Activities of Fabienne KELLER related to 2021/0410(COD)
Plenary speeches (1)
Automated data exchange for police cooperation (“Prüm II”) (debate)
Shadow reports (1)
REPORT on the proposal for a regulation of the European Parliament and of the Council on automated data exchange for police cooperation (“Prüm II”), amending Council Decisions 2008/615/JHA and 2008/616/JHA and Regulations (EU) 2018/1726, 2019/817 and 2019/818 of the European Parliament and of the Council
Amendments (109)
Amendment 238 #
Proposal for a regulation
Citation 1
Citation 1
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16(2), Article 82(1), point (d), Article 87(2), point (a), and Article 88(2) thereof,
Amendment 239 #
Proposal for a regulation
Citation 5
Citation 5
Amendment 240 #
Proposal for a regulation
Citation 5 a (new)
Citation 5 a (new)
Having regard to the opinion of the European Data Protection Supervisor1a _________________ 1a EDPS Opinion on the Proposal for a Regulation on automated data exchange for police cooperation, of 2 March 2022: https://edps.europa.eu/data- protection/our- work/publications/opinions/edps-opinion- proposal-regulation-automated-data_en
Amendment 241 #
Proposal for a regulation
Recital 1
Recital 1
(1) The Union has set itself the objective of offering its citizens an area of freedom, security and justice without internal frontiers, in which the free movement of persons is ensured. That objective should be achieved by means of, among others, appropriate measures to prevent and combat crime and other threats to public security, including organised crime and terrorism in line with the EU Security Union Strategy.
Amendment 242 #
Proposal for a regulation
Recital 2
Recital 2
(2) That objective requires that law enforcement authorities exchange data, in an efficient and timely manner, in order to effectively fight crimeprevent, detect and investigate criminal offences.
Amendment 244 #
Proposal for a regulation
Recital 3
Recital 3
(3) TIn full compliance with fundamental rights and data protection rules, the objective of this Regulation is therefore to improve, streamline and facilitate the exchange of criminal information between Member States’ law enforcement authorities, but also with the European Union Agency for Law Enforcement Cooperation established by Regulation (EU) No 2016/794 of the European Parliament and of the Council30 (Europol) as the Union central criminal information hub. _________________ and its amending Regulation (EU) 2022/9911b _________________ 1b Regulation (EU) 2022/991 of the European Parliament and of the Council of 8 June 2022 amending Regulation (EU) 2016/794, as regards Europol’s cooperation with private parties, the processing of personal data by Europol in support of criminal investigations, and Europol’s role in research and innovation 30 Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 24.5.2016, p. 53).
Amendment 254 #
Proposal for a regulation
Recital 6
Recital 6
(6) The processing of personal data and the exchange of personal data for the purposes of this Regulation is without prejudice to Regulation (EU) 2018/17251c and Directive 2016/6801d. In particular, it should not result in discrimination against persons on any grounds. It should fully respect human dignity and integrity and other fundamental rights, including the right to respect for one's private life and to the protection of personal data, in accordance with the Charter of Fundamental Rights of the European Union. _________________ 1c Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (Text with EEA relevance.) 1d Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.
Amendment 255 #
Proposal for a regulation
Recital 6 a (new)
Recital 6 a (new)
(6 a) While respecting the principle of subsidiarity, the Member States should work towards to the convergence of national rules for storing information on individuals in national databases for the purpose of prevention detection, and investigation of criminal offences.
Amendment 263 #
Proposal for a regulation
Recital 8
Recital 8
(8) The Directive (EU) …/… [on information exchange between law enforcement authorities of Member States] provides a coherent Union legal framework to ensure that law enforcement authorities have equivalent access to information held by other Member States when they need it to fight crime and terrorism. To enhance information exchange, that Directive formalises and clarifies the procedures for information sharing between Member States, in particular for investigative purposes, including the role of the ‘Single Point of Contact’ for such exchanges, and making full use of Europol’s information exchange channel SIENA. Any exchange of information beyond what is provided for in this Regulation ishould be regulated by Directive (EU) …/… [on information exchange between law enforcement authorities of Member States].
Amendment 267 #
Proposal for a regulation
Recital 10
Recital 10
(10) The identification of a criminal is essential for a successful criminal investigation and prosecution. The automated searching of facial images of suspects and persons convicted of criminal offences should provide for additional information for successfully identifying criminals and fighting crime. Given the sensitive nature of police records and the existence of diverging rules between Member State on the definition of criminal offences, this Regulation should be restricted to the processing of police records relating to serious criminal offences, as listed in Annex I of Regulation (EU) 2016/794.
