Advanced Search

Deliberation No. 2015-422 Of 3 December 2015 Opinion On A Draft Decree Amending The Code Of Criminal Procedure Concerning The Automated National Judicial Register Of The Perpetrators Of Terrorist Offences (Fijait) (Request For Opinion No. 150...

Original Language Title: Délibération n° 2015-422 du 3 décembre 2015 portant avis sur un projet de décret modifiant le code de procédure pénale et relatif au fichier judiciaire national automatisé des auteurs d'infractions terroristes (FIJAIT) (demande d'avis n° 150...

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

Text information




JORF #0303 of December 31, 2015
text #383




Deliberation n ° 2015-422 of 3 December 2015 concerning a draft decree amending the code of criminal procedure and relating to the national automated court file of perpetrators of#039offences (FIJAIT) (request D 'avis n ° 15031154)

NOR: CNIX1532633X ELI: Not available


The National Information and Technology Commission,
Seizure by the Minister of Justice of a Request for an opinion on a draft decree amending the Code of Criminal Procedure and relating to the automated national judicial file of the perpetrators of terrorist offences;
Given the Council of Europe Convention No 108 for the Protection of Persons with regard to the automatic processing of personal data;
Having regard to Directive 95 /46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with regard to the processing of data Personal character and the free movement of such data;
Given the Penal Code, In particular its Articles 421-1 to 421-6;
In view of the Code of Criminal Procedure, in particular Articles 706-25-3 to 706-25-14 and R. 64;
Given the Internal Security Code, in particular Article L. 224-1;
Law No. 78-17 of 6 January 1978 amended Relating to computers, files and freedoms, in particular Article 26;
In view of law n ° 2015-912 of 24 July 2015 on intelligence, in particular Article 19;
In view of Decree No. 2005-1309 of 20 October 2005, as amended The application of Act No. 78-17 of 6 January 1978 relating to computers, files and Freedoms;
Given the decree n ° 2010-569 of 28 May 2010 as amended relative to the file of the wanted persons;
Seen the deliberation n ° 2015-119 of 7 April 2015 concerning a draft legislative provisions to create a file National of terrorist offences (FIJAIT);


