Progress: Procedure completed
| Role | Committee | Rapporteur | Shadows |
|---|---|---|---|
| Lead | LIBE |
KIRKHOPE Timothy ( ECR)
|
DÍAZ DE MERA GARCÍA CONSUEGRA Agustín ( PPE)
|
Lead committee dossier:
Legal Basis:
RoP 198
Legal Basis:
RoP 198Events
PURPOSE: to establish rules on the confidentiality of information of Europol.
LEGISLATIVE ACT: Council Decision 2009/968/JHA adopting the rules on the confidentiality of Europol information.
BACKGROUND: in accordance with the Europol Decision 2009/371/JHA , it is for the Council, acting by qualified majority after consulting the European Parliament, to adopt implementing rules on the confidentiality of information which is obtained by, or exchanged with, Europol.
This is the purpose of this decision.
CONTENT: the rules set out in this decision establish the security measures to be applied to all information which is processed by or through Europol. They aim in particular at setting out the security responsibilities in relation to data and providing technical measures applicable to the classification of data . The Annex shows an overview of the Europol classification levels and the equivalent markings currently applied by the Member States to information subject to those classification levels.
The different rules may be summarised as follows:
(1) Security responsibilities : the decision defines the responsibilities of all parties involved in the process of data protection:
· Member States' responsibilities : Member States shall ensure that, within their territory, Europol information receive a level of protection which is equivalent to the level of protection offered by the security measures established by these rules;
· Security Coordinator : the Security Coordinator is part of the internal structure of Europol (Deputy Director) and shall have general responsibility for all issues relating to security, including the security measures laid down in these rules and in the Security Manual;
· Security Committee : this shall consist of representatives of the Member States and of Europol and shall have as its task to advise the Management Board and Director of Europol on issues relating to security policy;
· Europol Director : the Director shall, along with the liaison bureaus and Europol national units, ensure observance of the rules and of the Security Manual. The security measures laid down in this decision shall be observed by all persons at Europol, as well as by any other person involved in Europol-related activities who is under a particular obligation of discretion or confidentiality.
Security Manual : the Security Manual shall provide management direction and support for security in accordance with business requirements and contains detailed rules on the security measures to be applied in order to provide for the basic protection level for the processing and classification of data.
Security Officers : Security Officers shall support the Director in the implementation of the security measures laid down in these rules and in the Security Manual. They shall be directly answerable to the Security Coordinator and their overall task shall be to ensure the application of the rules laid down in the decision. They shall also investigate breaches of security provisions.
(2) General principles applicable to the confidentiality of data : these provisions establish, in particular, the basic protection level and classification levels to apply to data depending on their degree of importance. Member States shall ensure the application of the basic protection level by a variety of measures, including the obligation of discretion and confidentiality, limiting access to information to authorised personnel, data protection requirements as far as personal data are concerned and general technical and procedural measures to safeguard the security of the information.
As a principle , all information processed by or through Europol (with the exception of information which is expressly marked as being public information) shall be subject to a basic protection level within Europol and in Member States. Information requiring additional security measures shall be subject to a Europol classification level, which shall be indicated by a specific marking. Information shall be subject to a security level only where strictly necessary and only for the time necessary.
Four levels of classification have been established:
" RESTREINT UE/EU RESTRICTED " : this classification shall be applied to information and material the unauthorised disclosure of which could be disadvantageous to the interests of Europol, the EU or one or more Member States; " CONFIDENTIEL UE/EU CONFIDENTIAL " : this classification shall be applied to information and material the unauthorised disclosure of which could harm the essential interests of Europol, the EU or one or more Member States; " SECRET UE/EU SECRET " : this classification shall be applied to information and material the unauthorised disclosure of which could seriously harm the essential interests of Europol, the EU or one or more Member States; " TRÈS SECRET UE/EU TOP SECRET ": this classification shall be applied to information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of Europol, the EU or one or more Member States.
Such classified information and material shall bear an additional marking ("EUROPOL") under the classification marking to indicate that it originates in Europol.
Each Europol classification level shall relate to a specific security package, to be applied within Europol. The security packages shall offer different levels of protection, depending on the content of the information, and taking account of the detrimental effect which unauthorised access, dissemination or use of the information might have on the interests of Europol or the Member States.
