= EPPO-Regulation
= Relevant iRoP and other annotations
Article 71 | Procedure in case of unavailability of the Case Management System
Where these rules refer to any action being undertaken by or through the Case Management System, and the Case Management System is not functioning properly, or technically unavailable, those actions shall be undertaken in a suitable manner capable of creating a permanent and reviewable record. Once the Case Management System is available again, any actions undertaken shall be updated within the system accordingly.
Overview of CMS and EPPO case file:
1. The EPPO shall establish a case management system, which shall be held and managed in accordance with the rules established in this Regulation and in the internal rules of procedure of the EPPO.
2. The purpose of the case management system shall be to:
(a) support the management of investigations and prosecutions conducted by the EPPO, in particular by managing internal information workflows and by supporting investigative work in cross-border cases;
(b) ensure secure access to information on investigations and prosecutions at the Central Office and by the European Delegated Prosecutors;
(c) allow for the cross-referencing of information and the extraction of data for operational analysis and statistical purposes;
(d) facilitate monitoring to ensure that the processing of operational personal data is lawful and complies with the relevant provisions of this Regulation.
Article 46 | Directing of the investigations
(…)
4. The instructions shall be entered in the Case Management System which shall automatically notify the concerned European Delegated Prosecutor.
(…)
3. The case management system may be linked to the secure telecommunications connection referred to in Article 9 of Council Decision 2008/976/JHA ¹).
¹) Council Decision 2008/976/JHA of 16 December 2008 on the European Judicial Network (OJ L 348, 24.12.2008, p. 130).
4. The case management system shall contain:
(a) a register of information obtained by the EPPO in accordance with Article 24, including any decisions in relation to that information,
Article 38 | Registration of information
– as amended by College Decision 026/2022 effective 30 August 2022
1. All information received by the EPPO in accordance with Article 24 of the Regulation, as well as acquired by the EPPO ex officio which refers to any criminal conduct in respect of which the EPPO may exercise its competence shall be registered in the register kept in accordance with Article 44(4)(a) of the Regulation (hereinafter the Register).
2. The registration shall include the date, time and place of receipt of the information, and the person opening the registration file. It shall further include the following details:
a) the source of the information, including the identity and contact details of the organisation or person who has provided it, unless applicable rules regarding the protection of informers and whistle-blowers are applicable and provide otherwise;
b) the format of the information, including reference to any document or other item, which cannot be stored in original in the Case Management System;
c) whether the file is opened with a view to initiating or evoking an investigation;
3. The registration should also contain, to the extent available:
a) the possible legal qualification of the reported criminal conduct, including if it was committed by an organised group;
b) a short description of the reported criminal conduct, including the date when it was committed;
c) the amount and nature of the estimated damage;
d) the Member State(s) where the focus of the criminal activity is, respectively where the bulk of the offenses, if several, was committed;
e) other Member States that may be involved;
f) the names of the potential suspects and any other involved persons in line with Article 24(4) of the Regulation, their date and place of birth, identification numbers, habitual residence and / or nationality, their occupation, suspected membership of a criminal organisation;
g) whether privileges or immunities may apply;
h) the potential victims (other than the European Union);
i) the place where the main financial damage has occurred;
j) inextricably linked offences;
k) any other additional information, if deemed appropriate by the inserter.
4. To the extent possible, the document containing the information and all the items attached to it shall be converted in an electronically storable format within the Case Management System.
5. Based on the content of paragraph 3(d) above, the Case Management System shall notify the appropriate European Prosecutor(s). Additionally, where the assessment of paragraph 3(g) is positive, the Case Management System shall notify the European Chief Prosecutor.
6. Where the information contains special categories of personal data as defined in Article 55 of the Regulation, these may be only processed if the requirements set out in Article 55 of the Regulation are met. The special categories of personal data shall be marked as such in the Case Management System, and the grounds for their storage noted. The Case Management System shall notify the Data Protection Officer of any such registration.
7. In deviation from paragraph 1, information reported by private parties that manifestly does not refer to a criminal conduct in respect of which the EPPO may exercise its competence shall be referred by a European Delegated Prosecutor or a European Prosecutor to the competent national authorities without undue delay, in line with Article 24(8) of the Regulation or returned to the reporting party and / or deleted. An appropriate log shall be kept. In case of referral, the private parties shall be informed thereof by a European Delegated Prosecutor or a European Prosecutor, in accordance with applicable national law.
