171 Amendments of Bodil VALERO related to 2017/0352(COD)
Amendment 194 #
Proposal for a regulation
Title 1
Title 1
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for interoperability betweenaccessibility of EU information systems (police and judicial cooperation, asylum and migration)
Amendment 196 #
Proposal for a regulation
Recital 5
Recital 5
(5) In its final report of 11 May 201749 , the high-level expert group on information systems and interoperability concluded that it is necessary and technically feasible to work towards practical solutions for interoperability and that they can, in principle, both deliver operational gains and be established in compliance with data protection requirements. In the same final report, the European Data Protection Supervisor stated that he was not in a position to endorse all the conclusions referred to by the high-level expert group, citing concerns related to legal bases, data protection and information security. _________________ 49 http://ec.europa.eu/transparency/regexpert/i ndex.cfm?do=groupDetail.groupDetailDoc &id=32600&no=1.
Amendment 200 #
Proposal for a regulation
Recital 9
Recital 9
(9) With a view to improve the management of the external borders, to contribute to preventing and combating irregular migration and to contribute to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States, interoperability between EU information systems, namely the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)] should be established in order for these EU information systems and their data to supplement each other. To achieve this, a European search portal (ESP), and a shared biometric matching service (shared BMS), a common identity repository (CIR) and a multiple-identity detector (MID) should be established as interoperability components.
Amendment 205 #
Proposal for a regulation
Recital 10
Recital 10
(10) The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, streamline the law enforcement access to the EES, the VIS, the [ETIAS] and Eurodac, and support the purposes of the EES, the VIS, the [ETIAS], Eurodac, the SIS and the [ECRIS-TCN system].
Amendment 217 #
Proposal for a regulation
Recital 13
Recital 13
(13) The European search portal (ESP) should be established to facilitate technically the abilityccess of Member State authorities and EU bodies to have fast, seamless, efficient, systematic and controlled access, in specific cases and under specific conditions, to the EU information systems, the Europol data and the Interpol databases needed to perform their tasks, in accordance with their access rights, and to support the objectives and purposes of the EES, the VIS, the [ETIAS], Eurodac, the SIS, the [ECRIS- TCN system] and the Europol data. Enabling the simultaneous querying of all relevant EU information systems in parallel, as well as of the Europol data and the Interpol databases, the ESP should act as a single window or ‘message broker’ to search various central systems and retrieve the necessary information seamlessly and in full respect of the access control and data protection requirements of the underlying systems.
Amendment 220 #
Proposal for a regulation
Recital 16
Recital 16
(16) To ensure fast and systematic use of all EU information systems, the European search portal (ESP) should be used to query the common identity repository, the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system]. However, the national connection to the different EU information systems should remain in order to provide a technical fall back. The ESP should also be used by Union bodies to query the Central SIS in accordance with their access rights and in order to perform their tasks. The ESP should be an additional means to query the Central SIS, the Europol data and the Interpol systems, complementing the existing dedicated interfaces.
Amendment 225 #
Proposal for a regulation
Recital 17
Recital 17
(17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits by relying on one unique technological component instead of different ones in each of the underlying systems. All automated fingerprint identification systems, including those currently used for Eurodac, the VIS and the SIS, use biometric templates comprised of data derived from a feature extraction of actual biometric samples. The shared BMS should regroup and storeenable the querying of all these biometric templates in one single location, facilitating cross-system comparisons using biometric data and enabling economies of scale in developing and maintaining the EU central systems.
Amendment 232 #
Proposal for a regulation
Recital 20
Recital 20
Amendment 235 #
Proposal for a regulation
Recital 21
Recital 21
(21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals. The common identity repository (CIR) should store the personal data concerning third-country nationals present in the systems that are necessary to enable the more accurate identification of those individuals, therefore including their identity, travel document and biometric data, regardless of the system in which the data was originally collected. Only the personal data strictly necessary to perform an accurate identity check should be stored in the CIR. The personal data recorded in the CIR should be kept for no longer than is strictly necessary for the purposes of the underlying systems and should be automatically deleted when the data is deleted in the underlying systems in accordance with their logical separation.
