BETA

214 Amendments of Ana GOMES related to 2017/0351(COD)

Amendment 199 #
Proposal for a regulation
Recital 3
(3) In its Resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 201747 , the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards. Such safeguards should include the prevention of unauthorized access and sharing of data with unauthorized authorities, logging access and usage by authorized users, the implementation of minimum quality standards, ensuring the right to effective remedy and the practical possibility to rebut false assumptions and inaccurate data held by the relevant authorities. _________________ 47 European Parliament resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 2017 (2016/2773(RSP).
2018/07/23
Committee: LIBE
Amendment 201 #
Proposal for a regulation
Recital 8 a (new)
(8a) In his Opinion 4/2018 of 16 April 2018,1a the European Data Protection Supervisor emphasised that the decision to make large-scale IT systems interoperable would not only permanently and profoundly affect their structure and their way of operating, but would also change the way legal principles have been interpreted in this area so far and would as such mark a ‘point of no return’. _________________ 1a http://edps.europa.eu/sites/edp/files/public ation/2018-04- 16_interoperability_opinion_en.pdf
2018/07/23
Committee: LIBE
Amendment 202 #
Proposal for a regulation
Recital 8 b (new)
(8b) In its Opinion of 11 April 2018,2a the Article 29 Data Protection Working Party reiterated that the process towards interoperability of systems raises fundamental questions regarding the purpose, necessity, proportionality of the data processing as well as concerns regarding the principles of purpose limitation, data minimization, data retention and clear identification of a data controller. _________________ 2a http://ec.europa.eu/newsroom/article29/do cument.cfm?action=display&doc_id=5151 7
2018/07/23
Committee: LIBE
Amendment 205 #
Proposal for a regulation
Recital 9
(9) With a view to improve the management of the external borders, to facilitating regular border crossings, to contribute to preventing and combating irregular migration, and to contribute to a high level of security withassist in the aprea of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding the security in thevention, detection and investigation of territoriest of the Member Statfences or other serious criminal offences, interoperability between EU information systems, namely [the Entry/Exit System (EES)], the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)] should be established in sorder foar these EU information systems and their data to supplement each otheras that is possible while respecting the fundamental rights of the individual, in particular, the right to protection of personal data. To achieve this, a European search portal (ESP), a shared biometric matching service (shared BMS), a common identity repository (CIR) and a multiple-identity detector (MID) should be established as interoperability components.
2018/07/23
Committee: LIBE
Amendment 207 #
Proposal for a regulation
Recital 10
(10) The interoperability between the EU information systems should allow said systems to supplement each communicate with one another in order to facilitate the correct identification of persons, at external borders, for the purpose of applications of international protection, or in the context of the prevention, detection and investigation of serious criminal offences - including terrorist offences, to contribute to fighting identity fraud, to improve and harmonise data quality requirements of the respective EU information systems, to facilitate the technical and operational implementation by Member States of existing and future EU information systems, to strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, in particular by ensuring that all Union data protection rules are applicable to all the information systems, and to streamline the law enforcement access to the EES, the VIS, the [ETIAS] and Eurodac, and support the purposes of the EES, the VIS, the [ETIAS], Eurodac, the SIS and the [ECRIS-TCN system].
2018/07/23
Committee: LIBE
Amendment 211 #
Proposal for a regulation
Recital 11
(11) The interoperability components should cover the EES, the VIS, the [ETIAS], Eurodac, the SIS, and the [ECRIS-TCN system]. They should also cover the Europol data only to the extent of enabling ithat data to be queried simultaneously with these EU information systems.
2018/07/23
Committee: LIBE
Amendment 213 #
Proposal for a regulation
Recital 12
(12) The interoperability components should concern persons in respect of whom personal data may be processed in the EU information systems and by Europol, namely third-country nationals whose personal data is processed in the EU information systems and by Europol, and to EU citizens whose personal data is processed in the SIS and by Europol. Interoperability should not concern EU citizens.
2018/07/23
Committee: LIBE
Amendment 217 #
Proposal for a regulation
Recital 13
(13) The European search portal (ESP) should be established to facilitate technically the ability of the authorised Member State authorities and EU bodies to have a controlled yet fast, seamless, and efficient, systematic and controlled access to the EU information systems, the access to the relevant EU databases to Europol data and theo Interpol databases needed toin so far as this is necessary for the performance of their tasks, and in accordance with their access rights, and to. In that way, the ESP should support the objectives of the EES, the VIS, the [ETIAS], Eurodac, the SIS, the [ECRIS-TCN system] and the Europol data. Enabling the simultaneous querying of all relevant EU information systemdatabases in parallel, as well as of the Europol data and the Interpol databases, the ESP should act as a single window or ‘message broker’ to search various central systems and retrieve the necessary information seamlessly and in full respect of the access control and data protection requirements of the underlying systems.
2018/07/23
Committee: LIBE
Amendment 223 #
Proposal for a regulation
Recital 16
(16) To ensure fast and systematiceamless use of all EU information systems, the European search portal (ESP) should be used to query the common identity repository, the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system]. However, the national connection to the different EU information systems should remain in order to provide a technical fall back. The ESP should also be used by Union bodies to query the Central SIS in accordance with their access rights and in order to perform their tasks. The ESP should be an additional means to query the Central SIS, the Europol data and the Interpol systems, complementing the existing dedicated interfaces.
2018/07/23
Committee: LIBE
Amendment 226 #
Proposal for a regulation
Recital 17
(17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. However, biometric data constitute sensitive personal data. This regulation should therefore lay down the basis for and the safeguards for processing of such data for the purpose of uniquely identifying the persons concerned. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components, without duplicating either the storage of the biometric or the storage of biometric templates. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits by relying on one unique technological component instead of different ones in each of the underlying systems. All automated fingerprint identification systems, including those currently used for Eurodac, the VIS and the SIS, use biometric templates comprised of data derived from a feature extraction of actual biometric samples. The shared BMS should regroup and store all these biometric templates in one single location, facilitating, allow for a cross-system comparisons usingof those biometric data and enabling economies of scale in developing and maintaining the EU central systemstemplates using biometric data.
2018/07/23
Committee: LIBE
Amendment 228 #
Proposal for a regulation
Recital 18
(18) Biometric data constitute sensitive personal data. This regulation should lay down the basis for and the safeguards for processing of such data for the purpose of uniquely identifying the persons concerned.deleted
2018/07/23
Committee: LIBE
Amendment 232 #
Proposal for a regulation
Recital 19
(19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council57 , Regulation (EC) No 767/2008 of the European Parliament and of the Council58 , [the ETIAS Regulation] for the management of the borders of the Union, the system established by [the Eurodac Regulation] to identify the applicants for international protection and combat irregular migration, and the system established by [the ECRIS-TCN system Regulation] require in order to be effective to rely on the accurate identification of those third-country nationals whose personal data are stored therein. _________________ 57 Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (EES Regulation) (OJ L 327, 9.12.2017, p. 20–82). 58 Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
2018/07/23
Committee: LIBE
Amendment 233 #
Proposal for a regulation
Recital 20
(20) The common identity repository (CIR) should therefore facilitate and assist in the correct identification of persons registered in the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS- TCN system].deleted
2018/07/23
Committee: LIBE
Amendment 238 #
Proposal for a regulation
Recital 21
(21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to thelp correctly identification ofy third-country nationals. The common identity repository (CIR) shouldEach individual information system should continue to store the personal data concerning third-country nationals present in the systems that are necessary to enable the more accurate identification of those individuals, therefore including their identity, travel document and biometric data, regardless of the system in which the data was originally collected. Only the personal data strictly necessary to perform an accurate identity check should be stored in the CIR. The personal data recorded in the CIR should be kept for no longer than is strictly necessary for the purposes of the underlying systems and should be automatically deleted when the data is deleted in the underlying systems in accordance with their logical separationquired under their founding regulations. This information will be made interoperable by virtue of the European Search Portal, the Biometric Matching Service and the Multiple Identity Detector.
2018/07/23
Committee: LIBE
Amendment 245 #
Proposal for a regulation
Recital 23
(23) In that connection, creating an individual file in the common identity repository (CIR) for each person that is recorded in the EES, the VIS, the ETIAS, Eurodac or the ECRIS-TCN system, is necessary to achieve the purpose of correct identification of third-country nationals within the Schengen area, and to support the multiple-identity detector for the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The individual file should store in one single place and make accessible to the duly authorised end-users all the possible identities linked to a person.deleted
2018/07/23
Committee: LIBE
Amendment 247 #
Proposal for a regulation
Recital 24
(24) The common identity repository (CIR) should thus support the functioning of the multiple-identity detector and to facilitate and streamline access by law enforcement authorities to the EU information systems that are not established exclusively for purposes of prevention, investigation, detection or prosecution of serious crime.deleted
2018/07/23
Committee: LIBE
Amendment 250 #
Proposal for a regulation
Recital 25
(25) The common identity repository (CIR) should provide for a shared container for identity and biometric data of third-country nationals registered in the EES, the VIS, [the ETIAS], Eurodac and the [ECRIS-TCN system], serving as the shared component between these systems for storage of this data, and to allow its querying.deleted
2018/07/23
Committee: LIBE
Amendment 255 #
Proposal for a regulation
Recital 26
(26) All records in the common identity repository (CIR) should be logically separated by automatically tagging each record with the underlying system owning that record. The access control of the CIR should use these tags to allow the record to be accessible or not.deleted
2018/07/23
Committee: LIBE
Amendment 258 #
Proposal for a regulation
Recital 27
(27) In order to ensureassist in the correct identification of a person, Member State authorities competent forwhere a travel document or other identity document preoventing and combating irregular migration ands insufficient or is unavailable, Member State competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check. European Search Portal (ESP) or the shared Biometric Matching Service (sBMS) and the underlying Union information systems with the biographical or biometric data of that person taken during an identity check provided always that individual concerned is physically present during such a check.
