All text 
Onsdagen den 14 december 2016 - Strasbourg Reviderad upplaga

18. Europols överträdelse av dataskyddsbestämmelserna i samband med utredningar om terrorism (debatt)
Anföranden på video

  Președintele. – Următorul punct de pe ordinea de zi este dezbaterea privind Declarații ale Consiliului și Comisiei, referitoare la încălcarea securității datelor Europol legate de dosarele de anchetă privind terorismul (2016/3031(RSP)) .


  Ivan Korčok, President-in-Office of the Council. – Mr President, honourable Members, I very much appreciate the opportunity to discuss this topic with you today. It is important to clarify what has happened and address concerns. I would like to touch upon the facts regarding the incident and, finally, to draw some conclusions. But first of all, we have to have all the facts straight.

On 22 September, a former staff member of Europol informed Europol that she had been contacted by a journalist earlier that day in relation to Europol operational data. The journalist had obtained access to those data via a private storage device belonging to the former staff member. As soon as Europol was informed about this possible compromise of data, a security investigation was launched, in coordination with the national authorities of the Member State of the former staff member in order to identify the nature of the compromised data. The national authorities also initiated a judicial investigation.

In parallel, the Member States directly affected were informed by Europol in order to establish any possible impact. The Security Committee of Europol, where all Member States are represented, received a classified report on the matter. The Europol Data Protection Officer was also briefed. Later on, the information about the incident became public on 30 November, when a TV programme was announced and then broadcast on Dutch television. It was in that context that the Europol data compromise was mentioned.

Immediately, Europol circulated a background note about the incident to the relevant stakeholders - the Europol Management Board, the European Commission, the Europol Data Protection Officer, the Joint Supervisory Body, the EU Counter Terrorism Coordinator, the Council Secretariat as well as the Chairperson of the LIBE Committee. The Europol Security Committee was updated as well. Last week, the European Data Protection Supervisor, which will become Europol’s data protection oversight body on 1 May next year, was also informed.

As regards the content of the compromised data, it is worth noting that we are talking about historical data which are mostly more than 10 years old. According to the assessment of the Member States concerned and Europol, the data do not jeopardise on-going investigations.

Let me also make some additional remarks. As unfortunate as this incident might be, the case reported in the media is not a data leak – Europol’s information systems and its operational environment were not ‘hacked’ or intruded upon. In fact, Europol adheres to the highest standards of data security, including continuous security awareness briefings provided to its staff members. Europol operates state-of-the-art databases and secure communication capabilities for processing and analysing operational and classified information.

Unfortunately, as with any law enforcement agency, the design of a robust system cannot completely eliminate human error. The former staff member clearly did not comply with Europol’s security rules, which explicitly forbid the use of private equipment to produce, store, process or transmit Europol operational or other sensitive information.

This is the first identified case of this kind since Europol was established.

As far as the Parliament is concerned, I would also recall that the new Europol Regulation, which comes into application on the 1 May 2017, foresees a mechanism to allow enhanced parliamentary oversight. A Joint Parliamentary Scrutiny Group will be established by the national parliaments and the competent committee of the European Parliament.

I therefore sincerely hope that this incident will not undermine our efforts to increase the exchange of information. We all share an interest in this. Exchange of information, not least in the framework of Europol, is vital in order to address today’s security challenges.


  Dimitris Avramopoulos, Member of the Commission. – Mr President, thank you. Members of the Parliament, thank you for the invitation to this session. Before sharing with you all the information I have on this security breach, let me stress four key points.

1. It is my firm belief that we need more cooperation on security and effective data exchange. But I am equally clear that this presupposes a high level of data protection and state-of-the-art security rules.

2. This incident could not have happened today, thanks to the technical security improvements that are finally in place. Nobody can plug in USB drives and download data from Europol computers.

3. It neither affected the private life of European citizens nor any on-going security investigations.

4. With you we have adopted new rules for Europol that will impose a different handling of the case today from May 1st 2017.

Let’s look at facts first. This data breach is a case of human error by a former staff member who broke Europol’s security rules. There is no indication that the security breach by the former staff member was ill-intended. Still, it is of course unacceptable. Our data security rules should prevent human errors from happening.

The data compromised involves a limited number of Member States. Europol received written assurances from the journalist that the data will not be disclosed and that they are stored safely as journalistic evidence for the television programme. I am confident on the basis of information we were given that Europol respected all its current security and confidentiality rules.

A security investigation was launched with the Member State of the former Europol employee and to which the employee returned at the end of February 2016. National authorities also initiated a formal judicial investigation into the matter. In parallel, the Member States directly affected were updated by Europol to establish any possible impact. All Member States through the Security Committee of Europol received a classified report for their attention. The Europol Data Protection Officer was also briefed at an early stage of the process. It was verified that no current investigation in Member States has been jeopardised, because the breach concerns historical data which are around 10 years old.

When the case was reported in the media on 30 November, Europol provided external stakeholders with a background brief on the facts: namely, an update to the Europol Security Committee, which includes all Member States; the Europol Management Board, which includes the Commission; separately, the Commission, the Europol Data Protection Officer, the Joint Supervisory Body, the EU Counter-terrorism Coordinator, the Council Secretariat, and the Chairperson of the LIBE Committee.

Last week also the future data protection oversight body of Europol, the EDPS, was briefed with a report. Internally, staff were also updated when the incident was reported in the media on 30 November. Prior to that, all staff received continuous security awareness briefings.