Amendment 239 #
Proposal for a regulation
Recital 22
Recital 22
Amendment 242 #
Proposal for a regulation
Recital 23
Recital 23
Amendment 244 #
Proposal for a regulation
Recital 24
Recital 24
Amendment 249 #
Proposal for a regulation
Recital 25
Recital 25
Amendment 251 #
Proposal for a regulation
Recital 26
Recital 26
Amendment 255 #
Proposal for a regulation
Recital 27
Recital 27
Amendment 262 #
Proposal for a regulation
Recital 28
Recital 28
Amendment 264 #
Proposal for a regulation
Recital 29
Recital 29
Amendment 271 #
Proposal for a regulation
Recital 31
Recital 31
(31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data covered under common identity repository (CIR) obtained using biometric data of that person taken during an identity check, should continue to be governed by the provisions in the respective legal instruments. The designated law enforcement authorities and Europol do not know in advance which of the EU information systems contains data of the persons they need to inquire upon. This results in delays and inefficiencies in the conduct of their tasks. The end-user authorised by the designated authority should therefore be allowed to see in which of the EU information systems the data corresponding to the query introduced are recorded. The concerned system would thus be flagged following the automated verification of the presence of a hit in the system (a so-called hit-flag functionality).
Amendment 275 #
Proposal for a regulation
Recital 32
Recital 32
Amendment 278 #
Proposal for a regulation
Recital 33
Recital 33
Amendment 281 #
Proposal for a regulation
Recital 34
Recital 34
Amendment 285 #
Proposal for a regulation
Recital 35
Recital 35
Amendment 290 #
Proposal for a regulation
Recital 37
Recital 37
Amendment 295 #
Proposal for a regulation
Recital 39
Recital 39
Amendment 299 #
Proposal for a regulation
Recital 40
Recital 40
Amendment 302 #
Proposal for a regulation
Recital 41
Recital 41
Amendment 304 #
Proposal for a regulation
Recital 42
Recital 42
Amendment 306 #
Proposal for a regulation
Recital 43
Recital 43
Amendment 316 #
Proposal for a regulation
Recital 47
Recital 47
(47) A central repositoryFunctionalities for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes. eu-LISA should establish, implement and host the CRRS in its technical sdevelop these functionalities containing to extract anonymous statistical data from the above- mentioned systems, the common identity repository, the multiple-identity detector and the shared biometric matching service (shared BMS). The data contained in the CRRS should not enable the identification of individuals. eu-LISA should render the data anonymous and should record such anonymous data in the CRRS and the shared biometric matching service (shared BMS). eu-LISA should render the data anonymous. The process for rendering the data anonymous should be automated and no direct access by eu- LISA staff should be granted to any personal data stored in the EU information systems or in the interoperability components.
Amendment 323 #
Proposal for a regulation
Recital 56
Recital 56
(56) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period. Similarly, in order to allow for the coherent and optimal functioning of the multiple-identity detector (MID), transitional measures should be established for the start of its operations.
Amendment 331 #
Proposal for a regulation
Recital 59
Recital 59
(59) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities; the operation of the central repository for reporting and statistics; and cooperation procedure in case of security incidents. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council59 . _________________ 59 Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission's exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
Amendment 333 #
Proposal for a regulation
Recital 60
Recital 60
Amendment 341 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperaaccessibility borders and visa], establishes a framework to ensure the interoperability betweenbetter accessibility of the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data to supplement each otherto search for persons in specific cases and under specific conditions based on their identity data or their fingerprint data.
Amendment 345 #
Proposal for a regulation
Article 1 – paragraph 2 – introductory part
Article 1 – paragraph 2 – introductory part
2. The framework shall include the following interoperaaccessibility components:
Amendment 348 #
Proposal for a regulation
Article 1 – paragraph 2 – point c
Article 1 – paragraph 2 – point c
Amendment 349 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
Amendment 351 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS) and lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA), with respect to the design, development and operation of the interoperaaccessibility components.