2018/07/23
Committee: LIBE
Amendment 263 #
Proposal for a regulation
Recital 28
(28) Where the biometric data of the person cannot be used or if the query with that data fails, the query should be carried out with identity data of that person in combination with travel document data. Where the query indicates that data on that person are stored in the common identity repository (CIR), Member State authorities should have access to consult the identity data of that person stored in the CIR, without providing any indication as to which EU information system the data belongs to.deleted
2018/07/23
Committee: LIBE
Amendment 268 #
Proposal for a regulation
Recital 29
(29) Member States should adopt national legislative measures designating the authorities competent to perform identity checks with the use of the common identity repository (CIR)ESP or the sBMS, subject to the physical presence of the individual concerned, and laying down the procedures, conditions and criteria of such identity checks in line with the principle of proportionality. In particular, the power to collect biometric data during an identitSuch an identity check in respect of third-country nationals should be permitted only cwheck of a person present beforere comparable procedures under equivalent conditions exist in the mMember of those authorities should be provided for by national legislative measureState concerned for Union citizens.
2018/07/23
Committee: LIBE
Amendment 271 #
Proposal for a regulation
Recital 30
(30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated law enforcement authorities and Europol. Data, including data other than identity data contained in those systems, may be necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious criminal offences in a specific case where there are reasonable grounds to consider that consultation will substantially contribute to the prevention, detection or investigation of the criminal offences in question; in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under the category of third country nationals whose data are stored in the EES, the VIS, the ETIAS and the Eurodac system. Such streamlined access will be provided after a prior search in the national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched.
2018/07/23
Committee: LIBE
Amendment 272 #
Proposal for a regulation
Recital 31
(31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data covered under common identity repository (CIR) obtained using biometric data of that person taken during an identity check, should continue to be governed by the provisions in the respective legal instruments. The designated law enforcement authorities and Europol do not always know in advance which of the EU information systems contains data of the persons they need to inquire upon. This results in delays anerefore, following the necessary checks in national databases and where a query of the automated finefficiencies in the conduct of gerprint identification system of the otheir tasks. TMember States under Decision 2008/615/JHA has been launched, the end-user authorised by the designated authority should therefore be allowed to see in which of the EU information systems the data corresponding to the query introduced are recorded. The concerned system would thus be flagged following the automated verification of the presence of a hit in the system (a so-called hit-flag functionality).
2018/07/23
Committee: LIBE
Amendment 276 #
Proposal for a regulation
Recital 31 a (new)
(31a) Where such a search is carried out, a hit should not be interpreted as a ground or reason to draw conclusions about or undertake measures towards a person, but may be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legislative instruments governing such access. Any such act will be subject to the provisions measures set out in Chapter VII and the safeguards provided for in Regulation EU 2016/679, Directive 2016/680 or Regulation EC45/2001.
2018/07/23
Committee: LIBE
Amendment 279 #
Proposal for a regulation
Recital 32
(32) The logs of the queries of the common identity repositoryEU information systems should indicate the purpose of the query. Where such a query was performed using the two- step data consultation approach, the logs should include a reference to the national file of the investigation or case, therefore indicating that such query was launched for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences.
2018/07/23
Committee: LIBE
Amendment 281 #
Proposal for a regulation
Recital 33
(33) The query of the common identity repository (CIR)EU information systems by Member State designated authorities and Europol in order to obtain a hit-flag type of response indicating the data is recorded in the EES, the VIS, [the ETIAS] or Eurodac requires automated processing of personal data. A hit-flag wshould not reveal personal data of the concerned individual other thanonly an indication that some of his or her data are stored in one of the systems, provided the authority making the search has access to that system. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag, and the hit-flag should be used by the relevant authorities only for the purpose of deciding which database to query. Access by the end-user of a hit-flag would therefore realise a very limitedconstitute an interference with the right to protection of personal data of the concerned individual, while it would be necessary to allow the designated authority and Europol to address its request for access for personal data more effectively directly to the system that was flagged as containing and therefore should comply with the principles of necessity and proportionality.
2018/07/23
Committee: LIBE
Amendment 285 #
Proposal for a regulation
Recital 34
(34) The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases the common identity repository (CIR) should enable, using the European Search Portal or the shared Biometric Matching Service should enable the relevant authority to identifying the information system that knows the person in one single searchsuspect, perpetrator or suspected victim in one single search, following the necessary checks in national databases and once a query of the automated fingerprint identification system of other Member States under Decision 2008/615/JHA has been launched. By creating the obligation to use this new law enforcement access approach in these cases, access to the personal data stored in the EES, the VIS, [the ETIAS] and Eurodac should take place without the requirements of a prior search in national databases and the launch of a prior search in the automated fingerprint identification system (‘AFIS’) of other Member States under Decision 2008/615/JHA. The principle of prior search effectively limits the possibility of Member State’ authorities to consult systems for justified law enforcement purposes and could thereby result in missed opportunities to uncover necessary information. The requirements of a prior search in national databases and the launch of a priin national databases and AFIS which were designed specifically for preventing, detecting and investigating terrorist offences or other serious criminal offences before searching in othe automated fingerprint identification system of other Member States under Decision 2008/615/JHA should only cease to apply oncr EU information systems which do not have that as their primary purpose the alternative safeguard of the two- step approach to law enforcement access through the CIR has become operationallps to ensure the necessity and proportionality for such a search.
2018/07/23
Committee: LIBE
Amendment 289 #
Proposal for a regulation
Recital 35
(35) The multiple-identity detector (MID) should be established to support the functioning of the common identity repository and to support the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS and [the ECRIS- TCN system]. In order to be effective in fulfilling their respective objectives, all of these EU information systems require the accurate identification of the persons whose personal data are stored therein.
2018/07/23
Committee: LIBE
Amendment 290 #
Proposal for a regulation
Recital 36
(36) The possibility to achievo better realise the objectives of the EU information systems is undermined by the current inability for, the authorities using theose systems should be able to conduct sufficiently reliable verifications of the identities of the third-country nationals whose data are stored in different systems. That inability is determined by the fact that the set of identity data stored in a given individual system may be fraudulent, incorrect, or incomplete, and that or fraudulent, and there is currently no possibility to detect such fraudulent,way of detecting incorrect or, incomplete or fraudulent identity data by way of comparison with data stored in another system. To remedy this situation it is necessary to have a technical instrument at Union level allowing accurate identification of third-country nationals for these purposes.
2018/07/23
Committee: LIBE
Amendment 294 #
Proposal for a regulation
Recital 37
(37) The multiple-identity detector (MID) should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The MID should only contain the linkscreation of those links constitutes automated decision-making as referred to in Regulation (EU) 2016/679 and in Directive (EU) 2016/680 and therefore requires transparency towards the individuals affected and the implementation of necessary safeguards in accordance with EU data protection rules. The MID should contain links only between individuals present in more than one EU information system, strictly limited to the data necessary to verify that a person is recorded lawfully or unlawfully under different biographical identities in different systems, or to clarify that two persons having similar biographical data may not be the same person. Data processing through the European search portal (ESP) and the shared biometric matching service (shared BMS) in order to link individual files across individual systems should be kept to an absolute minimum and therefore is limited to a multiple-identity detection at the time new data is added to one of the information systems included in the common identity repository and inthe EES, the VIS, [the ETIAS], Eurodac or the SIS. The MID should include safeguards against potential discrimination or unfavourable decisions for persons with multiple lawful identities.
2018/07/23
Committee: LIBE
Amendment 296 #
Proposal for a regulation
Recital 38
(38) This Regulation provides for new data processing operations aimed at identifyingensuring the correct identification of the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights. Since the effective implementation of the EUit is necessary to correctly identify those persons inf ormation systems is dependent upon correct identification of the individuals concernedder to fully realise the objectives of those EU information systems, such interference is justified by those same objectives ofor which each of those systems have been established, the effectively management ofing the Union’s borders, theproviding internal security ofin the Union, the effectively implementation ofing the Union’s asylum and visa policies and the fight againstcombatting irregular migration.
2018/07/23
Committee: LIBE
Amendment 299 #
Proposal for a regulation
Recital 39
(39) The European search portal (ESP) and shared biometric matching service (shared BMS) should compare data in common identity repository (CIR)the EES, the VIS, [the ETIAS], Eurodac and the SIS on persons when new records are created by a national authority or an EU body. Such a comparison should be automated. The CIR and the SISose EU information systems should use the shared BMS to detect possible links on the basis of biometric data. The CIR and the SIS and should use the ESP to detect possible links on the basis of alphanumeric data. The CIR and the SISose EU information systems should be able to identify identical or similar data on the third-country national stored across several systems. Where such is the case, a link indicating that it is the same person should be established. The CIR and the SISNew interoperability components should be configured in such a wayso that small transliteration or spelling mistakes are detected in such a way as not to create any unjustified hindrance to the concernedor interference with the fundamental rights of the third-country national concerned.
2018/07/23
Committee: LIBE
Amendment 302 #
Proposal for a regulation
Recital 40
(40) The national authority or EU body that recorded the new data in the respective EU information system should confirm or change these links. This authority should have access to the identity data stored in the common identity repository (CIR) or the SIS and in the multiple-identity detector (MID)ose EU information systems for the purpose of the manual identity verification.
2018/07/23
Committee: LIBE
Amendment 305 #
Proposal for a regulation
Recital 41
(41) Access to the multiple-identity detector (MID) by Member State authorities and EU bodies having access to at least one of the relevant EU information system included in the common identity repository (CIR) or to the SIS should be limited to so called red links, where the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person in an unjustified manner, or where the linked data has similardifferent identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person in an unjustified manner. Where the linked identity data isare not similar, a yellow link should be established and a manual verification should take place in order to confirm the link or change its colour accordingly.
