Customs and Excise (Mutual Assistance) Act, 2001

FIRST SCHEDULE

THE TEXT IN THE ENGLISH LANGUAGE OF THE CIS CONVENTION

CONVENTION DRAWN UP ON THE BASIS OF ARTICLE K.3 OF THE TREATY ON EUROPEAN UNION, ON THE USE OF INFORMATION TECHNOLOGY FOR CUSTOMS PURPOSES

THE HIGH CONTRACTING PARTIES to this Convention, Member States of the European Union,

REFERRING to the Act of the Council of the European Union of 26 July 1995,

RECALLING the commitments contained in the Convention on Mutual Assistance between Customs Administrations, signed in Rome on 7 September 1967,

CONSIDERING that customs administrations are responsible, together with other competent authorities, at the external frontiers of the Community and within the territorial limit thereof, for the prevention, investigation and suppression of offences against not only Community rules, but also against national laws, in particular those laws covered by Articles 36 and 223 of the Treaty establishing the European Community,

CONSIDERING that a serious threat to public health, morality and security is constituted by the developing trend towards illicit trafficking of all kinds,

CONVINCED that it is necessary to reinforce co-operation between customs administrations, by laying down procedures under which customs administrations may act jointly and exchange personal and other data concerned with illicit trafficking activities, using new technology for the management and transmission of such information, subject to the provisions of the Council of Europe Convention on the Protection of Individuals with Regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981,

BEARING IN MIND that the customs administrations in their day-to-day work have to implement both Community and non-Community provisions, and that there is consequently an obvious need to ensure that the provisions of mutual assistance and administrative co-operation in both sectors evolve as far as possible in parallel,

HAVE AGREED ON THE FOLLOWING PROVISIONS:

CHAPTER I

Definitions

Article 1

For the purposes of this Convention,

1. The term ‘national laws’ means laws or regulations of a Member State, in the application of which the customs administration of that Member State has total or partial competence, concerning:

—  the movement of goods subject to measures of prohibition, restriction or control, in particular those measures covered by Articles 36 and 223 of the Treaty establishing the European Community;

—  the transfer, conversion, concealment, or disguise of property or proceeds derived from, obtained directly or indirectly through or used in, illicit international drug trafficking.

2. The term ‘personal data’ means any information relating to an identified or identifiable individual.

3. The term ‘supplying Member State’ means a State which includes an item of data in the Customs Information System.

CHAPTER II

Establishment of a Customs Information System

Article 2

1. The customs administrations of the Member States shall set up and maintain a joint automated information system for customs purposes, hereinafter referred to as the ‘Customs Information System’.

2. The aim of the Customs Information System, in accordance with the provisions of this Convention, shall be to assist in preventing, investigating and prosecuting serious contraventions of national laws by increasing, through the rapid dissemination of information, the effectiveness of the co-operation and control procedures of the customs administrations of the Member States.

CHAPTER III

Operation and Use of the Customs Information System

Article 3

1. The Customs Information System shall consist of a central database facility and it shall be accessible via terminals in each Member State. It shall comprise exclusively data necessary to achieve its aim as stated in Article 2(2), including personal data, in the following categories:

(i) commodities;

(ii) means of transport;

(iii) businesses;

(iv) persons;

(v) fraud trends;

(vi) availability of expertise.

2. The Commission shall ensure the technical management of the infrastructure of the Customs Information System in accordance with the rules provided for by the implementing measures adopted within the Council.

The Commission shall report on the management to the committee referred to in Article 16.

3. The Commission shall communicate to that committee the practical arrangements adopted for the technical management.

Article 4

The Member States shall determine the items to be included in the Customs Information System relating to each of the categories (i) to (vi) in Article 3 to the extent that this is necessary to achieve the aim of the system. No items of personal data shall be included in any event within categories (v) and (vi) of Article 3. The items of information included in respect of persons shall comprise no more than:

(i) name, maiden name, forenames and aliases;

(ii) date and place of birth;

(iii) nationality;

(iv) sex;

(v) any particular objective and permanent physical characteristics;

(vi) reason for inclusion of data;

(vii) suggested action;

(viii) a warning code indicating any history of being armed, violent or escaping.

In any case personal data listed in Article 6, first sentence of the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981, hereinafter referred to as the ‘1981 Strasbourg Convention’, shall not be included.

Article 5

1. Data in categories (i) - (iv) of Article 3 shall be included in the Customs Information System only for the purpose of sighting and reporting, discreet surveillance or specific checks.