Amendment 272 #
Proposal for a regulation
Recital 11
Recital 11
(11) The automated search or comparison of biometric data (DNA profiles, dactyloscopic data and facial images) between authorities responsible for the prevention, detection and investigation of criminal offences under this Regulation should only concern data contained in Union’s or Member States’ databases established for the prevention, detection and investigation of criminal offences.
Amendment 280 #
Proposal for a regulation
Recital 12 a (new)
Recital 12 a (new)
(12 a) The exchange of police records in this regulation should not cover data exchange in the existing European Criminal Records Information System (ECRIS) framework.
Amendment 283 #
Proposal for a regulation
Recital 13
Recital 13
(13) In recent years, Europol has received a large amount of biometric data of suspecteds and persons convicted for terroristsm and criminal offences from several third countries in accordance with Article 19 of Regulation(EU) 2016/794. Including third country-sourced data stored at Europol in the Prüm framework and thus making this data available to law enforcement authorities is in line with the Agency’s role as the Union central criminal information hub and is necessary for better prevention, detection and investigation of criminal offences. It also contributes to building synergies between different law enforcement tools.
Amendment 287 #
Proposal for a regulation
Recital 14
Recital 14
(14) Europol should be able to search Member States’ databases under the Prüm framework with data received from third countries in order to establish cross-border links between criminal cases. Being able to use Prüm data, next to other databases available to Europol, should allow establishing more complete and informed analysis on the criminal investigations and should allow Europol to provide better support to Member States’ law enforcement authorities. In case of a match confirmed manually by qualified staff between data used for the search and data held in Member States’ databases, Member States may supply Europol with the information necessary for it to fulfil its tasks.
Amendment 294 #
Proposal for a regulation
Recital 17
Recital 17
(17) In case of a match between the data used for the search or comparison and data held in the national database of the requested Member State(s), and upon manual confirmation of this match by qualified staff from the re questing Member State, the requested Member State should return a limited set of core data via the router within 24 hours or within 72 hours if a judicial authorisation is required under national law. The deadline would ensure fast communication exchange between Member States’ authorities. Member States should retain control over the release of this limited set of core data. A certain degree of human intervention should be maintained at key points in the process, including for the decision to. In particular, the release of personal data to the requesting Member Statecore data should be subject to human intervention in order to ensure that there would be no automated exchange of core data.
Amendment 305 #
Proposal for a regulation
Recital 21
Recital 21
(21) Certain aspects of the Prüm II framework cannot be covered exhaustively by this Regulation given their technical, highly detailed and frequently changing nature. Those aspects include, for example, technical arrangements and specifications for automated searching procedures, the standards for data exchange, including minimum quality standards, and the data elements to be exchanged. In order to ensure uniform conditions for the implementation of this Regulation implementing powers should be conferred on the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council.36 _________________ 36 Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
Amendment 307 #
Proposal for a regulation
Recital 21 a (new)
Recital 21 a (new)
(21 a) Data quality in the context of automated comparison is an essential prerequisite to ensure the efficiency of the present Regulation and reduce the risk of false matches. Adequate standards should be determined at EU level by means of implementing act for data exchanged in the framework of this Regulation.
Amendment 308 #
Proposal for a regulation
Recital 21 b (new)
Recital 21 b (new)
(21 b) Member States and Europol should ensure that data exchanged in the framework of this Regulation are accurate and up-to-date. In accordance to the principles of data protection, Member States and Europol should make sure that any data transmitted that is found to be incorrect, inaccurate or outdated is corrected or deleted, as appropriate, and any correction or deletion is communicated to all recipients without delay. For example, the situation of a suspected person who is then not convicted or acquitted should be updated accordingly in application to this Regulation.
Amendment 309 #
Proposal for a regulation
Recital 21 c (new)
Recital 21 c (new)
(21 c) Strong monitoring of the implementation and the application of this Regulation of utmost importance. In particular, compliance with rules for processing personal data, should be subject to effective safeguards, monitoring and audits by data controllers, supervisory authorities and the European Data Protection Supervisor. Provisions allowing for a regular checking of the admissibility of queries, the lawfulness of data processing or the manual confirmation of matches should be in place. Member States and Europol should also ensure adequate human, technical and financial resources for this purpose.