Staff members, and in particular staff working in the operational environment, are continuously trained about the expected handling of operational and sensitive information. Staff have also been briefed about the implications of the security incident. Another security awareness seminar for all staff is scheduled to take place this Friday.

Honourable Members of the Parliament, as far as I am aware, this is the first real security breach of this kind involving Europol data since the establishment of the Agency in 1999. The Member States concerned confirmed that the compromised data does not jeopardise any on-going investigations. Only two people accessed the data. There are no indications that data have been further shared or the lives of private citizens affected. A judicial investigation in relation to a potential criminal offence committed by these two people is ongoing.

Europol today is a different organisation than the one back in 2009 when the human error occurred. Since then, Europol has introduced numerous technical measures preventing copying of data, such as prohibiting the connection of external drives I mentioned earlier. Staff are constantly trained and informed about security requirements.

The case reported in the media is not a data leak. ICT systems or the operational environment of Europol were not hacked or intruded. Handling security breaches is always the primary responsibility of the organisation when data have been compromised. That organisation, Europol, is obliged to inform the entities that provide the data, the internal data security bodies and its external data protection supervisor. Having said that, we should learn lessons from this case and improve our handling for the future.

The Europol Regulation that enters into application on 1 May 2017 lays down specific rules on handling data security breaches. These rules set high standards on data security. They oblige Europol to notify the personal data breaches without delay to the European Data Protection Supervisor and the competent authorities of the Member States concerned, as well as the data provider. They oblige Europol to inform in certain cases persons whose data have been breached, and they oblige the Europol Data Protection Officer to keep a register of data breaches.

Under the new Europol Regulation, a new set of security and confidentiality rules is being established. In light of his experience, we look more closely whether any changes are needed there.

Finally, I would encourage Europol in the – hopefully unlikely – event of a future security breach, to share proactively information with the Commission and the Joint Parliamentary scrutiny within the limits of the security rules.


  Agustín Díaz de Mera García Consuegra, en nombre del Grupo PPE. – Señor Presidente, Señorías, para nadie es un secreto que yo confío en Europol. Afirmé en la reciente reunión interparlamentaria y reitero ahora que Europol es una herramienta imprescindible para la seguridad de los europeos, así que mi compromiso es inequívoco.

Estamos en presencia de un caso aislado desencadenado por una exfuncionaria de Europol, que ocurrió en 2009 y que provocó que se subiera a la red información confidencial sobre investigaciones terroristas que oscilan entre los años 2003 y 2006, incumpliendo todas las normas de seguridad de Europol.

El prestigio de Europol no debe verse afectado por este hecho, ni tampoco la confianza de los Estados miembros. Por eso es importante que Europol, ahora, se plantee por lo menos estas tres cuestiones: ¿se han tomado ya las medidas suficientes para evitar este tipo de incidentes? Segundo, ¿cómo debe Europol orientar este hecho para que no mine su credibilidad de cara a los Estados miembros o a terceros Estados con quienes tiene acuerdos de cooperación? Tercero, ¿puede tener consecuencias para la seguridad de los Estados miembros? Aunque sabemos y afirmamos que el Consejo de Administración del martes fue muy positivo.

Por otra parte, a través de mis propias gestiones, he podido saber que ya se han mejorado una serie importante de medidas. Se ha aumentado la acreditación de la seguridad en la red y, desde el 1 de diciembre, se han bloqueado todos los puertos USB de la red segura. Además, como es de dominio común, a partir de mayo de 2017 entrará en vigor el nuevo Reglamento —del que fui ponente en el Parlamento Europeo—, que fortalecerá el sistema de protección de datos. El Supervisor Europeo, como ha dicho el señor Avramopoulos, vigilará como último responsable el correcto uso de ellos. Y en último lugar, habrá un mayor y mejor sistema de control democrático de la Agencia a través del grupo conjunto de control parlamentario formado por el Parlamento Europeo y los Parlamentos nacionales.

Este debate es necesario porque está justificado, pero debe ser proporcionado y equilibrado, y ayudar a fortalecer y revisar los protocolos de seguridad de Europol.




  Ana Gomes, em nome do Grupo S&D. – Senhor Presidente, a quebra de segurança que levou à divulgação online de nomes e números de telefone suspeitos em investigações de terrorismo da Europol não pode ser minimizada, nem ser vista como um caso isolado.

Não é possível desconsiderar esta falha de segurança, com a desculpa de erro individual e de que nenhuma investigação foi comprometida. Uma agência como a Europol tem de estar munida de procedimentos e controlos para não bastar a negligência de um funcionário para que a informação sensível apareça subitamente na net. Especialmente quando os poderes desta imprescindível agência foram estendidos ainda neste ano, tendo sido reforçado o papel do controlo democrático a exercer pelo Parlamento Europeu em associação com os parlamentos nacionais.

Não é aceitável que a Direção da Europol, por ventura sob pressão da Comissão e de alguns Estados-Membros, tenha optado por não informar esta casa quando participou na reunião da nossa comissão Líbia, no final do mês passado, logo estando já na posse desta informação. Por ironia o tema dessa reunião da comissão Líbia era precisamente o escrutínio desta agência.

Apesar de todos os alertas e provas de estarmos a viver em ambiente de guerra híbrida, é intolerável que a Comissão e os Estados-Membros, ultimamente lestos a usar o argumento da segurança para justificar entorses aos Direitos Humanos e ao Estado de Direito, como acontece, por exemplo, no acolhimento a migrantes e refugiados, não estejam, de facto, a levar a sério a cibersegurança e o potencial devastador de ataques sobre infraestruturas e redes críticas.