2. For the purpose of the suggested actions referred to in paragraph 1, personal data within any of the categories (i) - (iv) of Article 3 may be included in the Customs Information System only if, especially on the basis of prior illegal activities, there are real indications to suggest that the person concerned has committed, is in the act of committing, or will commit serious contraventions of national laws.

Article 6

1. If the suggested actions referred to in Article 5 (1) are carried out, the following information may in whole, or in part, be collected and transmitted to the supplying Member State:

(i) the fact that the commodity, means of transport, business or person reported has been found;

(ii) the place, time and reason for the check;

(iii) the route and destination of the journey;

(iv) persons accompanying the person concerned or occupants of the means of transport;

(v) the means of transport used;

(vi) objects carried;

(vii) the circumstances under which the commodity, means of transport, business or person was found.

When such information is collected in the course of discreet surveillance steps must be taken to ensure that the discreet nature of the surveillance is not jeopardized.

2. In the context of a specific check referred to in Article 5(1) persons, means of transport and objects may be searched to the extent permissible and in accordance with the laws, regulations, and procedures of the Member State in which the search takes place. If the specific check is not permitted by the law of a Member State, it shall automatically be converted by that Member State into sighting and reporting.

Article 7

1. Direct access to data included in the Customs Information System shall be reserved exclusively for the national authorities designated by each Member State. These national authorities shall be customs administrations, but may also include other authorities competent, according to the laws, regulations and procedures of the Member State in question, to act in order to achieve the aim stated in Article 2(2).

2. Each Member State shall send the other Member States and the committee referred to in Article 16 a list of its competent authorities which have been designated in accordance with paragraph 1 to have direct access to the Customs Information System stating, for each authority which data it may have access to and for what purposes.

3. Notwithstanding the provisions of paragraphs 1 and 2, Member States may, by unanimous agreement, permit access to the Customs Information System by international or regional organizations. Such agreement shall take the form of a protocol to this Convention. In reaching their decision the Member States shall take account of any reciprocal arrangements and any opinion of the Joint Supervisory Authority referred to in Article 18 on the adequacy of data protection measures.

Article 8

1. The Member States may only use data obtained from the Customs Information System in order to achieve the aim stated in Article 2(2); however they may use it for administrative or other purposes with the prior authorization of and subject to any conditions imposed by the Member State which included it in the system. Such other use shall be in accordance with the laws, regulations and procedures of the Member State which seeks to use it and should take into account Principle 5.5. of the Recommendation R (87) 15 of 17 September 1987 of the Committee of Ministers of the Council of Europe.

2. Without prejudice to paragraphs 1 and 4 of this Article and Article 7(3), data obtained from the Customs Information System shall only be used by national authorities in each Member State designated by the Member State in question, which are competent, in accordance with the laws, regulations and procedures of that Member State, to act in order to achieve the aim stated in Article 2(2).

3. Each Member State shall send the other Member States and the committee referred to in Article 16 a list of the competent authorities it has designated in accordance with paragraph 2.

4. Data obtained from the Customs Information System may, with the prior authorization of, and subject to any conditions imposed by, the Member State which included it in the System, be communicated for use by national authorities other than those designated under paragraph 2, non-Member States, and international or regional organizations wishing to make use of them. Each Member State shall take special measures to ensure the security of such data when it is being transmitted or supplied to services located outside its territory. Details of such measures must be communicated to the Joint Supervisory Authority referred to in Article 18.

Article 9

1. The inclusion of data in the Customs Information System shall be governed by the laws, regulations and procedures of the supplying Member State unless this Convention lays down more stringent provisions.

2. The use of data obtained from the Customs Information System, including performance of any action under Article 5 suggested by the supplying Member State, shall be governed by the laws, regulations and procedures of the Member State using such data, unless this Convention lays down more stringent provisions.

Article 10

1. Each of the Member States shall designate a competent customs administration which shall have national responsibility for the Customs Information System.

2. This administration shall be responsible for the correct operation of the Customs Information System within the Member State and shall take the measures necessary to ensure compliance with the provisions of this Convention.

3. The Member States shall inform one another of the competent administration referred to in paragraph 1.

CHAPTER IV

Amendment of Data

Article 11

1. Only the supplying Member State shall have the right to amend, supplement, correct, or delete data which it has included in the Customs Information System.

2. Should a supplying Member State note, or have drawn to its attention, that the data it included are factually inaccurate or were included, or are stored contrary to this Convention, it shall amend, supplement, correct or delete the data, as appropriate, and shall advise the other Member States accordingly.