Amendment 311 #
Proposal for a regulation
Recital 26
Recital 26
(26) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council38 and delivered an opinion on [XX]2 March 202239 . _________________ 38 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, p. 39). 39 [OJ C …]. EDPS Opinion on the Proposal for a Regulation on automated data exchange for police cooperation, on 2 March 2022: https://edps.europa.eu/data- protection/our- work/publications/opinions/edps-opinion- proposal-regulation-automated-data_en
Amendment 317 #
Proposal for a regulation
Article 1 – paragraph 2
Article 1 – paragraph 2
This Regulation lays down the conditions and procedures for the automated searching of DNA profiles, dactyloscopic data, facial images, police records and certain vehicle registration data and the rules regarding the exchange of core data following a matchconfirmed match of biometric data.
Amendment 323 #
Proposal for a regulation
Article 2 – paragraph 1
Article 2 – paragraph 1
The purpose of Prüm II shall be to step up cross-border cooperation in matters covered by Part III, Title V, Chapter 5 of the Treaty on the Functioning of the European Union, particularly by facilitating the exchange of information between authorities responsible for the prevention, detection and investigation of criminal offences.
Amendment 357 #
(24 a) ‘personal data’ means personal data as defined in Article 3, point (1) of Directive (EU) 2016/680;
Amendment 358 #
Proposal for a regulation
Article 4 – paragraph 1 – point 24 b (new)
Article 4 – paragraph 1 – point 24 b (new)
(24 b) ‘suspect’ means according to national law a person with regard to whom there are serious grounds for believing that they have committed or are about to commit a criminal offence, as referred to in Article 6 of Directive (EU) 2016/680;
Amendment 359 #
Proposal for a regulation
Article 4 – paragraph 1 – point 24 c (new)
Article 4 – paragraph 1 – point 24 c (new)
(24 c) ‘serious criminal offence’ means crimes listed in Annex I of Regulation (EU) 2016/794.
Amendment 366 #
Proposal for a regulation
Article 5 – paragraph 1 – introductory part
Article 5 – paragraph 1 – introductory part
1. Member States shall open and keep national DNA analysis files for the prevention, detection and investigation of criminal offences.
Amendment 372 #
Proposal for a regulation
Article 5 – paragraph 2 a (new)
Article 5 – paragraph 2 a (new)
2 a. The Commission shall adopt implementing acts to specify the minimum conditions and requirement for automated searching of DNA profiles. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 76(2).
Amendment 381 #
Proposal for a regulation
Article 6 – paragraph 1 – introductory part
Article 6 – paragraph 1 – introductory part
1. For the prevention, detection and investigation of criminal offences, Member States shall allow national contact points referred to in Article 29 and Europol access to the DNA reference data in their DNA analysis files, to conduct automated searches by comparing DNA profiles for the investigation of criminal offencesat purpose.
Amendment 386 #
Proposal for a regulation
Article 6 – paragraph 1 – subparagraph 1
Article 6 – paragraph 1 – subparagraph 1
Searches mayshall be conducted only in individual cases where they are proportionate and necessary for the purposes of preventing, detecting and investigating a criminal offence, and in compliance with the national law of the requesting Member State.
Amendment 392 #
Proposal for a regulation
Article 6 – paragraph 3
Article 6 – paragraph 3
3. The national contact point of the requesting Member State shall confirmmanually confirm by qualified staff a match of DNA profiles data with DNA reference data held by the requested Member State following the automated supply of the DNA reference data required for confirming a match.
Amendment 407 #
Proposal for a regulation
Article 7 – paragraph 3
Article 7 – paragraph 3
3. The confirmation of a match of DNA profiles with DNA reference data held by the requested Member State shall be carried out bymanually by qualified staff in the national contact point of the requesting Member State following the automated supply of the DNA reference data required for confirming a match.
Amendment 412 #
Proposal for a regulation
Article 10 – paragraph 1
Article 10 – paragraph 1
1. Appropriate measures shall be takenMember States and, where applicable, Europol shall take appropriate measures to ensure confidentiality and integrity for DNA reference data being sent to other Member States, including their encryption.
Amendment 414 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. Member States and Europol shall take the necessary measures to guarantee the integrity and minimum quality standards of the DNA profiles made available or sent for comparison to the other Member States and to ensure that those measures comply with the relevant European or international standards for DNA data exchange.
Amendment 415 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. The Commission shall adopt implementing acts to establish minimum quality standards of the DNA profiles and to specify the relevant European or international standards that are to be used by Member States or Europol for DNA reference data exchange. Those implementing acts shall be adopted in accordance with the procedure referred to in Article 76(2).
Amendment 429 #
Proposal for a regulation
Article 12 – paragraph 2
Article 12 – paragraph 2
2. Dactyloscopic reference data shall not contain any additional data from which an individual can be directly identified.
