BETA

Activities of Clare DALY related to 2021/0410(COD)

Plenary speeches (1)

2024/02/07
Dossiers: 2021/0410(COD)

Shadow reports (1)

2023/05/26
Committee: LIBE
Dossiers: 2021/0410(COD)
Documents: PDF(394 KB) DOC(181 KB)
Authors: [{'name': 'Paulo RANGEL', 'mepid': 96903}]

Amendments (196)

Proposal for a regulation
Recital 3

(3) The objective of this Regulation is therefore to improve, streamline and facilitate the exchange of criminal information between Member States’ law enforcement authorities, but also with the European Union Agency for Law Enforcement Cooperation established by Regulation (EU) No 2016/794 of the European Parliament and of the Council30 (Europol) as the Union criminal information hub. _________________ 30 Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 4

(4) Council Decisions 2008/615/JHA31 and 2008/616/JHA32 laying down rules for the exchange of information between authorities responsible for the prevention and investigation of criminal offences by providing for the automated transfer of DNA profiles, dactyloscopic data and certain vehicle registration data, have ~~proven important for tackling terrorism and~~had an unquantified effect on tackling cross- border crime. Data on their effectiveness for this purpose is unavailable. _________________ 31 Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross- border cooperation, particularly in combating terrorism and cross-border crime (OJ L 210, 6.8.2008, p. 1). 32 Council Decision 2008/616/JHA of 23 June 2008 on the implementation of Decision 2008/615/JHA on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime (OJ L 210, 6.8.2008, p. 12).

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 5

(5) This Regulation should lay down the conditions and procedures for the automated transfer of ~~DNA profiles, dactyloscopic data, vehicle registra~~certain, limited categories of biometric data contained in databases established for the prevention, d~~ata, facial imag~~etection and investigation of serious cross-border criminal offences, a~~nd pol~~s well as vehicle re~~cords~~gistration data. This should be without prejudice to the processing of any of these data in the Schengen Information System (SIS) or the exchange of supplementary information related to them via the SIRENE bureaux or to the rights of individuals whose data is processed therein.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 6

(6) The processing of personal data and the exchange of personal data for the purposes of this Regulation should be carried out in compliance with Chapter 6 of this Regulation, Directive (EU) 2016/680 of the European Parliament and the Council, Regulation (EU) 2018/1725 of the European Parliament and the Council and Regulation (EU)2016/794. Processing of data under this Regulation should not result in discrimination against persons on any grounds. It should fully respect human dignity and integrity and other fundamental rights, including the right to respect for one's private life and to the protection of personal data, in accordance with the Charter of Fundamental Rights of the European Union.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 7

(7) By providing for the automated search or comparison of DNA profiles, dactyloscopic data, vehicle registration data, facial images and police records, the purpose of this Regulation is also to allow for the search of missing persons and unidentified human remains. This should be without prejudice to the entry of SIS alerts on missing persons and the exchange of supplementary information on such alerts under Regulation (EU) 2018/1862 of the European Parliament and of the Council.33 _________________ 33 Regulation (EU) 2018/1862 of the European Parliament and of the Council of 28 November 2018 on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation in criminal matters, amending and repealing Council Decision 2007/533/JHA, and repealing Regulation (EC) No 1986/2006 of the European Parliament and of the Council and Commission Decision 2010/261/EU (OJ L 312, 7.12.2018, p. 56).deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 9

(9) For the automated searching of vehicle registration data, Member States should use the European Vehicle and Driving Licence Information System (Eucaris) set up by the Treaty concerning a European Vehicle and Driving Licence Information System (EUCARIS) designed for this purpose. Eucaris should connect all participating Member States in a network. ~~There is no central component needed for the communication to be established as each Member State communicates directly to the other connected Member States.~~ Given that EUCARIS is not based on a Union legal act, and the scale and sensitivity of the personal data processing and the complex architecture of the automated searching and exchanging of data, central coordination is needed in order to ensure clarity on the responsibility for the processing of personal data therein, despite the direct communication among Member States. Access to EUCARIS for all Member States should be conditioned on a full, independent, ex ante data protection impact assessment, as referred to in Article 27 of Directive 2016/680, which should, at minimum, verify that data in the database has or have been stored in accordance with the law, in particular, the requirements of ‘strict necessity’ and proportionality under Directive (EU) 2016/680 of the European Parliament and the Council, which postdates Council Decisions2008/615/JHA and2008/616/JHA, and verify that officials are following the correct rules and procedures for data storage and processing.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 10

(10) The identification of a criminal is essential for a successful criminal investigation and prosecution. The automated searching of facial images of suspects and convicted criminals should provide for additional information for successfully identifying criminals and fighting crime.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 11

(11) The automated search or comparison of biometric data (DNA profiles, dactyloscopic data and facial images) between authorities responsible for the prevention, detection and investigation of criminal offences under this Regulation should only concern data contained in databases established for the prevention, detection and investigation of serious criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 12

(12) Participation in the exchange of police records should remain voluntary. Where Member States decide to participate, in the spirit of reciprocity, it should not be possible for them to query other Member States’ databases if they do not make their own data available for queries by other Member States.deleted

2022/11/03
Committee: LIBE

(13) In recent years, Europol has received a large amount of biometric data of suspected and convicted terrorists and criminals from several third countries. Including third country-sourced data stored at Europol in the Prüm framework and thus making this data available to law enforcement authorities is necessary for better prevention and investigation of criminal offences. It also contributes to building synergies between different law enforcement tools.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 14

(14) Europol should be able to search Member States’ databases under the Prüm framework with data received from third countries in order to establish cross- border links between criminal cases. Being able to use Prüm data, next to other databases available to Europol, should allow establishing more complete and informed analysis on the criminal investigations and should allow Europol to provide better support to Member States’ law enforcement authorities. In case of a match between data used for the search and data held in Member States’ databases, Member States may supply Europol with the information necessary for it to fulfil its tasks.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 15

(15) Decisions 2008/615/JHA and 2008/616/JHA provide for a network of bilateral connections between the national databases of Member States. As a consequence of this technical architecture, each Member State should establish at least 26 connections, that means a connection with each Member State, per data category. The router ~~and the European Police Records Index System (EPRIS)~~ established by this Regulation should simplify the technical architecture of the Prüm framework and serve as connecting points between all Member States. The router should require a single connection per Member State in relation to biometric data ~~and EPRIS should require a single connection per Member State in relation to police records~~.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 16

(16) ~~The router should~~In light of the very serious negative consequences for persons and violations of fundamental rights that would ensue if connection were made, the router should not be connected to the European Search Portal established by Article 6 of Regulation (EU) 2019/817 of the European Parliament and of the Council34 and Article 6 of Regulation (EU) 2019/818 of the European Parliament and of the Council35 to allow Member States’ authorities and Europol to launch queries to national databases under this Regulation simultaneously to queries to the Common Identity Repository established by Article 17 of Regulation (EU) 2019/817 and Article 17 of Regulation (EU) 2019/818 for law enforcement purposes. _________________ 34 Regulation (EU) 2019/817 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA (OJ L 135, 22.5.2019, p. 27). 35 Regulation (EU) 2019/818 of the European Parliament and of the Council of 20 May 2019 on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816 (OJ L 135, 22.5.2019, p. 85).