(b) an index of all case files;
(c) all information from the case files stored electronically in the case management system in accordance with Article 45(3).
The index shall not contain any operational personal data other than data needed to identify cases or establish cross-links between different case files.
Article 41 | Decision to initiate an investigation or to evoke a case
– as amended by Council Decision 085/2021
1. Where, following the verification, the EPPO decides to exercise its competence by initiating an investigation or evoking a case, a case file shall be opened and it shall be assigned an identification number in the index of the case files (hereinafter the Index). A permanent link to the related registration under Article 38(1) above shall be automatically created by the Case Management System.
2. The corresponding reference in the Index shall contain, to the extent available:
a) As regards suspected or accused persons in the criminal proceedings of the EPPO or persons convicted following the criminal proceedings of the EPPO,
i. surname, maiden name, given names and any alias or assumed names;
ii. date and place of birth;
iii. nationality;
iv. sex;
v. place of residence, profession and whereabouts of the person concerned,
vi. social security numbers, ID-codes, driving licences, identification documents, passport data, customs and tax identification numbers;
vii. description of the alleged offences, including the date on which they were committed;
viii. category of the offences, including the existence of inextricably linked offences;
ix. the amount of the estimated damages;
x. suspected membership of a criminal organisation;
xi. details of accounts held with banks and other financial institutions;
xii. telephone numbers, SIM-card numbers, email addresses, IP addresses, and account and user names used on online platforms;
xiii. vehicle registration data;
xiv. identifiable assets owned or utilised by the person, such as crypto-assets and real estate.
xv. information whether potential privileges or immunities may apply.
b) as regards natural persons who reported or are victims of offences that fall within the competence of the EPPO,
i. surname, maiden name, given names and any alias or assumed names;
ii. date and place of birth;
iii. nationality;
iv. sex;
v. place of residence, profession and whereabouts of the person concerned;
vi. ID-codes, identification documents, and passport data;
vii. description and nature of the offences involving or reported by the person concerned, the date on which the offences were committed and the criminal category of the offences.
c) as regards contacts or associates of one of the persons referred to in point (a) above,
i. surname, maiden name, given names and any alias or assumed names;
ii. date and place of birth;
iii. nationality;
iv. sex;
v. place of residence, profession and whereabouts of the person concerned;
vi. ID-codes, identification documents, and passport data.
The categories of personal data referred to above under points (a)(x)-(xv) shall be entered in the Index only to the extent practicable, taking into account the operational interest and available resources. The reference in the Index shall be maintained up to date during the investigation of a case file. The Case Management System shall periodically notify the European Prosecutor and the European Delegated Prosecutor concerned if certain categories of information are not entered in the Index.
(…)
Article 62 | Cross checking of information
1. Information entered in the Index shall automatically be crosschecked against the Register, the Index and all information from the case files stored electronically in the Case Management System.
2. In case of a hit, the handling European Delegated Prosecutor and the supervising European Prosecutor of the underlying cases shall be notified.
3. If access to one of the linked cases was temporarily restricted to certain users in accordance with Article 61(3), only the handling European Delegated Prosecutor and the supervising European Prosecutor of the respective case shall be notified.
4. The application of paragraphs 1 to 3 above shall also be permissible for information inserted into or added to the Register and information from the case files stored electronically in the Case Management System not in the Index.
5. For the processing of operational personal data, the EPPO may only establish automated data files other than case files in accordance with this Regulation and with the internal rules of procedure of the EPPO. Details on such other automated data files shall be notified to the European Data Protection Supervisor.
Article 65 | Establishment of automated data files other than case files for the processing of operational personal data
1. Where required for the fulfilment of its tasks, the EPPO may process operational personal data other than in case files, in line with Article 44(5) of the Regulation.
2. Where such processing is necessary, the procedure for the notification of the European Data Protection Supervisor, as well as the procedure for the actual processing of operational personal data and the respectively applicable safeguards, shall be dealt with in the implementing rules adopted under Article 64 above.
Copyright © 2022 EPPO-LEX The legal research library on the European Public Prosecutor’s Office. All Rights Reserved.