After hearing Mr. Gaétan GORCE, Commissioner, in his report and Mr. Jean-Alexandre SILVY, Government Commissioner, in his observations,
Emet the opinion Following:
The National Commission on Informatics and Freedoms has received, by the Minister of Justice, a draft decree in the Council of State amending the Code of Criminal Procedure and relating to the national automated judicial file of the Perpetrators of terrorist offences (FIJAIT).
Created by Act No. 2015-912 of 24 July 2015, the purpose of FIJAIT is to enable the prevention of the recidivism of terrorist offences. The legislative provisions for the creation of FIJAIT, on which the committee ruled in its opinion of 7 April 2015, amended the Code of Criminal Procedure (CPP).
The main features of this treatment were set by the legislator. The purposes pursued by the FIJAIT, the decisions which may give reasons for the recording of the file, the obligations incumbent on, as a security measure, the burden of the persons registered in FIJAIT, the periods of retention of data, Personnel who have direct access to or receive access to the data, as well as the procedures for exercising the right of rectification and erasure, are thus expressly provided for in sections 706-25-3 to 706-25-14 of the
. Applying the provisions of CPC's section 706-25-14, the Order in Council In determining the conditions for the implementation of the FIJAIT must be taken after the opinion of the committee. This treatment, which is relevant to the safety of the State and public security and which is aimed at the prevention of criminal offences and the enforcement of security measures, also falls under the provisions of Article 26-1 of the Law of 6 January 1978 amended. The Committee recalls, therefore, that the present deliberation must be published with the decree in the Council of State authorising the implementation of this treatment, in accordance with the said provisions
FIJAIT:
Section 706-25-3 of the PPC provides that the purpose of FIJAIT is to prevent the renewal of the offences referred to in section 706-25-4 of the same code and the identification of their authors. These are offences " Hardware " Relating to terrorism and provided for in Articles 421-1 to 421-6 of the Criminal Code, with the exception of offences of apology and incitement to acts of terrorism provided for in Article 421-2-5 of the Criminal Code, as well as offences provided for in the last two paragraphs Article L. 224-1 of the Internal Security Code (CSI), namely leaving the national territory in breach of a decision to ban exit in the event of a risk of participation in terrorist activities and the fact of Exempt from the obligation to return identity documents in the event of such a
More specifically, FIJAIT is a file of addresses specific to the categories of offences referred to above, concerning persons accused or convicted of such offences, which must enable them to be followed up by these offences Persons registered at FIJAIT. The latter shall be subject, as a security measure, to compliance with the obligations set out in Article 706-25-7 of the PPC, namely: Justify their address on a regular basis, declare any change of address within 15 days, declare all travel abroad 15 days at the latest before the said travel and declare any movement in France 15 days at the latest. Later in advance of travel if the person resides outside Canada.
The Commission notes that, in all cases, they may only be registered with the FIJAIT for the persons involved or convicted for taking an active part in an activity. Terrorist. While it is not for the Commission to decide on the purposes of this file, to the extent that it has been expressly provided for by the legislator, it recalls that, in the context of the provisions initially submitted to it, The committee considered that the follow-up of the persons involved or convicted of such offences constituted, in the light of the particular gravity of those offences, a specific, explicit and legitimate purpose, in accordance with Article 6 (2 °) of the law of 6 January 1978 as amended.
On the data collected:
Draft article R. 50-36 of the PPC provides, in accordance with Article 706-25-4 of the same Code, that the information recorded in the FIJAIT relates to the identity and successive addresses of the domicile or residences of the persons having done so. The purpose of the following measures. Decisions on convictions, including convictions by default or conviction accompanied by an exemption or an adjournment of the sentence (1 °), as well as decisions taken in accordance with the above provisions The order of 2 February 1945 on the juvenile offender (2 °). Also affected are decisions on criminal liability due to mental disorder (3 °), decisions of the same nature as the above-mentioned decisions by foreign courts (4 °) or the decisions to be examined (5 °)
Is also intended to collect the filiation of the persons to be included in the file, but only if the latter are not already included in the national directory for the identification of natural persons (RNIPP). The Commission considers that the registration of this information is justified in this case, to the extent that the sole purpose of collecting this information is not to register a person in error at FIJAIT, as is the case in other cases. Treatment, such as the national automated court file for perpetrators of sexual or violent offences (FIJAISV), and where this data cannot be used as a search criterion in the database.
Decision or action to justify enrolment in FIJAIT is recorded, and The date and place of the facts committed by the person concerned. In this respect, the Commission considers that the collection of this data is justified in the light of the purpose of preventing terrorist offences. In this way, judicial police officers will be able to identify and more easily locate the perpetrators of the offences referred to in section 706-25-4 of the PPC in the course of a judicial inquiry into offences of the same nature committed In the near perimeter.
Finally, draft article R. 50-36 of the PPC provides that " Miscellaneous information ", including the" Decisions taken pursuant to Article 706-25-12 " The PPC, that is, the correction or deletion of data on request of the data subject and the dates and reasons for the registration to the RPF.