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 18

(18) Any exchange between Member States’ authorities ~~or with Europol~~ at any stage of one of the processes described under this Regulation, which is not explicitly described in this Regulation, should take place via SIENA to ensure that a common, secure and reliable channel of communication is used by all Member States.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 19

(19) The universal message format (UMF) standard should be used in the development of the router ~~and EPRIS~~. Any automated exchange of data in accordance with this Regulation should use the UMF standard. Member States’ authorities ~~and Europol~~ are encouraged to use the UMF standard also in relation to any further exchange of data between them in the context of the Prüm II framework. The UMF standard should serve as a standard for structured, cross-border information exchange between information systems, authorities or organisations in the field of Justice and Home Affairs.

2022/11/03
Committee: LIBE

Proposal for a regulation
Recital 23

(23) As the router should be developed and managed by the European Union Agency for the Operational Management of Large-Scale Information Systems in the Area of Freedom, Security and Justice established by Regulation (EU) 2018/1726 of the European Parliament and of the Council37 (eu-LISA), it is therefore necessary to amend Regulation (EU) 2018/1726 by adding that to the tasks of eu-LISA. In order to allow for the router to be connected to the European Search Portal to carry out simultaneous searches of the router and the Common Identity Repository it is therefore necessary to amend Regulation (EU) 2019/817. In order to allow for the router to be connected to the European Search Portal to carry out simultaneous searches of the router and the Common Identity Repository and in order to store reports and statistics of the router on the Common Repository for Reporting and Statistics it is therefore necessary to amend Regulation (EU) 2019/818. Those Regulations should therefore be amended accordingly to provide for specific safeguards in order to address specific challenges relating to the modalities of querying and the quality and the performance of the matching of data, including of facial images. _________________ 37 Regulation (EU) 2018/1726 of the European Parliament and of the Council of 14 November 2018 on the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), and amending Regulation (EC) No 1987/2006 and Council Decision 2007/533/JHA and repealing Regulation (EU) No 1077/2011 (OJ L 295, 21.11.2018, p. 99).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 1

This Regulation establishes a framework for the exchange of information between authorities responsible for the prevention, detection and investigation of serious cross-border criminal offences (Prüm II).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 1 – paragraph 2

This Regulation lays down the conditions and procedures for the automated searching of DNA profiles, dactyloscopic data~~, facial images, police records~~ and certain vehicle registration data and the rules regarding the exchange of core data following a match.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 2 – paragraph 1

The purpose of Prüm II shall be to ~~step up~~facilitate cross-border cooperation in matters covered by Part III, Title V, Chapter 5 of the Treaty on the Functioning of the European Union, particularly the exchange of information between authorities responsible for the prevention, detection and investigation of serious cross-border criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 2 – paragraph 2

The purpose of Prüm II shall also be to allow for the search for missing persons and unidentified human remains by authorities responsible for the prevention, detection and investigation of criminal offences.deleted

2022/11/03
Committee: LIBE

This Regulation applies to the national databases used for the automated transfer of the categories of DNA profiles, dactyloscopic data, ~~facial images, police records~~ and certain vehicle registration data.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 6

(6) ‘unidentified DNA profile’ means the DNA profile obtained from traces collected during the investigation of serious criminal offences and belonging to a person not yet identified;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 9

(9) ‘individual case’ means a ~~single investigation fil~~n individual person who is being investigated based on reasonable suspicion of having committed a serious criminal offence;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 10

~~(10) ‘facial image’ means digital image of the face;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 11

(11) ‘biometric data’ means DNA profiles, or dactyloscopic data ~~or facial images~~;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 16

(16) ‘police records’ means any information available in the national register or registers recording data of competent authorities, for the prevention, detection and investigation of criminal offences;deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 16

(16) ‘police records’ means ~~any~~specific information ~~available in the national register or registers recording data of competent authorities, for the prevention, detection and investigation of criminal offences~~regarding persons convicted of having committed serious criminal offences, available in the national register or registers recording criminal record data ;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 18

~~(18) ‘Europol data’ means any personal data processed by Europol in accordance with Regulation (EU) 2016/794;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 18 a (new)

(18 a) ‘serious criminal offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Article 2(2) of Council Framework Decision 2002/584/JHA, if the offence is punishable under national law by a detention order or a custodial sentence of five years or more.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 18 b (new)

(18 b) ‘criminals’ means persons convicted of a criminal offence;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 – paragraph 1 – point 18 c (new)

(18 c) ‘suspects’ means persons with regard to whom there are serious factual grounds for believing that they have committed or are about to commit a criminal offence;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 4 a (new)

Article 4 a Categories of data subject Automated searches of biometric data shall be permitted for the following categories of data subject only: (a) suspects; (b) persons convicted of a serious crime.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 – title

Establishment of national DNA analysis ~~fil~~databases

2022/11/03
Committee: LIBE

1. If foreseen in their national law, Member States shall ~~open and~~ keep national DNA ~~analysis files f~~databases to support the investigation of serious criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1

Processing of data kept in those ~~fil~~databases, under this Regulation, shall be carried out in accordance with this Regulation, in compliance with the national law of the Member States applicable to the processing of those data.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 – paragraph 2 – introductory part

2. Member States shall ensure the availability of DNA reference data from their national DNA ~~analysis fil~~databases as referred to in paragraph 1.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 a (new)

Article 5 a Data Protection Impact Assessment Member States shall conduct an ex ante Data Protection Impact Assessment and prior consultation referred to in Articles 27 and 28 of Directive (EU) 2016/680, respectively, to ensure that data in the database(s)have been stored in accordance with the requirement of strict necessity, prior to the connection of any system to the router, EPRIS or Eucaris as referred to in Article 63(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 b (new)

Article 5 b Procedural guarantees for connected databases 1. Member States shall ensure that data in any database(s) connected to the router, EPRIS or Eucaris as referred to in Article 63(2) contain only the data of persons convicted of having committed offences as referred to in one of the offences referred to in Directive (EU) 2017/541 of the European Parliament and of the Council or in Article 2(2) of Council Framework Decision 2002/584/JHA, if, in both cases, the offence is punishable in the requesting Member State by a custodial sentence or a detention order for period of five years or more, as determined by the law of that Member State, or persons meeting the criteria of serious, reasoned grounds of suspicion referred to in Article 6(b) of Directive(EU) 2016/680. 2. Member States shall ensure that data in any database(s) connected to the router, EPRIS or Eucaris as referred to in Article 63(2) are removed within 3 months of the person’s acquittal or a decision not to charge, except where there is a specific basis in national law for the retention of data in specific circumstances beyond 3months. 3. Member States shall ensure that persons are informed of their inclusion in the database and their rights of redress, except where this will be prejudicial to an ongoing investigation of a serious criminal offence. 4. Member States shall report annually to the European Commission on the following anonymised statistics: (a) The number of persons whose data are held in each connected database; (b) The proportion of persons whose data are held in each connected database that are suspected, and how many convicted; (c) The types of crimes that the persons whose data are held in each connected database are suspected of or have committed, as proportions of the overall database; 5. The European Commission shall make these anonymous statistics, disaggregated by Member State, publicly available.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 c (new)

Article 5 c Data protection guidance The Commission shall, in close cooperation with the European Data Protection Board, make available guidelines on the implementation of Directive (EU) 2016/680 in the context of criminal databases and the cross-border exchange of data, in particular concerning accuracy, strict necessity, and ensuring respect for the right to data protection. The Commission shall adopt the practical handbook in the form of a recommendation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 d (new)

Article 5 d Public transparency Member States and Europol shall publicly disclose which databases are connected to the Prüm router, EPRIS or Eucaris, including the relevant controller(s) and processor(s), and a summary of the results of the Data Protection Impact Assessment conducted pursuant to Article 5a (new).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 5 e (new)

Article 5 e Procedural guarantees following a match Member States shall ensure that they have corroborating evidence before arresting or detaining an individual, meaning that such arrests or detainment cannot be pursued solely on the basis of a match returned via the Prüm router, EPRIS or Eucaris.