2018/07/23
Committee: LIBE
Amendment 307 #
Proposal for a regulation
Recital 42
(42) The manual verification of multiple identities should be ensured by the authority creating or updating the data that triggered a hit resulting in a link with data already stored in another EU information system as described in this Regulation in full respect of access rights granted under Union and national law. The authority responsible for the verification of multiple identities should assess whether there are multiple lawful or unlawful identities. Such assessment should be performed where possibleonly in the presence of the third-country national and where necessary by requesting additional clarifications or information. Such assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law.
2018/07/23
Committee: LIBE
Amendment 309 #
Proposal for a regulation
Recital 43
(43) FBy way of derogation, for the links obtained in relation to the Schengen Information System (SIS) related to the alerts in respect of persons wanted for arrest or for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure, on persons for discreet checks or specific checks or on unknown wanted persons, the authority responsible for the verification of multiple identities should be the SIRENE Bureau of the Member State that created the alert. Indeed those categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating the data in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with the [SIS Regulations].
2018/07/23
Committee: LIBE
Amendment 311 #
Proposal for a regulation
Recital 44
(44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible tofor developing a central monitoring capacity for data quality, and tofor produceing regular data analysis reports to improve the control ofsupervision of the Member States’ implementation and application by Member States of EU information systems. The common quality indicators should include the minimum quality standards to store data in the EU information systems or the interoperability components. The goal of such a data quality standards should be for the EU information systems and interoperability components to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions.
2018/07/23
Committee: LIBE
Amendment 315 #
Proposal for a regulation
Recital 46
(46) The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective tof facilitateing interoperability by enabling the creation and reading of the contents of the exchange in a consistent and semantically equivalent manner.
2018/07/23
Committee: LIBE
Amendment 319 #
Proposal for a regulation
Recital 47
(47) A central repository for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes in line with the objectives of the underlying systems and inconformity with their respective legal bases. eu-LISA should establish, implement and host the CRRS in its technical sites. The CRRS should containing only anonymous statistical data from the above-menrelevant EU informationed systems, the common identity repository, the multiple-identity detector and the shared biometric matching service. The data contained in the CRRS should not enableallow for the identification of individuals. eu- LISA should immediately render the data anonymous and should record only such anonymousised data in the CRRS. The process for rendering the data anonymous should be automated and no direct access by eu- LISA staff should be granted to any personal data stored in the EU information systems or in the interoperability components.
2018/07/23
Committee: LIBE
Amendment 320 #
Proposal for a regulation
Recital 48
(48) Regulation (EU) 2016/679 should apply to the processing of personal data under this Regulation by national authorities unless such processing is carried out by the designated authorities or central access points of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences, whenin which case Directive (EU) 2016/680 of the European Parliament and of the Council should apply.
2018/07/23
Committee: LIBE
Amendment 321 #
Proposal for a regulation
Recital 49
(49) The specific provisions on data protection of [the EES Regulation], Regulation (EC) No 767/2008, [the ETIAS Regulation] and [the Regulation on SIS in the field of border checks] should apply to the processing of personal data in those respective systems.deleted
2018/07/23
Committee: LIBE
Amendment 323 #
Proposal for a regulation
Recital 52
(52) “(...) The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 16 April 2018
2018/07/23
Committee: LIBE
Amendment 327 #
Proposal for a regulation
Recital 56
(56) As a consequence of this combined application of the rules, the European search portal (ESP) should constitute the main access point for the compulsory systematic consultation of databases for third-country nationals at border crossing points provided for by the Schengen Borders Code. In addition, the identitWhere a red link exists in respect of a third-country dnata that led to the classification of a linkional seeking to cross an external border into the multiple-identity detector (MID) as aSchengen Area, that red link should be taken into account by the border guards for assessing whether or not the person fulfils the conditions of entry defined in the Schengen Borders Code. However the presence of a red link should not in itself constitute a ground for refusal of entry and the existing grounds for refusal of entry listed in the Schengen Borders Code should therefore not be amended.
2018/07/23
Committee: LIBE
Amendment 329 #
Proposal for a regulation
Recital 58
(58) However, an amendment of Regulation (EU) 2016/399 would be required in order to add the obligation for the border guard to refer a third-country national to second-line check in case the consultation of the multiple-identity detector (MID) through the European search portal (ESP) would indicate the existence of a yellow link or a red link, in view of not prolonging the waiting time in the first-line checks.deleted
2018/07/23
Committee: LIBE
Amendment 339 #
Proposal for a regulation
Recital 62
(62) The costs for the development of the interoperability components projected under the current Multiannual Financial Framework are lower than the remaining amount on the budget earmarked for Smart Bremaining amount on the budget earmarked for developing IT systems supporting the management of migration flows across the external borders in Regulation (EU) No 515/2014 of the European Parliament and the Council61 . Accordingly, should be reallocated to this61 Regulation, pursuant to Article 5(5)(b) of Regulation (EU) No 515/2014, should reallocate the amount currently attributed for developing IT systems supporting the management of migration flows across the external borders. _________________ 61Regulation (EU) No 515/2014 of the European Parliament and of the Council of 16 April 2014 establishing as part of the Internal Security Fund, the Instrument for financial support for external borders and visa and repealing Decision No 574/2007/EC (OJ L 150, 20.5.2014, p. 143).
2018/07/23
Committee: LIBE
Amendment 341 #
Proposal for a regulation
Recital 63
(63) In order to supplement certain detailed technical aspects of this Regulation, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission. In particular, power should be delegated to the Commission in respect of the profiles for the users of the European search portal (ESP) and the content and format of the ESP replies, the content and format of the ESP replies, the procedures to determine the cases where identity data can be considered as identical or similar, and the rules on the operation of the Central Repository for Reporting and Statistics, including specific safeguards for processing of personal data and security rules applicable to the repository. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement on Better Law-Making of 13 April 201662 . In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council should receive all documents at the same time as Member State experts, and their experts should systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts. _________________ 62 http://eur-lex.europa.eu/legal- content/EN/TXT/?uri=uriserv:OJ.L_.2016. 123.01.0001.01.ENG.
2018/07/23
Committee: LIBE
Amendment 342 #
Proposal for a regulation
Recital 64
(64) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities; the operation of the central repository for reporting and statistics; and cooperation procedure in case of security incidents. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council63 . _________________ 63 Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by the Member States of the Commission’s exercise of implementing powers (OJ L 55, 28.2.2011, p. 13).
2018/07/23
Committee: LIBE
Amendment 347 #
Proposal for a regulation
Recital 65 a (new)
(65a) This Regulation should contain clear provisions on liability and right to compensation for unlawful processing of personal data or from any other act incompatible with it, without prejudice to the right to compensation from, and liability of the controller or processor under Regulation (EU) 2016/679, Directive EU 2016/680 and Regulation EU 45/2001. With regard to the role of eu- LISA as a data processor, this latter should be responsible for the damage it provoked where it has not complied with the specific obligations of this Regulation directed to it.
2018/07/23
Committee: LIBE
Amendment 348 #
Proposal for a regulation
Recital 65 b (new)
(65b) Article 8 (2) of the European Convention on Human Rights states that any interference with the right to respect for private life, must pursue a legitimate aim and must be both necessary and proportionate except in such cases when, in accordance with the law such an action is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
2018/07/23
Committee: LIBE
Amendment 349 #
Proposal for a regulation
Recital 65 c (new)
(65c) Article 52(1) of the Charter of Fundamental Rights states that any limitation on the exercise of rights and freedoms recognised by the Charter must be provided for by law and respect the essence of those rights and freedoms and be subject to the principle of proportionality. Limitations may be made only if they are necessary if they genuinely meet the objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
2018/07/23
Committee: LIBE
Amendment 350 #
Proposal for a regulation
Recital 65 d (new)
(65d) One of the core principles of data protection is data minimisation as highlighted in Article 5 (1)(c) of the GDPR1awhich states that the processing of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. _________________ 1aREGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
2018/07/23
Committee: LIBE
Amendment 351 #
Proposal for a regulation
Recital 65 e (new)
(65e) Article 5 (1)(b) of the GDPR2a states that personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Furthermore, further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes must respect the principle of purpose limitation. _________________ 2a“Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’)”
2018/07/23
Committee: LIBE
Amendment 354 #
Proposal for a regulation
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and migration], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, and the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data to supplement each otherto be interoperable.
2018/07/23
Committee: LIBE
Amendment 358 #
Proposal for a regulation
Article 1 – paragraph 2 – point c
(c) a common identity repository (CIR);deleted
2018/07/23
Committee: LIBE
Amendment 368 #
Proposal for a regulation
Article 2 – paragraph 1 – introductory part
1. By ensuring interoperability, the purpose of this Regulation shall have the following objectivesbe to support the objectives referred to respectively in Article 6 of Regulation (EU) 2017/226; Articles 2 and 3 of Regulation (EC) No 767/2008; Article 4 of Regulation (EU) 2018/xxx [ETIAS Regulation]; Article 1 of Regulation(EU) No 603/2013; Article 1 of Regulation (EU) 2018/xxx [on the establishment, operation and use of the Schengen Information System (SIS) in the field of police cooperation and judicial cooperation]; Article 1 of Regulation (EU) 2018/xxx [on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks]; Article 3 of Regulation (EU) 2018/xxx [on the use of the Schengen Information System for the return of illegally-staying third-country nationals], and Article 2 of [the ECRIS- TCN] Regulation; and in particular:
2018/07/23
Committee: LIBE
Amendment 369 #
Proposal for a regulation
Article 2 – paragraph 1 – point a
(a) to improve the management ofenhance the effectiveness and efficiency of border checks at the external borders;
2018/07/23
Committee: LIBE
Amendment 380 #
Proposal for a regulation
Article 2 – paragraph 2 – introductory part
2. Those objectives of ensuring interoperability shall be achieved by:
2018/07/23
Committee: LIBE
Amendment 382 #
Proposal for a regulation
Article 2 – paragraph 2 – point a
(a) ensuring the correct identification of personthird country nationals;
2018/07/23
Committee: LIBE
Amendment 385 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
(b) contributing to fighcombating identity fraud;
2018/07/23
Committee: LIBE
Amendment 390 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
(e) strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems, without prejudice to the special protection and safeguards afforded to certain categories of data in accordance with EU data protection rules;
2018/07/23
Committee: LIBE
Amendment 394 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
(f) streamlining thensuring the necessary and proportionate conditions for law enforcement access to the EES, the VIS, [the ETIAS] and Eurodac;
2018/07/23
Committee: LIBE
Amendment 400 #
Proposal for a regulation
Article 3 – paragraph 2
2. This Regulation applies to persons in respect of whom personal data may be processed in the EU information systems referred to in paragraph 1, only for the purposes as defined in the underlying legal basis for those information systems.