É intolerável que a Comissão não esteja a cumprir o seu papel de vigia, quando é ela própria atacada, como ainda aconteceu há dias. É crucial fazer uma investigação de fundo e agir, urgentemente, para garantir que todos os Estados-Membros, instituições e agências, efetivamente se coordenam, trocam informação e estão a munir-se das necessárias ferramentas de segurança e defesa, o que supõe um adequado investimento financeiro em recursos tecnológicos e em recursos humanos, incluindo inteligência humana.

Relatos assustadores chegam também de outras partes do mundo: interferência russa terá ocorrido para influenciar, e, porventura, mesmo perverter a expressão democrática nas eleições dos Estados Unidos, mas quando, aqui entre nós, na agência encarregue de coordenar esforços para combater o crime na era digital basta a negligência para mostrar que o rei vai nu, como podemos dizer que estamos a salvo?


  Monica Macovei, în numele grupului ECR. – Domnule președinte, acum șapte ani, doi lucrători din Europol au introdus un stick într-un calculator și au plecat de acolo cu informații confidențiale din instituție.

Europol se ocupă de lupta împotriva criminalității organizate și, în ultimul timp foarte puternic, de lupta cu terorismul. Acest lucru nu a afectat nici o anchetă judiciară care era în curs, nici un fel de anchetă în general și nu a avut alte consecințe. Nu a fost o scurgere de informații, nu a fost un atac cibernetic asupra sistemelor IT. Dar acest incident a existat, ceea ce este regretabil și inacceptabil.

Astăzi, însă, nu ar mai fi posibil. Astăzi nu ar mai putea nimeni să introducă un stick într-un calculator de la Europol și să plece cu informații acasă pentru că Europol operează cu baze de date care sunt confidențiale și are capacități de securizare foarte înalte, mai înalte decât în multe state membre; de asemenea, capacități de analiză și de procesare a informațiilor clasificate.

Standardele de securizare de la Europol sunt astăzi, repet, foarte înalte și nu se mai poate întâmpla. Oricum se investighează acest caz, dar vreau să finalizez prin a spune: eu cred în Europol și să nu se mai repete.


  Sophia in 't Veld, on behalf of the ALDE Group. – Mr President, you leave me with more questions than I came with actually, because I am beginning to wonder more and more, if you say this is not a data leak – a bit like ‘Ceci n’est pas une pipe’ – what a data leak looks like.

To me this sounds as though 700 pages of confidential information have been publicly available. When you say that it is only historical data and that it does not jeopardise any current investigations, that does not correspond exactly to the media reports saying that there may have been an impact on ongoing investigations. So I think this is extremely worrying. If the procedures apparently do not ensure that people do not make such mistakes, we have a very serious problem. We have been asked, under great pressure, to pass a series of measures like, for example, my favourite – EU PNR – which has decentralised the storage of data. If we cannot even secure the data stored by Europol, how can we be sure that the data which Member States are now obliged to store are safe? I’m getting extremely worried here.

But actually my main concern here is that we have all been talking about security, security, security, security – OK? – and we have all agreed that one of the big gaps in the security system is information sharing. This will have a devastating impact on the trust between Member States. How are you now going to convince Member States to share information? A majority of this House, as well as the Commission and the Council, fiercely opposed compulsory information sharing. I am not really sure what to think any more. You are trying to reassure us here by saying, ‘Keep moving folks, there is nothing to see here’. Well, I am not reassured. I would also like to know when exactly all these people – the Council, the JSB, the secretariat and everybody – when have they been informed? Was that before or after the media report? That is a question that I would like to get an answer to. I would also like to know when the Chair of the Committee on Civil Liberties, Justice and Home Affairs was informed, and under what conditions. Was he informed with the freedom to address these issues publicly, or is there a confidentiality clause?


  Cornelia Ernst, im Namen der GUE/NGL-Fraktion. – Herr Präsident! Es ist schon merkwürdig, wie eine Europol-Mitarbeiterin auf die Idee kommt, 700 Seiten vertrauliche, unverschlüsselte Daten mit nach Hause zu nehmen – vielleicht weil sie sich gelangweilt hat, oder mal nachgucken wollte, wer bei den Bombenlegern in Madrid dabei war.

Europol – und das ist das Problem – sah sich eben nicht in der Pflicht, das Europaparlament unverzüglich zu informieren, sondern erklärte nach Veröffentlichung der Daten, es seien ja bloß historische Daten gewesen. Wissen Sie wirklich, und das ist meine Frage an Sie, wohin die Daten gelangt sind? Sind Sie sicher, dass es nur dort geblieben war? Sie spielen den Vorfall herunter, und ich frage mich, für wie dumm halten Sie eigentlich das Parlament? Auch angesichts der Tatsache, dass das Datenmonster Europol 2017 noch mehr Kompetenzen erhalten wird, noch mehr Behörden darin involviert werden, noch mehr Datensysteme vernetzt werden.

Europol ist doch nur eine unkontrollierbare black box, und das bleibt sie auch mit der neuen Verordnung, auch mit dem Kontrollorgan, das nämlich zahnlos ist. Dieser Laden ist auch nicht sicher. Das ist doch die Botschaft. Ich frage mich, wie viele Datenlecks können wir tatsächlich verhindern und wie sieht es denn mit den Hackern aus? Es geht nicht nur um das Vertrauen in eine Behörde, das ohnehin fast niemand hat, sondern darum, die Sicherheit der Bürger zu gewährleisten, und davon habe ich nichts gehört.