2022/11/03
Committee: LIBE

1. Member States shall ~~allow national contact points referred to in Article 29~~request a query by submitting DNA profile data. Requests shall only be in individual cases, in compliance with the national law of the requesting Member State, and where they are necessary and Eupropo~~l access to the DNA reference data in their DNA analysis files, to conduct automated searches by comparing DNA profil~~rtionate to the purposes of investigating serious criminal offences. In line with Article 6 of the Law Enforcement Directive 680/2016 (LED), only the categories of criminals and suspects stored in national databases shall be made accessible for automated searches. The router shall dispatch the request for ~~the investigation of criminal offences~~a query to the Member States’ databases with the data submitted by the requesting Member State and in accordance with this Regulation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1

~~Searches may be conducted only in individual cases and in compliance with the national law of the requesting Member State.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 2 – introductory part

2. ~~Should an automated search show that a supplied DNA profile matches DNA profiles entered~~ On receiving the request~~ed Member State's searched file, the national contact point of the~~ for a query from the router, each request~~ing~~ed Member State shall ~~receive in an automated way~~launch a query of their DNA ~~reference data with which a match has been found~~profiles database in an automated manner and without delay.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 3

3. ~~The national contact point of~~Any matches resulting from the reque~~sting~~ry in each Member State ~~shall confirm a match of DNA profiles data with DNA reference data held by the requested Member State following the automated supply of the DNA reference data required for confirming a match~~’s database shall manually reviewed by the requested Member State. If a match is confirmed, the requested Member State shall invite the requesting Member State to send a reasoned follow-up request containing any additional relevant information to the requested Member State(s).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 3 a (new)

3 a. The requested Member State(s)shall process such requests without delay to decide whether to share the data stored in their database. Upon confirmation, the requested Member State(s) shall share the DNA reference data via the router.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 3 b (new)

3 b. The requested Member State may refuse to supply DNA reference data to the requesting Member State if the accuracy and veracity of the supplied DNA profiles data has not been confirmed, or if the requested Member State has concerns regarding the legitimacy of the request.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 6 – paragraph 3 c (new)

3 c. Access to data of categories of data subject other than convicted criminals or suspects shall be accompanied by a factual and detailed justification in line with purposes as established in national and EU law.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 7

Automated comparison of unidentified 1. Member States may, via their national contact points, compare the DNA profiles of their unidentified DNA profiles with all DNA profiles from other national DNA analysis files for the investigation of criminal offences. Profiles shall be supplied and compared in an automated manner. 2. Should a requested Member State, as a result of the comparison referred to in paragraph 1, find that any DNA profiles supplied match any of those in its DNA analysis files, it shall, without delay, supply the national contact point of the requesting Member State with the DNA reference data with which a match has been found. 3. The confirmation of a match of DNA profiles with DNA reference data held by the requested Member State shall be carried out by the national contact point of the requesting Member State following the automated supply of the DNA reference data required for confirming a match.rticle 7 deleted DNA profiles

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 8 – paragraph 1

Each Member State shall inform the Commission and eu-LISA of the national DNA ~~analysis fil~~databases, to which Articles 5 to 7 apply, in accordance with Article 73.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 10 – paragraph 1

1. A~~ppropriate~~ll necessary measures shall be taken to ensure confidentiality and integrity for DNA reference data being sent to other Member States, including their encryption.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 11 – paragraph 2 – point f

(f) the type of DNA profiles ~~transmitt~~matched (unidentified DNA profiles or reference DNA profiles);

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 11 – paragraph 2 – point g

~~(g) the matching DNA profiles.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 11 – paragraph 3

3. Automated notification of a match shall only be provided if the automated search or comparison has resulted in a match of a minimum number of loci. The ~~Commission shall adopt implementing~~minimum number of loci shall be independently verified by the European Data Protection Board to ensure that the thresholds are sufficiently high to ensure accuracy, reasonably minimise the risk of misidentification and prevent discrimination. The Commission shall adopt delegated acts to specify this minimum number of loci and maximum number of candidates, in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 12 – paragraph 1

1. Member States shall ensure the availability of dactyloscopic reference data from the file for the national automated fingerprint identification systems established for the prevention, detection and investigation of serious criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 1 – introductory part

~~1. For the prevention, detection and 1. investigation of criminal offences, Member States shall allow national contact points~~Member States shall request a query by submitting dactyloscopic data. Requests shall only be in individual cases, in compliance with the Law Enforcement Directive 680/2016 (LED) and the national law of other requesting Member States, and Europol access to the dactyloscopic reference data in the automated fingerprint identification systems which they have established for that purpose, to conduct automated searches by comparing dactyloscopic reference datawhere they are necessary and proportionate to the purposes of investigating serious criminal offences. The router shall dispatch the request for a query to the Member States’ databases with the data submitted by the requesting Member State and in accordance with this Regulation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 1 – subparagraph 1

~~Searches may be conducted only in individual cases and in compliance with the national law of the requesting Member State.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 2

2. ~~The national contact point of the~~On receiving the request for a query from the router, each request~~ing~~ed Member State shall ~~confirm a match of dactyloscopic data wi~~launch a query of the dactyloscopic reference data ~~held by the requested Member State following the automated supply of the dactyloscopic reference data required for confirm~~in their database in an automated manner and without delay. If there is no match, the requesting Member State shall be notified about it ing a ~~match~~n automated manner.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 2 a (new)

2 a. Any matches resulting from the query in each Member State’s database shall manually reviewed by the requested Member State. If a match is confirmed, the requested Member States shall invite the requesting Member State to send a reasoned follow-up request containing any additional relevant information to the requested Member State(s).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 2 b (new)

2 b. The requested Member State(s) shall process such requests without delay to decide whether to share the data stored in their database. Upon confirmation, the requested Member State(s) shall share the dactyloscopic reference data via the router.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 13 – paragraph 2 c (new)

2 c. The requested Member State may refuse to supply DNA reference data to the requesting Member State if the accuracy and veracity of the supplied DNA profiles data has not been confirmed, or if the requested Member State has concerns regarding the legitimacy of the request.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 2

