Annexes to COM(2023)705 - Conclusion of an Agreement with Armenia on cooperation between the EU Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of Armenia - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
dossier | COM(2023)705 - Conclusion of an Agreement with Armenia on cooperation between the EU Agency for Criminal Justice Cooperation (Eurojust) and ... |
---|---|
document | COM(2023)705 |
date | November 14, 2023 |
(3) Council Decision authorising the opening of negotiations for Agreements between the European Union and Algeria, Argentina, Armenia, Bosnia and Herzegovina, Brazil, Colombia, Egypt, Israel, Jordan, Lebanon, Morocco, Tunisia and Turkey on cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of those third States, see 6153/21 + ADD 1, Council Decision adopted by written procedure on 1 March 2021 (CM 1990/21).
(4) Regulation (EU) 2023/2131 of the European Parliament and of the Council of 4 October 2023 amending Regulation (EU) 2018/1727 of the European Parliament and of the Council and Council Decision 2005/671/JHA, as regards digital information exchange in terrorism cases
(5) Regulation (EU) 2022/838 of the European Parliament and of the Council of 30 May 2022 amending Regulation (EU) 2018/1727 as regards the preservation, analysis and storage at Eurojust of evidence relating to genocide, crimes against humanity, war crimes and related criminal offences
(6) COM(2020) 605 final, 24.7.2020.
(7) COM(2020) 795 final, 9.12.2020.
(8) COM(2021) 170 final, 14.4.2021.
(9) Council Decision 7047/20, 23 April 2020, and Council Document CM 2178/20, 13 May 2020.
(10) Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA, (OJ L 295, p. 138, 21.11.2018).
(11) Council Decision (EU) [XXXXX] of XX.XX.XXXX on the signing, on behalf of the Union, of the Agreement between the European Union, of the one part, and Armenia, of the other part, on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of the Republic of Armenia (XXXX).
(12) OJ C 326, 26.10.2012, p. 391.
(13) Commission Decision (EU) 2019/2006 of 29 November 2019 on the participation of Ireland in Regulation (EU) 2018/1727 of the European Parliament and of the Council on the European Union Agency for Criminal Justice Cooperation (Eurojust) (OJ L 310, 2.12.2019, p. 59).
(14) The date of entry into force of the Agreement will be published in the Official Journal of the European Union by the General Secretariat of the Council.
Top
EUROPEAN COMMISSION
Brussels, 14.11.2023
COM(2023) 705 final
ANNEX
to the Proposal for a
Council decision
on the conclusion of an Agreement between the European Union, of the one part, and the Republic of Armenia, of the other part, on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of the Republic of Armenia
ANNEX
EU- Armenia final negotiated text - 24.8.2023
Draft Agreement
between
the European Union, of the one part, and the Republic of Armenia of the other part,
on the cooperation between the European Union Agency for Criminal Justice Cooperation (Eurojust) and the competent authorities for judicial cooperation in criminal matters of the Republic of Armenia
THE EUROPEAN UNION, hereinafter referred to as ‘the Union’,
and
THE REPUBLIC OF ARMENIA, hereinafter referred to as ‘Armenia’,
hereinafter jointly referred to as ‘the Parties’,
HAVING REGARD to Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA1 1 , (“the Eurojust Regulation”), as applied in accordance with the Treaty on European Union and the Treaty on the Functioning of the European Union, in particular Article 47, Article 52(1) and Article 56(2) of the Eurojust Regulation,
HAVING REGARD, in particular, to Article 56(2), point (c) of the Eurojust Regulation, which sets out the general principles for the transfer of personal data from Eurojust to third countries and international organisations, and pursuant to which Eurojust may transfer personal data to a third country based on an international agreement concluded between the Union and that third country pursuant to Article 218 of the Treaty on the Functioning of the European Union;
CONSIDERING the interests of both Armenia and Eurojust in developing a close and dynamic judicial cooperation in criminal matters to address the challenges posed by serious crime, in particular organised crime and terrorism, while ensuring appropriate safeguards with respect to fundamental rights and freedoms of individuals, including privacy and the protection of personal data;
CONVINCED that judicial cooperation between Eurojust and Armenia will be mutually beneficial and help develop the Union’s area of Freedom, Security and Justice,
CONSIDERING that Armenia has ratified the Council of Europe Convention (ETS No. 108) for the Protection of Individuals with regard to Automatic Processing of Personal Data, done at Strasbourg on 28 January 1981, and its amending Protocol (CETS No. 223), done at Strasbourg on 10 October 2018, both of which play a fundamental role in the Eurojust data protection system;
CONSIDERING the high level of protection of personal data in Armenia and the Union,
RESPECTING the Council of Europe Convention (ETS No. 5) for the Protection of Human Rights and Fundamental Freedoms, done at Rome on 4 November 1950, which is reflected in the Charter of Fundamental Rights of the European Union,
HAVE AGREED AS FOLLOWS:
Chapter I
Objectives, scope and common provisions
Article 1
Objectives
1.The overall objective of this Agreement is to enhance judicial cooperation between Eurojust and the competent authorities of Armenia in combating serious crime as referred to in Article 3, point (e).