3. If one of the Member States has evidence to suggest that an item of data is factually inaccurate, or was included or is stored on the Customs Information System, contrary to this Convention, it shall advise the supplying Member State as soon as possible. The latter shall check the data concerned and, if necessary, correct or delete the item without delay. The supplying Member State shall advise the other Member States of any correction or deletion effected.

4. If, when including data in the Customs Information System, a Member State notes that its report conflicts with a previous report as to content or suggested action, it shall immediately advise the Member State which made the previous report. The two Member States shall then attempt to resolve the matter. In the event of disagreement, the first report shall stand, but those parts of the new report which do not conflict shall be included in the System.

5. Subject to the provisions of this Convention, where in any Member State a court, or other competent authority within that Member State, makes a final decision as to amendment, supplementation, correction, or deletion, of data in the Customs Information System, the Member States undertake mutually to enforce such a decision. In the event of conflict between such decisions of courts or other competent authorities in different Member States, including those referred to in Article 15(4) concerning correction or deletion, the Member State which included the data in question shall delete it from the System.

CHAPTER V

Retention of Data

Article 12

1. Data included in the Customs Information System shall be kept only for the time necessary to achieve the purpose for which it was included. The need for its retention, shall be reviewed at least annually by the supplying Member State.

2. The supplying Member State may, within the review period, decide to retain data until the next review if its retention is necessary for the purposes for which it was included. Without prejudice to Article 15, if there is no decision to retain data it shall automatically be transferred to that part of the Customs Information System to which access shall be limited in accordance with paragraph 4.

3. The Customs Information System shall automatically inform the supplying Member State of a scheduled transfer of data from the Customs Information System under paragraph 2, giving one month's notice.

4. Data transferred under paragraph 2 shall continue to be retained for one year within the Customs Information System, but, without prejudice to Article 15, shall be accessible only to a representative of the committee referred to in Article 16 or to the supervisory authorities referred to in Articles 17(1) and 18(1). During that period they may consult the data only for the purposes of checking its accuracy and lawfulness, after which it must be deleted.

CHAPTER VI

Personal Data Protection

Article 13

1. Each Member State intending to receive personal data from, or include it in, the Customs Information System shall, no later than the time of entry into force of this Convention, adopt the national legislation sufficient to achieve a level of protection of personal data at least equal to that resulting from the principles of the 1981 Strasbourg Convention.

2. A Member State shall receive personal data from, or include it in, the Customs Information System only where the arrangements for the protection of such data provided for in paragraph 1 have entered into force in the territory of that Member State. The Member State shall also have previously designated a national supervisory authority or authorities in accordance with Article 17.

3. In order to ensure the proper application of the data protection provisions in this Convention, the Customs Information System shall be regarded in every Member State as a national data file subject to the national provisions referred to in paragraph 1 and any more stringent provisions contained in this Convention.

Article 14

1. Subject to Article 8(1), each Member State shall ensure that it shall be unlawful under its laws, regulations and procedures for personal data from the Customs Information System to be used other than for the purpose of the aim stated in Article 2(2).

2. Data may be duplicated only for technical purposes, provided that such duplication is necessary for direct searching by the authorities referred to in Article 7. Subject to Article 8(1), personal data included by other Member States may not be copied from the Customs Information System into other national data files.

Article 15

1. The rights of persons with regard to personal data in the Customs Information System, in particular their right of access, shall be put into effect in accordance with the laws, regulations and procedures of the Member State in which such rights are invoked.

If laid down in the laws, regulations and procedures of the Member State concerned, the national supervisory authority provided for in Article 17 shall decide whether information is to be communicated and the procedures for so doing.

A Member State which has not supplied the data concerned may only communicate data if it has first given the supplying Member State an opportunity to adopt its position.

2. A Member State, to which an application for access to personal data is made, shall refuse access if access may undermine the performance of the legal task specified in the report pursuant to Article 5(1), or in order to protect the rights and freedoms of others. Access shall be refused in any event during the period of discreet surveillance or sighting and reporting.

3. In each Member State, a person may, according to the laws, regulations and procedures of the Member State concerned, have personal data relating to himself corrected or deleted if that data is factually inaccurate, or was included or is stored in the Customs Information System contrary to the aim stated in Article 2(2) of this Convention or to the provisions of Article 5 of the 1981 Strasbourg Convention.