2018/07/23
Committee: LIBE
Amendment 408 #
Proposal for a regulation
Article 4 – paragraph 1 – point 19
(19) ‘Europol data’ means personal data providcessed toby Europol for the purpose referred to in Article 18(2)(a) of Regulation (EU) 2016/794;
2018/07/23
Committee: LIBE
Amendment 410 #
Proposal for a regulation
Article 4 – paragraph 1 – point 21
(21) ‘match’ means the existence of an exact correspondence established by comparing two or more occurrences of personal data recorded or being recorded in an information system or database;
2018/07/23
Committee: LIBE
Amendment 411 #
Proposal for a regulation
Article 4 – paragraph 1 – point 25
(25) ‘terrorist offence’ means an offence under national law which corresponds or is equivalent to one of the offences referred to in Directive (EU) 2017/541;
2018/07/23
Committee: LIBE
Amendment 413 #
Proposal for a regulation
Article 4 – paragraph 1 – point 35
(35) ‘CIR’ means the common identity repository as referred to in Article 17;deleted
2018/07/23
Committee: LIBE
Amendment 422 #
Proposal for a regulation
Article 5 – title
5 Fundamental Rights and Non- discrimination
2018/07/23
Committee: LIBE
Amendment 426 #
Proposal for a regulation
Article 5 – paragraph 1
This Regulation shall ensure respect of the fundamental rights and the observation of the principles recognized in the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result, either directly or indirectly, in undue interference with the right to respect for private and family life and the right to protection of personal data. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial or ethnic origin, religion or beliefe, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, the elderly and, persons with a disability and persons in need of international protection.
2018/07/23
Committee: LIBE
Amendment 429 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 (new)
One year after to the date of entry into force of this legislation, the Commission shall conduct an ex-post evaluation which aims at assessing the impact of interoperability on the right to non- discrimination
2018/07/23
Committee: LIBE
Amendment 433 #
Proposal for a regulation
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of those EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol dataU information systems and of the SIS and with their access rights under the relevant legal basis.
2018/07/23
Committee: LIBE
Amendment 437 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
(c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the common identity repository (CIR) and the multiple-identity detector.
2018/07/23
Committee: LIBE
Amendment 438 #
Proposal for a regulation
Article 6 – paragraph 3
3. eu-LISA shall develop the ESP and ensure its technical management. It shall not, however, have access to any of the personal data processed through the EPS.
2018/07/23
Committee: LIBE
Amendment 441 #
Proposal for a regulation
Article 7 – paragraph 1
1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system], to the CIR and the multiple-identity detector as well as the Europol data and the Interpol databases in accordance with Union or national law governing such access.
2018/07/23
Committee: LIBE
Amendment 443 #
Proposal for a regulation
Article 7 – paragraph 2
2. The authorities referred to in paragraph 1 shall use the ESPWhere they are required under Union law to search data related to persons or their travel documents in the central systems of the EES, the VIS and [the ETIAS] in accordance with their access rights under Union and national law. They, the authorities referred to in paragraph 1 shall also use the ESP to query the CIRsearch such data in accordance with their access rights under this Regulation for the purposes referred to in Articles 20, 21 and 22Union and national law.
2018/07/23
Committee: LIBE
Amendment 446 #
Proposal for a regulation
Article 7 – paragraph 4
4. The EU bodWhere they are so required under Union law, EU Agencies shall use the ESP to search data related to persons or their travel documents in the Central SIS.
2018/07/23
Committee: LIBE
Amendment 449 #
Proposal for a regulation
Article 7 – paragraph 5
5. TWhere so required under Union or national law, the authorities referred to in paragraph 1 may use the ESP to search data related to persons or their travel documents in the Interpol databases in accordance with their access rights under Union and national law.
2018/07/23
Committee: LIBE
Amendment 450 #
Proposal for a regulation
Article 7 – paragraph 5 a (new)
5a. The data owners referred in this article shall not be notified that a search has taken place.
2018/07/23
Committee: LIBE
Amendment 454 #
Proposal for a regulation
Article 8 – paragraph 1 – point c a (new)
(ca) the purpose of the use of ESP by this category of user.
2018/07/23
Committee: LIBE
Amendment 456 #
Proposal for a regulation
Article 8 – paragraph 2 a (new)
2a. eu-LISA shall review regularly – and at least once a year after their creation - the user profiles referred to in paragraph one, and shall update and delete those profiles where necessary.
2018/07/23
Committee: LIBE
Amendment 459 #
Proposal for a regulation
Article 9 – paragraph 1
1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol databases and the Interpol databases.
2018/07/23
Committee: LIBE
Amendment 463 #
Proposal for a regulation
Article 9 – paragraph 2
2. The fields of data used to launch a query via the ESP shall correspond to the fields of data related to persons or travel documents that may be used to query the various EU information systems, the Europol databases and the Interpol databases in accordance with the legal instruments governing them.
2018/07/23
Committee: LIBE
Amendment 466 #
Proposal for a regulation
Article 9 – paragraph 4
4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system], the CIR and the multiple-identity detector, as well as the Europol data and the Interpol databases, shall provide the data that they contain resulting from the query of the ESP.
2018/07/23
Committee: LIBE
Amendment 467 #
Proposal for a regulation
Article 9 – paragraph 5
5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query or any other data, is not shared with the owners of Interpol data. As regards to data on individuals registered in Eurodac, it must be ensured that the database owner does not receive information on whether their databases have been queried through the ESP.
2018/07/23
Committee: LIBE
Amendment 471 #
Proposal for a regulation
Article 9 – paragraph 6
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongsThe ESP shall provide no information regarding data in information systems to which the user has no access under Union law.
2018/07/23
Committee: LIBE
Amendment 482 #
Proposal for a regulation
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
2018/07/23
Committee: LIBE
Amendment 485 #
Proposal for a regulation
Article 11 – paragraph 1
1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall be notified by eu- LISA.
2018/07/23
Committee: LIBE
Amendment 489 #
Proposal for a regulation
Article 11 – paragraph 2
2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall notify eu-LISA and the Commission.
2018/07/23
Committee: LIBE
Amendment 493 #
Proposal for a regulation
Article 11 – paragraph 3
3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1) or the CIR directly using their respective national uniform interfaces or national communication infrastructures.
2018/07/23
Committee: LIBE
Amendment 497 #
Proposal for a regulation
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and) shall be established to enablinge querying with biometric data across several EU information systems is established for the purposes of supporting the CIR, the SIS and the multiple-identity detector andto support the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system].
2018/07/23
Committee: LIBE
Amendment 500 #
Proposal for a regulation
Article 12 – paragraph 2 – point a
(a) a central infrastructure, including a search engine and the storage of the data referred to in Article 13;
2018/07/23
Committee: LIBE
Amendment 503 #
Proposal for a regulation
Article 12 – paragraph 2 – point b
(b) a secure communication infrastructure between the shared BMS, Central-SIS the EES, the VIS, EURODAC and [the CIRECRIS-TCN system].
2018/07/23
Committee: LIBE
Amendment 505 #
Proposal for a regulation
Article 12 – paragraph 3
3. eu-LISA shall develop the shared BMS and ensure its technical management. It shall not, however, have access to any of the personal data processed through the shared BMS.
2018/07/23
Committee: LIBE
Amendment 506 #
Proposal for a regulation
Article 13
Data stored in the shared biometric 1. The shared BMS shall store the biometric templates that it shall obtain from the following biometric data: (a) the data referred to in Article 16(1)(d) and Article 17(1)(b) and (c) of Regulation (EU) 2017/2226; (b) the data referred to in Article 9(6) of Regulation (EC) No 767/2008; (c) 20(2)(w) and (x) of the Regulation on SIS in the field of border checks; (d) 20(3)(w) and (x) of the Regulation on SIS in the field of law enforcement; (e) 4(3)(t) and (u) of the Regulation on SIS in the field of illegal return]; (f) [the data referred to in Article 13(a) of the Eurodac Regulation;] (g) 5(1)(b) and Article 5(2) of the ECRIS- TCN Regulation.] 2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. 3. entered in the shared BMS following an automated quality check of the biometric data added to one of the information systems performed by the shared BMS to ascertain the fulfilment of a minimum data quality standard. 4. in paragraph 1 shall meet the quality standards referred to in Article 37(2).Article 13 deleted matching service [the data referred to in Article the data referred to in Article the data referred to in Article [the data referred to in Article Biometric templates shall only be The storage of the data referred to
2018/07/23
Committee: LIBE
Amendment 524 #
Proposal for a regulation
Article 14 – paragraph 1
In order to search the biometric data stored within the CIR andEES, the SVIS, the CIR and the SIEURODAC, [the ECRIS-TCN system] and the SIS, the shared BMS shall uscompare the biometric templatesdata stored in the shared BMSunderlying systems for a match. Queries with biometric data shall take place in accordance with the purposes provided for in this Regulation and in the EES Regulation, the VIS Regulation, the Eurodac Regulation, the [SIS Regulations] and [the ECRIS-TCN Regulation].