Amendment 436 #
Proposal for a regulation
Article 13 – paragraph 1 – subparagraph 1
Article 13 – paragraph 1 – subparagraph 1
Searches mayshall be conducted only in individual cases, where there are proportionate and necessary for the prevention, detection and investigation of a criminal offence, and in compliance with the national law of the requesting Member State.
Amendment 439 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. The national contact point of the requesting Member State shall confirmmanually confirm by qualified staff a match of dactyloscopic data with dactyloscopic reference data held by the requested Member State following the automated supply of the dactyloscopic reference data required for confirming a match.
Amendment 445 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The digitalisation of dactyloscopic data and their transmission to the other Member States or Europol shall be carried out in accordance with a uniform data format. The Commission shall adopt implementing acts to specify the uniform data format in accordance with the procedure referred to in Article 76(2).
Amendment 447 #
Proposal for a regulation
Article 15 – paragraph 2
Article 15 – paragraph 2
2. Each Member State and Europol shall ensure that the dactyloscopic data it transmits are of sufficient quality for a comparison by the automated fingerprint identification systems. The Commission shall adopt an implementing act to specify the minimum quality standard for the comparison of dactyloscopic data. That implementing act shall be adopted in accordance with the procedure referred to in Article 76(2).
Amendment 448 #
Proposal for a regulation
Article 15 – paragraph 3
Article 15 – paragraph 3
3. Member States and Europol shall take appropriate measures to ensure the confidentiality and integrity of dactyloscopic data being sent to other Member States, including their encryption.
Amendment 450 #
Proposal for a regulation
Article 16 – paragraph 1 – introductory part
Article 16 – paragraph 1 – introductory part
1. Each Member and Europol State shall ensure that its search requests do not exceed the search capacities specified by the requested Member State.
Amendment 452 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The Commission shall adopt implementing acts to specify the maximum numbers of candidates accepted for comparison per transmission in accordance with the procedure referred to in Article 76(2). If, after that adoption, a Member State inform the Commission and eu- LISA of a change of its maximum search capacities, the Commission shall review the relevant implementing act accordingly.
Amendment 471 #
Proposal for a regulation
Article 19 – paragraph 3
Article 19 – paragraph 3
3. The Commission shall adopt implementing acts to specify the data elements of the vehicle registration data to be exchanged. Those implementing acts shallwhich may be adopted in accordance with the procedure referred to in Article 76(2).
Amendment 472 #
Proposal for a regulation
Article 20 – title
Article 20 – title
Keeping of logs of queries to exchange vehicle registration data
Amendment 477 #
Proposal for a regulation
Article 20 – paragraph 2 – subparagraph 1
Article 20 – paragraph 2 – subparagraph 1
Those logs shall be protected by appropriate measures against unauthorised access and erased onefour years after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the logs.
Amendment 487 #
Proposal for a regulation
Article 21 – paragraph 1 – introductory part
Article 21 – paragraph 1 – introductory part
1. Member States shall ensure the availability of facial images of suspects and persons convicted of a serious criminal offence collected in accordance with their national law from their national databases established for the prevention, detection and investigation of criminal offences. Those data shall only include facial images and the reference number referred to in Article 23, and shall indicate whether the facial images are attributed to an individual or not.
Amendment 489 #
Proposal for a regulation
Article 21 – paragraph 1 – subparagraph 1
Article 21 – paragraph 1 – subparagraph 1
Member States shall not make available in this context any additional data from which an individual can be directly identified.
Amendment 497 #
Proposal for a regulation
Article 22 – paragraph 1 – introductory part
Article 22 – paragraph 1 – introductory part
1. For the prevention, detection and investigation of criminal offences, Member States shall allow national contact points of other Member States and Europol access to facial images stored in their national databases for the purpose of prevention, detection and investigation of serious criminal offences, to conduct automated searches.
Amendment 499 #
Proposal for a regulation
Article 22 – paragraph 1 – subparagraph 1
Article 22 – paragraph 1 – subparagraph 1
Searches mayshall be conducted only in individual cases where they are proportionate and necessary for the purpose of this Regulation and in compliance with the national law of the requesting Member State.
Amendment 505 #
Proposal for a regulation
Article 22 – paragraph 2
Article 22 – paragraph 2
2. The requesting Member State shall receive a list composed of matches concerning likely candidates. That Member State shall manually conduct a review of the list by qualified staff to determine the existence of a confirmed match.