2. Each Member State shall ensure that the dactyloscopic data it transmits are of sufficient quality for a comparison by the automated fingerprint identification systems. The Commission shall adopt delegated acts to specify the minimum standards for dactyloscopic data that must be met by Member States before any transmission of data. These minimum standards shall be independently verified by the European Data Protection Board to ensure that the thresholds are sufficiently high to ensure accuracy, reasonably minimise the risk of misidentification and prevent discrimination. Those delegated acts shall be adopted in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 15 – paragraph 3

3. Member States shall take a~~ppropriate~~ll necessary measures to ensure the confidentiality and integrity of dactyloscopic data being sent to other Member States, including their encryption.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 17 – paragraph 2 – point f

~~(f) the matching dactyloscopic data.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 18 – paragraph 1 – introductory part

1. For the prevention, detection and investigation of serious cross-border criminal offences, Member States shall allow national contact points of other Member States ~~and Europol~~ access to the following national vehicle registration data, to conduct automated searches in individual cases:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 18 – paragraph 1 – point a

(a) ~~data relating to owners or operators~~The name under which the vehicle is registered;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 18 – paragraph 1 – point b

(b) data re~~lat~~garding tohe vehicle make, model, year, colour and/or main identifying features.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 19 – paragraph 1 a (new)

1 a. Any matches resulting from the query in Eucaris shall be manually reviewed by the Member State which has performed the search.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 19 – paragraph 1 b (new)

1 b. Access to EUCARIS for all Member States should be conditioned on a full, independent, ex ante data protection impact assessment, as referred to in Article 27 of Directive 2016/680, which should, at minimum, verify that data in the database has or have been stored in accordance with the law, in particular, the requirements of ‘strict necessity’ and proportionality under Directive (EU) 2016/680 of the European Parliament and the Council, which postdates Council Decisions2008/615/JHA and2008/616/JHA, and verify that officials are following the correct rules and procedures for data storage and processing.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 19 – paragraph 3

3. The Commission shall adopt ~~implementing~~delegated acts to specify the data elements of the vehicle registration data to be exchanged~~. Those implementing~~ and the definition of the authority or authorities having the responsibility for the processing of personal data in EUCARIS. Those delegated acts shall be adopted in accordance with the procedure referred to in Article 76(2). .

2022/11/03
Committee: LIBE

Each Member State ~~and Europol~~ shall keep logs of all data processing operations concerning vehicle registration data. Those logs shall include the following:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 20 – paragraph 2 – subparagraph 1

Those logs shall be protected by a~~ppropriate~~ll necessary measures against unauthorised access and erased ~~one~~four year after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the logs.

2022/11/03
Committee: LIBE

Proposal for a regulation
Chapter 2 – Section 4

~~[...]~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 21 – paragraph 1 – introductory part

1. Member States shall ensure the availability of high quality facial images on individuals suspected or convicted of a serious criminal offence from their national databases established for the prevention, detection and investigation of serious criminal offences. Those data shall only include facial images and the reference number referred to in Article 23, and shall clearly indicate the source of the facial image and whether the facial images are attributed to an individual or not . Member States shall not make available in this context any data from which an individual can be directly identified.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 21 – paragraph 1 a (new)

1 a. Member States shall not use the exchange of facial images under this Regulation for any remote biometric identification in publicly accessible spaces or for any other purposes than those relating to the prevention, detection and investigation of serious criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 21 – paragraph 1 b (new)

1 b. Member States shall not use the exchange of facial images under this Regulation for practices of profiling as defined in Article 4 of Regulation (EU) 2016/679.

2022/11/03
Committee: LIBE

1. For the prevention, detection and investigation of serious criminal offences, Member States ~~shall~~may allow national contact points of other Member States and Europol ~~access to facial images stored in their national databases, to conduct automated searches~~to request automated searches of facial images of convicted criminals and suspects, stored in their national databases, in line with Article 6 of the Law Enforcement Directive 680/2016 (LED).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 22 – paragraph 1 a (new)

1 a. On receiving the request for a search of facial images, each requested Member State shall launch a query of the facial image data in their database in an automated manner and without delay. If there is no match, the requesting Member State shall be notified about it in an automated manner.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 22 – paragraph 1 b (new)

1 b. Any matches resulting from the query in each Member State’s database shall be manually reviewed by the requested Member State. If a match or matches is confirmed, the requested Member State shall invite the requesting Member State to send a reasoned follow- up request containing any additional relevant information to the requested Member State(s).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 22 – paragraph 2

2. The request~~ing~~ed Member State(s) shall process such requests without delay to decide whether to share the data stored in their database. Upon confirmation, the requested Member State(s) shall ~~receiv~~share with the requesting Member State a list composed of matches concerning likely candidates. That Member State shall review the list to ~~determine~~reconfirm the existence of a ~~confirmed~~ match.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 22 – paragraph 3

3. A minimum quality standard shall be established to allow for search and comparison of facial images. The Commission shall adopt ~~implementing~~delegated acts to specify that minimum quality standard. Those ~~implementing~~delegated acts shall be adopted in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 24 – paragraph 2 – point f

~~(f) the matching facial images.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Chapter 2 – Section 5

~~[...]~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 25 – paragraph 1 – introductory part

1. Member States may decide to ~~participate in the automated~~facilitate the exchange of police records. Member States participating in the ~~automated~~ exchange of police records shall ensure the availability of biographical data of suspects and criminals from their national police records indexes established for the investigation of serious criminal offences. This set of data, if available, shall contain the following data:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 25 – paragraph 1 – point g a (new)

(g a) whether the personal data are based on facts or personal assessments, in line with Article 7 of the Law Enforcement Directive.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 26 – paragraph 1 – introductory part

1. For the investigation of serious criminal offences, Member States shall allow national contact points of other Member States and Europol ~~access to data from~~, to request automated searches of their national police records indexes~~, to conduct automated searches~~.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 26 – paragraph 2 – introductory part

2. TAny matches re~~questing Member State shall receive the list of matches with an indication of the quality of the matches~~sulting from the query in each Member State’s database shall manually reviewed by the requested Member State. If a match is confirmed, the requested Member State shall invite the requesting Member State to send a reasoned follow-up request containing any additional relevant information to the requested Member State(s).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 26 – paragraph 2 a (new)

2a. The requested Member State(s) shall process such requests without delay to decide whether to share the data stored in their database. Upon confirmation, the requested Member State(s) shall share the list of matches with an indication of the quality of the matches.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 26 – paragraph 2 b (new)

2b. The requested Member State may refuse to supply the list of matches to the requesting Member State if the requested Member State has concerns regarding the legitimacy of the request.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 30 – paragraph 1

The Commission shall adopt ~~implementing~~delegated acts to specify the technical and other arrangements for the procedures set out in Articles 6, 7, 13, 18, 22, 25, 26, 31 and 2639. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 31 – paragraph 1

Member States ~~and Europol~~ shall observe common technical specifications in connection with all requests and answers related to searches and comparisons of DNA profiles, dactyloscopic data, and vehicle registration data~~, facial images and police records~~. The Commission shall adopt ~~implementing~~delegated acts to specify these technical specifications in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 31 – paragraph 1 a (new)

eu-Lisa, when developing the communication infrastructure between the Prüm framework and the interoperability architecture, shall take into account that the shared Biometric Matching Service (sBMS) does not store DNA profiles.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 31 – paragraph 1 b (new)