  Jan Philipp Albrecht, on behalf of the Verts/ALE Group. – Mr President, I would like to say to the Commissioner that this example shows how important it is that we concentrate our systems and our storage on the information which is really necessary for the investigation – information linked to suspicion and risk. The more data we gather, the greater the risk of data being lost. It is true that this example is not the rule, and maybe today we have better standards to protect us against those losses, but there may be other occasions when data are lost and there may be other breaches of security.

No system is 100% secure. There will never be any system which is 100% secure. That makes it even more important that we look for the data which are necessary, concentrate on that and do not build up a huge storage of data just because we can do it technically. We should rather have a better and quicker exchange of information built on common standards which are high on security and data protection.

This should not only apply to the Member States with the Data Protection Directive, but should also apply to all EU data systems and agencies. That is not the case today. Every agency and every system has different standards. We need to harmonise these, and the upcoming regulation reform for EU agencies is a good opportunity to get these standards right in these agencies as well.


  Gerard Batten, on behalf of the EFDD Group. – Mr President, it is unfortunate that Europol mislaid some highly sensitive data on terrorism through human error. We’ve had similar experiences in Britain with highly sensitive government information being left on trains and in the back of taxis. If only obtaining information from Europol was always so easy.

In October, I requested a copy of the joint Interpol-Europol report on migrant smuggling networks from Europol and I was told I could not have it. My constituents in London might be surprised that I, as their MEP and a member of the Civil Liberties, Justice and Home Affairs Committee, cannot see this important report – not even a redacted version with sensitive and investigation-specific information withheld. My constituents would quite rightly expect me to be able to see this report. I hope that Europol will reconsider its decision and give me a copy of the report, rather than me having to hope that one turns up in the back of a taxi.


  Marcus Pretzell, im Namen der ENF-Fraktion. – Herr Präsident! Eine der dringendsten Aufgaben von Europol ist die Bekämpfung des Terrorismus, und dies erfordert tatsächlich die Zusammenarbeit verschiedener Staaten, weil sich Terroristen als über Staatsgrenzen hinweg tätig erweisen, vor allem jetzt, wo diese Grenzen zwischen den Staaten niedergerissen und unbewacht sind. Es gibt aber gute Gründe, warum Polizei und Terrorismusbekämpfung nationale Angelegenheiten bleiben sollten. Unterschiedliche Staaten haben unterschiedliche Wege, den Terrorismus zu bekämpfen, und je vielfältiger die Wege, desto wahrscheinlicher der Erfolg. Eine einzige große Behörde läuft Gefahr, eine fehlerhafte Struktur zu monopolisieren.

Im Januar hatte Europol ein European Counter Terrorism Centre gegründet. Die Nationalstaaten sehen sich aufgefordert, ihre Daten an dieses Zentrum zu liefern. Eine Polizeibeamtin hat 54 Ermittlungsakten, 700 Seiten, mit nach Hause genommen. Es landete in der Öffentlichkeit, und man kann nicht hundertprozentig sicher sein, dass niemand anderes das Material genutzt hat. Eines ist aber völlig sicher: Wenn zentral erfasste Daten öffentlich werden, ist der Schaden für die gesamte Struktur immens.


  Monika Hohlmeier (PPE). – Herr Präsident, Herr Kommissar, liebe Ratspräsidentschaft, liebe Kolleginnen und Kollegen! Ich halte es für sehr bedenklich, wenn man ein Datenleck – so bedauerlich es sein mag und schwierig so ein Vorgang ist – dann gleich dazu benutzt, um wieder in alte Anschuldigungen zu verfallen.

Erstens: Ich hoffe und wünsche – und da unterstütze ich alle Kolleginnen und Kollegen, die dies fordern –, dass wir eine genaue Aufklärung auch im Europäischen Parlament , im LIBE-Ausschuss, erhalten. Denn Nichtaufklärung bedeutet, Misstrauen säen. Wir wollen Vertrauen in Europol haben, und wir vertrauen auch den Beamten und Beamtinnen von Europol, weil sie exzellente Arbeit leisten. Es ist einfach Unfug zu glauben, dass die Bekämpfung des Terrorismus besser würde, wenn jeder Nationalstaat für sich allein arbeitet. Das ist geradezu kontraproduktiv in Zeiten, in denen man weiß, dass sich die wie auch organisierte Verbrecher über alle Grenzen hinweg bewegen, international operieren und sich gegenseitig fazilitieren und unterstützen.

Deshalb brauchen wir Informationsaustausch, deshalb brauchen wir Kooperation, deshalb brauchen wir auch Datensicherheit und wir brauchen einen intensiven Datenaustausch, der es ermöglicht, die Verbrecher optimal zu bekämpfen. Wir brauchen die verschiedenen Zentren, die sich mit den neuen Informationstechnologien und den Strategien befassen, die Verbrecher nutzen. Wir brauchen ein Terrorismuszentrum, das die Kooperation unter den Mitgliedstaaten fördert, unterstützt und koordiniert. Wenn wir dieses miteinander schaffen, dann müssen wir jetzt auch bei diesem Fall dafür Sorge tragen, dass das Vertrauen erhalten bleibt und wir in Zukunft auch im Parlament optimiert Informationen dazu erhalten.