Amendment 355 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
4. This Regulation also adapts the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access in specific cases and under specific conditions to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
Amendment 359 #
Proposal for a regulation
Article 2 – paragraph 1 – point a
Article 2 – paragraph 1 – point a
(a) to improve the management ofeffectiveness and efficiency of checks at the external borders;
Amendment 362 #
Proposal for a regulation
Article 2 – paragraph 1 – point b
Article 2 – paragraph 1 – point b
(b) to contribute to preventing and combadetecting irregular migration;
Amendment 364 #
Proposal for a regulation
Article 2 – paragraph 1 – point c
Article 2 – paragraph 1 – point c
Amendment 367 #
Proposal for a regulation
Article 2 – paragraph 1 – point e a (new)
Article 2 – paragraph 1 – point e a (new)
(ea) to assist Member States law enforcement authorities and Europol in the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence;
Amendment 368 #
Proposal for a regulation
Article 2 – paragraph 1 – point e b (new)
Article 2 – paragraph 1 – point e b (new)
(eb) in the event of a natural disaster or an accident, for humanitarian reasons, to assist in the identification of unknown persons who are not able to identify themselves or unidentified human remains.
Amendment 376 #
Proposal for a regulation
Article 2 – paragraph 2 – point c
Article 2 – paragraph 2 – point c
(c) improving and harmonising data quality requirements of the respective EU information systems while respecting the data processing requirements of the legal bases of the individual systems, data protection standards and principles;
Amendment 378 #
Proposal for a regulation
Article 2 – paragraph 2 – point d
Article 2 – paragraph 2 – point d
(d) facilitating the technical and operational implementacontributing to ensuring the effective use of the Union information systems, Europol data and the Interpol databases by facilitating the access to them in specific cases and under specific conditions by Member States of existing and future EU informationthe authorities in accordance with their access rights and the objectives and purposes as laid down in the legal instruments governing the respective systems;
Amendment 381 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems without prejudice to the special protection and safeguards afforded to certain categories of data;
Amendment 387 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
Article 2 – paragraph 2 – point f
(f) streamlining the conditions for law enforcement access in specific cases to the EES, the VIS, [the ETIAS] and Eurodac;
Amendment 396 #
Proposal for a regulation
Article 4 – paragraph 1 – point 9
Article 4 – paragraph 1 – point 9
Amendment 398 #
Proposal for a regulation
Article 4 – paragraph 1 – point 11
Article 4 – paragraph 1 – point 11
Amendment 399 #
Proposal for a regulation
Article 4 – paragraph 1 – point 18
Article 4 – paragraph 1 – point 18
(18) ‘EUnion information systems’ means the large-scale IT systemsEES, VIS, [ETIAS], Eurodac, SIS and [ECRIS-TCN ] operationally managed by eu- LISA;
Amendment 405 #
Proposal for a regulation
Article 4 – paragraph 1 – point 25
Article 4 – paragraph 1 – point 25
(25) ‘terrorist offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;
Amendment 408 #
Proposal for a regulation
Article 4 – paragraph 1 – point 35
Article 4 – paragraph 1 – point 35
Amendment 410 #
Proposal for a regulation
Article 4 – paragraph 1 – point 36
Article 4 – paragraph 1 – point 36
Amendment 412 #
Proposal for a regulation
Article 4 – paragraph 1 – point 37
Article 4 – paragraph 1 – point 37
Amendment 413 #
Proposal for a regulation
Article 5 – title
Article 5 – title
Amendment 417 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial or ethnice, colour, ethnic or social origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, persons in need of international protection, the elderly and persons with a disability.
Amendment 426 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled accesfacilitating the access in specific cases and under specific conditions of Member State authorities and of Union agencies to the EUnion information systems, the Europol data and the Interpol databases that they need toin the performance of their tasks and in accordance with their access rights and of supporting the objectivthe objectives and purposes of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol data.
Amendment 432 #
(c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the common identity repository (CIR) and the multiple-identity detector.
Amendment 436 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The use of the ESP shall be reserved to the Member State authorities and EU bodagencies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system], to the CIR and the multiple-identity detector as well as the Europol data and the Interpol databases in accordance with Union or national law governing such access.
Amendment 438 #
Proposal for a regulation
Article 7 – paragraph 1 a (new)
Article 7 – paragraph 1 a (new)
1a. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those Union information systems and in this Regulation, and only in specific cases where they have factual indications that a person is registered in one of the systems and the information about this is necessary for solving a specific on-going situation or facilitating a criminal investigation. They shall not use the ESP for systematic checks of large groups of persons.
Amendment 441 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of Eurodac and [the ECRIS-TCN system] in accordance with their access rights under Union and national law. They shall also use the ESP to query the CIR in accordance with their access rights under this Regulation for the purposes referred to in Articles 20, 21 and 22.