Appropriate measures shall be developed and implemented to ensure the highest standards of performance of the biometric matching algorithm of sBMS when matching facial images taken under different conditions as they may differ in format and quality. Following the adoption of this Regulation, the Commission shall adopt those measures by means of a delegated act.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 32 – title

Availability of automated ~~data exchange~~searches at national level

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 32 – paragraph 1

1. Member States shall take all necessary measures to ensure that automated searching or comparison of DNA profiles, dactyloscopic data, and vehicle registration data~~, facial images and police records~~ is possible 24 hours a day and seven days a week.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 32 – paragraph 2 – introductory part

2. National contact points shall immediately inform each other, the Commission, Europol and eu-LISA of the technical fault causing unavailability of the automated ~~data exchange.~~searches

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 32 – paragraph 3

3. National contact points shall re- establish the automated ~~data exchange~~search facility without delay.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 1 – subparagraph 1

~~Europol shall keep a justification of the queries it makes.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 2 – point a

(a) the purpose of the query, including a ~~reference~~specified link to the specific case or investigation;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 2 – point a a (new)

(aa) a statement of the measures taken to ensure respect for fundamental rights, including the right to non-discrimination, prior to the sending of the query;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 2 – point b

(b) an indication on whether the query concerns a suspect or a per~~petrator of a~~son convicted of a criminal offence, and information regarding the specific criminal offence involved;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 3 – introductory part

3. The justifications referred to in paragraph 2 shall ~~only~~ be used for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security and integrity. They shall also be used for fundamental rights monitoring and for ensuring data security and integrity.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 3 – subparagraph 1

Those justifications shall be protected by appropriate measures against unauthorised access and erased ~~one~~four years after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the justification.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 33 – paragraph 4 a (new)

4a. For the purposes of fundamental rights monitoring and audit under Article 56, the relevant human rights office or officer designated under national law to supervise fundamental rights compliance of policing services shall have access to those justifications. If no human rights office or human rights officer is designated under national law to supervise the fundamental rights compliance of policing services in a Member State, the Member State shall designate a senior officer within its policing service to perform the role of fundamental rights monitor under this Regulation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 35 – paragraph 1

1. A router is established for the purposes of facilitating the establishment of connections between Member States ~~and with Europol~~ for querying with, retrieving and scoring biometric data in accordance with this Regulation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 36 – paragraph 1

The use of the router shall be reserved to the Member States’ authorities that have a demonstrable need for access to the exchange of DNA profiles, and dactyloscopic data ~~and facial images, and Europol in accordance with this Regulation and Regulation (EU) 2016/794~~for the pursuit of objectives relating to serious criminal offences in accordance with this Regulation. Each individual shall undergo prior, individual authorisation to use the router and shall have completed data protection training.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 36 – paragraph 1 a (new)

1a. Access to the router for all Member States should be conditioned on a full, independent, ex ante data protection impact assessment, as referred to in Article 27 of Directive 2016/680, which should, at minimum, verify that data in their databases has or have been stored in accordance with the law, in particular, the requirements of ‘strict necessity’ and proportionality under Directive (EU) 2016/680 of the European Parliament and the Council, which postdates Council Decisions 2008/615/JHA and 2008/616/JHA and verify that officials are following the correct rules and procedures for data storage and processing;.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 1

1. The router users referred to in Article 36 shall request a query by submitting biometric data to the router. The router shall dispatch the request for a query to the Member States’ databases ~~and Europol data~~ simultaneously with the data submitted by the user and in accordance with their access rights.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 2

2. On receiving the request for a query from the router, each requested Member State ~~and Europol~~ shall launch a query of their databases in an automated manner and without delay.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 3

3. Any matches resulting from ~~the~~a query in each Member States’ databases ~~and Europol data~~ shall be sent back in ~~an automated manner to the router~~to the router following the manual review process set out in Articles6(3-5), 13(3-5) or 19(1a), as applicable..

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 3 a (new)

3a. Any matches resulting from a query regarding DNA or dactylocopic data in each Member States’ databases shall be handled according to the procedure set out in Articles 6 and 13, as applicable.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 4

4. The router shall rank the replies in accordance with the score of the correspondence between the biometric data used for querying and the biometric data stored in the Member States’ databases ~~and Europol data~~. The ranking process and technology shall be independently verified by the European Data Protection Board to ensure that the thresholds are sufficiently high to ensure accuracy, reasonably minimise the risk of misidentification and prevent discrimination.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 4 a (new)

4a. EU-LISA shall make publicly available the supplier of the ranking technology.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 37 – paragraph 6

6. The Commission shall adopt ~~implementing~~delegated acts to specify the technical procedure for the router to query Member States’ databases and Europol data, the format of the router replies and the technical rules for scoring the correspondence between biometric data. These ~~implementing~~delegated acts shall ensure that the thresholds are sufficiently high to ensure accuracy, reasonably minimise the risk of misidentification and prevent discrimination These delegated acts shall be adopted in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 38 – paragraph 1

The requested Member State shall check the quality of the transmitted data ~~by means of a fully automated procedure~~manually.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 38 – paragraph 1 a (new)

1a. All individuals granted access to the databases shall have undergone training in procedures to be used for comprehensive and accurate review of matches under each data category referred to in this Regulation before being given access to the databases.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 38 – paragraph 2

~~Should the data be unsuitable for an automated comparison, the requested Member State shall inform the requesting Member State about it via the router without delay.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 39 – paragraph 1

1. The router users referred to in Article 36 may launch a query to Member States’ databases ~~and Europol data~~ simultaneously with a query to the Common Identity Repository where the relevant conditions under Union law are fulfilled and in accordance with their access rights. For this purpose, the router shall query the Common Identity Repository via the European Search Portal.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 39 – paragraph 2 – subparagraph 2

Simultaneous queries of the Member States’ databases and Europol data and the Common Identity Repository may only be launched in cases where ~~it is likely that data on a suspect, perpetrator or~~there are reasonable grounds to believe that data on a suspect, a person convicted of a criminal offence, victim of a terrorist offence or other serious criminal offences as defined respectively in Article 4, points 21 and 22, of Regulation (EU) 2019/817 and Article 4, points 21 and 22, of Regulation (EU) 2019/818 are stored in the Common Identity Repository.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 40 – paragraph 1 – point d

(d) the national databases ~~or Europol data~~ to which a request for a query was sent;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 40 – paragraph 1 – point e

(e) the national databases ~~or Europol data~~ that provided an answer;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 40 – paragraph 2 – subparagraph 1

~~Europol shall keep logs of queries that its duly authorised staff make.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 40 – paragraph 3 – subparagraph 1

Those logs shall be protected by appropriate measures against unauthorised access and erased ~~one~~four years after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the logs.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 40 – paragraph 4 a (new)

4a. When requested, and for the purposes of data protection monitoring, as well as for monitoring of compliance with relevant national and Union law, in accordance with Article 25 of the Law Enforcement Directive 680/2016 (LED), the controller and the processor shall make the logs available to the supervisory authority.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 41 – paragraph 1

1. Where it is technically impossible to use the router to query one or several national databases ~~or Europol data~~ because of a failure of the router, the router users shall be notified in an automated manner by eu-LISA. eu- LISA shall take measures to address the technical impossibility to use the router without delay.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 41 – paragraph 2