Amendment 509 #
Proposal for a regulation
Article 23 a (new)
Article 23 a (new)
Amendment 519 #
Proposal for a regulation
Article 25 – paragraph 1 – introductory part
Article 25 – paragraph 1 – introductory part
1. Member States may decide to participate in the automated exchange of police records. Member States participating in the automated exchange of police records shall ensure the availability of biographical data of suspects and criminalspersons convicted of a serious criminal offence from their national police records indexes established for the prevention, detection and investigation of criminal offences. This set of data, if available, shall contain the following data:
Amendment 523 #
Proposal for a regulation
Article 25 – paragraph 1 – point c
Article 25 – paragraph 1 – point c
(c) alias(es) and previously used name(s);
Amendment 525 #
Proposal for a regulation
Article 25 – paragraph 1 a (new)
Article 25 – paragraph 1 a (new)
1 a. Member States shall also provide, as far as possible, any information on the quality and reliability of information to support the establishment of the list of matches as referred to in Article 26, paragraph 2.
Amendment 526 #
Proposal for a regulation
Article 25 – paragraph 2 a (new)
Article 25 – paragraph 2 a (new)
2 a. In accordance with Article 7 of Directive (EU) 2016/680,Member States shall ensure that personal data included in their national police records indexes are based on facts to be distinguished, as far as possible, from personal data based on personal assessments.
Amendment 530 #
Proposal for a regulation
Article 26 – paragraph 1 – introductory part
Article 26 – paragraph 1 – introductory part
1. For the prevention, detection and investigation of serious criminal offences, Member States shall allow national contact points of other Member States and Europol access to data from their national police records indexes, to conduct automated searches.
Amendment 532 #
Proposal for a regulation
Article 26 – paragraph 1 – subparagraph 1
Article 26 – paragraph 1 – subparagraph 1
Searches mayshall be conducted only in individual cases where they are proportionate and necessary for the purpose of this Regulation and in compliance with the national law of the requesting Member State.
Amendment 536 #
Proposal for a regulation
Article 26 – paragraph 2 – subparagraph 1
Article 26 – paragraph 2 – subparagraph 1
The requesting Member State shall also be informed about theany Member State whose database contains data that resulted in the match.
Amendment 543 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1 (new)
Article 29 – paragraph 2 – subparagraph 1 (new)
Each Member shall ensure that its national contact point is provided with adequate human, technical and financial resources to carry out its tasks pursuant to this Regulation.
Amendment 571 #
Proposal for a regulation
Article 33 – paragraph 2 – point b
Article 33 – paragraph 2 – point b
(b) an indication on whether the query concerns a suspect or, a perpetratorson convicted of a criminal offence, a victim of a serious crime or terrorism, a missing person or an unidentified human remains;
Amendment 575 #
Proposal for a regulation
Article 33 – paragraph 2 – point b a (new)
Article 33 – paragraph 2 – point b a (new)
(ba) the nature of the criminal offence, where applicable;
Amendment 577 #
Proposal for a regulation
Article 33 – paragraph 3 – introductory part
Article 33 – paragraph 3 – introductory part
3. The justifications referred to in paragraph 2 shall only be used for data protection and fundamental rights monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security and integrity.
Amendment 578 #
Proposal for a regulation
Article 33 – paragraph 3 – subparagraph 1
Article 33 – paragraph 3 – subparagraph 1
Those justifications shall be protected by appropriate measures against unauthorised access and erased onefour years after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the justification.
Amendment 580 #
Proposal for a regulation
Article 33 – paragraph 4
Article 33 – paragraph 4
4. For the purposes of data protection and fundamental rights monitoring, including checking the admissibility of a query and the lawfulness of data processing, the data controllers shall have unrestricted access to those justifications for self-monitoring as referred to in Article 56.
Amendment 620 #
Proposal for a regulation
Article 39 – paragraph 1
Article 39 – paragraph 1
1. The router users referred to in Article 36 may launch a query to Member States’ databases and Europol data simultaneously with a query to the Common Identity Repository whereprovided that the relevant conditions under Union law are fulfilled and in accordance with their access rights. For this purpose, the router shall query the Common Identity Repository via the European Search Portal.
Amendment 625 #
Proposal for a regulation
Article 40 – title
Article 40 – title
Keeping of logs of all data processing operations in the router
Amendment 633 #
Proposal for a regulation
Article 40 – paragraph 3 – subparagraph 1
Article 40 – paragraph 3 – subparagraph 1
Those logs shall be protected by appropriate measures against unauthorised access and erased onefour years after their creation. If, however, they are required for monitoring procedures that have already begun, they shall be erased once the monitoring procedures no longer require the logs.
Amendment 637 #
Proposal for a regulation
Article 41 – paragraph 2
Article 41 – paragraph 2
2. Where it is technically impossible to use the router to query one or several national databases or Europol data because of a failure of the national infrastructure in a Member State, that Member State shall notify the other Member States, Europol, eu-LISA and the Commission in an automated manner. Member States shall take measures to address the technical impossibility to use the router without delay.