  Juan Fernando López Aguilar (S&D). – Señor Presidente, me dirijo a la Presidencia del Consejo y al Comisario Avramopoulos, porque alguien que no tuviera responsabilidad directa sobre la seguridad de los europeos podría decir, sencillamente, que produce estupor que nada menos que en la Agencia de la Unión Europea para la Cooperación Policial, Europol, se haya producido una filtración y una exposición en la red de nada menos que setecientas páginas que afectan a la friolera de cincuenta y cuatro investigaciones diferentes —todas ellas de carácter muy sensible— de operaciones contra el crimen organizado transnacional, y particularmente contra el terrorismo.

Produce estupor, pero el caso es que se nos ha contado que no se produjo de forma maliciosa. ¡Bueno fuera!, ¡hasta ahí podríamos llegar! Que se hubiese producido una filtración dolosa nada menos que por parte de altos funcionarios que tienen la obligación de velar por la seguridad europea transfronteriza contra el crimen organizado, una filtración de todo ese material extremadamente sensible.

Nos hace falta, por tanto, una explicación, sí, pero urgente, porque va a entrar en vigor el nuevo Reglamento de Europol en mayo de 2017, que refuerza sus capacidades sobre la penetración de la seguridad en el tratamiento automatizado de los datos personales, de la privacidad de los europeos. De modo que hace falta que se nos dé una absoluta garantía de que esa seguridad no interfiere con las normas de protección de datos y se refuercen los protocolos relativos a esa información sensible.

Si además añadimos que hay un malestar generalizado en la Unión Europea con respecto del compromiso con la transparencia por parte de la Comisión y del Consejo, tenemos derecho a saber cuándo se produjo esa filtración, cómo se produjo esa filtración, cuándo se dio conocimiento oficial a este Parlamento Europeo a través de la Comisión de Libertades Civiles, Justicia y Asuntos de Interior, y cómo se va a garantizar que nunca más se produzca una filtración de datos sensibles de la seguridad personal a través de un burdo pendrive.


  Morten Helveg Petersen (ALDE). – Hr. formand! Europol er kernen i vores alles forsvar mod alvorlig grænseoverskridende kriminalitet og i stigende grad i håndteringen af nye terrortrusler og ekstremisme. Vi har i ALDE været med til at modernisere og styrke Europol i den nye forordning, som træder i kraft til maj næste år. Vi er glade for mange af de forbedringer, vi har været med til at vedtage. Forbedringer, som bl.a. sikrer en bedre databeskyttelse, og som skulle betyde en reel kontrol fra både de europæiske og de nationale parlamenter. Men for mig at se er det databrud i Holland et problem, som vi måske kunne have undgået, hvis vi havde haft disse nye kontrolværktøjer. Men det kræver alt sammen selvfølgelig, at Europol informerer Europa-Parlamentet, hvis der måtte ske brud på datasikkerheden. Hvis det skal give mening med parlamentarisk kontrol – hvad jeg selv og ALDE er tilhængere af – så kræver det, at Europol informerer, vel at mærke også før, at medierne måtte samle historier op og bringe dem videre. Og der synes jeg, at der stadig er en del svar, som vi har til gode med hensyn til, hvornår der er er blevet informeret, og på hvilket grundlag der er blevet informeret. Fremtidens trusler kræver samarbejde mellem politimyndighederne og Europol. Udveksling af data er en helt afgørende forudsætning herfor. Derfor skal vi kunne have tillid til, at institutioner som Europol omgås data forsvarligt. I ALDE er vi endda klar til at gå endnu videre og styrke udvekslingen af data mellem medlemslandenes politi og endda også efterretningstjenester, men det kræver, at den parlamentariske kontrol fungerer. Det er den parlamentariske kontrol, der giver Europol demokratisk legitimitet, og der må vi fra Europa-Parlamentets side insistere på, at Europol respekterer de spilleregler.


  Marie-Christine Arnautu (ENF). – Monsieur le Président, je suis étonnée de ce débat, biaisé par des discours «droits de l’hommiste» brandissant la présomption d’innocence. Étonnée aussi que vous ayez refusé à notre groupe sa demande de débattre sur la situation à Alep qui, vous en conviendrez, est autrement plus cruciale.

Il ne m’a pas échappé: Mme in’t Veld et l’Association européenne pour les droits de l’homme sont très choquées par la fuite de données survenue à Europol. Évidemment, la collecte massive de données sur les citoyens qui n’ont commis aucun crime est attentatoire aux libertés. C’est bien pour ce motif que mon groupe a toujours déploré qu’aucun État membre de l’Union européenne n’accepte d’octroyer l’asile politique à Snowden.

Mais de quoi parlons-nous ici? De données concernant des personnes liées à des affaires de terrorisme, notamment les terribles attentats islamistes de Madrid – 191 morts. La protection des données est indispensable et un tel incident est, certes, regrettable de ce point de vue, mais de là à avoir pour principale préoccupation le respect des droits fondamentaux de personnes mêlées à des affaires de terrorisme, c’est exagéré. Cela me rappelle vos discours défendant les droits des clandestins, quand bien même ces derniers seraient violeurs, assassins ou terroristes.


