Published in January 2019.
This module is a resource for lecturers
Exchange of information
Prompt and reliable exchange of information between investigative authorities is critical. States may exchange information based on agreements or on a voluntary basis, provided that national laws are respected. In this context, effective channels of communication are paramount. Article 27 of UNTOC calls upon States to cooperate closely with one another in this regard. By the same token, article 10 of the Protocol against the Smuggling of Migrants requires States to exchange information with each other concerning:
- Embarkation and destination points, routes, carriers and means of transportation known to be or suspected of being used by smugglers;
- Identity and methods of smugglers;
- Authenticity and proper form of travel documents issued by a State party and the theft or related misuse of blank travel or identity documents;
- Means and methods of concealment and transportation of persons;
- Legislative experiences and practices and measures to prevent and combat the smuggling of migrants; and
- Scientific and technological information useful to law enforcement to increase the capacity of States to enhance each other's abilities to prevent, detect and investigate the smuggling of migrants.
There are established systems of cooperation that facilitate the exchange of information at the regional and global level:
AFRIPOL was established in 2014 under the aegis of the African Union as an independent mechanism for police cooperation for Member States of the African Union. Its main objective is to establish a framework for police cooperation at the strategic, operational and tactical levels between Member States police institutions. Some areas of concern are:
Europol Analytical Work Files (AWFs)
Europol operates a system of Analytical Work Files (AWFs), which supports active investigation through storing and analysing information derived from investigations of Europol Member States. An AWF on smuggling networks operating from place A to place B could be established.
An AWF is the primary means by which Europol offers operational analytical support to investigations within Member States. AWF CHECKPOINT is the relevant database for smuggling of migrants. Its purpose is to assist Member States in preventing and combating the forms of criminality associated with the facilitation of irregular migration within and into EU by organized criminal groups. AWFs utilize a "target group"-oriented approach.
Any third State or international organization can contribute data to be used in an AWF and may, under special conditions, be invited to be an associated member of an AWF.
INTERPOL notices are international requests for cooperation or alerts allowing police in member countries to share critical crime-related information. Notices are published by INTERPOL's General Secretariat at the request of National Central Bureaus and authorized entities.
The subjects of Red Notices are wanted by national jurisdictions for prosecution or to serve a sentence based on an arrest warrant or court decision. INTERPOL's role is to assist the national police forces in identifying and locating these persons with a view to their arrest and extradition or similar lawful action.
Like the Red Notice is another request for cooperation or alert mechanism known as a 'diffusion'. This is less formal than a notice but is also used to request the arrest or location of an individual or additional information in relation to a police investigation. A diffusion is circulated directly by an NCB to the member countries of their choice, or to the entire INTERPOL membership and is simultaneously recorded in INTERPOL's Information System.
INTERPOL may further assist Member States though its I-24/7 global police communications system that connects law enforcement officers in all member countries. It enables authorized users to share sensitive and urgent police information with their counterparts, 24 hours a day, 365 days a year. I-24/7 further enables investigators to access INTERPOL's range of criminal databases: suspected criminals or wanted persons, stolen motor vehicles, fingerprints, DNA profiles, stolen administrative documents as well as stolen and lost travel documents, which is a particularly relevant tool in relation to SOM.
Eurojust is mandated to improve coordination and cooperation between investigating and prosecuting authorities in the Member States, and to provide support to them generally. In the terms of its founding instrument, Members States are required to exchange information with Eurojust that will allow it to perform its tasks. This information permits, for instance, to cross-check links to cases in the Eurojust Case Management System, to offer assistance to Member States at an early stage, and to provide operational and strategic feedback to national authorities.
The obligation to transmit information specifically includes information about:
Eurojust also has the so-called On-Call Coordination, which enables judicial authorities and law enforcement officials to request Eurojust's assistance on a 24 hour/7-day per week basis. Notification of the OCC telephone numbers is restricted to judges, prosecutors and law enforcement officials.
Eurojust's coordination meetings bring together law enforcement and judicial authorities from Member States and third States, allowing for strategic, informed and targeted decisions in cross-border crime cases and the resolution of legal and practical difficulties resulting from the differences in the legal systems involved. Coordination centres, in turn, permit the simultaneous meeting of police, judicial and, if needed, customs authorities involved in specific case or operation. Coordination centres provide a unique opportunity for the real-time exchange of information and centralized coordination of the simultaneous execution of, inter alia, arrest warrants and searches and seizures in different States. Coordination centres expedite the timely transmission of additional information that is urgently needed to execute such measures and newly issued MLA requests.
Furthermore, it is important to bear in mind rules on the processing of personal data when sharing information. Individuals have the right to privacy, from which derives the right to protection of personal data. The rules on the processing of personal data, however, still vary considerably from country to country. Notwithstanding these differences, it is important that minimum standards in this regard be respected (for example, the General Data Protection Regulation (GDPR) is a Regulation of the European Union). The rules listed in Box 33 are a compilation of the core principles on the processing of personal data and may serve as a guideline:
Lawfulness - Duty to process personal data only when there is an appropriate legal basis or a legislative measure authorizing it.
Fairness - Sufficient information shall be provided to the data subject to make the processing fair and transparent. The data subject needs to be informed of the existence of, and agree to, the processing activities and its purposes at the moment of collection.
Transparency - Responsibility to ensure that any information or communication to the data subject is concise, easily accessible and understandable. All natural persons should be made aware of risks, rules, safeguards, and rights concerning the processing of his or her personal data and how to exercise the corresponding rights.
Purpose limitation - (i) Personal data may only be collected for specified (defined), explicit (clear) and legitimate purposes (legal basis) determined at the moment of collection; (ii) undefined and/or unlimited purposes are unlawful; (iii) personal data must only be processed in a manner compatible with those purposes. Otherwise, a new and separate legal basis is required. There are some exceptions to this principle; for instance, processing for archiving, scientific, historical or statistical purposesas long as appropriate technological and organizational measures are in place to protect the rights and freedoms of the data subjects.
Proportionality - Duty to process personal data only to the extent adequate (appropriate), and relevant (pertinent) to meet the purposes for which the data was collected (not excessive). Personal data may only be stored and processed if there is not another reasonable privacy-friendly solution to address the goals at stake. When the data no longer is proportionally adequate to meet the purpose, it must be erased.
Accuracy - Responsibility to take every reasonable step to ensure that personal data is accurate and up to date vis-à-vis the specific purposes for which the data was processed. Inaccurate data must be erased or rectified without delay.
Integrity and confidentiality - Duty to process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
Accountability - Processors of data must be able to demonstrate that they have respected the principles guiding the protection of personal data. They are liable if they have breached their obligations.
Note: There are some limitations to these principles when the processing of data is made for purposes of furthering investigations or prosecutions. For example, while the principle of consent is usually a pillar of data protection law (that is, the data subject should give his or her consent to the collection and processing of data and no other processing, exchange, or use may occur beyond the terms of that consent), being dependent on the consent of a defendant to collect and process (including in the context of police cooperation) his or her personal data, would obviously stymie justice efforts.
It is important to note that the international organizations and entities mandated to facilitate international police and judicial cooperation must adhere to well-defined rules regarding the processing of personal data. That is, often, exchange of information will not be feasible if the standards of personal data protection are not equivalent.
The Guidelines for the Regulation of Computerized Personal Data Files, adopted by United Nations General Assembly resolution 45/95 of 14 December 1990 may be of further assistance.