Amendment 649 #
Proposal for a regulation
Article 43 – paragraph 2 – point a
Article 43 – paragraph 2 – point a
(a) alias(es) and previously used name(s);
Amendment 661 #
Proposal for a regulation
Article 45 – title
Article 45 – title
Keeping of logs of all data processing operations in EPRIS
Amendment 663 #
Proposal for a regulation
Article 45 – paragraph 1 – point a
Article 45 – paragraph 1 – point a
(a) the Member State or Union agencyEuropol launching the request for a query;
Amendment 664 #
Proposal for a regulation
Article 45 – paragraph 3 – subparagraph 1
Article 45 – paragraph 3 – subparagraph 1
Those logs shall be protected by appropriate measures against unauthorised access and erased onefour years after their creation.
Amendment 671 #
Proposal for a regulation
Article 47 – paragraph 1 – introductory part
Article 47 – paragraph 1 – introductory part
Where the procedures referred to in Articles 6, 7, 13 or 22 show a match between the data used for the search or comparison and data held in the database of the requested Member State(s), and upon confirmation of this match by the requesting Member State, the requested Member State shall return a set of core data via the router within 24 hours or 72 hours if a judicial authorisation is required under national law. That set of core data, if available, shall contain the following data:
Amendment 697 #
Proposal for a regulation
Article 50 – paragraph 6 – introductory part
Article 50 – paragraph 6 – introductory part
6. Where the procedures referred to in Articles 6, 7, 13 or 22 show a match between the data used for the search or comparison and data held in the national database of the requested Member State(s), and upon confirmation of that match by Europol, the requested Member State shall decide whether to return a set of core data via the router within 24 hours or within 72 hours if a judicial authorisation is required under national law. That set of core data, if available, shall contain the following data:
Amendment 701 #
Proposal for a regulation
Article 51 – paragraph 1
Article 51 – paragraph 1
1. Processing of personal data by the requesting Member State or Europol shall be permitted solely for the purposes for which the data have been supplied by the requested Member State in accordance with this Regulation. Processing for other purposes shall be permitted solely with the prior authorisation of the requested Member State without prejudice to Directive (EU) 2016/680.
Amendment 704 #
Proposal for a regulation
Article 51 – paragraph 2 – introductory part
Article 51 – paragraph 2 – introductory part
2. Processing of data supplied pursuant to Articles 6, 7, 13, 18, 22 or 226 by the searching or comparing Member State or Europol shall be permitted solely in order to:
Amendment 710 #
Proposal for a regulation
Article 51 – paragraph 2 – point a a (new)
Article 51 – paragraph 2 – point a a (new)
(aa) exchange a set of core data in accordance with Article 47;
Amendment 712 #
Proposal for a regulation
Article 51 – paragraph 2 – point c
Article 51 – paragraph 2 – point c
(c) logging within the meaning of Articles 20, 40 and 45.
Amendment 714 #
Proposal for a regulation
Article 51 – paragraph 3
Article 51 – paragraph 3
3. The requesting Member State may process the data supplied to it in accordance with Articles 6, 7, 13, 22 or 226 solely where this is strictly necessary for the purposes of this Regulation. The supplied data shall be deleted immediately following data comparison or automated replies to searches unless further processing is necessary by the requesting Member State for the purposes of the prevention, detection and investigation of criminal offences.
Amendment 718 #
Proposal for a regulation
Article 51 – paragraph 4
Article 51 – paragraph 4
4. Data supplied in accordance with Article 18 may be used by the requesting Member State solely where this is strictly necessary for the purposes of this Regulation. The data supplied shall be deleted immediately following automated replies to searches unless further processing is necessary for recording pursuant to Article 20. The requesting Member State shall use the data received in a reply solely for the procedure for which the search was made.
Amendment 726 #
Proposal for a regulation
Article 52 – paragraph 1
Article 52 – paragraph 1
1. Member States and Europol shall ensure the accuracy and current relevance of personal data. Should a requested Member State or Europol become aware that incorrect, no longer up-to-date data or data which should not have been supplied have been supplied, this shall be notified without delay to any requesting Member State or Europol. All requesting Member States concerned shall be obliged to correct or delete the data accordingly. Moreover, personal data supplied shall be corrected if they are found to be incorrect. If the requesting Member State or Europol has reason to believe that the supplied data are incorrect or should be deleted the requested Member State or Europol shall be informed without delay.