  Axel Voss (PPE). – Herr Präsident, Herr Kommissar! Ich frage mich schon, warum wir eigentlich diese Debatte zu diesem Zeitpunkt führen, weil wir mit dieser Debatte überhaupt keinen Mehrwert erreichen. Da ist menschliches Versagen passiert. Ja, das darf nicht passieren, und ja, das ist auch nicht richtig, und ja, wir müssen auch die entsprechenden Verfahren einhalten. Aber zurzeit können wir doch dazu überhaupt nichts weiter sagen als: Ja, Datenschutzverstöße sind blöd, ja, und höchstwahrscheinlich sind die Inhalte dieser Daten auch nicht für jedermann gedacht. Aber ungeachtet dessen müssen wir doch verfahrenstechnisch an diese Sache herangehen und sagen: Ja, es gibt eine Untersuchung. Die hat die Kommission eingeleitet. Sie wird uns auch entsprechend über die Auswirkungen eines solchen Verstoßes berichten. Und wir müssen doch eigentlich darauf dringen, dass sich dann auch die Organe der Europäischen Union an die Datenschutzgrundverordnung beziehungsweise an die Richtlinie entsprechend anpassen und die dort verankerten hohen Datenschutzstandards einhalten.

Aber der Mehrwert dieser Debatte, sich einfach nur zu echauffieren, dass es irgendwie ganz schlimm ist mit Daten und „wenn da irgendwas passiert“, bringt nichts. Wir brauchen nachher die Ergebnisse.


  Caterina Chinnici (S&D). – Signor Presidente, onorevoli colleghi, Commissario, la mia preoccupazione sull'episodio che ha coinvolto Europol non è legata esclusivamente alla tipologia delle informazioni diffuse in rete, ma anche alle possibili conseguenze in ordine alla fiducia degli Stati nell'azione di raccordo dell'Agenzia e alla conseguente disponibilità delle autorità competenti a comunicare dati e informazioni.

La gravità dell'episodio però non deve farci perdere di vista quello che, con impegno e non senza difficoltà, stiamo costruendo in termini di cooperazione nel diritto penale. Dagli attentati terroristici più recenti abbiamo imparato che lo scambio di informazioni è un elemento centrale nello svolgimento delle indagini per dare una risposta comune e unitaria nella lotta al terrorismo e alla criminalità organizzata.

Dalle informazioni che sono trapelate dalla stampa, comunque, emerge come il sistema informatico non sia stato violato, ma si sia trattato di una negligenza umana, che pure è e rimane grave. Ritengo pertanto indispensabile, anche in relazione all'ampliamento delle funzioni di Europol, che il suo direttore riferisca alla competente commissione parlamentare per meglio comprendere l'accaduto e per conoscere le misure già intraprese per evitare che simili episodi si possano ripetere in futuro.


  Gérard Deprez (ALDE). – Monsieur le Président, c’est indiscutable, tout le monde le reconnaît, il y a eu un problème sérieux à Europol, et le fait qu’il soit ancien ne change rien à l’affaire.

Bien sûr, je l’admets, la faute est d’abord individuelle. Mais cela ne peut pas occulter le fait qu’il y a eu une faille réelle dans les procédures de contrôle de sécurité, parce qu’enfin, il est parfaitement possible, techniquement, d’empêcher que des données sécurisées puissent être copiées par des opérateurs qui y ont accès. Europol doit venir se justifier devant les instances démocratiques, c’est-à-dire devant le Parlement européen, et y expliquer les mesures qu’il a prises.

Cela dit, nous avons besoin d’Europol, et je ne veux pas que certains profitent de cet incident pour remettre en cause l’utilité et la crédibilité d’Europol. Ce n’est pas au moment où des milliers de djihadistes vont revenir sur le territoire européen, ce n’est pas au moment où le centre de lutte contre le terrorisme d’Europol devient vraiment opérationnel qu’il faut poser des mines pour en saper la crédibilité.

Renforcer la rigueur du management et des procédures de sécurité, oui. Protéger les données personnelles, oui. Discréditer Europol, non, radicalement non!


  Jeroen Lenaers (PPE). – Het is al door een aantal collega’s gezegd vandaag: de grootste prioriteit voor Europa op het gebied van veiligheid is het beter delen van informatie door de lidstaten. Om dat beter delen te stimuleren, moet er vertrouwen zijn dat er met die gedeelde data op een goede manier wordt omgegaan. Dat vertrouwen heeft twee weken geleden een stevige deuk gekregen. Noem het een lek, noem het een menselijke fout. Feit is dat 700 pagina's aan geheim materiaal publiek inzichtelijk waren. Van Europol, van de Europese Commissie had ik graag een wat scherpere reactie verwacht.

Het is mooi dat er aanstaande vrijdag een security awareness seminar voor het personeel van Europol georganiseerd wordt, maar ik zou willen horen hoe je de zwakste schakel uit het systeem haalt. Het systeem is zo sterk als de zwakste schakel. Hoe gaan wij ervoor zorgen dat het technisch onmogelijk wordt dat dit soort menselijke fouten in de toekomst bij een organisatie als Europol nog plaatsvinden? Dat is cruciaal om Europol in de lead te houden wat betreft het strijden voor betere veiligheid in Europa.


  Afzal Khan (S&D). – Mr President, in May of next year, a regulation will come into force granting Europol new powers to fight terrorism and cybercrime. However, this recent data leak represents a serious error, albeit an accidental one. We appear to have been fortunate this time, in that the leaked data was historical data. However, next time we might not be so fortunate. But even leaks of historical data can be of use to extremists.