The security packages shall consist of various measures of a physical, technical, organisational or administrative nature, as laid down in the Security Manual.
Choice of classification level : the Member State supplying information to Europol shall be responsible for the choice of any appropriate classification level for such information, taking account of the classification of the information under their national regulations, the need for the operational flexibility required for Europol to function adequately. Europol may change the classification level (for instance removing or adding a classification level to a document), only with the prior agreement of the Member State concerned. In order to design uniform classification levels, the decision presents in its Annex a table of equivalence between national classifications and corresponding Europol classifications. However, the table is only illustrative.
Note that when information does not come from a Member States and has no classification, Europol shall be responsible for determining the classification level.
Moreover, the decision contains a procedure for changing the classification level (based on a decision of the Member State or Europol).
Processing, access and security clearance : lastly, there are provisions in order to regulate access to information within Europol. Thus, access to, and possession of, information shall be restricted within the Europol organisation to those persons who, by reason of their duties or obligations, need to be acquainted with such information or to handle it. Persons entrusted with the processing of information shall have obtained security clearance and shall further receive special training. Security clearance may only be granted by the Security Coordinator. Authorisation may be withdrawn immediately by the Security Coordinator on justifiable grounds. In principle, no person shall have access to information subject to a classification level without having been granted security clearance at the appropriate level . However, there are derogations, left to the discretion of the Security Coordinator and only in exceptional circumstances. The derogations give a specific and limited authorisation to persons cleared at ‘CONFIDENTIEL UE/EU CONFIDENTIAL’ level to have access to specific information classified up to ‘SECRET UE/EU SECRET’ level, if, by reason of their duties or obligations in a specific case, they need to be acquainted with information subject to a higher Europol classification level or grant temporary authorisation to access classified information for a period not exceeding six months.
Third parties : in accordance with the Europol Decision, Europol may conclude cooperation agreements with entities or third parties. In that event, Europol shall include in the agreements specific provisions on the confidentiality of data exchanges, in accordance with the rules laid down in this proposal and in the security manual.
ENTRY INTO FORCE: 01/01/2010.
The European Parliament rejected (605 votes against, 31 in favour, 7 abstentions), under the consultation procedure, the draft Council decision adopting the rules on the confidentiality of Europol information.
The Committee on Civil Liberties, Justice and Home Affairs adopted the report, drawn up by Timothy KIRKHOPE (ECR, UK), on the draft Council decision adopting the rules on the confidentiality of Europol information, calling on the European Parliament to reject the Council’s text.
Members consider that, taking into account the imminent entry into force of the Treaty of Lisbon and its effects on police cooperation, there should be no amendments to the measures implementing the Europol Decisio n until such measures can be adopted under the new legal framework provided for in the Treaty of Lisbon.
They call on the Commission or the Council to make a declaration in plenary on a proposal for a new Europol decision which shall be submitted six months following the date of entry into force of the Treaty of Lisbon.
Lastly, they call on the Council to withdraw its proposal.
PURPOSE: to establish rules on the confidentiality of information of Europol.
PROPOSED ACT: Council Decision.
BACKGROUND: in accordance with Council Decision 2009/371/JHA establishing Europol as a Community agency, it is for the Council, acting by qualified majority after consulting the European Parliament to adopt implementing rules on the confidentiality of information which is obtained by, or exchanged with, Europol.
The purpose of this proposal is to establish those rules.
CONTENT: the rules set out in this text establish the security measures to be applied to all information which is processed by or through Europol. They aim in particular at setting out the security responsibilities in relation to data and providing technical measures applicable to the classification of data . The Annex shows an overview of the Europol classification levels and the equivalent markings currently applied by the Member States to information subject to those classification levels.
The different rules may be summarised as follows:
(1) Security responsibilities : the proposal defines the responsibilities of all parties involved in the process of data protection:
Member States' responsibilities : Member States shall ensure that, within their territory, Europol information receive a level of protection which is equivalent to the level of protection offered by the security measures established by these rules; Security Coordinator : the Security Coordinator is part of the internal structure of Europol (Deputy Director) and shall have general responsibility for all issues relating to security, including the security measures laid down in these rules and in the Security Manual; Security Committee : this shall consist of representatives of the Member States and of Europol and shall have as its task to advise the Management Board and Director of Europol on issues relating to security policy; Europol Director : the Director shall, along with the liaison bureaus and Europol national units, ensure observance of the rules and of the Security Manual.