2. Where it is technically impossible to use the router to query one or several national databases ~~or Europol data~~ because of a failure of the national infrastructure in a Member State, that Member State shall notify the other Member States, eu-LISA and the Commission in an automated manner. Member States shall take measures to address the technical impossibility to use the router without delay.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 41 – paragraph 3

3. Where it is technically impossible to use the router to query one or several national databases or Europol data because of a failure of the infrastructure of Europol, Europol shall notify the Member States, eu-LISA and the Commission in an automated manner. Europol shall take measures to address the technical impossibility to use the router without delay.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Chapter 3 – Section 2

~~[...]~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 44 – paragraph 1 – introductory part

1. Member States ~~and Europol~~ shall request a query by submitting the data referred to in Article 43.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 44 – paragraph 3

3. Any matches resulting from the query in each Member State’s database shall be ~~sent back in an automated manner to EPRIS~~manually reviewed by the requested Member State. If a match or matches are confirmed, the requested Member State shall invite the requesting Member State to send a reasoned follow- up request containing any additional relevant information to the requested Member State(s).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 44 – paragraph 4

4. The ~~list of matches shall be returned to the requesting Member State by EPRIS. The list of matches shall indicate the quality of the~~requested Member State(s)shall process such requests without delay to decide whether to share the data stored in their database. Upon confirmation, the requested Member State(s) shall share the list of match aes w~~ell as the Member State whose database contains d~~ith the requesting Member State. The list of matches shall indicatae th~~at resulted in~~e quality of the match.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 44 – paragraph 4 a (new)

4a. The requested Member State may refuse to share the list of matches if they determine that it disproportionately infringes on the rights and freedoms of the data subject or if they determine it to be prejudicial to an ongoing investigation. The justification for such refusals must be provided promptly to the requesting Member State.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 44 – paragraph 7

7. The Commission shall adopt ~~implementing~~delegated acts to specify the technical procedure for EPRIS to query Member States’ databases and the format of the replies. These ~~implementing~~delegated acts shall be adopted in accordance with the procedure referred to in Article 76(2).

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 45 – paragraph 3 – subparagraph 1

Those logs shall be protected by appropriate measures against unauthorised access and erased ~~one~~four years after their creation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 47 – paragraph 1 – introductory part

Where, following the procedures referred to in Articles 6, 7, 13, or 22 ~~show a match between the data used for the search or comparison and data held in the database of the requested Member State(s), and upon confirmation of this match by~~the requested Member State confirms that data can be shared with the requesting Member State, the requested Member State shall return a set of core data via the router within 24 hours. That set of core data, if available, shall contain the following data:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 48 – paragraph 1

Any exchange which is not explicitly provided for in this Regulation between Member States’ competent authorities ~~or with Europol~~, at any stage of one of the procedures under this Regulation, shall take place via SIENA.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 49

Access by Member States to third country- sourced biometric data stored by Europol 1. accordance with Regulation (EU) 2016/794, have access to, and be able to search via the router, biometric data which has been provided to Europol by third countries for the purposes of Article 18(2), points (a), (b) and (c), of Regulation (EU) 2016/794. 2. match between the data used for the search and Europol data, the follow-up shall take place in accordance with Regulation (EU) 2016/794.rticle 49 deleted Member States shall, in Where this procedure results in a

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 49 – paragraph 1

1. Member States shall, in accordance with Regulation (EU) 2016/794, and without prejudice to the provisions in regards to the obligations of compliance with the conditions under which third countries have shared personal data with Europol, have access to, and be able to search via the router, biometric data which has been provided to Europol by third countries for the purposes of Article 18(2), points (a), (b) and (c), of Regulation (EU) 2016/794. in a way that specifies the data subject categories subject to the query.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 50

Access by Europol to data stored in Member States’ databases 1. Regulation (EU) 2016/794, have access to data, which are stored by Member States in their national databases in accordance with this Regulation. 2. Europol queries performed with biometric data as a search criterion shall be carried out using the router. 3. vehicle registration data as a search criterion shall be carried out using Eucaris. 4. police records as a search criterion shall be carried out using EPRIS. 5. Europol shall carry out the searches in accordance with paragraph 1 only when carrying out its tasks referred to in Regulation (EU) 2016/794. 6. in Articles 6, 7, 13 or 22 show a match between the data used for the search or comparison and data held in the national database of the requested Member State(s), and upon confirmation of that match by Europol, the requested Member State shall decide whether to return a set of core data via the router within 24 hours. That set of core data, if available, shall contain the following data: (a) (b) (c) (d) (e) (f) 7. obtained from a search made in accordance with paragraph 1 and from the exchange of core data in accordance with paragraph 6 shall be subject to the consent of the Member State in which database the match occurred. If the Member State allows therticle 50 deleted Europol shall, in accordance with Europol queries performed with Europol queries performed with Where the procedures referred to first name(s); family name(s); date of birth; nationality or nationalities; place and country of birth; gender. Europol's use of ~~such~~ information~~, its handling by Europol shall be governed by Regulation (EU) 2016/794.~~

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 50 – paragraph 1

1. Europol shall, in accordance with Regulation (EU) 2016/794, have access to data, which are stored by Member States in their national databases in accordance with this Regulation in a way that specifies the data subject categories subject to each query.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 50 – paragraph 6 – introductory part

6. Where, following the procedures referred to in Articles 6, 7, 13, or 22 ~~show a match between the data used for the search or comparison and data held in the national database of the requested Member State(s), and upon confirmation of~~the requested Member State confirms that mdat~~ch by~~a can be shared with Europol, the requested Member State shall decide whether to return a set of core data via the router within 24 hours. That set of core data, if available, shall contain the following data:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 51 – paragraph 1

1. Processing of personal data by the requesting Member State ~~or Europol~~ shall be permitted solely for the purposes for which the data have been supplied by the requested Member State in accordance with this Regulation. ~~Processing for other purpose~~The provisions of this sCha~~ll be permitted solely with the prior authorisation of the requested Member State~~pter are without prejudice to the application of Directive EU 2016/680 and Regulation EU 2018/1725.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 51 – paragraph 2 – introductory part

2. Processing of data supplied pursuant to Articles 6, ~~7, 13, 18~~13 or 2218 by the searching or comparing Member State shall be permitted solely in order to:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 51 – paragraph 3

3. The requesting Member State may process the data supplied to it in accordance with Articles 6~~, 7, 13 or 22~~ or 13 solely where this is strictly necessary for the purposes of this Regulation and proportionate to the goal to be achieved. The supplied data shall be deleted immediately following data comparison or automated replies to searches unless further processing is necessary by the requesting Member State for the purposes of the prevention, detection and investigation of serious criminal offences.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 51 – paragraph 4

4. Data supplied in accordance with Article 18 may be used by the requesting Member State solely where this is strictly necessary for the purposes of this Regulation and proportionate to the goal to be achieved. The data supplied shall be deleted immediately following automated replies to searches unless further processing is necessary for recording pursuant to Article 20. The requesting Member State shall use the data received in a reply solely for the procedure for which the search was made.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 52 – paragraph 1

