Best CISE options on portraying CISE participants and access rights (Remarks/comments and overall categorisation of conducive environment for data sharing - A (low) , B (medium) or C (high))
C. Administrative burdens (reporting implications)
D. Legislative complexity (simplification)
MARSUNO pilot project final report 2011
(Maritime Surveillance North)
MARSUNO – Maritime Surveillance in the Northern Sea Basins – is a pilot project initiated by the European Commission. 24 authorities from ten countries (Sweden, Finland, Poland, Latvia, France, Germany, Lithuania, Norway, Estonia and Belgium) are partners to the project.
In the legal analysis carried out within the frame of the project the following pieces of EU legislation have been identified:
Directive 95/46/EC (Data protection)
Directive 2002/59/EC (VTM directive)
Regulation 1224/200926 and 404/201127 (Fisheries Control)
Regulation 725/2004 (Enhancing ship and port security) and Directive 2005/65/EC29 (port security)
Regulation 562/200630 (Schengen Border Code)
The project establishes three categories of information (B.A.R):
Basic information: Tracking information originates from sensors, observations etc. which is free to be exchanged inside CISE. Basic information is not open information. The information is produced inside the community using CISE
Additional information: This is information created or enriched mainly through the use of analysis tools. This kind of information is often responding to a specific mission or functionality and will be shared based on user demands inside the CISE community
Restricted information: This information is sensitive and cannot be shared freely inside the community using CISE. The main fear is the risk of information leaking that could complicate or endanger an operation
The definitions are for the purpose of the operational level and does not necessarily relate directly to a legislative act. E.g. restricted information is not always covered by the data protection rules but could also be restricted in accordance with other pieces of legislation or procedures.
The report also examines the conditions for a better data exchange between the civil and military community. The two communities are normally usually regulated separately however the conditions are similar, which leads to the conclusion that there are no valid grounds for amending or adapting the union level legislation but investigating how a system could function. This is in relation to the civil military information exchange.
A: The data protection rules are identified by the project as a barrier of general nature and the scope of the coverage of the directive is discussed in the report. Especially the definition of personal is concretely assessed in relation to the maritime area. The discussions are concentrated on elements like registration numbers CCTV images etc. and the report are rather inconclusive by stating surveillance data such registration numbers could potentially involve personal data.
B: The report does not identify any specific provision hindering sharing of information across user communities however referring to sector legislation normally would emphasise that personal data should be treated in accordance with applicable rules.
Moreover the report also raises the issue of the protection of commercial data, which is not horizontally addressed in the EU legislation. However it is very relevant but cannot be considered directly as legal barrier but an administrative procedure to be handled to ensure that the receiver of the information complies with the same level of confidentiality.
C: The pilot project participants raised the issue of a significant burden in reporting especially if the information needs to be reported more than once. However the forthcoming Single Window implemented according to the Reporting formalities Directive will decrease the administrative burdens for the private sector significantly.
D: The report does not directly address the legal implications of access rights and responsibility to share.
The report suggests five proposals regarding legal measures that could be implemented in order to lower the identified legal barriers identified.
1) Harmonisation by reducing differentiation of national legislation. This would imply specifications/changes in the Data Protection rules to ensure a more harmonised approach. 2) Harmonisation through legislation by sector at the EU level. This would imply to change specific provisions in the sector legislation e.g. applying the same approach as done in the fisheries control regulation art 12.
3) Confidentiality and secrecy adapted to sector needs. The report again refers to the possibility to use the fisheries control regulation as a model example.
4) Agreement as a general option
This is proposed as a supplement to also changing legislation at EU level but as long as that the legislative process is ongoing create incentives, templates, best practices for bilateral, national, regional or EU-wide agreements.
5) Quasi-legislative proposal - Policy for Harmonising Maritime Related Information. The essence of this is to propose one overarching requirement to achieve an efficient CISE situation with a harmonised legal playing field.