Amendment 443 #
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
4. The EU bodagencies shall use the ESP to search data related to persons or their travel documents in the Central SIS.
Amendment 447 #
Proposal for a regulation
Article 8 – paragraph 1 – point a
Article 8 – paragraph 1 – point a
(a) the fields of data possibly to be used for querying, including a mandatory field for the specific purpose of the query;
Amendment 456 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases.
Amendment 458 #
Proposal for a regulation
Article 9 – paragraph 2
Article 9 – paragraph 2
2. The fields of data used to launch a query via the ESP shall correspond to the fields of data related to persons or travel documents that may be used to query the various EU information systems, the Europol data and the Interpol databases in accordance with the legal instruments governing them. An additional data field shall require the mandatory entering of the specific purpose of the query. For queries in the context of the prevention, detection or investigation of terrorist offences or other serious criminal offences, the case reference shall be required.
Amendment 460 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system], the CIR and the multiple-identity detector, as well as the Europol data and the Interpol databases, shall provide the data that they contain resulting from the query of the ESP.
Amendment 463 #
Proposal for a regulation
Article 9 – paragraph 5
Article 9 – paragraph 5
5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query is not shared with the owners of Interpol data. Any data from the Interpol databases and originating from a third country shall be marked as such, in order to warn the user about possible misuses of Interpol for political purposes.
Amendment 467 #
Proposal for a regulation
Article 9 – paragraph 6
Article 9 – paragraph 6
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, tThe reply provided by the ESP shall indicate to which information system or database the data belongs.
Amendment 471 #
Proposal for a regulation
Article 10 – paragraph 1 – point c
Article 10 – paragraph 1 – point c
(c) the EU information systems and the Europol and Interpol data queried;
Amendment 473 #
Proposal for a regulation
Article 10 – paragraph 1 – point d a (new)
Article 10 – paragraph 1 – point d a (new)
(da) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 8(2).
Amendment 476 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onfive years after their creation, unless they are required for monitoring procedures that have already begun. The European Data Protection Supervisor shall perform an audit of these logs at least every two years and publish a report about the audit.
Amendment 481 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall be notified by eu- LISA.
Amendment 483 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall notify eu-LISA and the Commission.
Amendment 489 #
Proposal for a regulation
Article 11 – paragraph 3
Article 11 – paragraph 3
3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1) or the CIR directly using their respective national uniform interfaces or national communication infrastructures.
Amendment 491 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system].
Amendment 496 #
Proposal for a regulation
Article 12 – paragraph 2 – point a
Article 12 – paragraph 2 – point a
(a) a central infrastructure, including a search engine and the storage of the data referred to in Article 13;
Amendment 497 #
Proposal for a regulation
Article 12 – paragraph 2 – point b
Article 12 – paragraph 2 – point b
(b) a secure communication infrastructure between the shared BMS, Central-SIS and the CIR and the EES, the VIS, Eurodac, [the ECRIS- TCN system] and the Central-SIS.
Amendment 502 #
Proposal for a regulation
Article 13 – title
Article 13 – title
Data storaccessed inby the shared biometric matching service
Amendment 503 #
Proposal for a regulation
Article 13 – paragraph 1 – introductory part
Article 13 – paragraph 1 – introductory part
1. The shared BMS shall store the biometric templates that it shall obtain from, for each query, access the following biometric data:
Amendment 512 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
Amendment 515 #
Proposal for a regulation
Article 13 – paragraph 3
Article 13 – paragraph 3
3. BA biometric templates used for a query shall only be entered in the shared BMS search engine following an automated quality check of the biometric data added to one of the information systems performed by the shared BMS to ascertain the fulfilment of a minimum data quality standard.
Amendment 516 #
Proposal for a regulation
Article 13 – paragraph 4
Article 13 – paragraph 4
Amendment 518 #
Proposal for a regulation
Article 14 – paragraph 1
Article 14 – paragraph 1
Amendment 520 #
1a. Where a police authority has been so empowered by national legislative measures, it may, for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a natural disaster or an accident, query the shared BMS with the biometric data of those persons. Member States wishing to avail themselves of this possibility shall adopt national legislative measures laying down the procedures, conditions and criteria.