4. In the territory of each Member State, any person may, in accordance with the laws, regulations and procedures of the Member State in question, bring an action or, if appropriate, a complaint before the courts or the authority competent under the laws, regulations and procedures of that Member State concerning personal data relating to himself on the Customs Information System, in order to:

(i) correct or delete factually inaccurate personal data;

(ii) correct or delete personal data included or stored in the Customs Information System contrary to this Convention;

(iii) obtain access to personal data;

(iv) obtain compensation pursuant to Article 21(2).

The Member States concerned undertake mutually to enforce the final decisions taken by a court, or other competent authority, pursuant to (i), (ii) and (iii).

5. The references in this Article and in Article 11(5) to a ‘final decision’ do not imply any obligation on the part of any Member State to appeal against a decision taken by a court or other competent authority.

CHAPTER VII

Institutional Framework

Article 16

1. A Committee consisting of representatives from the Customs Administrations of the Member States shall be set up. The Committee shall take its decisions unanimously where the provisions of the first indent of paragraph 2 are concerned and by a two-thirds majority where the provisions of the second indent of paragraph 2 are concerned. It shall adopt its rules of procedure unanimously.

2. The Committee shall be responsible:

—  for the implementation and correct application of the provisions of this Convention, without prejudice to the powers of the authorities referred to in Articles 17(1) and 18(1);

—  for the proper functioning of the Customs Information System with regard to technical and operational aspects. The Committee shall take all necessary steps to ensure that the measures set out in Articles 12 and 19 are properly implemented with regard to the Customs Information System. For the purpose of applying this paragraph, the Committee may have direct access to, and use of, data from the Customs Information System.

3. The Committee shall report annually to the Council, in accordance with Title VI of the Treaty on European Union, regarding the efficiency and effectiveness of the Customs Information System, making recommendations as necessary.

4. The Commission shall be party to the Committee's proceedings.

CHAPTER VIII

Personal Data Protection Supervision

Article 17

1. Each Member State shall designate a national supervisory authority or authorities responsible for personal data protection to carry out independent supervision of such data included in the Customs Information System.

The supervisory authorities, in accordance with their respective national laws shall carry out independent supervision and checks, to ensure that the processing and use of data held in the Customs Information System do not violate the rights of the person concerned. For this purpose the supervisory authorities shall have access to the Customs Information System.

2. Any person may ask any national supervisory authority to check personal data relating to himself on the Customs Information System and the use which has been or is being made of that data. That right shall be governed by the laws, regulations and procedures of the Member State in which the request is made. If the data has been included by another Member State, the check shall be carried out in close co-ordination with that Member State's national supervisory authority.

Article 18

1. A Joint Supervisory Authority shall be set up, consisting of two representatives from each Member State drawn from the respective independent national supervisory authority or authorities.

2. The Joint Supervisory Authority shall perform its task in accordance with the provisions of this Convention and of the 1981 Strasbourg Convention taking into account Recommendation R (87) 15 of 17 September 1987, of the Committee of Ministers of the Council of Europe.

3. The Joint Supervisory Authority shall be competent to supervise operation of the Customs Information System, to examine any difficulties of application or interpretation which may arise during its operation, to study problems which may arise with regard to the exercise of independent supervision by the national supervisory authorities of the Member States, or in the exercise of rights of access by individuals to the System, and to draw up proposals for the purpose of finding joint solutions to problems.

4. For the purpose of fulfilling its responsibilities, the Joint Supervisory Authority shall have access to the Customs Information System.

5. Reports drawn up by the Joint Supervisory Authority shall be forwarded to the authorities to which the national supervisory authorities submit their reports.

CHAPTER IX

Security of the Customs Information System

Article 19

1. All necessary administrative measures to maintain security shall be taken:

(i) by the competent authorities of the Member States in respect of the terminals of the Customs Information System in their respective States;

(ii) by the Committee referred to in Article 16 in respect of the Customs Information System and the terminals located on the same premises as the System and used for technical purposes and the checks required by paragraph 3.

2. In particular the competent authorities and the committee referred to in Article 16 shall take measures:

(i) to prevent any unauthorized person from having access to installations used for the processing of data;

(ii) to prevent data and data media from being read, copied, modified or removed by unauthorized persons;

(iii) to prevent the unauthorized entry of data and any unauthorized consultation, modification, or deletion of data;

(iv) to prevent data in the Customs Information System from being accessed by unauthorized persons by means of data transmission equipment;

(v) to guarantee that, with respect to the use of the Customs Information System, authorized persons have right of access only to data for which they have competence;

(vi) to guarantee that it is possible to check and establish to which authorities data may be transmitted by data transmission equipment;

(vii) to guarantee that it is possible to check and establish a posteriori what data has been introduced into the Customs Information System, when and by whom, and to monitor interrogation;

(viii) to prevent the unauthorized reading, copying, modification or deletion of data during the transmission of data and the transport of data media.