1. Member States shall ensure the accuracy and current relevance of personal data. Should a requested Member State become aware that incorrect data or data which should not have been supplied have been supplied, this shall be notified without delay to any requesting Member State. All requesting Member States concerned shall be obliged to correct or delete the data accordingly and to report on the inaccuracy of the hit, notably when it concerns matches of biometric data, such as facial images, for the purposes of Chapter 9. Moreover, personal data supplied shall be corrected if they are found to be incorrect. If the requesting Member State has reason to believe that the supplied data are incorrect or should be deleted the requested Member State shall be informed.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 53 – paragraph 2

~~2. Europol shall be the processor for the processing of personal data via EPRIS.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 1

1. ~~Europol,~~ eu-LISA and Member States’ authorities shall ensure the security of the processing of personal data that takes place pursuant to this Regulation. ~~Europol,~~ eu-LISA and Member States’ authorities shall cooperate on security- related tasks.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 2

2. Without prejudice to Article 33 of Regulation (EU) 2018/1725 and Article 32 of Regulation (EU) 2016/794, eu-LISA ~~and Europol~~ shall take the necessary measures to ensure the security of the router and EPRIS respectively as well as their related communication infrastructure.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 3 – introductory part

3. In particular, eu-LISA ~~and Europol~~ shall adopt the necessary measures concerning the router ~~and EPRIS respectively~~, including a security plan, a business continuity plan and a disaster recovery plan, in order to:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 3 – point g

(g) ensure that persons authorised to access the router ~~and EPRIS~~ have access only to the data covered by their access authorisation, by means of individual user identities and confidential access modes only;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 3 – point i

(i) ensure that it is possible to verify and establish what data have been processed in the router ~~and EPRIS~~, when, by whom and for what purpose;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 3 – point j

(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from the router ~~and EPRIS~~ or during the transport of data media, in particular by means of appropriate encryption techniques;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 54 – paragraph 3 – point l

(l) ensure reliability by making sure that any faults in the functioning of the router ~~and EPRIS~~ are properly reported;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 55 – paragraph 1

1. Any event that has or may have an impact on the security of the router ~~or EPRIS~~ and may cause damage to or loss of data stored in them shall be considered to be a security incident, in particular where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 55 – paragraph 3 – subparagraph 1

Without prejudice to Article 34 of Regulation (EU) 2016/794, Europol shall notify CERT-EU of significant cyber threats, significant vulnerabilities and significant incidents without undue delay and in any event no later than 24 hours after becoming aware of them. Actionable and appropriate technical details of cyber threats, vulnerabilities and incidents that enable proactive detection, incident response or mitigating measures shall be disclosed to CERT-EU without undue delay. In accordance with Articles34 and 92 of Regulation (EU) 2018/1725, Europol shall notify the EDPS of any personal data breaches.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 55 – paragraph 3 – subparagraph 2

In the event of a security incident in relation to the central infrastructure of the router, eu-LISA shall notify CERT-EU of significant cyber threats, significant vulnerabilities and significant incidents without undue delay and in any event no later than 24 hours after becoming aware of them. Actionable and appropriate technical details of cyber threats, vulnerabilities and incidents that enable proactive detection, incident response or mitigating measures shall be disclosed to CERT-EU without undue delay. In accordance with Articles34 and 92 of Regulation (EU) 2018/1725, eu-Lisa shall notify the EDPS of any personal data breaches.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 55 – paragraph 5

5. Information regarding a security incident that has or may have an impact on the operation of EPRIS or on the availability, integrity and confidentiality of the data shall be provided by the Member States and Union agencies concerned to the Member States without delay and reported in compliance with the incident management plan to be provided by Europol.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 56 – paragraph 2 a (new)

2a. Law enforcement authorities shall take the necessary measures to monitor compliance with fundamental rights in data exchanges under this Regulation, including the right to non-discrimination, through review and audit of justifications referred to in Article 33 and review and audit of the logs referred to in Articles 40 and 45.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 59 – paragraph 1

If any failure of a Member State to comply with its obligations under this Regulation causes damage to the router ~~or EPRIS~~, that Member State shall be liable for such damage, unless and insofar as eu-LISA~~, Europol~~ or another Member State bound by this Regulation failed to take reasonable measures to prevent the damage from occurring or to minimise its impact.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 60 – paragraph 1

1. The European Data Protection Supervisor shall ensure that an audit of personal data processing operations by eu- LISA ~~and Europol~~ for the purposes of this Regulation is carried out in accordance with relevant international auditing standards at least every ~~four~~two years. A report of that audit shall be sent to the European Parliament, to the Council, to the Commission, to the Member States and to the Union agency concerned. ~~Europol and~~ eu-LISA shall be given an opportunity to make comments before the reports are adopted.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 60 – paragraph 2

2. ~~eu-LISA and Europol~~The European Data Protection Supervisor may exercise any of the powers provided in Article 58 of EU 2018/1725 for the purposes of conducting audit and supervision. eu-LISA shall supply information requested by the European Data Protection Supervisor to it, grant the European Data Protection Supervisor access to all the documents it requests and to their logs referred to in Articles 40 and 45 and allow the European Data Protection Supervisor access to all their premises at any time.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 60 a (new)

Article 60a Audits by national supervisory authorities 1. National supervisory authorities shall ensure that an audit of personal data processing operations by national competent authorities for the purposes of this Regulation is carried out in accordance with relevant international auditing standards at least every two years. A report of that audit shall be sent to the relevant national parliament, to the European Parliament, to the Council, and to the Commission. 2. National competent authorities shall supply information requested by the national supervisory authorities, grant the national supervisory authorities access to all the documents they request and to their logs referred to in Articles 40 and 45 and allow the national supervisory authorities access to all their premises at any time. 3. The supervisory authorities shall be provided with sufficient human and technical resources to guarantee the effectiveness of the supervision.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 61 – paragraph 3

3. The European Data Protection Board shall send a joint report of its activities under this Article to the European Parliament, to the Council, to the Commission, ~~to Europol~~ and to eu-LISA by [2one years after entry into operation of the router and EPRIS] and every ~~two~~ years thereafter. That report shall include a chapter on each Member State prepared by the supervisory authority of the Member State concerned.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 63 – paragraph 1 – point d

~~(d) the connection to the infrastructure of EPRIS;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 63 – paragraph 1 – point e

~~(e) the integration of the existing national systems and infrastructures with EPRIS;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 63 – paragraph 1 – point f

~~(f) the organisation, management, operation and maintenance of its existing national infrastructure and of its connection to EPRIS;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 63 – paragraph 1 – point h

(h) the management of, and arrangements for, access by the duly authorised staff of the competent national authorities to EPRIS in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles;deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 63 – paragraph 2

2. Each Member State shall be responsible for connecting their competent national authorities to the router~~, EPRIS~~ and Eucaris.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 64