Amendment 521 #
Proposal for a regulation
Article 15
Article 15
Amendment 525 #
Proposal for a regulation
Article 16 – paragraph 1 – point a
Article 16 – paragraph 1 – point a
(a) the history related to the creation and storage ofquery with biometric templates;
Amendment 526 #
Proposal for a regulation
Article 16 – paragraph 1 – point b
Article 16 – paragraph 1 – point b
(b) a reference to the EU information systems queried with the biometric templates stoentered into the shared BMS;
Amendment 529 #
Proposal for a regulation
Article 16 – paragraph 1 – point g a (new)
Article 16 – paragraph 1 – point g a (new)
(ga) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 14.
Amendment 530 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be made available to the competent supervisory authority on request. They shall be protected by appropriate measures against unauthorised access and erased onfive years after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erasedEuropean Data Protection Supervisor shall perform an audit of these logs at least every two years and publish a report about the audit.
Amendment 536 #
Proposal for a regulation
Article 17
Article 17
Amendment 542 #
Proposal for a regulation
Article 18
Article 18
Amendment 548 #
Proposal for a regulation
Article 19
Article 19
Amendment 550 #
Proposal for a regulation
Article 20
Article 20
Access to the common identity repository 1. authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Where the query indicates that data on that person is stored in the CIR, the Member States authority shall have access to consult the data referred to in Article 18(1). Where the biometric data of the person cannot be used or where the query with that data fails, the query shall be carried out with identity data of the person in combination with travel document data, or with the identity data provided by that person. 2. themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks.rticle 20 deleted for identification Where a Member State police Member States wishing to avail
Amendment 565 #
Proposal for a regulation
Article 21
Article 21
Access to the common identity repository for the detection of multiple identities 1. in a yellow link in accordance with Article 28(4), the authority responsible for the verification of different identities determined in accordance with Article 29 shall have access, solely for the purpose of that verification, to the identity data stored in the CIR belonging to the various information systems connected to a yellow link. 2. in a red link in accordance with Article 32, the authorities referred to in Article 26(2) shall have access, solely for the purposes of fighting identity fraud, to the identity data stored in the CIR belonging to the various information systems connected to a red link.rticle 21 deleted Where a query of the CIR results Where a query of the CIR results
Amendment 571 #
Proposal for a regulation
Article 22
Article 22
Amendment 581 #
Proposal for a regulation
Article 23
Article 23
Amendment 587 #
Proposal for a regulation
Article 24
Article 24
Amendment 598 #
Proposal for a regulation
Article 25
Article 25
Amendment 606 #
Proposal for a regulation
Article 26
Article 26
Amendment 609 #
Proposal for a regulation
Article 27
Article 27
Amendment 617 #
Proposal for a regulation
Article 28
Article 28
Amendment 623 #
Proposal for a regulation
Article 29
Article 29
Amendment 638 #
Proposal for a regulation
Article 30
Article 30
Amendment 640 #
Proposal for a regulation
Article 31
Article 31
Amendment 644 #
Proposal for a regulation
Article 32
Article 32
Amendment 658 #
Proposal for a regulation
Article 33
Article 33
Amendment 664 #
Proposal for a regulation
Article 34
Article 34
Amendment 666 #
Proposal for a regulation
Article 35
Article 35
Amendment 672 #
Proposal for a regulation
Article 36
Article 36
Amendment 678 #
Proposal for a regulation
Article 37 – paragraph 1
Article 37 – paragraph 1
1. eu-LISA shall establish automated data quality control mechanisms and procedures on the data stored in or accessed through the SIS, Eurodac, [the ECRIS-TCN system], and the shared biometric matching service (shared BMS), the common identity repository (CIR) and the multiple-identity detector (MID).
Amendment 680 #
Proposal for a regulation
Article 37 – paragraph 2
Article 37 – paragraph 2
2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in or access data through the SIS, Eurodac, [the ECRIS-TCN system], and the shared BMS, the CIR and the MID.
Amendment 682 #
Proposal for a regulation
Article 37 – paragraph 3
Article 37 – paragraph 3
3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the Member States. eu-LISA shall also provide a regular report to the Commission covering the issues encountered and the Member States concerned, the Council, the European Parliament, the European Data Protection Supervisor, the European Data Protection Board and the Fundamental Rights Agency, covering the issues encountered and the Member States concerned. No reports provided under this paragraph shall contain any personal data.