2.This Agreement allows for the transfer of personal data between Eurojust and the competent authorities of Armenia, in order to support and strengthen the action by the competent authorities of the Member States of the Union and those of Armenia, as well as their cooperation in investigating and prosecuting serious crime, in particular organised crime and terrorism, while ensuring appropriate safeguards with respect to fundamental rights and freedoms of individuals, including privacy and the protection of personal data.
Article 2
Scope
The Parties shall ensure that Eurojust and the competent authorities of Armenia cooperate in the fields of activities and within the competence and tasks of Eurojust, as set out in the Eurojust Regulation, as applied in accordance with the Treaty on European Union and the Treaty on the Functioning of the European Union, and in this Agreement.
Article 3
Definitions
For the purpose of this Agreement the following definitions apply:
(a)'Eurojust' means the European Union Agency for Criminal Justice Cooperation, established by the Eurojust Regulation, including any subsequent amendments;
(b)'Member States' means the Member States of the Union;
(c)'competent authority' means, for the Union, Eurojust and, for Armenia, a domestic authority with responsibilities under domestic law relating to the investigation and prosecution of criminal offences, including the implementation of judicial cooperation instruments in criminal matters, as listed in Annex II to this Agreement;
(d)'Union bodies' means institutions, bodies, offices and agencies, as well as missions or operations established under the Common Security and Defence Policy, set up by, or on the basis of, the Treaty on European Union and the Treaty on the Functioning of the European Union, as listed in Annex III to this Agreement;
(e)'serious crime' means the forms of crime with respect to which Eurojust is competent, in particular those listed in Annex I to this Agreement, including related criminal offences;
(f)'related criminal offences' means the criminal offences committed in order to procure the means of committing serious crimes, in order to facilitate or commit serious crimes or in order to ensure impunity for those committing serious crimes;
(g)'Assistant' means a person who may assist a National Member, as referred to in Chapter II, Section II, of the Eurojust Regulation, and the National Member’s Deputy, or the Liaison Prosecutor, as referred to in the Eurojust Regulation and in Article 5 of this Agreement respectively;
(h)'Liaison Prosecutor' means a person who holds the function of a public prosecutor or a judge in Armenia in accordance with its domestic law and is seconded by Armenia to Eurojust, as referred to in Article 5 of this Agreement;
(i)'Liaison Magistrate' means a magistrate as referred to in the Eurojust Regulation, posted by Eurojust to Armenia in accordance with Article 8 of this Agreement;
(j)'personal data' means any data relating to a data subject;
(k)'processing' means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(l)'data subject' means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data or an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
(m)'genetic data' means personal data relating to the genetic characteristics of an individual that have been inherited or acquired, which give unique information about the physiology or the health of that individual, resulting in particular from an analysis of a biological sample from the individual in question;
(n)‘biometric data’ means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data;
(o)'information' means personal and non-personal data;
(p)'personal data breach' means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
(q)'supervisory authority' means, for the Union, the European Data Protection Supervisor, and, for Armenia, a domestic independent public authority responsible for data protection as set out in Article 21, and which has been subject to notification pursuant to Article 28(3).
Article 4
Contact points
1.Armenia shall designate at least one contact point within its domestic competent authorities to facilitate the communication and cooperation between Eurojust and the competent authorities of Armenia. The Liaison Prosecutor shall not be a contact point.
2.The contact point for Armenia shall be notified to the Union. Armenia shall designate that contact point as its contact point also for terrorism matters.
3.Armenia shall inform Eurojust in case the contact point changes.
Article 5
Liaison Prosecutor and staff
1.To facilitate the cooperation provided for in this Agreement, Armenia shall second a Liaison Prosecutor to Eurojust.
2.The mandate and the duration of the secondment of the Liaison Prosecutor shall be determined by Armenia in agreement with Eurojust.
3.The Liaison Prosecutor may be assisted by one or more Assistants and other support staff, depending on the workload and in agreement with Eurojust. When necessary, the Assistants may replace the Liaison Prosecutor or act on the Liaison Prosecutor’s behalf.