1. the management of, and arrangements for the access by its duly authorised staff to the router, EPRIS and Eucaris in accordance with this Regulation. 2. for the processing of the queries of Europol data by the router. Europol shall adapt its information systems accordingly. 3. any technical adaptations in Europol infrastructure required for establishing the connection to the router and to Eucaris. 4. the development of EPRIS in cooperation with the Member States. EPRIS shall provide the functionalities laid down in Articles 42 to 46. Europol shall provide the technical management of EPRIS. Technical management of EPRIS shall consist of all the tasks and technical solutions necessary to keep the EPRIS central infrastructure functioning and providing uninterrupted services to Member States 24 hours a day, 7 days a week in accordance with this Regulation. It shall include the maintenance work and technical developments necessary to ensure that EPRIS functions are at a satisfactory level of technical quality, in particular as regards thArticle 64 deleted Responsibilities of Europol Europol shall be responsible for Europol shall also be responsible Europol shall be respons~~e tim~~ible for interrogation of the national databases in accordance with the technical specifications. 5. the technical use of EPRIS. 6. Europol shall be responsible for the procedures referred to in Articles 49 and 50.Europol shall be responsible for Europol shall provide training on

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 66 – paragraph 1 – subparagraph 1

Technical management of the router shall consist of all the tasks and technical solutions necessary to keep the router functioning and providing uninterrupted services to Member States ~~and to Europol~~ 24 hours a day, 7 days a week in accordance with this Regulation. It shall include the maintenance work and technical developments necessary to ensure that the router functions at a satisfactory level of technical quality, in particular as regards availability and the response time for submitting requests to the national databases ~~and Europol data~~ in accordance with the technical specifications.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 66 – paragraph 1 – subparagraph 2

The router shall be developed and managed in such a way as to ensure fast, efficient and controlled access, full and uninterrupted availability of the router, and a response time in line with the operational needs of the competent authorities of the Member States ~~and Europol~~.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 66 a (new)

Article 66a Responsibilities of the Commission The Commission shall have oversight of the responsibilities of the Member States and eu-LISA described in Articles 63, 65 and 66, and shall conduct regular reviews, no less than yearly, of the compliance of Member States and eu- LISA with their obligations under this regulation, as well as make binding recommendations for improvement should deficiencies be identified as part of the review process.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 1 – introductory part

1. The duly authorised staff of the competent authorities of Member States, the Commission, ~~Europol~~ and eu-LISA shall have access to consult the following data related to the router, solely for the purposes of reporting and statistics:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 1 – point a

(a) number of queries per Member State ~~and by Europol~~;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 1 – point d a (new)

(da) number of inaccurate hits concerning matches of biometric data;

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 1 – point e

~~(e) number of matches against Europol data per category of data;~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 2 – introductory part

2. The duly authorised staff of the competent authorities of Member States, ~~Europol~~ and the Commission shall have access to consult the following data related to Eucaris, solely for the purposes of reporting and statistics:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 71 – paragraph 2 – point a

(a) number of queries per Member State ~~and by Europol~~;

2022/11/03
Committee: LIBE

3. The duly authorised staff of the competent authorities of Member States, the Commission and Europol shall have access to consult the following data related to EPRIS, solely for the purposes of reporting and statistics: (a) State and by Europol; (b) connected indexes; and (c) Member State’s database. It shall not be possible to identify individuals from the data.deleted number of queries per Member number of queries to each of the number of matches against each

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 72 – paragraph 1

1. Costs incurred in connection with the establishment and operation of the router ~~and EPRIS~~ shall be borne by the general budget of the Union.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 72 – paragraph 2 – introductory part

2. Costs incurred in connection with the integration of the existing national infrastructures and their connections to the router and EPRIS as well as costs incurred in connection with the establishment of national facial images databases and police national indexes for the prevention, detection and investigation of serious criminal offences shall be borne by the general budget of the Union.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 72 – paragraph 4

~~4. Each Member State shall bear the costs arising from the administration, use and maintenance of their connections to the router and EPRIS.~~deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 74 – paragraph 1 – point b

(b) eu-LISA has declared the successful completion of a comprehensive test of the router, which it has conducted in cooperation with the Member States authorities’ ~~and Europol~~.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 74 – paragraph 2

2. The Commission shall determine the date from which the Member States and the Union agencies are to start using EPRIS by means of an implementing act once the following conditions have been met: (a) 44(7) have been adopted; (b) successful completion of a comprehensive test of EPRIS, which it has conducted in cooperation with the Member States’ authorities.deleted the measures referred to in Article Europol has declared the

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 74 – paragraph 3

3. The Commission shall determine the date from which Europol is to make available third country-sourced biometric data to Member States in accordance with Article 49 by means of an implementing act once the following conditions have been met: (a) (b) successful completion of a comprehensive test of the connection, which it has conducted in cooperation with the Member States authorities’ and eu-LISA.deleted the router is in operation; Europol has declared the

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 74 – paragraph 4

4. The Commission shall determine the date from which Europol is to have access to data stored in Member States’ databases in accordance with Article 50 by means of an implementing act once the following conditions have been met: (a) (b) successful completion of a comprehensive test of the connection, which it has conducted in cooperation with the Member States authorities’ and eu-LISA.deleted the router is in operation; Europol has declared the

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 78 – paragraph 1

The Commission shall, in close cooperation with the Member States, ~~Europol~~the Fundamental Rights Agency, the EDPS, the EDPB, civil society and eu-LISA, make available a practical handbook for the implementation and management of this Regulation. The practical handbook shall provide technical and operational guidelines, recommendations and best practices. The Commission shall adopt the practical handbook in the form of a recommendation.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 1

1. eu-LISA and Europol shall, respectively, ensure that procedures are in place to monitor the development of the router and of EPRIS in light of objectives relating to planning and costs and to monitor the functioning of the router and of EPRIS in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 3

3. By [one year after entry into force of this Regulation] and every year thereafter during the development phase of EPRIS, Europol shall submit a report to the European Parliament and to the Council on the state of preparation for the implementation of this Regulation and on the state of play of the development of EPRIS including detailed information about the costs incurred and information as to any risks which may impact the overall costs to be borne by the general budget of the Union in accordance with Article 72. Once the development of EPRIS is finalised, Europol shall submit a report to the European Parliament and to the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 3 – subparagraph 1

Once the development of EPRIS is finalised, Europol shall submit a report to the European Parliament and to the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 4

4. For the purposes of technical maintenance, eu-LISA and Europol shall have access to the necessary information relating to the data processing operations performed in the router ~~and EPRIS respectively~~. This shall not include any personal data.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 6

6. Two years after the start of operations of EPRIS and every two years thereafter, Europol shall submit to the European Parliament, to the Council and to the Commission a report on the technical functioning of EPRIS, including the security thereof.deleted

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 7 – introductory part

7. ~~Thre~~One years after the start of operations of the router and EPRIS as referred to in Article 74 and every ~~four~~two years thereafter, the Commission shall produce an overall evaluation of Prüm II, including:

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 9

9. The Member States shall provide ~~Europol and~~ the Commission with the information necessary to draft the reports referred to in paragraphs 3 and 6. This information shall not jeopardise working methods or include information that reveals sources, staff members or investigations of the designated authorities.

2022/11/03
Committee: LIBE

Proposal for a regulation
Article 79 – paragraph 10

10. Member States, and eu-LISA ~~and Europol~~ shall provide the Commission with the information necessary to produce the evaluations referred to in paragraph 7. Member States shall also provide the Commission with the number of confirmed matches against each Member State’s database per category of data.

2022/11/03
Committee: LIBE