3. The committee referred to in Article 16 shall monitor interrogation of the Customs Information System for the purpose of checking that searches made were admissible and were made by authorized users. At least 1% of all searches made shall be checked. A record of such searches and checks shall be maintained in the System, shall be used only for the abovementioned purpose by the said committee and the supervisory authorities referred to in Articles 17 and 18, and shall be deleted after six months.

Article 20

The competent customs administration referred to in Article 10(1) of this Convention shall be responsible for the security measures set out in Article 19, in relation to the terminals located in the territory of the Member State concerned, the review functions set out in Article 12(1) and (2), and otherwise for the proper implementation of this Convention so far as is necessary under the laws, regulations and procedures of that Member State.

CHAPTER X

Responsibilities and Liabilities

Article 21

1. Each Member State shall be responsible for the accuracy, currency and lawfulness of data it has included in the Customs Information System. Each Member State shall also be responsible for complying with the provisions of Article 5 of the 1981 Strasbourg Convention.

2. Each Member State shall be liable, in accordance with its own laws, regulations and procedures for injury caused to a person through the use of the Customs Information System in the Member State concerned.

This shall also be the case where the injury was caused by the supplying Member State entering inaccurate data or entering data contrary to this Convention.

3. If the Member State against which an action in respect of inaccurate data is brought is not the Member State which supplied it, the Member States concerned shall seek agreement as to what proportion, if any, of the sums paid out in compensation shall be reimbursed by the supplying Member State to the other Member State. Any such sums agreed shall be reimbursed on request.

Article 22

1. The costs incurred in connection with the operation and use of the Customs Information System by the Member States on their territories shall be borne by each of them.

2. Other expenditure incurred in the implementation of this Convention, except for that which cannot be kept separate from the operation of the Customs Information System for the purpose of applying the customs and agricultural rules of the Community, shall be borne by the Member States. Each Member State's share shall be determined according to the proportion of its gross national product to the sum total of the gross national products of the Member States for the year preceding the year in which the costs are incurred.

For the purpose of applying this paragraph, the expression ‘gross national product’ means the gross national product determined in accordance with Council Directive 89/130/EEC, Euratom of 13 February 1989 on the harmonization of the compilation of gross national product at market prices or any amending or replacing Community instrument.

CHAPTER XI

Implementation and Final Provisions

Article 23

The information provided for under this Convention shall be exchanged directly between the authorities of the Member States.

Article 24

1. This Convention shall be subject to adoption by the Member States in accordance with their respective constitutional requirements.

2. Member States shall notify the Secretary-General of the Council of the European Union of the completion of their constitutional requirements for adopting this Convention.

3. This Convention shall enter into force ninety days after the notification, referred to in paragraph 2, by the last Member State to fulfil that formality.

Article 25

1. This Convention shall be open to accession by any State that becomes a member of the European Union.

2. The text of this Convention in the language of the acceding State, drawn up by the Council of the European Union, shall be authentic.

3. Instruments of accession shall be deposited with the depositary.

4. This Convention shall enter into force with respect to any State that accedes to it ninety days after the deposit of its instrument of accession or on the date of entry into force of the Convention if it has not already entered into force at the time of expiry of the said period of ninety days.

Article 26

1. The Secretary-General of the Council of the European Union shall act as depositary of this Convention.

2. The depositary shall publish in the Official Journal of the European Communities information on the progress of adoptions and accessions, declarations and reservations, and also any other notification concerning this Convention.

Article 27

1. Any dispute between Member States on the interpretation or application of this Convention must in an initial stage be examined by the Council in accordance with the procedure set out in Title VI of the Treaty on European Union with a view to reaching a solution.

If no solution is found within six months, the matter may be referred to the Court of Justice of the European Communities by a party to the dispute.

2. Any dispute between one or more Member States and the Commission of the European Communities concerning the application of this Convention which it has proved impossible to settle through negotiation may be submitted to the Court of Justice.

Done at Brussels on the twenty-sixth day of July in the year one thousand nine hundred and ninety-five in a single original, in the Danish, Dutch, English, Finnish, French, German, Greek, Irish, Italian, Portuguese, Spanish and Swedish languages, each text being equally authentic, such original remaining deposited in the archives of the General Secretariat of the Council of the European Union.