4.Armenia shall ensure that the Liaison Prosecutor and the Liaison Prosecutor’s Assistants are competent to act in relation to foreign judicial authorities.
5.The Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall have access to the information contained in the domestic criminal records, or in any other register of Armenia, in accordance with its domestic law.
6.The Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall have the power to contact the competent authorities of Armenia directly.
7.Armenia shall inform Eurojust of the exact nature and extent of the judicial powers conferred to the Liaison Prosecutor and the Liaison Prosecutor’s Assistants within Armenia to accomplish their tasks in accordance with this Agreement.
8.The details of the tasks of the Liaison Prosecutor and the Liaison Prosecutor’s Assistants, their rights and obligations and the costs involved shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Armenia as referred to in Article 26.
9.The working documents of the Liaison Prosecutor and the Liaison Prosecutor’s Assistants shall be held inviolable by Eurojust.
Article 6
Operational and strategic meetings
1.The Liaison Prosecutor, the Liaison Prosecutor’s Assistants, and other representatives of competent authorities of Armenia, including the contact points referred to in Article 4, may participate in meetings with regard to strategic matters at the invitation of the President of Eurojust, and in meetings with regard to operational matters with the approval of the National Members concerned.
2.National Members, their Deputies and Assistants, the Administrative Director of Eurojust and Eurojust staff may attend meetings organised by the Liaison Prosecutor, the Liaison Prosecutor’s Assistants, or other representatives of competent authorities of Armenia, including the contact points referred to in Article 4.
Article 7
Joint Investigation Teams
1.Eurojust may assist Armenia to establish joint investigation teams (JITs) with the national authorities of a Member State pursuant to the legal basis applicable between them enabling judicial cooperation in criminal matters, such as agreements on mutual assistance.
2.Eurojust may be requested to provide financial or technical assistance to operate a JIT it supports operationally.
Article 8
Liaison Magistrate
1.For the purpose of facilitating judicial cooperation with Armenia, Eurojust may post a Liaison Magistrate to Armenia in accordance with the Eurojust Regulation.
2.The details of the Liaison Magistrate’s tasks, his or her rights and obligations and the costs involved shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Armenia as referred to in Article 26.
Chapter II
Information exchange and data protection
Article 9
Purposes of processing personal data
1.Personal data requested and received under this Agreement shall be processed only for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, within the limits of Article 10(6) and the respective mandates of the competent authorities.
2.The competent authorities shall clearly indicate, at the latest at the moment of the transfer of personal data, the specific purpose or purposes for which the data are transferred.
Article 10
General data protection principles
1.Each Party shall provide for personal data transferred and subsequently processed under this Agreement to be:
(a)processed fairly, lawfully, in a transparent manner and only for the purposes for which they have been transferred in accordance with Article 9;
(b)adequate, relevant and not excessive in relation to the purposes for which they are processed;
(c)accurate and, where necessary, kept up to date; each Party shall provide that the competent authorities take every reasonable step to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without undue delay;
(d)kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
(e)processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2.The competent authority transferring the personal data (“the transferring authority”) may indicate, at the moment of transferring personal data, any restriction on access thereto or the use to be made thereof, in general or specific terms, including as regards their onward transfer, erasure or destruction after a certain period of time, or their further processing. Where the need for such restrictions becomes apparent after the transfer of personal data, the transferring authority shall inform the competent authority receiving the personal data (“the receiving authority”) accordingly.
3.Each Party shall ensure that the receiving authority complies with any restriction of the access to or the use of the personal data indicated by the transferring authority as referred to in paragraph 2.
4.Each Party shall provide that its competent authorities implement appropriate technical and organisational measures in order to be able to demonstrate that the data processing complies with this Agreement and that the rights of the data subjects concerned are protected.
5.Each Party shall comply with the safeguards provided for in this Agreement regardless of the nationality of the data subject concerned and without discrimination.
6.Each Party shall ensure that personal data transferred under this Agreement have not been obtained in violation of human rights recognised by international law binding on the Parties. Each Party shall ensure that the personal data received are not used to request, hand down or execute a death penalty or any form of cruel or inhuman treatment.
7.Each Party shall ensure that a record is kept of all transfers of personal data under this Article and of the purposes of such transfers.
Article 11
Categories of data subjects and special categories of personal data
1.The transfer of personal data in respect of victims of a criminal offence, witnesses or other persons who can provide information concerning criminal offences shall be allowed only where strictly necessary and proportionate in individual cases for investigating and prosecuting a serious crime.