Proposal
The report outlines very thorough discussion on the scope of the Data Protection rules and specifically in accordance with the maritime area, which is a very useful discussion for the analyses in chapter 2 and 5. The legislative proposals are similar to the proposed policy options in this report however not on a one to one basis. Especially proposal no 5 is similar to policy 5. However the analysis does not move to the level of the specific provisions in the sector legislation.
Functions/
User Communities
Portraying CISE participants and access rights
Current situation and best options
Current user access rights and responsibility to share
(Legal basis for data exchange, planned legal activities, actors (if specified) and geographic/regional coverage)
Identification of barriers
Legal (L), technical (T) and cultural (C)
Best CISE options on portraying CISE participants and access rights (Remarks/comments and overall categorisation of conducive environment for data sharing - A (low) , B (medium) or C (high))
A. General nature
B. Specific nature
C. Administrative burdens (reporting implications)
D. Legislative complexity (simplification)
BluemassMed final report (Blue Maritime Surveillance System Med)
Cross-Border and Cross Sectoral Maritime Information Sharing for a better knowledge and control of activities at sea
The BluemassMed project included 37 partners in six Mediterranean countries (Greece, Malta, Italy, Spain, France and Portugal).
The project had a Legal working group, which had the main objectives to give legal support to the foreseen exchange of information, to define the extent of the exchange, and to give legal support to specific agreements. To reach that aim, the following specific objectives are established in four main steps:
- catalogue the legal framework in the involved countries regarding exchange of information;
- elaborate and propose common, although specific, MoU between the different entities involved in the exchange of information in order to enable it
- propose a European legal instrument enabling and smoothing the progress of future interoperability.
A: The Legal group (LWG) of identifies Data Protection rules and rules limiting the possibility to share criminal data as the main general barriers for CISE and especially the fragmented national administrative procedures.
B: The projects analysis does not move to the detailed level of the sector specific legislation.
C: All the participants to the project states they have benefitted significantly from participating in the project and it have given them fewer administrative burdens. The project also identified the potential for the fusion of basic civil-military data and vice-versa, meaning that it reinforced the already existing military use of civil data, as well as it provided the use of military data for civil purposes.
D: The project states that the “Need to know” principle in balance with “responsibility to share” principle leads to a paradigm shift on behalf of the user’s communities towards an increasing common trust and awareness of the “interest to share” and its added value.
The project proposes that an instrument must be created at the European level to make available categories of data which are actually restricted by commercial or data protection rules. This framework will facilitate, namely, the position of European agencies dealing with maritime security, allowing building data protection rules for the envisaged exchange with third states.
Proposal
The report outlines very thorough discussion on the scope of the Data Protection rules and specifically in accordance with the maritime area, which is a very useful discussion for the analyses in chapter 2 and 5. The legislative proposals are similar to policy option 5. However the analysis does not move to the level of the specific provisions in the sector legislation.
Functions/
User Communities
Portraying CISE participants and access rights
Current situation and best options
Current user access rights and responsibility to share
(Legal basis for data exchange, planned legal activities, actors (if specified) and geographic/regional coverage)
Identification of barriers
Legal (L), technical (T) and cultural (C)
Best CISE options on portraying CISE participants and access rights (Remarks/comments and overall categorisation of conducive environment for data sharing - A (low) , B (medium) or C (high))
A. General nature
B. Specific nature
C. Administrative burdens (reporting implications)
D. Legislative complexity (simplification)
Report on Legal aspects of maritime monitoring & surveillance data (2008)
The study is done on behalf of the European Commission and executed by Marine Ressource Assessment Group Ltd. The study report identifies a number of relevant reporting regimes, surveillance systems, data sharing mechanisms and potential legal restrictions.
Several of these systems are set up to collect data in the maritime area within different functions/user communities.
A: A limitation for full sharing of information gathered in the maritime area is the rules governing the processing of personal data. The legislation limits significantly the possibilities to share personal data e.g. gathered as the exercise of authority. It is important to note that personal data is broadly defined in the legislation and information gathered on e.g. the crew of a ship could be personal data.