2018/07/23
Committee: LIBE
Amendment 527 #
Proposal for a regulation
Article 15
Data retention in the shared biometric The data referred to in Article 13 shall be stored in the shared BMS for as long as the corresponding biometric data is stored in the CIR or the SIS.Article 15 deleted matching service
2018/07/23
Committee: LIBE
Amendment 531 #
Proposal for a regulation
Article 16 – paragraph 1 – point a
(a) the history related to the creation and storage of biometric templates;deleted
2018/07/23
Committee: LIBE
Amendment 537 #
Proposal for a regulation
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. . To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
2018/07/23
Committee: LIBE
Amendment 540 #
Proposal for a regulation
Article 17
1. (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS- TCN system], of supporting the functioning of the multiple-identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime. 2. The CIR shall be composed of: (a) replace the central systems of respectively the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system] to the extent that it shall store the data referred to in Article 18; (b) a secure communication channel between the CIR, Member States and EU bodies that are entitled to use the European search portal (ESP) in accordance with Union law; (c) infrastructure between the CIR and the EES, [the ETIAS], the VIS, Eurodac and [the ECRIS-TCN system] as well as with the central infrastructures of the ESP, the shared BMS and the multiple-identity detector. 3. eu-LISA shall develop the CIR and ensure its technical management.Article 17 deleted Common identity repository A common identity repository a central infrastructure that shall a secure communication
2018/07/23
Committee: LIBE
Amendment 546 #
Proposal for a regulation
Article 18
1. data – logically separated – according to the information system from which the data was originated: (a) 16(1)(a) to (d) and Article 17(1)(a) to (c) of the EES Regulation]; (b) 9(4)(a) to (c), (5) and (6) of Regulation (EC) No 767/2008; (c) 15(2)(a) to (e) of the [ETIAS Regulation;] (d) (e) 2. paragraph 1, the CIR shall include a reference to the information systems to which the data belongs. 3. in paragraph 1 shall meet the quality standards referred to in Article 37(2).Article 18 deleted The common identity repository data The CIR shall store the following the data referred to in [Article the data referred to in Article [the data referred to in Article – (not applicable) – (not applicable) For each set of data referred to in The storage of the data referred to
2018/07/23
Committee: LIBE
Amendment 552 #
Proposal for a regulation
Article 19
Adding, amending and deleting data inrticle 1.9 deleted in the EES, the VIS and [the ETIAS], the data referred to in Article 18 stored in the individual file of the CIR shall be added, amended or deleted accordingly in an automated manner. 2. detector creates a white or red link in accordance with Articles 32 and 33 between the data of two or more of the EU information systems constituting the CIR, instead of creating a new individual file, the CIR shall add the new data to the individual file of the linked data.common identity repository Where data is added, amended or Where the multiple-identity
2018/07/23
Committee: LIBE
Amendment 556 #
Proposal for a regulation
Article 20 – title
20 Access to the common identity repositoryUse of the ESP and shared BMS for identification
2018/07/23
Committee: LIBE
Amendment 557 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 1
Where a Member State police authority is unable to identify a person on the basis of his/her travel document, or of another credible document proving his/her identity, or with the identity data provided by that person in accordance with rules and procedures laid down in national law, and where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, in the presence of that person, and solely for the purpose of identifying athat person, query the CIR with theESP or the shared BMS with the biographical or biometric data of that person taken during anthe identity check.
2018/07/23
Committee: LIBE
Amendment 561 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 2
Where the query indicates that data on that person is stored in the CIREU information systems or the SIS, the Member States police authority shall have access to consult the following data: (a) the data referred to in [Article 18(1)6(1)(a) to (d) and Article 17(1)(a) to (c) of the EES Regulation]; (b) the data referred to in Article 9(4)(a) to (c), (5)and (6) of Regulation (EC) No767/2008; and (c) [the data referred to in Article 15(2)(a) to (e) of the ETIAS Regulation].
2018/07/23
Committee: LIBE
Amendment 563 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 3
Where the biometric data of the person cannot be used or where the query with that data fails, the query shall be carried out with identity data of the person in combination with travel document data, or with the identity data provided by that person.deleted
2018/07/23
Committee: LIBE
Amendment 568 #
Proposal for a regulation
Article 20 – paragraph 2
2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). TWithout prejudice to the first subparagraph of paragraph 1, they shall designate the police authorities competent and lay down the procedures, conditions and criteria ofor such checks.
2018/07/23
Committee: LIBE
Amendment 572 #
Proposal for a regulation
Article 21
Access to the common identity repository for the detection of multiple identities 1. in a yellow link in accordance with Article 28(4), the authority responsible for the verification of different identities determined in accordance with Article 29 shall have access, solely for the purpose of that verification, to the identity data stored in the CIR belonging to the various information systems connected to a yellow link. 2. in a red link in accordance with Article 32, the authorities referred to in Article 26(2) shall have access, solely for the purposes of fighting identity fraud, to the identity data stored in the CIR belonging to the various information systems connected to a red link.rticle 21 deleted Where a query of the CIR results Where a query of the CIR results
2018/07/23
Committee: LIBE
Amendment 578 #
Proposal for a regulation
Article 22 – title
22 Querying the common identity repositoryEU information systems for law enforcement purposes
2018/07/23
Committee: LIBE
Amendment 579 #
Proposal for a regulation
Article 22 – paragraph 1
1. For the purposes ofWhere there are reasonable grounds to believe that consultation of EU information systems will substantially contribute to the preventiong, detecting andon or investigatingon of terrorist offences or other serious criminal offences, in a specific case and in order particular where there is a substantiated suspicion that the suspect, perpetrator obtain information on whether data on a specific person is presentr victim of a terrorist offence or other serious criminal offence falls under the category of third-country nationals whose data are stored in [the EES], the VIS and , [the ETIAS] or the Member State designated authorities and Europol may consult the CIREurodac system, and where a prior search in national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched, the Member States designated authorities and Europol may use the ESP and the shared BMS in order to obtain information on whether data on a specific person is present in the EES, the VIS and [the ETIAS].
2018/07/23
Committee: LIBE
Amendment 581 #
Proposal for a regulation
Article 22 – paragraph 1 a (new)
1a. The central access points established in Article 50(2) [ETIAS Regulation], Article 29(3) of Regulation (EU) 2017/2226 and Article 3(2) of Regulation 767/2008 shall monitor the use made of the possibility provided for in paragraph 1. For that purpose, regular ex-post evaluations of this possibility shall be made and used for self-monitoring as referred to in Article 45. The central access points shall transmit a report to the supervisory authorities referred to in Article 49 every two years on the use made of this provision.
2018/07/23
Committee: LIBE
Amendment 583 #
Proposal for a regulation
Article 22 – paragraph 2
2. Member State designated authorities and Europol shall not be entitled to consult data belonging to [the ECRIS-TCN] when consultusing the CIRESP or shared BMS for the purposes listed in paragraph 1.
2018/07/23
Committee: LIBE
Amendment 584 #
Proposal for a regulation
Article 22 – paragraph 3
3. Where, in reply to a query the CIRESP or the shared BMS indicates that data on that person is present in the EES, the VIS andor [the ETIAS] the CIRESP or shared BMS shall provide to Member States' designated authorities andor to Europol a reply in the form of a reference indicating which of the information systems contains matching data referred to in the second subparagraph of Article 18(220(1). The CIRESP or shared BMS shall reply in such a way that the security of the data is not compromised. A reply indicating that data on that person is present in one of the EU information systems may be used solely for the purpose of submitting a request for access to that information system subject to the conditions and procedures laid down in the legislative instrument governing that information system.
2018/07/23
Committee: LIBE
Amendment 588 #
Proposal for a regulation
Article 23
Data retention in the common identity 1. 18(1) and (2) shall be deleted from the CIR in accordance with the data retention provisions of [the EES Regulation], the VIS Regulation and [the ETIAS Regulation] respectively. 2. in the CIR for as long as the corresponding data is stored in at least one of the information systems whose data is contained in the CIR. The creation of a link shall not affect the retention period of each item of the linked data.Article 23 deleted repository The data referred to in Article The individual file shall be stored
2018/07/23
Committee: LIBE
Amendment 591 #
2018/07/23
Committee: LIBE
Amendment 605 #
Proposal for a regulation
Article 25 – paragraph 1
1. A multiple-identity detector (MID) is established to creatinge and storinge links between data in the EU information systems included in the common identity repository (CIR) and the SIS, and as a consequence to detecting multiple identities, with the dual purpose ofin order to facilitatinge identity checks and combating identity fraud, is established for the purpose ofand thus in order to supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system].
2018/07/23
Committee: LIBE
Amendment 607 #
Proposal for a regulation
Article 25 – paragraph 2 – point b
(b) a secure communication infrastructure to connect the MID with the SIS and the central infrastructures of the European search portal and the CIREES, [the ETIAS], the VIS, Eurodac and [the ECRIS-TCN system].
2018/07/23
Committee: LIBE
Amendment 608 #
Proposal for a regulation
Article 25 – paragraph 3
3. eu-LISA shall develop the MID and ensure its technical management. It shall not, however, have access to any of the personal data processed through the MID.