2.The transfer of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be allowed only where strictly necessary and proportionate in individual cases for investigating and prosecuting a serious crime.
3.The Parties shall ensure that the processing of personal data under paragraphs 1 and 2 is subject to additional safeguards, including restrictions of access, additional security measures and restrictions of onward transfers.
Article 12
Automated processing of personal data
Decisions based solely on automated processing of transferred personal data, including profiling, which produce an adverse legal effect on the data subject or significantly affect him or her, shall be prohibited, unless authorised by law for the investigation and prosecution of serious crime which provides appropriate safeguards for the rights and freedoms of the data subject, including at least the right to obtain human intervention.
Article 13
Onward transfer of the personal data received
1.Armenia shall ensure that its competent authorities are prohibited from transferring personal data received under this Agreement to other authorities of Armenia, unless all of the following conditions are fulfilled:
(a)Eurojust has given its prior explicit authorisation;
(b)the onward transfer is only for the purpose for which the data were transferred in accordance with Article 9; and
(c)the transfer is subject to the same conditions and safeguards as those applying to the original transfer.
Without prejudice to Article 10(2), no prior authorisation is needed when the personal data are shared among competent authorities of Armenia.
2.Armenia shall ensure that its competent authorities are prohibited from transferring personal data received under this Agreement to the authorities of a third country or to an international organisation, unless all of the following conditions are fulfilled:
(a)the onward transfer concerns personal data other than those covered by Article 11;
(b)Eurojust has given its prior explicit authorisation; and
(c)the purpose of the onward transfer is the same as the purpose of the transfer by Eurojust.
3.Eurojust shall give its authorisation under paragraph 2, point (b), only if and insofar as an adequacy decision, a cooperation agreement, or an international agreement providing for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals, within the meaning of the Eurojust Regulation, in each case covering the onward transfer, is in place.
4.The Union shall ensure that Eurojust is prohibited from transferring personal data received under this Agreement to Union bodies not listed in Annex III, to the authorities of a third country or to an international organisation, unless all of the following conditions are fulfilled:
(a)the transfer concerns personal data other than those covered by Article 11;
(b)Armenia has given its prior explicit authorisation;
(c)the purpose of the onward transfer is the same as the purpose of the transfer by the transferring authority of Armenia; and
(d)in the case of an onward transfer to the authorities of a third country or to an international organisation, an adequacy decision, a cooperation agreement, or an international agreement providing for adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals, within the meaning of the Eurojust Regulation, in each case covering the onward transfer, is in place.
The conditions referred to in the first subparagraph do not apply when the personal data are shared by Eurojust with Union bodies listed in Annex III or with authorities of the Member States responsible for investigating and prosecuting serious crime.
Article 14
Right of access
1.The Parties shall provide for the right of the data subject to obtain confirmation from the authorities processing the personal data transferred under this Agreement as to whether personal data relating to him or her are processed under this Agreement and, where that is the case, access to at least the following information:
(a)the purposes and legal basis for the processing, the categories of data concerned, and, where applicable, the recipients or categories of recipients to whom the personal data have been or will be disclosed;
(b)the existence of the right to obtain from the authority rectification or erasure, or restriction of the processing of, personal data;
(c)where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
(d)communication, using clear and plain language, of the personal data undergoing processing and of any available information as to the sources of those data;
(e)the right to lodge a complaint with the supervisory authority referred to in Article 21 and its contact details.
In cases where the right of access referred to in the first subparagraph is exercised, the transferring authority shall be consulted on a non-binding basis before a final decision on the request for access is taken.
2.The Parties shall provide for the authority concerned to address the request without undue delay and in any case within a period of one month of the receipt of the request. That period may be extended by the authority concerned in light of the efforts required in addressing the request, but shall in no case exceed three months.
3.The Parties may provide for the possibility of delaying, refusing or restricting the information referred to in paragraph 1 to the extent that and for as long as such delay, refusal or restriction constitutes a measure that is necessary and proportionate, taking into account the fundamental rights and interests of the data subject, in order to:
(a)avoid the obstruction of official or legal inquiries, investigations or procedures;
(b)avoid prejudice to the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties;
(c)protect public security;
(d)protect national security; or
(e)protect the rights and freedoms of others, such as victims and witnesses.
4.The Parties shall provide for the authority concerned to inform the data subject in writing of:
(a)any delay, refusal or restriction of access and of the reasons therefor; and
(b)the possibility of lodging a complaint with the respective supervisory authority or of seeking a judicial remedy.
The information set out in the first subparagraph, point (a), may be omitted where this would undermine the purpose of the delay, refusal or restriction under paragraph 3.
