36 Amendments of Sophia IN 'T VELD related to 2017/0352(COD)
Amendment 379 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems, without prejudice to the special protection and safeguards afforded to certain categories of data;
Amendment 414 #
Proposal for a regulation
Article 5 – title
Article 5 – title
Amendment 420 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
This Regulation respects the fundamental rights and observes the principles recognized in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result, either directly or indirectly, in undue interferences with the right to respect for private and family life, and the right to protection of personal data. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial or, ethnic origin social origin, colour, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, the elderly and, persons with a disability. and persons in need of international protection.
Amendment 444 #
Proposal for a regulation
Article 7 – paragraph 4
Article 7 – paragraph 4
4. The EU bodies as referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the Central SIS.
Amendment 451 #
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
Article 8 – paragraph 1 – point c a (new)
(ca) the purpose of the query;
Amendment 453 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
Article 8 – paragraph 2 a (new)
2a. The profiles as referred to in paragraph 1 shall be regularly reviewed and if necessary updated.
Amendment 457 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases. A search launched by the user of the ESP shall only query the systems he or she is authorised to access.
Amendment 465 #
Proposal for a regulation
Article 9 – paragraph 6
Article 9 – paragraph 6
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongs.
Amendment 505 #
Proposal for a regulation
Article 13 – paragraph 1 – point c
Article 13 – paragraph 1 – point c
(c) [the data referred to in Article 20(2)(w) and (x), excluding palm prints, of the Regulation on SIS in the field of border checks;
Amendment 507 #
Proposal for a regulation
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
(d) the data referred to in Article 20(3)(w) and (x), excluding palm prints, of the Regulation on SIS in the field of law enforcement;
Amendment 510 #
Proposal for a regulation
Article 13 – paragraph 1 – point e
Article 13 – paragraph 1 – point e
(e) the data referred to in Article 4(3)(t) and (u), excluding palm prints, of the Regulation on SIS in the field of illegal return];
Amendment 514 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. The officer launching a query using the shared BMS shall see only the references to those information systems that he or she is authorised to access.
Amendment 524 #
Proposal for a regulation
Article 15 – paragraph 1 a (new)
Article 15 – paragraph 1 a (new)
The data referred to in Article 13(1) and (2) shall be automatically deleted from the BMS in accordance with the data retention provisions of Regulation (EU) 2017/2226, Regulation (EC) No 767/2008, [Regulation on SIS in the field of border checks], [Regulation on SIS in the field of law enforcement], [Regulation on SIS in the field of illegal return], [Eurodac Regulation], and [ECRIS-TCN Regulation] respectively.
Amendment 543 #
Proposal for a regulation
Article 18 – paragraph 1 – point e
Article 18 – paragraph 1 – point e
Amendment 545 #
Proposal for a regulation
Article 18 – paragraph 2
Article 18 – paragraph 2
2. For each set of data referred to in paragraph 1, the CIR shall include a reference to the information systems to which the data belongs. The officer accessing the CIR shall see only the components of the identity file stored in the repository, which originate from those information systems he or she is authorised to access.
Amendment 554 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 1
Article 20 – paragraph 1 – subparagraph 1
Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. This query of the CIR shall only be carried out as a last resort measure, in presence of the person, where he or she is unable to cooperate and does not have a credible document proving his/her identity, where that person refuses to cooperate or where there are justified or well-founded grounds to believe that the documents presented are false or that the person is not telling the truth about his/her identity;
Amendment 564 #
Proposal for a regulation
Article 20 – paragraph 2
Article 20 – paragraph 2
2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks. Access to the CIR to establish the identity of a third country national for purposes of ensuring a high level of security shall only be allowed where access for the same purposes to similar national databases exist and under equivalent conditions.
Amendment 574 #
Proposal for a regulation
Article 22 – paragraph 1
Article 22 – paragraph 1
1. For the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences in a specific case and in order to obtain information on whether data on a specific person is present in Eurodac, the Member State designated authorities and Europol may consult the CIR. The CIR can only be consulted: (a) where reasonable grounds exist that the consultation will substantially contribute to the prevention, detection or investigation of the terrorist or other serious criminal offences, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under the category of third country nationals whose data are stored in the EES, the VIS, the ETIAS and the Eurodac system, and (b) after a prior search in the national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched.