Amendment 727 #
Proposal for a regulation
Article 52 – paragraph 1 – subparagraph 1 (new)
Article 52 – paragraph 1 – subparagraph 1 (new)
In application to the first subparagraph, Member States and Europol shall put in place appropriate measures for updating their databases as regards not convicted or acquitted persons.
Amendment 728 #
Proposal for a regulation
Article 52 – paragraph 3 – point b
Article 52 – paragraph 3 – point b
(b) following the expiry of the maximum period for keeping data laid down under the national law of the requested Member State where the requested Member State informed the requesting Member State or Europol of that maximum period at the time of supplying the data.
Amendment 729 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 1
Article 52 – paragraph 3 – subparagraph 1
Where there is reason to believe that the deletion of data would prejudice the interests of the data subject, the data shall be blockrestricted instead of being deleted. BlockRestricted data may be supplied or uprocessed solely for the purpose which prevented their deletion.
Amendment 731 #
Proposal for a regulation
Article 53 – paragraph 2 a (new)
Article 53 – paragraph 2 a (new)
2a. Member States shall be the processors for the processing of personal data via Eucaris.
Amendment 740 #
Proposal for a regulation
Article 55 – paragraph 2
Article 55 – paragraph 2
2. Security incidents shall be managed so as to ensure a quick, effective and proper response, in close cooperation between Member States concerned or Europol and eu-LISA.
Amendment 742 #
Proposal for a regulation
Article 55 – paragraph 3 – subparagraph 1
Article 55 – paragraph 3 – subparagraph 1
Without prejudice to Article 34 of Regulation (EU) 2016/794 and to Articles 34 and 92 of Regulation (EU) 2018/1725, Europol shall notify CERT-EU of significant cyber threats, significant vulnerabilities and significant incidents without undue delay and in any event no later than 24 hours after becoming aware of them. Actionable and appropriate technical details of cyber threats, vulnerabilities and incidents that enable proactive detection, incident response or mitigating measures shall be disclosed to CERT-EU without undue delay.
Amendment 746 #
Proposal for a regulation
Article 56 – paragraph 1
Article 56 – paragraph 1
1. Member States and the relevant Union agenciesEuropol shall ensure that each authority entitled to use Prüm II takes the measures necessary to monitor its compliance with this Regulation and cooperates, where necessary, with the supervisory authority.
Amendment 747 #
Proposal for a regulation
Article 56 – paragraph 2
Article 56 – paragraph 2
2. The data controllers shall take the necessary measures to monitor the compliance of data processing pursuant to this Regulation, including through frequent verification of the logs referred to in Articles 20, 40 and 45 by checking the admissibility of queries, the lawfulness of data processing and the manual confirmation of a match, and cooperate, where necessary, with the supervisory authorities and with the European Data Protection Supervisor.
Amendment 749 #
Proposal for a regulation
Article 56 – paragraph 2 – subparagraph 1 (new)
Article 56 – paragraph 2 – subparagraph 1 (new)
The data controllers shall pay particular attention to the verification of logs for the processing of facial images pursuant to Article 21 and police records pursuant to Article 25.
Amendment 751 #
Proposal for a regulation
Article 56 – paragraph 2 a (new)
Article 56 – paragraph 2 a (new)
Amendment 752 #
Proposal for a regulation
Article 56 – paragraph 2 b (new)
Article 56 – paragraph 2 b (new)
2b. Member States and Europol shall ensure an adequate level of human, financial and technical resources to data controllers and supervisory authorities pursuant to this Article.
Amendment 753 #
Proposal for a regulation
Article 56 – paragraph 2 c (new)
Article 56 – paragraph 2 c (new)
2c. On a yearly basis, supervisory authorities shall send a report on the review of self-monitoring in their Member Sate to the Commission for the monitoring pursuant to Article 79.
Amendment 754 #
Member States shall ensure that any misuse of data, processing of data or exchange of data contrary to this Regulation and any misuse of this Regulation outside its purposes, such as in the case of politically-motivated purposes, is punishable in accordance with national law. The penalties provided shall be effective, proportionate and dissuasive.
Amendment 758 #
Proposal for a regulation
Article 60 – paragraph 2
Article 60 – paragraph 2
2. Powers conferred to the European Data Protection Supervisor as referred to in Article 58 of Regulation (EU) 2018/1725 shall apply for this Regulation. In particular, eu-LISA and Europol shall supply information requested by the European Data Protection Supervisor to it, grant the European Data Protection Supervisor access to all the documents it requests and to their logs referred to in Articles 40 and 45 and allow the European Data Protection Supervisor access to all their premises at any time.