Article 15
Right to rectification, erasure or restriction
1.The Parties shall provide for any data subject to have the right to obtain from the authorities processing personal data transferred under this Agreement the rectification of inaccurate personal data concerning the data subject. Taking into account the purposes of the processing, the right to obtain rectification includes the right to have incomplete personal data transferred under this Agreement completed.
2.The Parties shall provide for any data subject to have the right to obtain from the authorities processing personal data transferred under this Agreement the erasure of personal data concerning the data subject where the processing of the personal data infringes Article 10(1) or Article 12, or where the personal data must be erased in order to comply with a legal obligation to which the authorities are subject.
3.The Parties may provide for the possibility of the authorities to grant restriction of processing rather than the rectification or erasure of personal data as referred to in paragraphs 1 and 2 where:
(a)the accuracy of the personal data is contested by the data subject and their accuracy or inaccuracy cannot be ascertained; or
(b)when the personal data must be maintained for the purposes of evidence.
4.The transferring authority and the authority processing the personal data shall inform each other of cases referred to in paragraphs 1, 2 and 3. The authority processing the data shall rectify, erase, or restrict the processing of, the personal data concerned in accordance with the action taken by the transferring authority.
5.The Parties shall provide for the authority having received a request under paragraph 1 or 2 to inform the data subject in writing without undue delay that the personal data have been rectified or erased, or that their processing has been restricted.
6.The Parties shall provide for the authority having received a request under paragraph 1 or 2 to inform the data subject in writing of:
(a)any refusal of the request and of the reasons therefor;
(b)the possibility of lodging a complaint with the respective supervisory authority; and
(c)the possibility of seeking a judicial remedy.
The information listed in the first subparagraph, point (a), may be omitted under the conditions set out in Article 14(3).
Article 16
Notification of a personal data breach to the authorities concerned
1.The Parties shall provide, in the event of a personal data breach affecting personal data transferred under this Agreement, for their respective authorities to notify each other as well as their respective supervisory authority of that breach without delay, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons, and to take measures to mitigate its possible adverse effects.
2.The notification shall at least describe:
(a)the nature of the personal data breach, including, where possible, the categories and number of data subjects concerned and the categories and number of personal data records concerned;
(b)the likely consequences of the personal data breach;
(c)the measures taken or proposed to be taken by the authority processing the data to address the personal data breach, including the measures taken to mitigate its possible adverse effects.
3.Where, and in so far as, it is not possible to provide the information referred to in paragraph 2 at the same time, the information may be provided in phases without undue further delay.
4.The Parties shall provide for their respective authorities to document any personal data breach affecting personal data transferred under this Agreement, including the facts surrounding the breach, its effects and the remedial action taken, thereby enabling their respective supervisory authority to verify compliance with this Article.
Article 17
Communication of a personal data breach to the data subject
1.The Parties shall, where a personal data breach as referred to in Article 16 is likely to result in a high risk to the rights and freedoms of natural persons, provide for their respective authorities to communicate the personal data breach to the data subject without undue delay.
2.The communication to the data subject pursuant to paragraph 1 shall describe in clear and plain language the nature of the personal data breach and contain at least the elements provided for in Article 16(2), points (b) and (c).
3.The communication to the data subject referred to in paragraph 1 shall not be required if:
(a)the personal data concerned by the breach were subject to appropriate technological and organisational protection measures that render the data unintelligible to any person who is not authorised to access them;
(b)subsequent measures have been taken which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise; or
(c)such communication would involve disproportionate effort, in particular owing to the number of cases involved. If so, the authority shall issue a public communication or similar measure whereby the data subjects are informed in an equally effective manner.
4.The communication to the data subject may be delayed, restricted or omitted under the conditions set out in Article 14(3).
Article 18
Storage, review, correction and deletion of personal data
1.The Parties shall provide for appropriate time limits to be established for the storage of personal data received under this Agreement, or for a periodic review of the need for the storage of such data, so that such data are stored for no longer than is necessary for the purposes for which they are transferred.
2.In any case, the need for continued storage shall be reviewed no later than three years after the transfer of the personal data.
3.Where a transferring authority has reason to believe that personal data previously transferred by it are incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the receiving authority, which shall rectify or erase the personal data and provide notification thereof to the transferring authority.
4.Where a competent authority has reason to believe that personal data previously received by it are incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the transferring authority, which shall provide its position on the matter. Where the transferring authority concludes that the personal data is incorrect, inaccurate, no longer up to date, or should not have been transferred, it shall inform the receiving authority, which shall rectify or erase the personal data and provide notification thereof to the transferring authority.