Amendment 579 #
Proposal for a regulation
Article 22 – paragraph 4 a (new)
Article 22 – paragraph 4 a (new)
4a. The Member State designated authorities and Europol getting a hit shall refer to the national supervisory authorities that shall check whether the conditions of accessing the CIR were complied with. In case the ex post independent verification determines that the consultation of the CIR was not justified, the law enforcement authority shall erase all data originating from the CIR.
Amendment 583 #
Proposal for a regulation
Article 23 – paragraph 1
Article 23 – paragraph 1
1. The data referred to in Article 18(1) and (2) shall be automatically deleted from the CIR in accordance with the data retention provisions of [the Eurodac Regulation] and [the ECRIS-TCN Regulation] respectively.
Amendment 589 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point a
Article 24 – paragraph 4 – subparagraph 1 – point a
(a) the national file referencreference to the national investigation or case;
Amendment 631 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1 (new)
Article 29 – paragraph 2 – subparagraph 1 (new)
The responsible Sirene Bureau shall be immediately informed when a yellow link has to be verified by it.
Amendment 655 #
Proposal for a regulation
Article 32 – paragraph 4
Article 32 – paragraph 4
4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any national investigation will not be jeopardised, where a red link is created, the authority responsible for verification of different identities shall inform the person of the presence of multiple unlawful identities.
Amendment 698 #
Proposal for a regulation
Article 39 – paragraph 3
Article 39 – paragraph 3
3. eu-LISA shall render the data anonymousnon- identified and non-identifiable and shall record such anonymous data in the CRRS. The process for rendering the data anonymous shall be automated.
Amendment 723 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 734 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and, Articles 13 and 14 of Regulation (EU) 2016/679, and Article 13 of Directive 2016/680, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, about the relevant retention periods, the automated decision-making and the fact that personal data is not transferred or made available to third countries, international organisations or private parties with the exception of transfer to Interpol, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data.
Amendment 749 #
Proposal for a regulation
Article 47 – paragraph 1
Article 47 – paragraph 1
1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and, Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, and Articles 14 and 16 of Directive 2016/680 any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities or of any Member State, who shall examine and reply to the request.
Amendment 759 #
Proposal for a regulation
Article 47 – paragraph 3
Article 47 – paragraph 3
3. If a request for correction or, erasure or restriction of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible in writing within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within 30 days of such contact.
Amendment 764 #
Proposal for a regulation
Article 47 – paragraph 4
Article 47 – paragraph 4
4. Where, following an examination, it is found that the data stored in the common identity repository (CIR) or multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data.
Amendment 770 #
Proposal for a regulation
Article 47 – paragraph 6
Article 47 – paragraph 6
Amendment 781 #
Proposal for a regulation
Article 49 – paragraph -1 (new)
Article 49 – paragraph -1 (new)
-1. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation 2016/678 and Article 41 of Directive 2016/680 shall monitor the lawfulness of the processing of personal data.
Amendment 792 #
Proposal for a regulation
Article 50 – paragraph 1
Article 50 – paragraph 1
The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EDPS shall be endowed with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 856 #
Proposal for a regulation
Article -56 (new)
Article -56 (new)
Article -56 Access by third country jurisdictions With reference to Article 48 of Regulation (EU) 2016/679, Directive (EU) 2016/680, and Articles XIV and XIV bis of the General Agreement on Trade in Services, companies present in a third country jurisdiction where they may be subject to (court) orders or subpoenas by third country authorities requiring them to retrieve data from the interoperability components or different information systems made interoperable, shall be excluded from preparing, designing, developing, hosting or managing any part of an interoperability component, or processing personal data of these systems.
Amendment 863 #
Proposal for a regulation
Article 56 – paragraph 2 – point b
Article 56 – paragraph 2 – point b
(b) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 867 #
Proposal for a regulation
Article 56 – paragraph 3 – point a
Article 56 – paragraph 3 – point a
(a) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 911 #
Proposal for a regulation
Article 68 – paragraph 3
Article 68 – paragraph 3
3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components. Any access by eu-LISA shall be logged.