2018/07/23
Committee: LIBE
Amendment 613 #
Proposal for a regulation
Article 26 – paragraph 1 – point d
(d) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 614 #
Proposal for a regulation
Article 26 – paragraph 1 – point e
(e) the SIRENE Bureaux of the Member State creating or updating a [SIS alert in accordance with the Regulation on SIS in the field of border checks];
2018/07/23
Committee: LIBE
Amendment 615 #
Proposal for a regulation
Article 26 – paragraph 1 – point f
(f) – (not applicable).deleted
2018/07/23
Committee: LIBE
Amendment 616 #
Proposal for a regulation
Article 26 – paragraph 2
2. Member State authorities and EU bodies having access to at least one EU information system included in the common identity repository or to the SIS shall have access to the data referred to in Article 34(a) and (b) regarding any red links as referred to in Article 32.
2018/07/23
Committee: LIBE
Amendment 619 #
Proposal for a regulation
Article 27 – paragraph 1 – introductory part
1. A multiple-identity detection in the common identity repository and theEU information systems and SIS shall be launched where:
2018/07/23
Committee: LIBE
Amendment 620 #
Proposal for a regulation
Article 27 – paragraph 1 – point d
(d) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 621 #
Proposal for a regulation
Article 27 – paragraph 1 – point f
(f) – (not applicable).deleted
2018/07/23
Committee: LIBE
Amendment 622 #
Proposal for a regulation
Article 27 – paragraph 1 a (new)
1a. The multiple-identity detection using the data referred to in paragraph 1(c) shall be launched only where an application file in ETIAS can be verified against an individual file in the EES.
2018/07/23
Committee: LIBE
Amendment 623 #
Proposal for a regulation
Article 27 – paragraph 2
2. Where the data contained within an information system as referred to in paragraph 1 contains biometric data, the common identity repository (CIR)at information system and the Central-SIS shall use the shared biometric matching service (shared BMS) in order to perform the multiple-identity detection. The shared BMS shall compare the new biometric templatesdata obtained from any new biometric data to thethe relevant information system against any biometric templatesdata already contained in the shared BMSother information systems in order to verify whether or not data belonging to the same third-country national is already stored in the CIR or in the Central SISanother information system.
2018/07/23
Committee: LIBE
Amendment 625 #
Proposal for a regulation
Article 27 – paragraph 3 – introductory part
3. In addition to the process referred to in paragraph 2, the CIRinformation system and the Central- SIS shall use the European search portal to search the data stored in the CIRall the EU information systems and the Central-SIS using the following data:
2018/07/23
Committee: LIBE
Amendment 626 #
Proposal for a regulation
Article 27 – paragraph 3 – point d
(d) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 627 #
Proposal for a regulation
Article 27 – paragraph 3 – point f
(f) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 628 #
Proposal for a regulation
Article 27 – paragraph 3 – point g
(g) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 629 #
Proposal for a regulation
Article 27 – paragraph 3 – point h
(h) – (not applicable).deleted
2018/07/23
Committee: LIBE
Amendment 633 #
Proposal for a regulation
Article 28 – paragraph 2 – subparagraph 1
Where the query laid down in Article 27(2) and (3) reports one or several hit(s), the common identity repository andEU information systems concerned including, where relevant, the SIS shall create a link between the data used to launch the query and the data triggering the hit.
2018/07/23
Committee: LIBE
Amendment 634 #
Proposal for a regulation
Article 28 – paragraph 5
5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in implementingdelegated acts. Those implementingdelegated acts shall be adopted in accordance with the examination procedure referred to in Article 64(2)Article 63. Such acts must be designed in a manner that ensures the protection of persons with multiple lawful identities against discrimination.
2018/07/23
Committee: LIBE
Amendment 638 #
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 1 – point d
(d) – (not applicable);deleted
2018/07/23
Committee: LIBE
Amendment 640 #
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 1 – point e
(e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of border checks];
2018/07/23
Committee: LIBE
Amendment 641 #
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 1 – point f
(f) – (not applicable).deleted
2018/07/23
Committee: LIBE
Amendment 642 #
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 1 a (new)
The authority responsible shall verify the identity as soon as possible and, in any event, within eight hours. If verification proves impossible, the border authorities shall carry out the verification when the person concerned next enters or exits an external border.
2018/07/23
Committee: LIBE
Amendment 643 #
Proposal for a regulation
Article 29 – paragraph 2 – point f
(f) in an alert on unknown wanted persons for identification according to national law and search with biometric data as referred to in Article 40 of [the Regulation on SIS in the field of law enforcement].deleted
2018/07/23
Committee: LIBE
Amendment 646 #
Proposal for a regulation
Article 29 – paragraph 2 a (new)
2a. Where the SIRENE Bureau is responsible for manually verifying different identities but has not been involved in the addition of the new identity data which has given rise to a yellow link, it shall be informed immediately by the relevant authority which added the new identity data. The SIRENE Bureau shall carry out the manual verification of different identities as soon as possible and, in any event, within eight hours.
2018/07/23
Committee: LIBE
Amendment 647 #
Proposal for a regulation
Article 29 – paragraph 3
3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the common identity repository and, where relevant, in the SISrelevant information systems, and shall assess the different identities and shall update the link in accordance with Articles 31, 32 and 33 and add it to the identity confirmation file without delay.
2018/07/23
Committee: LIBE
Amendment 649 #
Proposal for a regulation
Article 29 – paragraph 4
4. Where the authority responsible for the verification of different identities in the identity confirmation file is the border authority creating or updating an individual file in the EES in accordance with Article 14 of the EES Regulation, and where a yellow link is obtained, the border authority shall carry out additional verifications as part of a second-line check. During this . For that purposec ond-line checkly, the border authorities shall have access to the related identity data contained in the relevant identity confirmation file and shall assess the different identities and shall update the link in accordance with Articles 31 to 33 and add it to the identity confirmation file without delay.
2018/07/23
Committee: LIBE
Amendment 651 #
Proposal for a regulation
Article 29 – paragraph 5
5. Where more than one link is obtained, the authority responsible for the verification of different identities shall assess each link separately. The authority responsible must ensure that the data subject is given the possibility to explain plausible reasons why there may be contradicting information within the different IT systems.
2018/07/23
Committee: LIBE
Amendment 652 #
Proposal for a regulation
Article 29 – paragraph 5 a (new)
5a. The authority responsible for the manual verification of multiple identities must also assess whether there are plausible arguments presented by the third country national when deciding on the colour of the links. Such assessment should be performed, where possible, in the presence of the third-country national and, where necessary, by requesting additional clarifications or information. Such assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law.
2018/07/23
Committee: LIBE
Amendment 655 #
Proposal for a regulation
Article 30 – paragraph 1 – point b
(b) the linked data has different identity data, there is no biometric data to compare, and no manual verification of different identity has taken place.
2018/07/23
Committee: LIBE
Amendment 659 #
Proposal for a regulation
Article 31 – paragraph 2
2. Where the common identity repository (CIR) or the SISrelevant information systems are queried and where a green link exists between two or more of those information systems constituting the CIR or with the SIS, the multiple-identity detector shall indicate that the identity data of the linked data does not correspond to the same person. The queried information system shall reply indicating only the data of the person whose data was used for the query, without triggering a hit against the data that is subject to the green link.
2018/07/23
Committee: LIBE
Amendment 663 #
Proposal for a regulation
Article 32 – paragraph 1 – point a
(a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person in an unjustified manner;
2018/07/23
Committee: LIBE
Amendment 664 #
Proposal for a regulation
Article 32 – paragraph 1 – point b
(b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person in an unjustified manner.
2018/07/23
Committee: LIBE
Amendment 666 #
Proposal for a regulation
Article 32 – paragraph 2
2. Where the CIR orEU information systems and the SIS are queried and where a red link exists between two or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall reply indicating the data referred to in Article 34. Follow-up to a red link shall take place in accordance with Union and national law. No legal consequence for the person or persons concerned shall derive solely from the existence of a red link.
2018/07/23
Committee: LIBE
Amendment 667 #
Proposal for a regulation
Article 32 – paragraph 3
3. Where a red link is created between data from the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN System], the individual file stored in the CIR shall be updated in accordance with Article 19(1).deleted
2018/07/23
Committee: LIBE
Amendment 668 #
Proposal for a regulation
Article 32 – paragraph 4
4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any nalaid down in Article 13(3) if Directive (EU) 680/2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of preventional, investigation will not be jeopardised,, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data where a red link is created, the authority responsible for verification of different identities shall inform the person of the presence of multiple unlawfuljustified identities.
2018/07/23
Committee: LIBE
Amendment 672 #
Proposal for a regulation
Article 32 – paragraph 5 a (new)
5a. Where a Member State authority or EU body with access to one of the EU information systems or the SIS obtains evidence showing that a red link recorded in the MID is incorrect or that the data processed in the MID, the relevant EU information systems and the SIS were processed in breach of this Regulation, that authority shall, where the link relates to EU information systems either rectify or erase the link from the MID immediately, or where the link relates to the SIS, inform the relevant SIRENE Bureau of the Member State that created the SIS alert immediately. That SIRENE Bureau shall verify the evidence provided by the Member State authority and rectify or erase the link from the MID immediately thereafter.
2018/07/23
Committee: LIBE
Amendment 677 #
Proposal for a regulation
Article 33 – paragraph 2
2. Where the CIR or the SISinformation systems are queried and where a white link exists between one or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall indicate that the identity data of the linked data correspond to the same person. The queried information systems shall reply indicating, where relevant, all the linked data on the person, hence triggering a hit against the data that is subject to the white link, if the authority launching the query has access to the linked data under Union or national law.
2018/07/23
Committee: LIBE
Amendment 678 #
Proposal for a regulation
Article 33 – paragraph 3
3. Where a white link is created between data from the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system], the individual file stored in the CIR shall be updated in accordance with Article 19(1).deleted
2018/07/23
Committee: LIBE
Amendment 684 #
Proposal for a regulation
Article 35 – paragraph 1
The identity confirmation files and its data, including the links, shall be stored in the multiple-identity detector (MID) only for as long as the linked data is stored in two or more EU information systems. Once this condition is no longer met, the identity confirmation files and their data, including all related links, shall be deleted automatically.
