties outside their jurisdiction
(regulatory intervention)
- Reduced costs for cross-border service providers to identify the
jurisdiction of the relevant law enforcement authorities concerned, in
cases in which these are difficult to establish;
- Reduced liability risks for service providers when sharing personal data
with Europol;
- Reduced costs for national law enforcement authorities, who will have
to spend less resources on analysing multi-jurisdictional data sets for
information relevant for their jurisdiction, because Europol is doing this
for them;
- Reduced cost for national law enforcement authorities to transfer
requests containing personal data to private parties outside their
jurisdiction by using channels set up by Europol for this purpose.
Policy option 4: clarifying the provisions on the purposes of information
processing activities (regulatory intervention)
- Reduced costs for national law enforcement authorities as Europol will
provide more operational support, especially in complex, large-scale
and resource demanding investigations in the Member States, upon
6
their request. The reduced costs cannot be established in advance.
Policy option 7: enabling Europol to process personal data, including large
amounts of personal data, as part of fostering innovation; Europol will
participate in the management of research in areas relevant for law
enforcement (regulatory intervention)
- Reduced costs for national authorities, notably national innovation labs
working on security, as they will benefit from synergies and economies
of scale created by the Europol innovation lab. The reduced costs
cannot be established in advance. This is mainly because the innovation
and research needs in relation to internal security will depend on the
development of crime and the use of technology by criminals, both of
which is the result of various factors and cannot be predicted in
advance.
Policy option 9: introducing a new alert category in the Schengen Information
System to be used exclusively by Europol (regulatory intervention)
- There are no direct cost benefit for national authorities. Indirectly, the
society as a whole will benefit from enhanced internal security (see
below).
Policy option 11: targeted revision aligning the provision on the transfer of
personal in specific situations with the Police Directive (regulatory
intervention)
- Reduced costs for national authorities as they will benefit from
Europol’s cooperation with third countries. The reduced costs cannot be
established in advance. This is mainly because the crime rate, and
hence the workload of public authorities investing and countering those
crimes that require cooperation with third countries, is the result of
various factors and cannot be predicted in advance.
Policy option 12: seeking best practice and guidance (non-regulatory
intervention)
7
- Reduced costs for national authorities as they will benefit from
Europol’s cooperation with third countries. The reduced costs cannot be
established in advance. This is mainly because the crime rate, and
hence the workload of public authorities investing and countering those
crimes that require cooperation with third countries, is the result of
various factors and cannot be predicted in advance.
Policy option 14: enabling Europol to request the initiation of criminal
investigations in cases affecting only one Member State that concern forms of
crime which affect a common interest covered by a Union policy (regulatory
intervention)
- Reduced costs for national competent authorities in the Member States
in investigating cases falling under this option, as they will have to
spend fewer resources in activities that will be supported by Europol
(e.g. criminal and forensic analysis). The reduced costs cannot be
established in advance. This is mainly because the crime rate, and
hence the workload of public authorities investing and countering these
crimes, is the result of various factors and cannot be predicted in
advance.
EPPO:1
enabling Europol to invite the EPPO to consider initiating an
investigation (regulatory intervention)
- Reduced costs for national authorities in the participating Member
States as the EPPO, strongly supported by Europol, will undertake
relevant investigations. The reduced costs cannot be established in
advance. This is mainly because the crime rate, and hence the workload
of public authorities investing and countering these crimes, is the result
of various factors and cannot be predicted in advance.
1
This is not a policy option, but a regulatory alignment following from Council Regulation (EU) 2017/1939 (12.10.2017), which will have cost impacts on Europol (see
Impact Assessment, Main Report, Section 2 Problem Definition).
8
Indirect benefits
Reduction of crime 1 000 Main beneficiary of reduction of crime for society at large.
________________________________
This opinion concerns a draft impact assessment which may differ from the final version.
Commission européenne, B-1049 Bruxelles - Belgium. Office: BERL 08/010. E-mail: regulatory-scrutiny-board@ec.europa.eu
II. Overview of costs – Preferred options2
Policy
Option
Measures Citizens/ Consumers Businesses Administrations3
One-off Recurrent One-off Recurrent One-off Recurrent
Policy
option 2
Private parties sharing
personal data
proactively with
Europol, Europol
engaging in follow-up
exchanges with private
parties about missing
information, Europol
issuing own-initiative
request to Member
State of Establishment,
and Europol serving as
a channel for Member
State’s request
containing personal
data to a private party
outside its jurisdiction
None None Small one-off
costs for adapting
internal
procedures for
direct exchanges
with Europol
Costs of
identifying the
relevant personal
data for Europol.
However, these
costs should be
offset by savings,
as national law
enforcement
authorities issue
less individual
requests for the
data already shared
with Europol.
One-off costs for Europol to
modify IT systems to allow
for exchanges with private
parties and the subsequent
processing of personal data,
including an increase in
bandwidth and storage
capacity (~EUR 1 million).
Additional costs for Europol
to maintain IT systems and
increase support for
operations including
meetings and missions
(~EUR 6 million).
~60-70 FTE for Europol to
analyse additional data
coming from private parties.
However, these costs should
be offset at the level of
Member States, as national
law enforcement authorities
will not have to analyse this
data to identify information
relevant for their
jurisdiction. FTEs to be
scaled up in the first years of
implementation, to follow
expected demand growth.
2
Figures are total estimates over the period of the next MFF 2021-2027. The number of FTEs will be scaled up in the first years of implementation, to follow expected demand
growth. Staff figures are based on Europol’s resource needs at the end of this period. The ranges for staff figures are based on Europol’s estimates with a margin of 1-5 staff for
smaller staff needs, and a margin of 1-10 staff for higher staff. The indications of FTEs correspond mostly to temporary agents, due to the specificities of the tasks (handling of
personal data). A limited number of contract agents (~1-5) is included as well in the FTE estimates, for tasks related to the establishment and maintenance of IT capabilities.