So could you please explain why it took two months for this Parliament to find out about the leak? What steps have been taken in terms of Europol policy to ensure that the risk of human error is as low as possible? I welcome greater cooperation between Member States in fighting international criminal threats, but we need to play our part and ensure that these sorts of errors are avoided.


Διαδικασία «Catch-the-Eye»


  Nicola Caputo (S&D). – Signor Presidente, onorevoli colleghi, lotta al terrorismo e lotta alla criminalità informatica, che si realizza con indagini complesse e software sofisticati. La trasmissione e l'immagazzinamento dei dati resta comunque un momento di vulnerabilità.

In attesa che la blockchain, metodica lanciata dai Bitcoin, sia testata anche nell'ordinaria trasmissione dei dati, mi sono più volte espresso sul cyber crime, che ha potenzialità offensive finanche nei dispositivi di yield. Con mia question del lontano 15 dicembre di esattamente due anni fa, interrogavo la Commissione sui trecento dispositivi salvavita a rischio di cyber attack.

È di ieri la notizia che Google ha lanciato Android Things, il nuovo sistema operativo dedicato all'Internet of things e mi domando come questo possa essere protetto dal cyber crime. Non faccio quindi fatica a ritenere completamente vulnerabile un settore sensibile come quello dei dati Europol, proprio per l'importante contributo offerto contro le più gravi forme di criminalità, come traffico di stupefacenti, pedofilia, tratta di esseri umani, terrorismo, frode e carte bancarie. Occorre l'adozione di standard di produzione molto molto più elevati.


  Νότης Μαριάς ( ECR). – Κύριε Πρόεδρε, πριν από λίγες ημέρες έγινε γνωστό ότι περισσότερες από επτακόσιες απόρρητες σελίδες της Εuropol διέρρευσαν στο Διαδίκτυο συμπεριλαμβάνοντας ονόματα και τηλεφωνικούς αριθμούς φυσικών προσώπων. Παρά τη διαρκή αύξηση του προϋπολογισμού της Εuropol, ειδικά στον τομέα της αντιμετώπισης της τρομοκρατίας, διαπιστώνουμε ότι τα αποτελέσματα είναι απογοητευτικά. Εκτός από την αποτυχία αποτροπής τρομοκρατικών επιθέσεων στη Γαλλία και στο Βέλγιο τώρα πλέον η Εuropol υφίσταται και εσωτερικές διαρροές απόρρητων αρχείων. Πρέπει να δοθεί περισσότερη έμφαση βεβαίως στην καταπολέμηση της τρομοκρατίας, όμως η Εuropol χρειάζεται να γίνει πιο αποτελεσματική και κυρίως να υπάρχει σεβασμός πάντοτε στο ιδιωτικό απόρρητο των πολιτών της Ένωσης.

Για τον λόγο αυτό πρέπει να υπάρχει αυξημένος κοινοβουλευτικός έλεγχος της ίδιας της Εuropol και έλεγχος επίσης από την ευρωπαϊκή ανεξάρτητη αρχή προστασίας των προσωπικών δεδομένων. Το γεγονός ότι άργησε πάρα πολύ να ενημερωθεί το Κοινοβούλιό μας για το ζήτημα αυτό αποδεικνύει ότι χρειάζεται ακόμη πιο αυστηρός κοινοβουλευτικός έλεγχος στις δραστηριότητες της Εuropol.


  Charles Tannock (ECR). – Mr President, I congratulate the management of Europol, under its excellent British director Rob Wainwright, in the conduct of the untoward incident investigation into the breach of historic terrorist data security by a journalist and a rule-breaking former staff member. Europol has proven the integrity and reputation of the organisation, and appropriate measures to remedy the breaches are now in place for the future. I wish to take this opportunity to congratulate my country, the United Kingdom – in spite of the Brexit referendum – to wisely recently re-join Europol, and ways must now be found post-Brexit for a strategic UK-Europol partnership to ensure continuing access by my country to SIS, the Prüm Database, the PNR and the EAW. Otherwise the United Kingdom will be in a serious and unnecessarily dangerous situation for the security of its citizens in the future.


  Doru-Claudian Frunzulică (S&D). – Mr President, as the new Europol regulation will come into force in May 2017, its competences will be expanded and Europol will handle even more sensitive information and personal data, it is absolutely crucial that the data processing is done according to strict adherence to the data protection rules and data security requirements. The breach poses larger questions about the data protection standards of this agency. Leaked information may also strain relations with other EU states who may be reluctant to share data if it is not properly secured. The Commission and the Council must explain how the data breach was possible. Why did Europol first deny the leak and then admit it? How is the downloading of information even possible from the Europol database to an external device? Commissioner, this is a very important and serious matter.


(Λήξη της διαδικασίας «Catch-the-Eye»)


  Dimitris Avramopoulos, Member of the Commission. – Mr President, as always, I have listened carefully to your interventions and I fully share your concerns.

This incident should never have happened in the agency in charge of so much data at the very epicentre of our counter—terrorist work. I understand that trust may be shaken, but let us look at the facts once again. It was a human error which in practice would have been prevented today. Judicial investigations have been launched. No current investigation in the Member States has been jeopardised. The lives of private citizens were not affected. Security procedures have been updated and will be further strengthened with the new Europol regulation from 1 May. Data protection supervision is also being stepped up. The professionalism of the staff is ensured by continuous training to prevent such incidents from recurring.