According to the Department, the retention of these data must be kept in place. A complete history of the file, including decisions that lead to correction of a clerical error or to delete a file. As regards the recording of data relating to " Date and reason for inclusion in the RPF ", the department indicated that such data are intended to maintain a history of RCP-related actions (date of entry to the RPF for original entries related to an RCF). Entry to the FIJAIT, notification pending or non-compliance with the obligations of the persons listed in this file).
Taking into account all of these elements, the Commission considers that the data are adequate, relevant and not excessive in the The purposes for which they are collected, in accordance with the The provisions of Article 6 (3 °) of the Act of 6 January 1978 as amended.
On the modalities of entry into FIJAIT:
Draft articles R. 50-31 to R. 50-35 of the CDPF detail the different modalities for the registration of persons at FIJAIT, Which is subject to the issuance of judicial decisions which are exhaustively listed in section 706-25-4 of the PPC. The registration shall be carried out by the public prosecutor, the investigating judge or his clerk, depending on the procedures.
In general, the Committee notes that this entry to FIJAIT is subject to a strict control procedure, of which it It is the responsibility of the Ministry to ensure the effectiveness.
Thus, guarantees identical to FIJAISV have been foreseen for FIJAIT, in particular the fact that it is placed under the control of the magistrate leading the national criminal record, to which the project Order recognizes the possibility of refusing or deleting records That do not meet the legal requirements. This control shall include, inter alia, the verification of the consistency and accuracy of the information to be registered, as well as the validity of the entry in the light of the express nature of the judicial decision ordering the registration of the FIJAIT.
Section 4 of the proposed Order provides that the manager of FIJAIT will, before enlisting a person in that processing, conduct a verification of his or her identity under the conditions set out in section R. 64 of the PPC, and That is, in view of the national directory for the identification of natural persons (RNIPP). Clause 4 of the proposed Order amends section R. 64 of the PPC to allow the criminal record department to use the RNIPP extract for the sole purpose of verifying the identity of persons registered at FIJAIT.
After Verification of the identity of the persons concerned, the feeding of the file is carried out directly and without delay by the magistrates, through secure means of telecommunication.
The Committee notes that the different types of Checks, exercised under the hierarchical authority of the magistrate leading the locker National Court, are not provided for in this draft order. It takes note that, at its request, draft article R. 50-37 of the CDPF will be amended to specify precisely the nature of the checks carried out.
In addition, it notes that the proposed regulations do not provide any details on the The assumptions in which several decisions would be made against the same person. The Commission takes note that, at its request, the draft article R. 50-64 of the PPC will be amended to indicate that each entry will be managed independently.
On these reservations, the Commission considers that the various audits In the course of the procedure for the registration of persons at FIJAIT are a priori such as to guarantee the reliability of the identity of the person whose data are recorded and the reasons for that registration. If the Commission considers that the data should be available to the various addressees only after all of these controls have been implemented, it takes note of the department's clarification that the data relating to the Person registered in the FIJAIT will be visible only once the consistency checks have been carried out and a statement " Being checked " Will appear on files that have not yet been checked for an express character.
On the data retention period:
Section 706-25-6 of the CDPF provides that the information recorded in the FIJAIT is removed from the File on the death of the person concerned or on expiry, as from the date of the decision having resulted in the entry to the FIJAIT, of a period of twenty years if it is a major or a period of ten years if it is a minor. When they relate to an offence referred to in Article L. 224-1 of the CSI, these periods shall be increased to five years if it is a major or three years if it is a minor.
The Commission notes that these provisions differ in this respect from Those that had been submitted, which provided for longer time limits, both in terms of data retention periods and the duration of the obligations of FIJAIT registrants. In addition, as regards the infringements provided for in Article L. 224-1 of the CSI, the data retention periods are the same as those during which the persons registered in the FIJAIT are subject to the obligations laid down in CPC's 706-25-7. On the other hand, the data retention periods for the offences of terrorism provided for in Articles 421-1 to 421-6 of the Penal Code, excluding those mentioned in Article 421-2-5 of the Code, are not similar to the periods during which In
opinion of 7 April 2015, the Committee noted that the fact of providing for longer retention periods than the periods during which the duration of the Persons will be required to provide reasons for their address, relocation or Travel abroad, was likely to result in a failure to update the data recorded in FIJAIT. While the draft decree contains no specific provisions on retention periods, it recalls that the provisions of Article 6 (4 °) of the amended Act of January 6, 1978, find in any case to apply. It therefore considers that it is the responsibility of the Ministry of Justice to take all necessary measures to ensure that inaccurate or incomplete data are corrected or erased, in accordance with Article 6 (4) of the Law " Information technology and freedoms ".