The security measures laid down in this proposal shall be observed by all persons at Europol, as well as by any other person involved in Europol-related activities who is under a particular obligation of discretion or confidentiality.
Security Manual : the Security Manual shall provide management direction and support for security in accordance with business requirements and contains detailed rules on the security measures to be applied in order to provide for the basic protection level for the processing and classification of data.
Security Officers : Security Officers shall support the Director in the implementation of the security measures laid down in these rules and in the Security Manual. They shall be directly answerable to the Security Coordinator and their overall task shall be to ensure the application of the rules laid down in the proposal. They shall also investigate breaches of security provisions.
(2) General principles applicable to the confidentiality of data : these provisions establish, in particular, the basic protection level and classification levels to apply to data depending on their degree of importance . Member States shall ensure the application of the basic protection level by a variety of measures, including the obligation of discretion and confidentiality, limiting access to information to authorised personnel, data protection requirements as far as personal data are concerned and general technical and procedural measures to safeguard the security of the information.
As a principle , all information processed by or through Europol (with the exception of information which is expressly marked as being public information) shall be subject to a basic protection level within Europol and in Member States. Information requiring additional security measures shall be subject to a Europol classification level, which shall be indicated by a specific marking . Information shall be subject to a security level only where strictly necessary and only for the time necessary.
Four levels of classification have been established:
"Europol Restricted" : information and material the unauthorised disclosure of which could be disadvantageous to the interests of Europol or of one or more Member States; "Europol Confidential ": information and material the unauthorised disclosure of which could harm the essential interests of Europol or of one or more Member States; "Europol Secret" : information and material the unauthorised disclosure of which could seriously harm the essential interests of Europol or of one or more Member States; and "Europol Top Secret" : information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of Europol or of one or more Member States.
Each Europol classification level shall relate to a specific security package, to be applied within Europol, offering different levels of protection, depending on the content of the information, and taking account of the detrimental effect, which unauthorised access, dissemination or use of the information, might have.
Choice of classification level : the Member State supplying information to Europol shall be responsible for the choice of any appropriate classification level for such information, taking account of the classification of the information under their national regulations, the need for the operational flexibility required for Europol to function adequately. Europol may change the classification level (for instance removing or adding a classification level to a document), only with the prior agreement of the Member State concerned. In order to design uniform classification levels, the proposal presents in its Annex a table of equivalence between national classifications and corresponding Europol classifications. However, the table is only illustrative.
Note that when information does not come from a Member States and has no classification, Europol shall be responsible for determining the classification level.
Moreover, the proposal contains a procedure for changing the classification level (based on a decision of the Member State or Europol).
Processing, access and security clearance : lastly, there are provisions in order to regulate access to information within Europol. Thus, access to, and possession of, information shall be restricted within the Europol organisation to those persons who, by reason of their duties or obligations, need to be acquainted with such information or to handle it. Persons entrusted with the processing of information shall have obtained security clearance and shall further receive special training. Security clearance may only be granted by the Security Coordinator. Authorisation may be withdrawn immediately by the Security Coordinator on justifiable grounds.
In principle, no person shall have access to information subject to a classification level without having been granted security clearance at the appropriate level. However, there are derogations, left to the discretion of the Security Coordinator and only in exceptional circumstances. The derogations give a specific and limited authorisation to persons cleared at Europol Restricted level or Europol Confidential level to have access to specific information classified up to Europol Secret for a limited period, for example.
Third parties : in accordance with the Europol Decision, Europol may conclude cooperation agreements with entities or third parties. In that event, Europol shall include in the agreements specific provisions on the confidentiality of data exchanges, in accordance with the rules laid down in this proposal and in the security manual.
PURPOSE: to establish rules on the confidentiality of information of Europol.
PROPOSED ACT: Council Decision.
BACKGROUND: in accordance with Council Decision 2009/371/JHA establishing Europol as a Community agency, it is for the Council, acting by qualified majority after consulting the European Parliament to adopt implementing rules on the confidentiality of information which is obtained by, or exchanged with, Europol.