2018/07/23
Committee: LIBE
Amendment 691 #
Proposal for a regulation
Article 36 – paragraph 3
3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU)2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. The logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs related to the history of the identity confirmation file shall be erased once the data in the identity confirmation file is erased.
2018/07/23
Committee: LIBE
Amendment 692 #
Proposal for a regulation
Article 37 – paragraph 1
1. eu-LISA shall establish as soon as possible automated data quality control mechanisms and procedures on the data stored in the EES, the [ETIAS], the VIS, and the SIS, the shared biometric matching service (shared BMS), the common identity repository (CIR) and the multiple-identity detector (MID)and the multiple-identity detector (MID). Those automated data quality control mechanisms should be adequately tested prior to the start of operations of the interoperability components in accordance with Article 62.
2018/07/23
Committee: LIBE
Amendment 695 #
Proposal for a regulation
Article 37 – paragraph 2
2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the EES, the [ETIAS], the VIS, the SIS, the shared BMS, the CIR and the MID.
2018/07/23
Committee: LIBE
Amendment 700 #
Proposal for a regulation
Article 37 – paragraph 4
4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in the EES, the [ETIAS], the VIS, the SIS, the shared BMS, the CIR and the MID, in particular regarding biometric data, shall be laid down in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).
2018/07/23
Committee: LIBE
Amendment 701 #
Proposal for a regulation
Article 37 – paragraph 5
5. One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and, in particular, data quality issues deriving from erroneous historical data in existing EU information systems and in the SIS. The Commission shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies identified in the evaluation report and shall report on any progress against this action plan until it is fully implemented. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007.75 _________________ 75 Council Regulation (EC) No 168/2007 of 15 February 2007 establishing a European Union Agency for Fundamental Rights (OJ L 53, 22.2.2007, p. 1).
2018/07/23
Committee: LIBE
Amendment 704 #
Proposal for a regulation
Article 38 – paragraph 2
2. The UMF standard shall be used in the development of the EES, the [ETIAS], , the European search portal, the CIR, the MID and, if appropriate, in the development by eu- LISA or any other EU body of new information exchange models and information systems in the area of Justice and Home Affairs.
2018/07/23
Committee: LIBE
Amendment 705 #
Proposal for a regulation
Article 38 – paragraph 3
3. The implementation of the UMF standard may be considered in the VIS, the SIS and in any existing or new cross- border information exchange models and information systems in the area of Justice and Home Affairs, developed by Member States or associated countries.deleted
2018/07/23
Committee: LIBE
Amendment 713 #
Proposal for a regulation
Article 39 – paragraph 3
3. eu-LISA shall render the data anonymous, by ensuring that the data is non-identifiable, and shall record such anonymous data in the CRRS. The process for rendering the data anonymous shall be automated.
2018/07/23
Committee: LIBE
Amendment 714 #
Proposal for a regulation
Article 39 – paragraph 4 – point b
(b) a secure communication infrastructure to connect the CRRS to the EES, [the ETIAS], the VIS and the SIS, as well as the central infrastructures of the shared BMS, the CIR and the MID.
2018/07/23
Committee: LIBE
Amendment 715 #
Proposal for a regulation
Article 39 – paragraph 5
5. The Commission shall lay down detailed rules on the operation of the CRRS, including specific safeguards for processing of personal data referred to under paragraph 2 and 3 and security rules applicable to the repository by means of implementinga delegated acts. Those implementingat delegated acts shall be adopted in accordance with the examination procedure referred to in Article 64(2)3.
2018/07/23
Committee: LIBE
Amendment 717 #
Proposal for a regulation
Article 40 – paragraph 1
1. In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the VIS, EES, and SIS respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 in relation to the biometric templates obtained from the data referred to in Article 13 that they enter into respective systems and shall have responsibility for the processing of the biometric templates in the shared BMSprocessing of biometric data that they enter into respective systems. In relation to information security management of the shared BMS, eu-LISA shall be considered a controller.
2018/07/23
Committee: LIBE
Amendment 719 #
Proposal for a regulation
Article 40 – paragraph 2
2. In relation to the processing of data in the common identity repository (CIR), the Member State authorities that are controllers for the VIS, EES and [ETIAS], respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 in relation to data referred to in Article 18 that they enter into respective systems and shall have responsibility for the processing of that personal data in the CIR.deleted
2018/07/23
Committee: LIBE
Amendment 722 #
Proposal for a regulation
Article 40 – paragraph 3 – point a
(a) the European Border and Coast Guard Agency shall be considered a data controller in accordance with Article 2(b) of Regulation No 45/2001 in relation to processing of personal data by the ETIAS Central Unit. In relation to information security management of the ETIAS Central System, eu-LISA shall be considered a controller;
2018/07/23
Committee: LIBE
Amendment 723 #
Proposal for a regulation
Article 40 – paragraph 3 – point b
(b) the Member State authorities adding or modifying the data in the identity confirmation file are also to be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 and shall have responsibility for the processing of the personal data in the multiple-identity detector. In relation to information security management of the multiple- identity detector, eu-LISA shall be considered a controller;
2018/07/23
Committee: LIBE
Amendment 726 #
Proposal for a regulation
Article 41
In relation to the processing of personal data in the CIR, eu-LISA is to be considered the data processor in accordance with Article 2(e) of Regulation (EC) No 45/2001.Article 41 deleted Data processor
2018/07/23
Committee: LIBE
Amendment 728 #
Proposal for a regulation
Article 42 – paragraph 1
1. Both eu-LISA and the Member State authorities shall ensure the security of the processing of personal data that takes place pursuant to the application of this Regulation. eu-LISA shall be responsible for the central systems and Member State authorities shall be responsible for the security at the end-points controlling access to the systems, [the ETIAS Central Unit] and the Member State authorities shall cooperate on security-related tasks.
2018/07/23
Committee: LIBE
Amendment 729 #
Proposal for a regulation
Article 42 – paragraph 3 – point i
(i) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation and to assess those security measures in the light of new technological developments.
2018/07/23
Committee: LIBE
Amendment 736 #
Proposal for a regulation
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
2018/07/23
Committee: LIBE
Amendment 745 #
Proposal for a regulation
Article 46 – title
46 Right tof information
2018/07/23
Committee: LIBE
Amendment 746 #
Proposal for a regulation
Article 46 – paragraph 1
1. Without prejudice to the right tof information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and, Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository orand Article 13 of Directive 2016/680, persons whose data are stored in one of the EU information systems, in the SIS, or in the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well aslaid down in Article 47, and about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data.
2018/07/23
Committee: LIBE
Amendment 751 #
Proposal for a regulation
Article 46 – paragraph 1 a (new)
1a. All information must be provided to data subjects in a manner and language which they understand, or are reasonably expected to understand. This must include providing information in an age- appropriate manner for data subjects who are minors.
2018/07/23
Committee: LIBE
Amendment 761 #
Proposal for a regulation
Article 47 – paragraph 1
1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and, Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, and Articles 14 and 16 of Directive (EU) 2016/680, any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities or of any Member State, who shall examine and reply to the request.
2018/07/23
Committee: LIBE
Amendment 765 #
Proposal for a regulation
Article 47 – paragraph 1 a (new)
1a. Without prejudice to paragraph 1, and in order to facilitate and better enable the effective exercise of the rights of data subjects as described in paragraph 1 to access, rectify, erase or restrict the processing of their personal data under interoperability components, in particular for those third country nationals who may be outside the territory of the Member States, eu-LISA shall establish a web service, hosted in its technical site, which shall enable data subjects to make a request for access, correction, erasure or rectification of their personal data. The web service shall act as a single point of contact for those third country nationals outside the territory of the Member States. On the basis of such a request, the web service shall immediately transmit the request to the Member State responsible for manual verification of different identities in accordance with Article 29, or, where appropriate, to the Member State responsible for the entry of the data in the underlying information system which is the subject of the request.
2018/07/23
Committee: LIBE
Amendment 766 #
Proposal for a regulation
Article 47 – paragraph 1 b (new)
1b. The Commission shall adopt implementing acts concerning the detailed rules on the conditions for the operation of the web service and the data protection and security rules applicable. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64.
2018/07/23
Committee: LIBE
Amendment 767 #
Proposal for a regulation
Article 47 – paragraph 2
2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made, either directly from the data subject in accordance with paragraph 1 or via the web service established by eu- LISA in accordance with paragraph 2, shall reply to such requests at the latest within 145 days of receipt of the request.
2018/07/23
Committee: LIBE
Amendment 770 #
Proposal for a regulation
Article 47 – paragraph 3
3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within 3014 days of such contact. The person concerned shall be informed by the Member State which contacted the authority of the Member State responsible that his or her request was forwarded about the further procedure.
2018/07/23
Committee: LIBE
Amendment 775 #
Proposal for a regulation
Article 47 – paragraph 4
4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The person concerned shall be informed that his or her data was corrected or deleted.
2018/07/23
Committee: LIBE
Amendment 786 #
Proposal for a regulation
Article 47 – paragraph 7
7. This decision shall also provide the person concerned with information explaining the possibility to challenge the decision taken in respect of the request referred in paragraph 3s 1 and 2, and, where relevant, information on how to bring an action or a complaint before the competent authorities or courts, and any assistance, including from the competent national supervisory authorities.
2018/07/23
Committee: LIBE
Amendment 787 #
Proposal for a regulation
Article 47 – paragraph 8
8. Any request made pursuant to paragraph 3s 1 or 2 shall contain the necessary information to identify the person concerned. That information shall be used exclusively to enable the exercise of the rights referred to in paragraph 31 and shall be erased immediately afterwards.