B: Both the VMS (art. 113) and VTM (art. 24) directives hold provisions with restrictions to share information with a confidential and commercial nature. Those provisions limit the possibilities to share information.
C: The identified reporting regimes, surveillance systems and data sharing mechanisms all constitute administrative burdens to some extent.
D: Since the report covers relevant legislation for all functions the analysis is legally complex. The main issue is the combination of analysing vertical and horizontal legislation, which of course would need to be in sync.
The report does not directly address the legal implications of access rights and responsibility to share.
Proposal
As regards the barriers emerging from the Data Protection rules it is concluded that several pieces of the information collected in the maritime area can be categorised as personal data and the report concludes that the assessment of whether a piece of information is personal or not should be build into the system. Moreover it is concluded it should not be attempted to change the Data Protection rules.
Regarding the question on commercial confidentiality that barrier could potentially be addressed by changing the sectoral legislation e.g. VTS directive art. 113 and VTM directive art. 24. Any changes would have to address the sharing of information between user communities.
Functions/
User Communities
Portraying CISE participants and access rights
Current situation and best options
Current user access rights and responsibility to share
(Legal basis for data exchange, planned legal activities, actors (if specified) and geographic/regional coverage)
Identification of barriers
Legal (L), technical (T) and cultural (C)
Best CISE options on portraying CISE participants and access rights (Remarks/comments and overall categorisation of conducive environment for data sharing - A (low) , B (medium) or C (high))
A. General nature
B. Specific nature
C. Administrative burdens (reporting implications)
D. Legislative complexity (simplification)
Study on the current surveillance IT landscape and the resulting options for CISE
(Deloitte report)
An analysis of legal considerations in relation to the maritime area is not within the scope of the study.
C: Even though no legal analysis have been carried out within the scope of the study it is relevant to mention that the study identifies significant administrative burdens for the participating authorities. The administrative burden varies significantly depending on the choice of solution.
D: The study offers some input on assessment of the importance of ensuring access to the existing datasets. The matrix offered in the study gives some indication on the relevance of having access to a certain dataset. This is relevant for an evaluation of potential benefit in changing legislation that constitutes a barrier for information sharing across user communities and borders.
Proposal
The study offers no direct proposal for amending the legal framework governing the maritime area; however the findings of the study might be a useful input to evaluate the demand for legislative action.
Functions/
User Communities
Portraying CISE participants and access rights
Current situation and best options
Current user access rights and responsibility to share
(Legal basis for data exchange, planned legal activities, actors (if specified) and geographic/regional coverage)
Identification of barriers
Legal (L), technical (T) and cultural (C)
Best CISE options on portraying CISE participants and access rights (Remarks/comments and overall categorisation of conducive environment for data sharing - A (low) , B (medium) or C (high))
A. General nature
B. Specific nature
C. Administrative burdens (reporting implications)
D. Legislative complexity (simplification)
Final report from
the WISE PEN team (2010)
The WISE PEN project was commissioned by EDA. It targets areas like prevention of terrorism, piracy and illegal immigration. It is not within the scope of the project to provide an extensive legal analysis of the maritime area. However the report addresses legal issues to some extend.
A. The report addresses data protection issues and states that there is a need for a clarification of what is real and what perceived data protection barriers.
B: As regards the barriers of a specific nature the report addresses issues within the areas of general law enforcement, state security and defence, however without addressing potential legal barriers on the level of specific articles.
C: N/A
D: Although it is widely understood that the “need to know” principle needs to be replaced by the need to share, in practice risk aversion till prevents this happening and a responsibility to provide obligation is needed to redress the balance.
The report mentions examples of legislative regimes, (SOLAS, IALA, & IMO), which show that governance models exist for international maritime cooperation without succumbing to deadlock over legal or sovereignty issues.
The report concludes that a culture change and more open approach would have much more effect than using the legal instrument. However an option for increasing information sharing is to propose a coherent legal frame across the seven user communities.
The report concludes that most of the legal constraints that hinders information sharing is really perceived barriers more than actually legislative barriers.