The purpose of this proposal is to establish those rules.
CONTENT: the rules set out in this text establish the security measures to be applied to all information which is processed by or through Europol. They aim in particular at setting out the security responsibilities in relation to data and providing technical measures applicable to the classification of data . The Annex shows an overview of the Europol classification levels and the equivalent markings currently applied by the Member States to information subject to those classification levels.
The different rules may be summarised as follows:
(1) Security responsibilities : the proposal defines the responsibilities of all parties involved in the process of data protection:
Member States' responsibilities : Member States shall ensure that, within their territory, Europol information receive a level of protection which is equivalent to the level of protection offered by the security measures established by these rules; Security Coordinator : the Security Coordinator is part of the internal structure of Europol (Deputy Director) and shall have general responsibility for all issues relating to security, including the security measures laid down in these rules and in the Security Manual; Security Committee : this shall consist of representatives of the Member States and of Europol and shall have as its task to advise the Management Board and Director of Europol on issues relating to security policy; Europol Director : the Director shall, along with the liaison bureaus and Europol national units, ensure observance of the rules and of the Security Manual.
The security measures laid down in this proposal shall be observed by all persons at Europol, as well as by any other person involved in Europol-related activities who is under a particular obligation of discretion or confidentiality.
Security Manual : the Security Manual shall provide management direction and support for security in accordance with business requirements and contains detailed rules on the security measures to be applied in order to provide for the basic protection level for the processing and classification of data.
Security Officers : Security Officers shall support the Director in the implementation of the security measures laid down in these rules and in the Security Manual. They shall be directly answerable to the Security Coordinator and their overall task shall be to ensure the application of the rules laid down in the proposal. They shall also investigate breaches of security provisions.
(2) General principles applicable to the confidentiality of data : these provisions establish, in particular, the basic protection level and classification levels to apply to data depending on their degree of importance . Member States shall ensure the application of the basic protection level by a variety of measures, including the obligation of discretion and confidentiality, limiting access to information to authorised personnel, data protection requirements as far as personal data are concerned and general technical and procedural measures to safeguard the security of the information.
As a principle , all information processed by or through Europol (with the exception of information which is expressly marked as being public information) shall be subject to a basic protection level within Europol and in Member States. Information requiring additional security measures shall be subject to a Europol classification level, which shall be indicated by a specific marking . Information shall be subject to a security level only where strictly necessary and only for the time necessary.
Four levels of classification have been established:
"Europol Restricted" : information and material the unauthorised disclosure of which could be disadvantageous to the interests of Europol or of one or more Member States; "Europol Confidential ": information and material the unauthorised disclosure of which could harm the essential interests of Europol or of one or more Member States; "Europol Secret" : information and material the unauthorised disclosure of which could seriously harm the essential interests of Europol or of one or more Member States; and "Europol Top Secret" : information and material the unauthorised disclosure of which could cause exceptionally grave prejudice to the essential interests of Europol or of one or more Member States.
Each Europol classification level shall relate to a specific security package, to be applied within Europol, offering different levels of protection, depending on the content of the information, and taking account of the detrimental effect, which unauthorised access, dissemination or use of the information, might have.
Choice of classification level : the Member State supplying information to Europol shall be responsible for the choice of any appropriate classification level for such information, taking account of the classification of the information under their national regulations, the need for the operational flexibility required for Europol to function adequately. Europol may change the classification level (for instance removing or adding a classification level to a document), only with the prior agreement of the Member State concerned. In order to design uniform classification levels, the proposal presents in its Annex a table of equivalence between national classifications and corresponding Europol classifications. However, the table is only illustrative.
Note that when information does not come from a Member States and has no classification, Europol shall be responsible for determining the classification level.
Moreover, the proposal contains a procedure for changing the classification level (based on a decision of the Member State or Europol).
Processing, access and security clearance : lastly, there are provisions in order to regulate access to information within Europol. Thus, access to, and possession of, information shall be restricted within the Europol organisation to those persons who, by reason of their duties or obligations, need to be acquainted with such information or to handle it. Persons entrusted with the processing of information shall have obtained security clearance and shall further receive special training. Security clearance may only be granted by the Security Coordinator. Authorisation may be withdrawn immediately by the Security Coordinator on justifiable grounds.