3
The costs related to Europol have been estimated on the basis of the considerations outlined in the Impact Assessment, of estimates shared by the agency, and of the agency’s annual
reporting on operational indicators related to their levels of activities.
10
Policy
Option 4
clarifying the
provisions on the
purposes of
information processing
activities
None None None None None Additional costs for Europol
to increase support for
operations including
meetings and missions
(~EUR 0.1 million).
~5-15 FTE for Europol for
Europol to manage, process
and analyse data and
maintain IT systems.
Policy
Option 7
enabling Europol to
process personal data,
including large
amounts of personal
data, as part of
fostering innovation;
Europol will
participate in the
management of
research in areas
relevant for law
enforcement
None None None None One-off costs for Europol to
set up relevant IT systems
including a secured data
space, a repository of tools
and an EU technology
observatory (~EUR 2
million).
Additional costs for Europol
to support Member States in
implementing innovation
projects including the
management of the
Innovation hub and the
testing of innovative IT
solutions in a secured
environment (~EUR 13
million).
~25-35 FTE for Europol to
run its innovation lab,
support the EU innovation
hub for internal security, and
to support the management
of security research.
Policy
Option 9
introducing a new alert
category in the
Schengen Information
System to be used
exclusively by
None None None None There will be marginal costs
for Member States to update
their national systems
allowing their end-users to
see the alerts issued by
Additional costs for Europol
to renew, maintain, and
expand IT systems
(including bandwidth and
storage) in line with demand
11
Europol Europol, as well as to update
their SIRENE workflows.4
One-off costs for Europol to
establish and adapt relevant
connections with SIRENE
community to be able to send
data in a structured way to
the central component of the
Schengen Information
System when they issue an
alert (~EUR 1 million).
Costs for eu-LISA,5
the EU
agency responsible for the
operational management of
the Schengen Information, as
it would need to update the
central system to enable
Europol as a new user to
create alerts, as well as some
elements of the SIRENE
mail exchange. These costs
would be below EUR 2
million.
(~EUR 7 million).
~10-20 FTE for Europol to
create alerts in the Schengen
Information System and to
provide 24/7 follow up to
Member States in case of a
hit. FTEs to be scaled up in
the first years of
implementation, to follow
expansion of the new
system’s users. The need of
24/7 support implies
necessary human resources
(shift work).
Policy
option
11
targeted revision
aligning the provision
on the transfer of
personal in specific
situations with the
Police Directive
None None None None One-off costs for Europol to
adapt IT systems to provide
for secured connections with
third countries (~EUR 0.4
million).
Additional costs for Europol
to increase support for
operations including
meetings and missions (EUR
3 million).
~1-5 FTE for Europol to
make use of its mechanism
4
SIRENE stands for “Supplementary Information Request at the National Entries”. Each Member State operating the Schengen Information System has set up a national SIRENE
Bureau, operational 24/7, that is responsible for any supplementary information exchange and coordination of activities connected to alerts.
5
EU Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice.
12
to exchange personal data
with third countries where
necessary
Policy
option
12
seeking best practice
and guidance
None None None None None Additional costs for Europol
to exchange best practices,
organise meetings and
trainings (~EUR 0.3
million).
Policy
option
14
Europol requesting the
initiation of criminal
investigations in cases
affecting only one
Member State that
concern forms of
crime which affect a
common interest
covered by a Union
policy
None None None None One-off costs for Europol to
modify IT systems and tools,
including an increase in
bandwidth and storage
capacity (~EUR 0.5 million).
Additional costs for Europol
to increase support for
operations in individual
Member States including
meetings, missions and
operational infrastructure
(EUR 6 million).
~15-25 FTE for Europol to
coordinate with the Member
States and to support
Member States in their
investigation (incl. on-the-
spot-support, access to
criminal databases and
analytical tools, operational
analysis, forensic and
technical expertise)
EPPO6 Europol requesting
the EPPO to consider
initiating an
investigation in line
with its mandate, in
full respect of the
None None None None None Additional costs for Europol
to increase support for
investigations of the EPPO
including meetings, missions
and operational
infrastructure (EUR 1
6
This is not a policy option, but a regulatory alignment following from Council Regulation (EU) 2017/1939 (12.10.2017), which will have cost impacts on Europol (see Impact
Assessment, Main Report, Section 2 Problem Definition).
13
independence of the
EPPO, and Europol
actively supporting the
investigations and
prosecutions of the
EPPO (e.g. report
suspected PIF cases,
provide any relevant
information requested
by the EPPO, provide
on-the-spot-support,
access to criminal
databases and
analytical tools,
operational analysis,
forensic and technical
expertise, specialised
training)
million).
~5-15 FTE Europol to
coordinate with EPPO and to
actively support EPPO in its
investigations and
prosecutions. This includes
reporting suspected PIF
cases, providing relevant
information requested by the
EPPO, providing on-the-
spot-support, access to
criminal databases and
analytical tools, operational
analysis, forensic and
technical expertise and
specialised training). FTEs
to be scaled up in the first
years of implementation, as
the volume of EPPO
investigations and
prosecutions increases.
Electronically signed on 25/11/2020 08:38 (UTC+01) in accordance with article 11 of Commission Decision C(2020) 4482

1_EN_avis_impact_assessment_part1_v2.pdf

https://www.ft.dk/samling/20201/kommissionsforslag/kom(2020)0796/forslag/1727069/2315290.pdf