Amendment 761 #
Proposal for a regulation
Article 60 – paragraph 2 a (new)
Article 60 – paragraph 2 a (new)
2a. Pursuant to this Article, the European Data Protection Supervisor shall be provided with additional staff and financial resources corresponding to the needs identified to carry out the audits.
Amendment 763 #
Proposal for a regulation
Article 61 – paragraph 1
Article 61 – paragraph 1
1. The supervisory authorities and the European Data Protection Supervisor shall, each acting within the scope of their respective competences, cooperate actively within the framework of their respective responsibilities and ensure coordinated supervision of the application of this Regulation, in particular if the European Data Protection Supervisor or a supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the Prüm II communication channels or finds practices of Member States where they are reasons to believe that the data requested would be used for politically-motivated purposes.
Amendment 764 #
Proposal for a regulation
Article 61 – paragraph 3
Article 61 – paragraph 3
3. The European Data Protection BoardSupervisor shall send a joint report of its activities under this Article to the European Parliament, to the Council, to the Commission, to Europol and to eu- LISA by [2 years after entry into operation of the router and EPRIS] and every two years thereafter. That report shall include a chapter on each Member State prepared by the supervisory authority of the Member State concerned.
Amendment 767 #
Proposal for a regulation
Article 62 – paragraph 1 a (new)
Article 62 – paragraph 1 a (new)
Any communication of personal data to third countries or to international organisation shall comply with Regulation (EU) 2016/794.
Amendment 773 #
Proposal for a regulation
Article 63 – paragraph 1 – point m
Article 63 – paragraph 1 – point m
(m) correcting or deleting any data received from a requested Member State within 248 hours following the notification from the requested Member State that the personal data submitted was incorrect, is no longer up- to-date or was unlawfully transmitted.
Amendment 774 #
Proposal for a regulation
Article 63 – paragraph 1 – point n
Article 63 – paragraph 1 – point n
(n) compliance with the minimum data quality requirements established in this Regulation.
Amendment 775 #
Proposal for a regulation
Article 63 – paragraph 1 – point n a (new)
Article 63 – paragraph 1 – point n a (new)
(na) ensuring the right to lodge a complaint and the right to an effective judicial remedy in accordance with Chapter VIII of Directive(EU) 2016/680 in the application of this Regulation.
Amendment 797 #
Proposal for a regulation
Article 74 – paragraph 1 – subparagraph 2
Article 74 – paragraph 1 – subparagraph 2
The Commission may postpone the date from which the Member States and the Union agencies must start using router by one yearsix months at most where an assessment of the implementation of the router has shown that such a postponement is necessary. That implementing act shall be adopted in accordance with the procedure referred to in Article 76(2).
Amendment 801 #
Proposal for a regulation
Article 78 – paragraph 1
Article 78 – paragraph 1
The Commission shall, in close cooperation with the Member States, Europol and, eu-LISA, the European Data Protection Supervisor, the European Data Protection Board and the Fundamental Rights Agency, make available a practical handbook for the implementation and management of this Regulation. The practical handbook shall provide technical and operational guidelines, recommendations and best practices. The Commission shall adopt the practical handbook in the form of a recommendation by [six months after entry into force of this Regulation].
Amendment 805 #
Proposal for a regulation
Article 78 – paragraph 1 a (new)
Article 78 – paragraph 1 a (new)
The Commission shall regularly and where necessary update the practical handbook.
Amendment 810 #
4. For the purposes of technical maintenance, eu-LISA and Europol shall have access to the necessary information relating to the data processing operations performed in the router and EPRIS respectively, excluding personal data.
Amendment 813 #
Proposal for a regulation
Article 79 – paragraph 7 – introductory part
Article 79 – paragraph 7 – introductory part
7. Threewo years after the start of operations of the router and EPRIS as referred to in Article 74 and every four years thereafter, the Commission shall produce an overall evaluation of Prüm II, including for each Member States and Europol:
Amendment 816 #
Proposal for a regulation
Article 79 – paragraph 7 – point a
Article 79 – paragraph 7 – point a
(a) an assessment of the application of this Regulation, in particular the assessment of self-monitoring of the admissibility of queries, the lawfulness of data processing and the manual confirmation of a match as referred to in Article 56.The Commission may seek the support from the European Data Protection Supervisor;
Amendment 818 #
Proposal for a regulation
Article 79 – paragraph 7 – subparagraph -1 (new)
Article 79 – paragraph 7 – subparagraph -1 (new)
-1 The Commission shall pay particular attention to any Member State subject to a procedure under Article 7of the Treaty on the European Union.