In principle, no person shall have access to information subject to a classification level without having been granted security clearance at the appropriate level. However, there are derogations, left to the discretion of the Security Coordinator and only in exceptional circumstances. The derogations give a specific and limited authorisation to persons cleared at Europol Restricted level or Europol Confidential level to have access to specific information classified up to Europol Secret for a limited period, for example.
Third parties : in accordance with the Europol Decision, Europol may conclude cooperation agreements with entities or third parties. In that event, Europol shall include in the agreements specific provisions on the confidentiality of data exchanges, in accordance with the rules laid down in this proposal and in the security manual.
Documents
- Final act published in Official Journal: Decision 2009/968
- Final act published in Official Journal: OJ L 332 17.12.2009, p. 0017
- Results of vote in Parliament: Results of vote in Parliament
- Debate in Parliament: Debate in Parliament
- Committee report tabled for plenary, 1st reading/single reading: A7-0065/2009
- Committee report tabled for plenary, 1st reading/single reading: A7-0065/2009
- Amendments tabled in committee: PE430.625
- Committee draft report: PE430.415
- Legislative proposal: 11943/2009
- Legislative proposal published: 11943/2009
- Legislative proposal: 11943/2009
- Committee draft report: PE430.415
- Amendments tabled in committee: PE430.625
- Committee report tabled for plenary, 1st reading/single reading: A7-0065/2009
| Amendments | Dossier |
| 1 |
2009/0807(CNS)
2009/11/10
LIBE
1 amendments...
Amendment 1 #
Draft legislative resolution Paragraph 2 2. Considers that, without prejudice to the
source: PE-430.625
|
History
(these mark the time of scraping, not the official date of the change)
| docs/0 |
|
| events/0/date |
Old
2009-07-24T00:00:00New
2009-07-23T00:00:00 |
| docs/0/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE430.415New
https://www.europarl.europa.eu/doceo/document/EN&reference=PE430.415 |
| docs/1/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE430.625New
https://www.europarl.europa.eu/doceo/document/EN&reference=PE430.625 |
| docs/2/docs/0/url |
Old
http://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.htmlNew
https://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.html |
| events/1/type |
Old
Committee referral announced in Parliament, 1st reading/single readingNew
Committee referral announced in Parliament |
| events/2/type |
Old
Vote in committee, 1st reading/single readingNew
Vote in committee |
| events/3/docs/0/url |
Old
http://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.htmlNew
https://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.html |
| events/4/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20091123&type=CRENew
https://www.europarl.europa.eu/doceo/document/EN&reference=20091123&type=CRE |
| events/6/type |
Old
Decision by Parliament, 1st reading/single readingNew
Decision by Parliament |
| procedure/Modified legal basis |
Rules of Procedure EP 150
|
| procedure/Other legal basis |
Rules of Procedure EP 159
|
| procedure/legal_basis/0 |
Rules of Procedure EP 198
|
| procedure/legal_basis/0 |
Rules of Procedure EP 188
|
| committees/0 |
|
| committees/0 |
|
| docs/2/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2009-65&language=ENNew
http://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.html |
| events/3/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A7-2009-65&language=ENNew
http://www.europarl.europa.eu/doceo/document/A-7-2009-0065_EN.html |
| activities |
|
| commission |
|
| committees/0 |
|
| committees/0 |
|
| council |
|
| docs |
|
| events |
|
| links |
|
| other |
|
| procedure/Modified legal basis |
Old
Rules of Procedure of the European Parliament EP 150New
Rules of Procedure EP 150 |
| procedure/dossier_of_the_committee |
Old
LIBE/7/00537New
|
| procedure/final/url |
Old
http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32009D0968New
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexplus!prod!CELEXnumdoc&lg=EN&numdoc=32009D0968 |
| procedure/instrument |
Old
DecisionNew
|
| procedure/legal_basis/0 |
Rules of Procedure EP 188
|
| procedure/legal_basis/0 |
Rules of Procedure of the European Parliament EP 188
|
| procedure/subject |
Old
New
|
| procedure/title |
Old
Europol: rules on the confidentiality of information (security measures and data protection requirements)New
Rules on the confidentiality of Europol information |
| activities |
|
| committees |
|
| links |
|
| other |
|
| procedure |
|