Recital 47 of the EPPO Regulation
(47) The work of the EPPO should, in principle, be carried out in electronic form. A case management system should be established, owned and managed by the EPPO. The information in the case management system should include information received about possible offences that fall under the EPPO’s competence, as well as information from the case files, also when those have been closed. The EPPO should, when establishing the case management system, ensure that the system allows the EPPO to operate as a single office, where the case files administered by European Delegated Prosecutors are available to the Central Office for the exercise of its decision-making, monitoring and direction, and supervision tasks.
Access to information by the EPPO | Article 43
Access to the case management system | Article 46
Administrative Director Status, appointment | Article 18
Administrative Director Responsiilities | Article 19
Administrative personal data | Article 48
Annual Reports of the EPPO | Article 7
Appointment and dismissal – Administrative Director | Article 18
Appointment and dismissal – European Delegated Prosecutors | Article 17
Appointment and dismissal – Deputy European Chief Prosecutors | Article 15
Appointment and dismissal – European Chief Prosecutors | Article 14
Appointment and dismissal – European Prosecutors | Article 16
Authorized access to operational personal data within the EPPO | Article 76
Automated individual decision-making, including profiling (data protection) | Article 56
Basic principles of the activities of the EPPO | Article 5
Budget | Article 91
Case files of the EPPO | Article 45
Case management system | Article 44
College | Article 9
Communication and modalities for exercising the rights of the data subject | Article 57
Communication of a personal data breach to the data subject | Article 75
Conducting the investigation | Article 28
Confidentiality and professional secrecy | Article 108
Cooperation between the EDPS and national supervisory authorities | Article 87
Cross-border investigations | Article 31
Data protection by design and by default (data protection) | Article 67
Data protection impact assessment | Article 71
Data Protection Officer of the EPPO – Designation of the data protection officer | Article 77
Data Protection Officer of the EPPO – Position of the data protection officer | Article 78
Data Protection Officer of the EPPO – Tasks of the data protection officer | Article 79
Definitions | Article 2
Delegated Commision Acts | Article 115
Deputy European Chief Prosecutors – Status and functions | Article 11
Deputy European Chief Prosecutors – Appointment and dismissal | Article 15
Dismissal of the case | Article 39
Disposition of confiscated assets | Article 38
Distinction between different categories of data subjects | Article 51
Distinction between personal data and verification of quality of personal data | Article 52
Enforcement of assigned measures | Article 32
Entry into force of the Regulation | Article 120
Establishment of the EPPO | Article 3
Establishment of the budget | Article 92
European Chief Prosecutor – Status and functions | Article 11
European Chief Prosecutor – Conditions of employment | Article 14
European Chief Prosecutor – Conditions of employment | Article 96(1)
European Data Protection Supervisor – Cooperation with the EDPS | Article 70
European Data Protection Supervisor – Prior consultation of the EDPS | Article 72
European Data Protection Supervisor – Notification of a personal data breach to the EDPS | Article 74
European Delegated Prosecutors – Status and functions | Article 13
European Delegated Prosecutors – Appointment and dismissal | Article 17
European Delegated Prosecutors – Conditions of employment | Article 96(6)
European Ombudsman | Article 112
European Prosecutors – Status and functions | Article 12
European Prosecutors – Appointment and dismissal | Article 16
European Prosecutors – Conditions of employment | Article 96(1)
Evidence | Article 37
Exercise of rights by the data subject and verification by the European Data Protection Supervisor | Article 62
Exercise of the competence of the EPPO | Article 25
Financial actors | Article 90
Financial rules | Article 95
Staff provisions – general principles | Article 96
General regime of liability | Article 113
Implementation of the budget | Article 93
Implementing rules and programme documents | Article 114
Independence and accountability | Article 6
Information to be made available or given to the data subject | Article 58
Initiation of investigations and allocation of competences within the EPPO | Article 26
Internal rules of procedure of the EPPO | Article 21
Joint controllers (data protection) | Article 64
Judicial review | Article 42
Language arrangements | Article 107
Legal status and operating conditions | Article 106
Lifting priviliges or immunities | Article 29
Limitations of the right of access (data protection) | Article 60
Logging in respect of automated processing (data protection) | Article 69
Material competence of the EPPO | Article 22
Notifications by Member States | Article 117
Obligations of the EPPO (data protection) | Article 63