Amendment 685 #
Proposal for a regulation
Article 37 – paragraph 4
Article 37 – paragraph 4
4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in or access data through the SIS, Eurodac, [the ECRIS-TCN system], and the shared BMS, the CIR and the MID, in particular regarding biometric data, shall be laid down in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).
Amendment 688 #
Proposal for a regulation
Article 37 – paragraph 5
Article 37 – paragraph 5
5. One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies identified in the evaluation report and shall report on any progress against this action plan until it is fully implemented. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor, the European Data Protection Board and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007.63 _________________ 63 Council Regulation (EC) No 168/2007 of 15 February 2007 establishing a European Union Agency for Fundamental Rights (OJ L 53, 22.2.2007, p. 1).
Amendment 689 #
Proposal for a regulation
Article 38 – paragraph 2
Article 38 – paragraph 2
2. The UMF standard shall be used in the development of the [Eurodac], the [ECRIS-TCN system], the European search portal, the CIR, the MID and, if appropriate, in the development by eu- LISA or any other EU body of new information exchange models and information systems in the area of Justice and Home Affairs.
Amendment 693 #
Proposal for a regulation
Article 39
Article 39
Amendment 702 #
Proposal for a regulation
Article 39 a (new)
Article 39 a (new)
Article 39a Statistics 1. eu-LISA shall develop functionalities to allow Member States’ authorities, the Commission, eu-LISA as well as the EDPS to automatically extract statistics directly from the system. Such extraction shall take place only in duly justified cases, at reasonable intervals, and for a specific purpose. Extracted statistics shall only contain anonymous data. 2. Before developing the functionalities laid down in paragraph 1, eu-LISA shall perform a thorough information security risk assessment and establish secure access points.
Amendment 704 #
Proposal for a regulation
Article 40 – paragraph 1
Article 40 – paragraph 1
1. In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the Eurodac, SIS and [the ECRIS-TCN system] respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 or Article 3(8) of Directive (EU) 2016/680 in relation to the biometric templates obtained from the data referred to in Article 13 that they enter into respective systems and shall have responsibility for the processing of the biometric templates in the shared BMS.
Amendment 706 #
Proposal for a regulation
Article 40 – paragraph 2
Article 40 – paragraph 2
Amendment 707 #
Proposal for a regulation
Article 40 – paragraph 3
Article 40 – paragraph 3
Amendment 713 #
Proposal for a regulation
Article 41
Article 41
Amendment 716 #
Proposal for a regulation
Article 43 – paragraph 1
Article 43 – paragraph 1
1. Each Member State shall apply its rules of professional secrecy or other equivalent duties of confidentiality to all persons and bodies requirallowed to work with SIS data accessed through any of the interoperability components in accordance with its national law. That obligation shall also apply after those persons leave office or employment or after the termination of the activities of those bodies.
Amendment 717 #
Proposal for a regulation
Article 43 – paragraph 2 a (new)
Article 43 – paragraph 2 a (new)
2a. Where eu-LISA or a Member State cooperates with external contractors in any task related to the accessibility components, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Regulation, including in particular security, confidentiality and data protection. In case potential and existing contractors are also established in third countries, eu-LISA or the respective Member State shall closely monitor and assess any legal obligations in those third countries that might have a detrimental impact on the confidentiality of the accessibility components and the information systems operated by eu-LISA and by the Member States in the scope of this Regulation, and take all necessary steps to ensure the confidentiality, including, where necessary, declining a contract.
Amendment 718 #
Proposal for a regulation
Article 44 – paragraph 1
Article 44 – paragraph 1
1. Any event that has or may have an impact on the security of the interoperability components and may cause unauthorised access to, damage to or loss of data stored in them shall be considered to be a security incident, in particular where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.
Amendment 719 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA and the European Data Protection Supervisor of security incidents. Without prejudice to Article 35 of Regulation (EC) 45/2001 [or Article 37 of Regulation XX/2018 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC] and Article 34 of Regulation (EU) 2016/794, [the ETIAS Central Unit] and Europol shall notify the Commission, eu-LISA and the European Data Protection Supervisor of any security incident. In the event of a security incident in relation to the central infrastructure of the interoperaaccessibility components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 728 #
Proposal for a regulation
Article 45 – paragraph 1
Article 45 – paragraph 1
Member States and the relevant EU bodies shall ensure that each authority entitled to access the interoperaaccessibility components takes the measures necessary to monitor its compliance with this Regulation and cooperates, where necessary, with the competent supervisory authority.