Article 19
Logging and documentation
1.The Parties shall provide for the keeping of logs or other documentation of the collection of, alteration of, access to, disclosure of, including onward transfer, combination and erasure of personal data.
2.Such logs or documentation shall be made available to the supervisory authority on request and shall be used only for verification of the lawfulness of data processing, self-monitoring and ensuring proper data integrity and security.
Article 20
Data security
1.The Parties shall ensure the implementation of technical and organisational measures to protect personal data transferred under this Agreement.
2.In respect of automated data processing, the Parties shall ensure the implementation of measures designed to:
(a)deny unauthorised persons access to data processing equipment used for processing personal data ('equipment access control');
(b)prevent the unauthorised reading, copying, modification or removal of data media ('data media control');
(c)prevent the unauthorised input of personal data and the unauthorised inspection, modification or deletion of stored personal data ('storage control');
(d)prevent the use of automated data processing systems by unauthorised persons using data communication equipment ('user control');
(e)ensure that persons authorised to use an automated data processing system have access only to the personal data covered by their access authorisation ('data access control');
(f)ensure that it is possible to verify and establish to which entities personal data may be or have been transmitted using data communication equipment ('communication control');
(g)ensure that it is possible to verify and establish which personal data have been input into automated data processing systems and when and by whom the personal data were input ('input control');
(h)prevent the unauthorised reading, copying, modification or deletion of personal data during their transfer or during transportation of data media ('transport control');
(i)ensure that installed systems may, in the event of interruption, be restored immediately ('recovery');
(j)ensure that the functions of the system perform without fault, that the appearance of faults in the functions is immediately reported ('reliability') and that stored personal data cannot be corrupted by system malfunctions ('integrity').
Article 21
Supervisory authority
1.The Parties shall provide for one or more independent public authorities responsible for data protection to oversee the implementation of, and ensure compliance with this Agreement, for the purpose of protecting the fundamental rights and freedoms of natural persons in relation to the processing of personal data.
2.The Parties shall ensure that:
(a)each supervisory authority acts with complete independence in performing its tasks and exercising its powers;
(b)each supervisory authority is free from external influence, whether direct or indirect, and neither seeks nor accepts instructions;
(c)the members of each supervisory authority have a secure term of office, including safeguards against arbitrary removal.
3.The Parties shall ensure that each supervisory authority has the human, technical and financial resources, premises, and infrastructure necessary for the effective performance of its tasks and exercise of its powers.
4.The Parties shall ensure that each supervisory authority has effective powers of investigation and intervention to exercise oversight over the bodies it supervises, and to engage in legal proceedings.
5.The Parties shall ensure that each supervisory authority has powers to hear complaints from individuals about the use of their personal data.
Article 22
Right to an effective judicial remedy
1.The Parties shall ensure that, without prejudice to any other administrative or non-judicial remedy, each data subject has the right to an effective judicial remedy where he or she considers that his or her rights guaranteed under this Agreement have been infringed as a result of the processing of his or her personal data in non-compliance with this Agreement.
2.The right to an effective judicial remedy shall include the right to compensation for any damage caused to the data subject by such processing as a result of a violation of the Agreement and under the conditions set out in the respective legal framework of each Party.
Chapter III
Confidentiality of information
Article 23
Exchange of EU classified or sensitive non-classified information
The exchange of EU classified or sensitive non-classified information, if necessary under this Agreement, and its protection [as confidential] shall be regulated by a working arrangement concluded between Eurojust and the competent authorities of Armenia.
Chapter IV
Liability
Article 24
Liability and compensation
1.The competent authorities shall be liable, in accordance with their respective legal frameworks, for any damage caused to an individual as a result of legal or factual errors in information exchanged. In order to avoid liability under their respective legal frameworks vis-à-vis an injured individual, neither Eurojust nor the competent authorities of Armenia may plead that the other had transferred inaccurate information.
2.If a competent authority has paid compensation to an individual under paragraph 1, and its liability was a result of its use of information which had been erroneously communicated by the other competent authority, or communicated as a result of a failure on the part of the other competent authority, to comply with its obligations, the amount paid as compensation shall be repaid by the other competent authority, unless the information was used in breach of this Agreement.
3.Eurojust and the competent authorities of Armenia shall not require each other to repay compensation for punitive or non-compensatory damages.
Chapter V
Final provisions
Article 25
Expenses
The Parties shall ensure that the competent authorities bear their own expenses, which arise during the implementation of this Agreement, unless otherwise stipulated in this Agreement or in the working arrangement.
