The customs union is the oldest competence of the European Union. Back in 1957, the Treaty of Rome establishing the European Economic Community (EEC) established this union as the main goal of European integration. Since the end of the 1960's, enterprises and people are free to import and export goods within the EEC, renamed into European Union (EU) since the entry into force of the Maastricht treaty in 1993, without paying any customs duties. Furthermore, any good or service imported from a third country (that is to say, a country that is not a member of the EU or any other country that has a customs union agreement with the EU) can be reexported to any of the Member States without having to pay additional duties. Import duties are paid only once, to the Commission.
In order for this system to work efficiently, and especially in order to counteract smuggling and tax evasion, the EU decided in 1997 to centralize all relevant information concerning customs into one database (see : Council Regulation (EC) No 515/97 of 13 March 1997 on mutual assistance between the administrative authorities of the Member States and cooperation between the latter and the Commission to ensure the correct application of the law on customs or agricultural matters lt http://eur-
The Customs Information System (CIS) is handled by the European Commission. It concerns not only customs, but also another important pillar of European integration: the Common Agricultural Policy (CAP). Most of the data categories stored are not personal data. For example, one can find information on imported goods, on businesses, and on statistics on fraud trends. However, there are also several categories of personal data that can be stored into the CIS.
The Customs Files Identification Database (FIDE) is a database which has been added to the CIS to facilitate investigations carried out by the Commission and the national competent authorities. It brings together files relating to persons and businesses that have been suspected or found guilty of offences.
Who is affected and what kind of data is stored into the CIS ?
The CIS stores personal data from people suspected of a breach of customs or agricultural legislation.
The 515/97 Regulation lists the types of personal data that may be stored in a restrictive manner :
name, maiden name, forenames and aliases;
date and place of birth;
any particular objective and permanent physical characteristics;
reason for inclusion of data;
a warning code indicating any history of being armed, violent or escaping;
registration number of the means of transport.
In case of sightings of the person, national authorities can also transmit information about the means of transport of the person, the place, time and reason for the check, his route and destination, people accompanying him, and the objects he carried.
The full list can be found in articles 25 and 28 of the Regulation.
The rights of the data subjects
The Joint Supervisory Authority of Customs which is composed of the national data protection authorities, such as the NAIH, are responsible for data process under the police and justice cooperation while the European Data Protection Supervisor is responsible for any data processing operation realised under EU law. They cooperate in order to ensure individuals' data protection rights are respected by the CIS system. Indeed, a certain number of safeguards apply, that are detailed below.
Sensitive data, for example data concerning religious and political beliefs, or concerning the person's health, may not be stored.
Personal data stored into the CIS may not be used for reasons other than preventing, investigating and prosecuting operations in breach with customs or agricultural legislation. This means that only people whom there is evidence suggesting they may have committed such an illegal operation about can have their data stored into the CIS. Data may not be kept longer than necessary for the purposes the CIS was set up to serve.
Data must be accurate and lawfully collected. People whose data is collected can have access to it, ask for it modification if it contains errors, and for its erasure if it was unlawfully collected. Access to one's data may be refused by the national authority who supplied the information, but only if such access would cause a prejudice to the investigation. The NAIH can assist you in accessing your personal data.
National authorities are liable for the data they feed into the CIS. Individuals may sue for compensation if they are the victims of damage caused by unlawful processing of data under the CIS provisions.
In agreement with EU and Hungarian laws, each person has the right to:
request that inaccurate or false data is corrected
request the removal of its unlawfully processed data
turn to the courts or another competent authority to request the correction or removal of inaccurate data or petition for compensatory damages
The request has to be lodged to the authority that carries/carried on the procedure. More information can be found at the
National Tax and Customs Administration of Hungary
Postal address: 1373 Budapest, Pf. 561.
Address: 1054 Budapest, Széchenyi u. 2.
Tel: +36 (1) 428-
Fax: +36 (1) 428-
The authority has the right to refuse requests but is obliged to inform the person about the fact of and the reason for denial. Should you find that the authority is not adequately responsive to your request, you then may turn to the Hungarian National Authority for Data Protection and Freedom of Information (NAIH):
National Authority for Data Protection and Freedom of Information
Levelezési cím: 1363 Budapest, Pf.: 9.
Cím: 1055 Budapest, Falk Miksa utca 9-
Tel: +36 (1) 391-
Fax: +36 (1) 391-