Amendment 733 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data.
Amendment 754 #
Proposal for a regulation
Article 47 – paragraph 2
Article 47 – paragraph 2
2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within 415 days of receipt of the request.
Amendment 757 #
Proposal for a regulation
Article 47 – paragraph 3
Article 47 – paragraph 3
3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within 3015 days of such contact.
Amendment 760 #
Proposal for a regulation
Article 47 – paragraph 4
Article 47 – paragraph 4
Amendment 767 #
Amendment 769 #
Proposal for a regulation
Article 47 – paragraph 6
Article 47 – paragraph 6
Amendment 771 #
Proposal for a regulation
Article 47 – paragraph 7
Article 47 – paragraph 7
Amendment 783 #
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every fourtwo years.
Amendment 790 #
Proposal for a regulation
Article 50 – paragraph 1
Article 50 – paragraph 1
The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every fourtwo years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted.
Amendment 797 #
Proposal for a regulation
Article 51 – paragraph 1
Article 51 – paragraph 1
1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities and the European Data Protection Board with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the interoperability components, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.
Amendment 800 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 1
Article 52 – paragraph 3 – subparagraph 1
eu-LISA shall be responsible for the development of the interoperaaccessibility components, for any adaptations required for establishing interoperability betweenaccessibility of the central systems of the EES, VIS, [ETIAS], SIS, and Eurodac, and [the ECRIS-TCN system], and the European search portal, and the shared biometric matching service, the common identity repository and the multiple-identity detector.
Amendment 807 #
Proposal for a regulation
Article 53 – paragraph 2
Article 53 – paragraph 2
2. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with data stored in the interoperaaccessed through the accessibility components. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.
Amendment 809 #
Proposal for a regulation
Article 53 – paragraph 3
Article 53 – paragraph 3
3. eu-LISA shall develop and maintain a mechanism and procedures for carrying out quality checks on the data stored inaccessed through the shared biometric matching service and the common identity repository in accordance with Article 37.
Amendment 811 #
(a) the connection to the communication infrastructure of the European search portal (ESP) and the common identity repository (CIR);
Amendment 812 #
Proposal for a regulation
Article 54 – paragraph 1 – point b
Article 54 – paragraph 1 – point b
(b) the integration of the existing national systems and infrastructures with the ESP, and the shared biometric matching service, the CIR and the multiple-identity detector;
Amendment 814 #
Proposal for a regulation
Article 54 – paragraph 1 – point d
Article 54 – paragraph 1 – point d
(d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP, the CIR and the multiple-identity detector and the shared BMS in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles;
Amendment 816 #
Amendment 818 #
Proposal for a regulation
Article 54 – paragraph 1 – point f
Article 54 – paragraph 1 – point f
Amendment 823 #
Proposal for a regulation
Article 55
Article 55
Amendment 828 #
Proposal for a regulation
Article 55b – paragraph 1
Article 55b – paragraph 1
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 3 – paragraph 1 – point s
Article 3 – paragraph 1 – point s
Amendment 829 #
Proposal for a regulation
Article 55b – paragraph 1
Article 55b – paragraph 1
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 3 – paragraph 1 – point t
Article 3 – paragraph 1 – point t
Amendment 830 #
Proposal for a regulation
Article 55b – paragraph 2 – point a
Article 55b – paragraph 2 – point a
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 4 – paragraph 1 – point d
Article 4 – paragraph 1 – point d
(d) a secure communication infrastructure between CS-SIS and the central infrastructures of the European Search Portal (ESP) established in accordance with [Article 6 of Regulation 2018/XX on interoperability], and the shared biometric matching service (BMS) established in accordance with [Article 12 of Regulation 2018/XX on interoperability] and the multiple identity detector (MID) established in accordance with [Article 25 of Regulation 2018/XX on interoperability].