Let us be clear. Europol is a very different organisation today from 2009 when this incident occurred. As I said in my opening remarks, enhanced security goes hand in hand with enhanced data protection and security rules. Mr Díaz de Mera García was quite correct when he said that this was an unfortunate, but isolated, incident. It cannot – and will not – happen again. Mr Albrecht is also absolutely right: data protection and data security standards should be stepped up. Mrs in 't Veld, Europol’s systems were not hacked or intruded into. There was, as I said before, human error with an external hard drive. This cannot happen again.

Europol has informed us that ongoing investigations have not been compromised, and the Member States concerned have confirmed that. Europol informed us – and you – and all the other parties concerned after the press reports. In its current rules, we are external parties. In future, with the new Europol regulation, the EU will scrutinise Europol’s activities through the Joint Parliamentary Scrutiny Group. This group will be briefed about key Europol operational aspects. We will examine whether Europol should, as a general obligation, inform the Commission and the parliamentary group on security breaches in order to allow them to exercise their oversight responsibilities. Let us draw lessons from this experience and make sure that the margin for human error of this type disappears.


  Ivan Korčok, President-in-Office of the Council. – Mr President, honourable Members, on the first question, why did Europol not inform the European Parliament, Council, the Commission or other public stakeholders before 30 November? You would understand that it is not for me, representing the Presidency, to answer in the place of Europol. That’s not for me.

(But you’re in charge.)

I am not in charge of Europol, I am in charge of the Presidency.

But I can say that Europol has explained that it could not release information about an ongoing security and judicial investigation at national level, including sensitive classified information, to the general public or other stakeholders not directly affected. As a mitigating measure, when the case was reported on 30 November 2016, Europol immediately provided background information to its external stakeholders, in order to clarify the certain elements which were subject of the reporting in the media.

Secondly, the future Europol regulation provides strong security guarantees and a robust data protection regime, and this will I am sure contribute to increasing our trust in Europol. Finally – important for this House – this new regulation sets out a new and better mechanism to brief the European Parliament about operation-sensitive matters. It provides for working arrangements to be concluded between Europol and the Parliament in line with the EU rules on handling classified information.

Mr President, honourable Members, I too would like to use this opportunity for thanking you all for good cooperation during the Slovak Presidency.


  Πρόεδρος. – (απευθύνεται στην κυρία in t’Veld που ζητεί τον λόγο) Λυπάμαι, κυρία in t’Veld, αλλά η συζήτηση έληξε και ο κατάλογος των ομιλητών επίσης. Δεν μπορώ να σας δώσω τον λόγο. Εάν θέλετε μπορείτε να κάνετε σχετική παρατήρηση.


  Sophia in 't Veld (ALDE). – Mr President, I don’t know the rules by heart, but we have a debate here about something very serious. I’d like to remind colleagues that in any Member State such an incident would have led to the resignation of the politically responsible, and here it’s treated as a technical incident. I have asked very precise questions and I do not get an answer. Three questions: when were people informed? The list of people I understand from you – after the media revelations – but I’d like to get a ‘yes or no’ confirmation. Two, when was the LIBE Chair informed, and under what conditions? Was there a confidentiality clause? And three, how are you (well that is more the Commission, but you are actually responsible as Council for Europol) going to secure data stored in decentralised systems like PNR and others? Can I have an answer to those questions?


  Πρόεδρος. – Κυρία in't Veld, δεν ήταν ακριβώς διαδικαστικό το θέμα, αλλά αν θέλει ο Πρόεδρος της Σλοβακικής Προεδρίας μπορεί να απαντήσει.


  Ivan Korčok, President-in-Office of the Council. – I think Madam in ˈt Veld, I have shared with you what is in my competence as a representative of the Council Presidency. I reiterate once again, if your are having questions to Europol, I am not representing Europol. I have present a position of the Council, and if you ask me about when the president of LIBE was informed, he is here.


  Sophia in 't Veld (ALDE). – (inaudible)... unacceptable. I would like that to be in the minutes.


  Πρόεδρος. – Κατεγράφησαν όσα είπε η κυρία in t’ Veld και η απάντηση του εκπροσώπου του Συμβουλίου.

Η συζήτησε έληξε.

Γραπτές δηλώσεις (άρθρο 162)


  Tomáš Zdechovský (PPE), písemně. – Neustále zde opakujeme, že je nutné více a více zvyšovat pravomoci Europolu. A já s tím plně souhlasím. Více pravomocí však musí jít v ruce s posilování vnitřní struktury organizace, jejích interních pravidel a disciplíny personálu. Jinak se obávám, že může dojít k narušení důvěry nejen v agenturu Europol samotnou, ale především důvěry mezi členskými státy, na které je celá tato spolupráce v trestních věcech založena a bez které ani EU samotná nemůže fungovat. Všichni musíme být ostražití, jak nakládáme s informacemi a daty, ke kterým máme přístup a se kterými pracujeme. Musí to být pro nás samozřejmostí. V Europolu se však jedná o obzvlášť citlivá data, která v krajním případě mohou ohrozit celou EU. Data, která se týkají jednotlivých případů trestných činů, organizovaného zločinu či dokonce terorismu. Pevně věřím, že vedení Europolu v čele s Robem Wainwrightem zajistí, aby se podobná situace již nikdy neopakovala, neměla žádné negativní dopady, a především, aby neovlivnila spolupráci mezi členskými státy, která byla doposud na výborné cestě k tomu, aby dosáhla nejlepších možných výsledků.

Rättsligt meddelande - Integritetspolicy