Article 26
Working arrangement
1.The details of the cooperation between the Parties to implement this Agreement shall be governed by a working arrangement concluded between Eurojust and the competent authorities of Armenia in accordance with the Eurojust Regulation.
2.The working arrangement shall replace any existing working arrangement concluded between Eurojust and the competent authorities of Armenia.
Article 27
Relation to other international instruments
This Agreement is without prejudice to, and shall not otherwise affect or impact, the provisions of any bilateral or multilateral agreement on cooperation or mutual legal assistance treaty, any other cooperation agreement or arrangement, or working level judicial cooperation relationship in criminal matters between Armenia and any Member State.
Article 28
Notification of implementation
1.The Parties shall provide for each competent authority to make publicly available its contact details as well as a document setting out, using clear and plain language, information regarding the safeguards for personal data guaranteed under this Agreement, including information covering at least the items referred to in Article 14(1), points (a) and (c), and the means available for the exercise of the rights of data subjects. Each Party shall ensure that a copy of that document be provided to the other.
2.Where not already in place, the competent authorities shall adopt rules specifying how compliance with the provisions regarding the processing of personal data will be enforced in practice. A copy of those rules shall be sent to the other Party and their respective supervisory authority.
3.The Parties shall notify each other of the supervisory authority responsible for overseeing the implementation of, and ensuring compliance with, this Agreement in accordance with Article 21.
Article 29
Entry into force and application
1.This Agreement shall be approved by the Parties in accordance with their own procedures.
2.This Agreement shall enter into force on the first day of the second month following the month during which both Parties have notified each other that the procedures referred to in paragraph 1 have been completed.
3.This Agreement shall apply as from the first day after the date on which all of the following conditions have been fulfilled:
(a)the Parties have signed a working arrangement as laid down in Article 26;
(b)the Parties have notified each other that the obligations laid down in this Agreement have been implemented, including the obligations laid down in Article 28; and
(c)each Party has informed the notifying Party that the notification pursuant to point (b) of this subparagraph has been accepted.
The Parties shall notify each other in writing confirming the fulfilment of the conditions set out in the first subparagraph.
Article 30
Amendments
1.Amendments to this Agreement may be made in writing at any time, by mutual consent between the Parties. Such amendments shall be contained in a separate document, duly signed. Such amendments shall enter into force in accordance with the procedure set out in Article 29(1) and (2).
2.Updates to the Annexes to this Agreement may be agreed between the Parties by exchange of diplomatic notes.
Article 31
Review and evaluation
1.The Parties shall jointly review the implementation of this Agreement one year after the date of entry into application, and at regular intervals thereafter, and whenever requested by either Party and agreed between the Parties.
2.The Parties shall jointly evaluate this Agreement four years after the date of entry into application.
3.The Parties shall decide in advance on the details of the review and shall communicate to each other the composition of their respective teams. Each team shall include relevant experts on data protection and judicial cooperation. Subject to applicable laws, any participants in the review shall be required to respect the confidentiality of the discussions and to have appropriate security clearances. For the purposes of any review, the Parties shall ensure access to relevant documentation, systems and staff.
Article 32
Settlement of disputes and suspension clause
1.If a dispute arises in connection with the interpretation, application or implementation of this Agreement, and any matters related thereto, the representatives of the Parties shall enter into consultations and negotiations with a view to reaching a mutually agreeable solution.
2.Notwithstanding paragraph 1, in the event of a material breach or of non- fulfilment of obligations under this Agreement or, if there is an indication that such a material breach or non-fulfilment of obligations is likely to occur in the near future, either Party may suspend the application of this Agreement in whole or in part by written notification to the other Party. Such written notification shall not be made until after the Parties have engaged in consultations during a reasonable period without reaching a resolution. Suspension shall take effect 20 days from the date of receipt of such notification. Such suspension may be lifted by the suspending Party upon written notification to the other Party. The suspension shall be lifted immediately upon receipt of such notification.
3.Notwithstanding any suspension of the application of this Agreement, information falling within the scope of this Agreement and transferred prior to its suspension shall continue to be processed in accordance with this Agreement.
Article 33
Termination
1.Either Party may notify in writing the other Party of its intention to terminate this Agreement. The termination shall take effect three months after the date of receipt of the notification.
2.Information falling within the scope of this Agreement transferred prior to its termination shall continue to be processed in accordance with this Agreement as in force on the date of termination.
3.In case of termination, the Parties shall agree on the continued use and storage of the information that has already been communicated between them. If no agreement is reached, either Party is entitled to require that the information which it has communicated be destroyed or returned to it.