In addition, the draft order appears to permit the retention of all data recorded in the FIJAIT for an additional period of three years beyond the time limits set out in section 706-25-6 of the PPC. If the Commission does not intend to question the operational rationales provided by the department, the Commission considers that such a possibility would derogate from the retention periods expressly provided for by the legislator. It therefore considers that this additional three-year period does not recognise the provisions of Article 706-25-7 of the PPC, which lays down the retention periods for data recorded in FIJAIT.
As regards traceability measures which must Be implemented, the Commission recalls, in accordance with Article 706-25-14 of the PPC, that the conditions under which FIJAIT keeps track of the questions and consultations to which it is subject must be included in the draft decree. It therefore takes note that, at its request, a section specific to the modalities for the preservation of the traces will be reinstated in this draft decree.
Finally, the draft article R. 50-64 of the PPC provides for the details of the deletion of the data Entered in the file, which do not require any special comment from the Commission.
On the recipients of the data:
The list of personnel entitled to directly access the data recorded in the FIJAIT is Set out in section 706-25-9 of the PPC. These include the judicial authorities, judicial police officers, representatives and administrations of the state, prison officers, intelligence services and agents of the Ministry of Foreign Affairs. The same article also provides that these data may be addressed to mayors and presidents of local and territorial communities.
Draft article R. 50-51 of the CPP specifically provides for That judicial authorities and authorised judicial police officers may question FIJAIT only in proceedings concerning one of the offences provided for in Articles 421-1 to 421-6 of the Criminal Code or Article L. 224-1 of the CSI and for the mere exercise of the diligent conduct provided for in Articles 706-25-7, 706-25-8 and 706-25-10 of the PPC. It also lists, in a comprehensive manner, the criteria for consultation for these addressees.
Section 706-25-9 of the PPC provides that BOPs may, in certain cases, consult the file in the course of a judicial inquiry, even if This measure does not deal with an act of terrorism and outside the need for consultation related to the address justification obligations or the consequences of their non-compliance. However, the Committee notes that there is no guarantee in draft article R. 50-51 of the CPP to ensure that judicial police officers are unable to consult FIJAIT for all legal proceedings. In view of the extremely sensitive and specialized nature of FIJAIT, it considers that, in order to ensure that only persons who participate in the fulfilment of the purposes pursued by the FIJAIT access the data contained therein, the present The draft decree should therefore be completed on this point. The Commission draws the attention of the Department to the need to define the criteria for such consultation and the rationale for doing so.
With regard to specialized intelligence services, the article 706-25-9 of the CDPF limits this consultation to the sole framework of the missions entrusted to them with regard to the prevention of terrorism. The Committee recalls, therefore, that it is up to the Ministry to ensure that the envisaged consultation is limited to this one mission.
Pursuant to Article 706-25-9 of the CDPF, the representatives of the State in the Department and the Administrations of the State may consult FIJAIT for administrative decisions concerning recruitment, assignment, authorisation, authorisation or authorisation. It follows from draft article R. 50-52 of the PPC that the professions exercised in the fields of " Security, education, education, transport And " Any employment with an operator of vital importance, any employment on a classified facility for the protection of the environment known as SEVESO or any employment in the public service and for the control of the performance of those activities and
The department indicated that this consultation, which is left to the discretion of each jurisdiction, may take place at the recruitment stage and throughout the career of the persons concerned. The Commission notes that, under the terms of section 706-25-9 of the PPC, this consultation must be strictly limited to " Administrative decisions on recruitment, assignment, authorization, accreditation or empowerment ". It therefore considers that it is appropriate to implement, beyond the registration of the ground for consultation, effective control in order to ensure that this consultation can only take place within the scope strictly defined by the In
event, the Committee recalls that Article 10 of the Law of 6 January 1978 amended provides that no decision producing legal effects in respect of a person can Be taken solely on the basis of automated data processing intended to define the Profile of the person concerned or assess certain aspects of his or her personality.
On the rights of persons:
In accordance with the provisions of CPC article 706-25-8, any person whose identity is registered in the file is informed By the judicial authority or its representative. Draft articles R. 50-38 to R. 50-42 of the PPC set out the terms and conditions for the issuance of this information.
Section R. 50-38 states that a document prepared by the Department of Justice will be used to support information issued to individuals. In
, the Committee recalls that this information must be clear, complete and educational, in so far as it also conditions the fulfilment of the obligations placed on the persons registered in the FIJAIT.
It further notes that the proposed Order will be amended to Provide that the decisions to withdraw and de-register the FIJAIT will also be made to the knowledge of the person concerned to take into account the evolution of the situation of persons registered in FIJAIT.