2018/07/23
Committee: LIBE
Amendment 788 #
Proposal for a regulation
Article 47 – paragraph 9
9. The responsible Member State or, where applicable, the Member State to which the request has been made shall keep a record in the form of a written document that a request referred to in paragraph 3s 1 and 2 was made and how it was addressed, and shall make that document available to competent data protection national supervisory authorities without delay.
2018/07/23
Committee: LIBE
Amendment 789 #
Proposal for a regulation
Article 47 a (new)
Article 47 a Liability Without prejudice to the right to compensation from, and liability under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EC) No 45/2001: (a) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by a Member State which is incompatible with this Regulation shall be entitled to receive compensation from that Member State; (b) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by Europol or by the European Border and Coast Guard Agency which is incompatible with this Regulation shall be entitled to receive compensation from Europol or the European Border and Coast Guard as appropriate. The Member State, Europol or the European Border and Coast Guard Agency shall be exempted from liability, in whole or in part, if they prove that they are not responsible for the event which gave rise to the damage.
2018/07/23
Committee: LIBE
Amendment 790 #
Proposal for a regulation
Article 47 b (new)
Article 47 b Penalties Member States shall ensure that any misuse of data, processing of data or exchange of data contrary to this Regulation is punishable in accordance with national law. The penalties provided shall be effective, proportionate and dissuasive and shall include the possibility for administrative and criminal penalties. Europol and the European Border and Coast Guard Agency shall ensure that members of their staff or members of their teams who misuse, process or exchange data contrary to this Regulation are subject to penalties. Those penalties shall be effective, proportionate and dissuasive.
2018/07/23
Committee: LIBE
Amendment 793 #
Proposal for a regulation
Article 48 – paragraph 1
Personal data stored in, processed or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party, with the exception of transfers to Interpol for the purpose of carrying out the automated processing referred to in [Article 18(2)(b) and (m) of the ETIAS Regulation] or for the purposes of Article 8(2) of Regulation (EU) 2016/399. Such transfers of personal data to Interpol shall be compliant with the provisions of Article 9 of Regulation (EC) No 45/2001 and Chapter V of Regulation (EU) 2016/679.
2018/07/23
Committee: LIBE
Amendment 797 #
Proposal for a regulation
Article 49 – paragraph 1
1. The supervisory authority or authorities designated pursuant to Article 4951 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every four years.
2018/07/23
Committee: LIBE
Amendment 800 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
1 a. Member States shall ensure that their supervisory authorities designated pursuant to Article 51 of Regulation2016/679 and Article 41 of Directive 2016/680 monitor the lawfulness of the processing of personal data under this Regulation carried out by Member States’ relevant authorities.
2018/07/23
Committee: LIBE
Amendment 804 #
Proposal for a regulation
Article 49 – paragraph 2
2. Member States shall ensure that their supervisory authority has sufficient resourcesadditional resources, including both human and financial resources, to fulfil the tasks entrusted to it under this Regulation.
2018/07/23
Committee: LIBE
Amendment 806 #
Proposal for a regulation
Article 50 – paragraph 1
The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EU Budgetary Authority shall ensure that the European Data Protection Supervisor has sufficient additional resources, including both human and financial resources, to fulfil the tasks entrusted to it under this Regulation.
2018/07/23
Committee: LIBE
Amendment 814 #
Proposal for a regulation
Article 52 – paragraph 1
1. eu-LISA shall ensure that the central infrastructures of the interoperability components are operated in accordance with this Regulation. In that respect, eu-LISA shall follow the principles of data protection by design and by default.
2018/07/23
Committee: LIBE
Amendment 816 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 1
eu-LISA shall be responsible for the development of the interoperability components, for any adaptations required for establishing interoperability between the central systems of the EES, VIS, [ETIAS], SIS, and Eurodac, and [the ECRIS-TCN system], and the European search portal, the shared biometric matching service, the common identity repository and the multiple-identity detector.
2018/07/23
Committee: LIBE
Amendment 817 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 4
The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination. In that regard, the tasks of eu-LISA shall also be: (a) perform a security risk assessment; (b) follow the principles of privacy by design and by default during the entire lifecycle of the development of the interoperability components; and (c) conduct a security risk assessment regarding the interoperability of EU information systems, interoperability components, Europol data and Interpol databases.
2018/07/23
Committee: LIBE
Amendment 821 #
Proposal for a regulation
Article 53 – paragraph 1 – subparagraph 1 a (new)
eu-LISA shall perform regular information security risk assessments for the interoperability components, implement a comprehensive information security risk management process and follow the principles of privacy by design and by default during the entire lifecycle of those interoperability components.
2018/07/23
Committee: LIBE
Amendment 823 #
Proposal for a regulation
Article 53 – paragraph 3
3. eu-LISA shall develop and maintain a mechanism and procedures for carrying out quality checks on the data stored in the shared biometric matching service and the common identity repository in accordance with Article 37.deleted
2018/07/23
Committee: LIBE
Amendment 825 #
Proposal for a regulation
Article 54 – paragraph 1 – point a
(a) the connection to the communication infrastructure of the European search portal (ESP) and the common identity repository (CIR);
2018/07/23
Committee: LIBE
Amendment 828 #
Proposal for a regulation
Article 54 – paragraph 1 – point b
(b) the integration of the existing national systems and infrastructures with the ESP, shared biometric matching service, the CIR and the multiple-identity detector;
2018/07/23
Committee: LIBE
Amendment 830 #
Proposal for a regulation
Article 54 – paragraph 1 – point d
(d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP, the CIR and the multiple- identity detector in accordance with this Regulation and the creation and regular update of a list of those staff and their profiles;
2018/07/23
Committee: LIBE
Amendment 832 #
Proposal for a regulation
Article 54 – paragraph 1 – point e
(e) the adoption of the legislative measures referred to in Article 20(3) in order to access the CIREU information systems for identification purposes;
2018/07/23
Committee: LIBE
Amendment 836 #
Proposal for a regulation
Article 54 – paragraph 2
2. Each Member State shall connect their designated authorities referred to in Article 4(24) to the CIR.deleted
2018/07/23
Committee: LIBE
Amendment 946 #
Proposal for a regulation
Article 56 – paragraph 2
2. The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the common identity repository, solely for the purposes of reporting and statistics without enabling individual identification: (a) number of queries for the purposes of Articles 20, 21 and 22; (b) nationality, sex and year of birth of the person; (c) the type of the travel document and the three-letter code of the issuing country; (d) the number of searches conducted with and without biometric data.deleted
2018/07/23
Committee: LIBE
Amendment 951 #
Proposal for a regulation
Article 56 – paragraph 3 – introductory part
3. The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the multiple- identity detector, solely for the purposes of reporting and statistics without enabling individual identification:
2018/07/23
Committee: LIBE
Amendment 956 #
Proposal for a regulation
Article 56 – paragraph 5
5. For the purpose of paragraph 1 of this Article, eu-LISA shall store the data referred to in paragraph 1 of this Article in the central repository for reporting and statistics referred to in Chapter VII of this Regulation. The data included in the repository shall not enablebe anonymised and shall not be such as to allow for the identification of individuals, but it shall allow the authorities listed in paragraph 1 of this Article to obtain customisable reports and statistics to enhance the efficiency of border checks, to help authorities processing visa applications and to support evidence-based policymaking on migration and security in the Union.
2018/07/23
Committee: LIBE
Amendment 961 #
Proposal for a regulation
Article 58 – title
58 Transitional period applicable to the provisions on access to the common identity repositoryESP or shared BMS for law enforcement purposes
2018/07/23
Committee: LIBE
Amendment 969 #
1. The costs incurred in connection with the establishment and operation of the ESP, the shared biometric matching service, the common identity repository (CIR) and the MID shall be borne by the general budget of the Union.
2018/07/23
Committee: LIBE
Amendment 971 #
Proposal for a regulation
Article 60 – paragraph 3
3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol. The costs for the connection of the designated authorities to the CIR shall be borne by each Member State and Europol, respectively.
2018/07/23
Committee: LIBE
Amendment 976 #
Proposal for a regulation
Article 62 – paragraph 1 – point c
(c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1), 13, 19, 34 and 39 and have notified them to the Commission;
2018/07/23
Committee: LIBE
Amendment 979 #
Proposal for a regulation
Article 62 – paragraph 1 a (new)
1 a. By way of derogation from paragraph 1, the measures referred to in Article 37 shall apply as of one year after the entry into force of this Regulation.
2018/07/23
Committee: LIBE
Amendment 980 #
Proposal for a regulation
Article 63 – paragraph 2
2. The power to adopt delegated acts referred to in Articles 8(2),9(7), 28(5) and 39(75) shall be conferred on the Commission for an indeterminate period of time from [the date of entry into force of this Regulation].
2018/07/23
Committee: LIBE
Amendment 983 #
Proposal for a regulation
Article 63 – paragraph 3
3. The delegation of power referred to in Articles 8(2),9(7), 28(5) and 39(75) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.
2018/07/23
Committee: LIBE
Amendment 984 #
Proposal for a regulation
Article 63 – paragraph 6
6. A delegated act adopted pursuant to Articles 8(2),9(7), 28(5) and 39(75) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of [two months] of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council.
2018/07/23
Committee: LIBE
Amendment 991 #
Proposal for a regulation
Article 68 – paragraph 2
2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the European Parliament and the Council, the Council, and the European Data Protection Supervisor, on the state of play of the development of the interoperability components. Once the development is finalised, a report shall be submitted to the European Parliament and the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.
2018/07/23
Committee: LIBE
Amendment 996 #
Proposal for a regulation
Article 68 – paragraph 3
3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components without having access to any personal data processed by those components.
2018/07/23
Committee: LIBE
Amendment 1007 #
Proposal for a regulation
Article 68 – paragraph 8 – subparagraph 1 – introductory part
While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repositoryEU information systems and the SIS for law enforcement purposes, containing information and statistics on:
2018/07/23
Committee: LIBE