OLAF and the Court of Auditors | Article 110
Permanent Chambers | Article 10
Pre-trial arrest and cross-border surrender | Article 33
Presentation of accounts and discharge | Article 94
Principles relating to processing of personal data | Article 47
Processing of operational personal data | Article 49
Processing of spedial categories of operational personal data | Article 55
Processing under the authority of the controller or processor | Article 66
Processor (data protection) | Article 65
Professional secrecy of the EDPS | Article 86
Prosecution before national Courts | Article 36
Provisional administrative arrangements of the EPPO | Article 20
Records of categories of processing activities (data protection) | Article 68
Referrals and transfers of proceedings to the national authorities | Article 34
Relations of the EPPO with its partners – Common provisions | Article 99
Relations of the EPPO with its partners – Eurojust | Article 100
Relations of the EPPO with its partners – Europol | Article 102
Relations of the EPPO with its partners – Non-participating Member States | Article 105
Relations of the EPPO with its partners – OLAF | Article 101
Relations of the EPPO with its partners – Institutions, bodies, offices and agencies of the Union | Article 103
Relations of the EPPO with its partners – Third countries and international organisation | Article 104
Reporting, registration and verification of information | Article 24
Review clause | Article 119
Review of the rules on data protection | Article 118
Right of evocation | Article 27
Right to judicial review against the EDPS | Article 89
Right to lodge a compliant with the EDPS | Article 88
Right to rectification or erasure of operational personal data and restriction of data processing | Article 61
Rights of access by the data subject | Article 59
Rules on investigation measures and other measures | Article 30
Rules on protection of sensitive non-classified and classified information | Article 111
Scope of the rights of the suspects and accused persons | Article 41
Seconded experts and other staff | Article 98
Security of processing of operational personal data | Article 73
Simplified prosecution procedures | Article 40
Specific processing conditions (data protection) | Article 53
Structure of the EPPO | Article 8
Subject matter | Article 1
Supervision by the European Data Protection Supervisor | Article 85
Tasks of the EPPO | Article 4
Temporary agents and contract agents | Article 98
Termination of the investigation | Article 35
Territorial and personal competence of the EPPO | Article 23
Time-limits for the storage of operational personal data | Article 50
Transfers of operational personal data – General principles for transfers of operational personal data | Article 80
Transfers of operational personal data – Transfers on the basis of an adequacy decision | Article 81
Transfers of operational personal data – Transfers subject to appropriate safeguards | Article 82
Transfers of operational personal data – Derogations for specific situations | Article 83
Transfers of operational personal data – Transfers to recipients established in third countries | Article 84
Transmission of operational personal data to institutions, bodes, offices and agencies of the Union | Article 54
Transparency | Article 109
Urgency procedure in case of Delegated Commission Acts | Article 116
Chapter I … Subject Matter and definitions
Chapter II … Establishment, tasks and basic principles of the EPPO
Article 5 … Basic principles of the activities
Article 6 … Independence and accountability
Chapter III … Status, structure and organisation of the EPPO
Section 1 … Status and structure of the EPPO
Article 8 … Structure of the EPPO
Article 10 … The Permanent Chambers
Article 11 … The European Chief Prosecutor and the Deputy European Chief Prosecutors
Article 12 … The European Prosecutors
Article 13 … The European Delegated Prosecutors
Section 2 … Appointment and dismissal of the members of the EPPO
Article 14 … Appointment and dismissal of the European Chief Prosecutor
Article 15 … Appointment and dismissal of the Deputy European Chief Prosecutors
Article 16 … Appointment and dismissal of the European Prosecutors
Article 17 … Appointment and dismissal of the European Delegated Prosecutors
Article 18 … Status of the Administrative Director
Article 19 … Responsibilities of the Administrative Director
Article 20 … Provisional administrative arrangements of the EPPO
Section 3 … Internal rules of procedure of the EPPO
Article 21 … Internal rules of procedure of the EPPO
Chapter IV … Competence and exercise of the competence of the EPPO
Section 1 … Competence of the EPPO
Article 22 … Material competence of the EPPO
Article 23 … Territorial and personal competence of the EPPO
Section 2 … Exercise of the competence of the EPPO
Article 24 … Reporting, registration and verification of information
Article 25 … Exercise of the competence of the EPPO
Chapter V … Rules of procedure on investigations, investigation measures, prosecution and alternatives to prosecution
Section 1 … Rules on investigations
Article 26 … Initiation of investigations and allocation of competences within the EPPO