Amendment 831 #
Proposal for a regulation
Article 55b – paragraph 3
Article 55b – paragraph 3
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 7 – paragraph 2a
Article 7 – paragraph 2a
Amendment 834 #
Proposal for a regulation
Article 55b – paragraph 6
Article 55b – paragraph 6
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 43 – paragraph 1 – point g
Article 43 – paragraph 1 – point g
Amendment 835 #
Proposal for a regulation
Article 55b – paragraph 7
Article 55b – paragraph 7
Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement]
Article 71 – paragraph 6
Article 71 – paragraph 6
Amendment 837 #
Proposal for a regulation
Article 55c
Article 55c
Amendment 841 #
Proposal for a regulation
Article 55c – paragraph 5
Article 55c – paragraph 5
Regulation (EU) 2018/XX [the ECRIS-TCN Regulation]
Article 4 – paragraph 1 – point a
Article 4 – paragraph 1 – point a
Amendment 842 #
Proposal for a regulation
Article 55c – paragraph 5 – point c
Article 55c – paragraph 5 – point c
Regulation (EU) 2018/XX [the ECRIS-TCN Regulation]
Article 4 – paragraph 1 – point e
Article 4 – paragraph 1 – point e
(e) a secure communication infrastructure between the ECRIS-TCN Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability], and the shared biometric matching service established by [Article 12 of Regulation 2018/XX on interoperability], the CIR established by [Article 17 of Regulation 2018/XX on interoperability] and the multiple-identity detector established by [Article25 of Regulation 2018/XX on interoperability].
Amendment 854 #
Proposal for a regulation
Article 55d – paragraph 1
Article 55d – paragraph 1
Regulation (EU) 2018/XX [Regulation on eu-LISA]
Article 8 – paragraph 2
Article 8 – paragraph 2
Amendment 855 #
Proposal for a regulation
Article 55d – paragraph 2
Article 55d – paragraph 2
Regulation (EU) 2018/XX [Regulation on eu-LISA]
Article 9
Article 9
Amendment 859 #
Proposal for a regulation
Article 56 – paragraph 1 – point b
Article 56 – paragraph 1 – point b
(b) – (not applicable)number of queries to each of the Interpol databases.
Amendment 861 #
Proposal for a regulation
Article 56 – paragraph 2
Article 56 – paragraph 2
Amendment 864 #
Proposal for a regulation
Article 56 – paragraph 3
Article 56 – paragraph 3
Amendment 868 #
Proposal for a regulation
Article 56 – paragraph 5
Article 56 – paragraph 5
Amendment 873 #
Proposal for a regulation
Article 58
Article 58
Amendment 876 #
Proposal for a regulation
Article 59
Article 59
Amendment 882 #
Proposal for a regulation
Article 60 – paragraph 1
Article 60 – paragraph 1
1. The costs incurred in connection with the establishment and operation of the ESP, and the shared biometric matching service, the common identity repository (CIR) and the MID shall be borne by the general budget of the Union.
Amendment 884 #
Proposal for a regulation
Article 60 – paragraph 3
Article 60 – paragraph 3
3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol. The costs for the connection of the designated authorities to the CIR shall be borne by each Member State and Europol, respectively.
Amendment 886 #
Proposal for a regulation
Article 61 – paragraph 1 – subparagraph 1
Article 61 – paragraph 1 – subparagraph 1
The Member States shall notify eu-LISA of the authorities referred to in Articles 7, 20, 21 and 26 that may use or have access to the ESP, or the CIR and the MIDshared BMS respectively.
Amendment 888 #
Proposal for a regulation
Article 61 – paragraph 3
Article 61 – paragraph 3
Amendment 891 #
Proposal for a regulation
Article 62 – paragraph 1 – point c
Article 62 – paragraph 1 – point c
(c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1), 13, 19, 34 and 39 and have notified them to the Commission;
Amendment 892 #
Proposal for a regulation
Article 62 – paragraph 1 – point e
Article 62 – paragraph 1 – point e
Amendment 917 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point b
Article 68 – paragraph 5 – subparagraph 1 – point b
(b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular on the right to non-discrimination;
Amendment 920 #
Proposal for a regulation
Article 68 – paragraph 8 – subparagraph 1 – introductory part
Article 68 – paragraph 8 – subparagraph 1 – introductory part
While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repositorythrough the ESP and the shared BMS for law enforcement purposes, containing information and statistics on:
Amendment 924 #
Proposal for a regulation
Article 68 – paragraph 8 – subparagraph 1 – point c
Article 68 – paragraph 8 – subparagraph 1 – point c