Article 34
Notifications
1.Notifications in accordance with this Agreement shall be sent:
(a)for Armenia, to the Secretary-General of the Council of the European Union;
(b)for the Union, to the Ministry of Justice of Armenia.
2.The information about the addressee of notifications referred to in paragraph 1 may be updated through diplomatic channels.
Article 35
Authentic texts
This Agreement shall be drawn up in duplicate in the Bulgarian, Czech, Croatian, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish, Swedish and Armenian languages. In the event of any divergence between the texts of this Agreement, the English text shall prevail.
IN WITNESS WHEREOF, the undersigned Plenipotentiaries, duly authorised to this effect, have signed this Agreement.
Done at ……, this …… day of …… in the year ……
For the European Union
For the Republic of Armenia
ANNEX I
Forms of serious crime (Article 3, point (e))
·terrorism,
·organised crime,
·drug trafficking,
·money-laundering activities,
·crime connected with nuclear and radioactive substances,
·immigrant smuggling,
·trafficking in human beings,
·motor vehicle crime,
·murder and grievous bodily injury,
·illicit trade in human organs and tissue,
·kidnapping, illegal restraint and hostage taking,
·racism and xenophobia,
·robbery and aggravated theft,
·illicit trafficking in cultural goods, including antiquities and works of art,
·swindling and fraud,
·crime against the financial interests of the Union,
·insider dealing and financial market manipulation,
·racketeering and extortion,
·counterfeiting and product piracy,
·forgery of administrative documents and trafficking therein,
·forgery of money and means of payment,
·computer crime,
·corruption,
·illicit trafficking in arms, ammunition and explosives,
·illicit trafficking in endangered animal species,
·illicit trafficking in endangered plant species and varieties,
·environmental crime, including ship-source pollution,
·illicit trafficking in hormonal substances and other growth promoters,
·sexual abuse and sexual exploitation, including child abuse material and solicitation of children for sexual purposes,
·genocide, crimes against humanity and war crimes.
The forms of crime referred to in this Annex shall be assessed by the competent authorities of Armenia in accordance with the law of Armenia.
ANNEX II
Competent authorities of the Republic of Armenia and their competences
(Article 3, point (c), of the Agreement)
The competent authorities of Armenia to which Eurojust may transfer data are as follows:
Authority | Description of Competences |
Prosecutor General’s Office of the Republic of Armenia | The Prosecutor General’s Office of the Republic of Armenia is competent under domestic law for the investigation and prosecution of criminal offences. The Prosecutor General’s Office of the Republic of Armenia is the Central Authority designated for international legal cooperation on criminal matters – proceedings, which are in pre-trial stage of the investigations. |
Ministry of Justice of the Republic of Armenia | The Central Authority designated for international legal cooperation on criminal matters – proceedings, which are in trial stage (or later stage: e.g. implementation of sentences, transfer of sentenced persons). |
Investigative Committee of the Republic of Armenia | The domestic authority authorized to conduct preliminary investigation (pre-trial criminal proceedings) of the alleged crimes within its competence envisaged by the Criminal Procedure Code. |
Anti-Corruption Committee of the Republic of Armenia | The domestic authority authorized to conduct preliminary investigation (pre-trial criminal proceedings) for alleged corruption crimes within its competence envisaged by the Criminal Procedure Code. |
Investigative Department of the National Security Service of the Republic of Armenia | The domestic authority authorized to conduct preliminary investigation (pre-trial criminal proceedings) within its competence envisaged by the Criminal Procedure Code. |
Courts of the Republic of Armenia Courts of first instance of general jurisdiction Anti-corruption court Criminal Court of Appeal Anti-corruption Court of Appeal | The domestic authorities authorized to implement judicial cooperation instruments in criminal matters. |
ANNEX III
List of Union bodies
(Article 3, point (d))
Union bodies with which Eurojust can share personal data:
·European Central Bank (ECB)
·European Anti-Fraud Office (OLAF)
·European Border and Coast Guard Agency (Frontex)
·European Union Intellectual Property Office (EUIPO)
·Missions or operations established under the Common Security and Defence Policy, limited to law enforcement and judicial activities
·European Union Agency for Law Enforcement Cooperation (Europol)
·European Public Prosecutor’s Office (EPPO)
(1) Regulation (EU) 2018/1727 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for Criminal Justice Cooperation (Eurojust), and replacing and repealing Council Decision 2002/187/JHA (OJ EU L 295, 21.11.2018, p. 138).
Top
×
Timeline legend
Initial legal act
Another version
Selected version
Selected version application period
Hidden intermediate versions
Version which is applicable today
Future version
All