Article 27 … Right of evocation
Article 28 … Conducting the investigation
Article 29 … Lifting priviliges or immunities
Section 2 … Rules on investigation measures and other measures
Article 30 … Investigation measures and other measures
Article 31 … Cross-boder investigations
Article 32 … Enforcement of assigned measures
Article 33 … Pre-trial arrest and cross-border surrender
Section 3 … Rules on prosecution
Article 34 … Referrals and transfers of proceedings to the national authorities
Article 35 … Termination of the investigation
Article 36 … Prosecution before national Courts
Article 38 … Disposition of confiscated assets
Section 4 … Rules on alternatives to prosecution
Article 39 … Dismissal of the case
Section 5 … Rules on simplified procedures
Article 40 … Simplified prosecution procedures
Chapter VI … Procedural safeguards
Article 41 … Scope of the rights of the suspects and accused persons
Chapter VII … Processing of information
Article 43 … Access to information by the EPPO
Article 44 … Case management system
Article 45 … Case files of the EPPO
Article 46 … Access to the case management system
Chapter VIII … Data protection
[Section 1 … Principles]
Article 47 … Principles relating to processing of personal data
Article 48 … Administrative personal data
Article 49 … Processing of operational personal data
Article 50 … Time-limits for the storage of operational personal data
Article 51 … Distinction between different categories of data subjects
Article 52 … Distinction between personal data and verification of quality of personal data
Article 53 … Specific processing conditions
Article 55 … Processing of spedial categories of operational personal data
Article 56 … Automated individual decision-making, including profiling
[Section 2 … Rights of the data subject]
Article 57 … Communication and modalities for exercising the rights of the data subject
Article 58 … Information to be made availiable or given to the data subject
Article 59 … Rights of access by the data subject
Article 60 … Limitations of the right of access
[Section 3 … Controller and processor]
Article 63 … Obligations of the EPPO
Article 64 … Joint controllers
Article 66 … Processing under the authority of the controller or processor
Article 67 … Data protection by design and by default
Article 68 … Records of categories of processing activities
Article 69 … Logging in respect of automated processing
Article 70 … Cooperation with the European Data Protection Supervisor
Article 71 … Data protection impact assessment
Article 72 … Prior consultation of the European Data Protection Supervisor
[Section 4 … Security of personal data]
Article 73 … Security of processing of operational personal data
Article 74 … Notification of a personal data breach to the European Data Protection Supervisor
Article 75 … Communication of a personal data breach to the data subject
[Section 5 … Data Protection Officer]
Article 77 … Designation of the Data Protection Officer
Article 78 … Position of the Data Protection Officer
Article 79 … Tasks of the data protection officer
[Section 6 … Transfers of personal data to third countries or international organisations]
Article 80 … General principles for transfers of operational personal data
Article 81 … Transfers on the basis of an adequacy decision
Article 82 … Transfers subject to appropriate safeguards
Article 83 … Derogations for specific situations
Article 84 … Transfers of operational personal data to recipients established in third countries
[Section 7 … Tasks of the European Data Protection Supervisor]
Article 85 … Supervision by the European Data Protection Supervisor
Article 86 … Professional secrecy of the European Data Protection Supervisor
Article 88 … Right to lodge a compliant with the European Data Protection Supervisor
Article 89 … Right to judicial review against the European Data Protection Supervisor
Chapter IX … Financial and staff provisions
Section 1 … Financial provisions
Article 92 … Establishment of the budget
Article 93 … Implementation of the budget
Article 94 … Presentation of accounts and discharge
Section 2 … Staff provisions
Article 96 … General provisions
Article 97 … Temporary agents and contract agents
Article 98 … Seconded experts and other staff
Chapter X … Provisions on the relations of the EPPO with its partners
Article 99 … Common provisions
Article 100 … Relations with Eurojust
Article 101 … Relations with OLAF
Article 102 … Relations with Europol
Article 103 … Relations with other institutions, bodies, offices and agencies of the Union
Article 104 … Relations with third countries and international organisations
Chapter XI … General provisions
Article 106 … Legal status and operating conditions
Article 107 … Language arrangements
Article 108 … Confidentiality and professional secrecy
Article 110 … OLAF and the Court of Auditors
Article 111 … Rules on protection of sensitive non-classified and classified information
Article 112 … Administrative inquiries
Article 113 … General regime of liability
Article 114 … Implementing rules and programme documents
Article 115 … Exercise of delegation
Article 116 … Urgency procedure