Section 706-25-6 of the PPC Expressly provides that amnesty, rehabilitation and erasure of criminal record conviction do not automatically result in the erasure of data in FIJAIT. As in its opinion on the draft legislative provisions for the creation of FIJAIT, the Commission points out that such an element should nevertheless be taken into account in the event of a request by the data subject to delete the data Registered in the FIJAIT. It notes, however, that the draft decree contains no details on this point and considers that it should be completed.
The procedures for the exercise of the rights of rectification and erasure as provided for in this draft decree
, the persons concerned shall exercise their right of access to information concerning them in accordance with the same procedure as for access to information recorded in the national automated criminal record, namely The oral communication by a magistrate of all the information They are not able to obtain a copy in accordance with article 777-2 of the Code of Criminal Procedure.
On Data Security and Action Traceability:
The FIJAIT processing is a web-based application to a database. It is hosted within the national criminal record site.
The underlying technical infrastructure uses a network architecture designed to prevent direct access to servers hosting the application, by defining different zones and By filtering the exchanges between these areas using firewalls.
The treatment-related exchanges take place on the private network of the Ministry of Justice and the Interdepartmental Network on AdeR, according to the users. These exchanges are also compartmentalized with other treatments using these access networks. The transmission between any client node and front-end servers is secured using HTTPS.
Traceability is guaranteed by means of an active device that can trace alerts in the event of an excessive user lookup or A specific folder. In addition, an infrastructure that is being generalised will be used to trace the operations of system administrators.
When it comes to authentication, the policy for managing passwords is consistent with the policy recommendations. An automatic session lock is also expected. The Commission draws the attention of the FIJAIT's managing service to the need for strict control over the granting of these clearances, with regard to the purposes assigned to it.
Different access profiles have been defined Within the application to restrict access to data based on trades.
Finally, if a provider needs data for software qualification reasons, the data is " Anonymized ". Operators are also entitled " In
light of these elements, the Commission considers that the security measures described by the controller are in conformity with the security requirement laid down in Article 34 of the law of 6 January 1978 as amended. It recalls, however, that this obligation requires the updating of security measures in relation to the regular reassessment of risks.
On the other provisions of the draft order:
The legislator provided for registration in FIJAIT of the perpetrators of offences committed before the date of entry into force of the aforementioned Law of 24 July 2015, but which, after that date, has been the subject of one of the decisions provided for in Article 706-25-4 of the Same code, as well as persons executing, on the date of entry into force of this Law, a penalty of deprivation of liberty for one of the same offences, on the decision of the public
. The manager of the FIJAIT is authorized to obtain a list of persons who Carry out such a sentence of deprivation of liberty by consulting the National File of Prisoners (FNPI). In this respect, the Commission notes that the FNPI has been replaced by the National Inmate File (NPF) which, in the long term, is intended to be replaced by the processing of personal data relating to the national management of detained persons. Prison establishment known as GENESIS. The Commission takes note that, at its request and for the sake of consistency, the draft decree will refer only to the " Processing of personal data relating to the national management of persons detained in prisons ".
As regards persons convicted but having served their sentence, it is intended that the services of the police or the The national gendarmerie shall, at the request of the magistrate controlling the file, carry out the necessary searches to determine the address of these persons.
In this regard, section 706-25-13 of the PPC, as is the case for criminal records Automated national or FIJAIS, limits the reconciliations and Interconnections whose FIJAIT may be the subject of files or collections of registered data depending on the Ministry of Justice, with the exception of the FPR, and criminalizes the fact, for persons or bodies not dependent on this
Committee recalls, however, that the transitional provisions of the aforementioned Law of 24 July 2015 expressly provide that: Planned research can be done by means of close automated processing The identity of these persons with the information contained in the files of the bodies responsible for the management of a compulsory social security system, in the bank accounts file of the tax administration or in the files of Judicial police. If such reconciliations are only permitted for a limited period, it is the case that they constitute automated processing of personal data within the meaning of the law of 6 January 1978, as amended, which will therefore have to do so, To be authorised by the Commission.
Article 5 amends the provisions of Decree No 2010-569 of 28 May 2010 referred to above in order to allow the managing agents of FIJAIT to be addressed to the Personal data and information recorded in the RPF for the purposes of Consultation of the only records concerning persons registered with the FIJAIT and the updating of those same data. In this respect, the PPC anticipates that enrolment in FIJAIT will automatically result in the registration of the wanted persons file (RPF) for the duration of the person's obligations and not for the duration of the person 's Registration, as originally planned.


The President,

I. Falque-Pierrotin


Downloading the document in RTF (weight < 1MB) Excerpt from the authenticated Official Journal (format: pdf, weight: 0.23 MB)