59 Amendments of Louis MICHEL related to 2017/0351(COD)
Amendment 8 #
Proposal for a regulation
Article 60 – paragraph 1 a (new)
Article 60 – paragraph 1 a (new)
1 a. The cost incurred in connection with the establishment and operation of a central EU backup solution for each system indicated in paragraph 1, where necessary, shall be borne by the general budget of the Union.
Amendment 9 #
Proposal for a regulation
Article 60 – paragraph 2 – subparagraph 1
Article 60 – paragraph 2 – subparagraph 1
Costs incurred in connection with the integration of the existing national infrastructures and their connection to the national uniform interfaces as well as in connection with hosting and future developments of the national uniform interfaces shall be borne by the general budget of the Union.
Amendment 214 #
Proposal for a regulation
Recital 12 a (new)
Recital 12 a (new)
(12a) Children and vulnerable persons merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safe guards concerned and their rights in relation to the processing of personal data. The interoperability components should pay particular attention to the protection of children and ensure that their rights and integrity are being fully respected.
Amendment 260 #
Proposal for a regulation
Recital 27
Recital 27
(27) In order to ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check. Such query should be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuses to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query should not be allowed against minors under the age of 12 years old.
Amendment 261 #
Proposal for a regulation
Recital 27 a (new)
Recital 27 a (new)
(27a) In order to identify unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident, Member States should be allowed to query the CIR with the biometric data of those persons.
Amendment 324 #
Proposal for a regulation
Recital 55
Recital 55
(55) The implementation of the interoperability components provided for in this Regulation and the integration of the existing national systems and infrastructures with those components will have an impact on the way checks are carried out at border crossing points. These impacts will result from a combined application of the existing rules of the Regulation (EU) 2016/399 of the European Parliament and of the Council60 and the rules on interoperability provided for in this Regulation. _________________ 60 Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders, OJ L 77, 23.3.2016, p.1.
Amendment 328 #
Proposal for a regulation
Recital 57 a (new)
Recital 57 a (new)
(57a) It would be appropriate that, during the development phase of the interoperability components, the Commission assess the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. Those recommendations should also include an impact assessment and an assessment on their cost for the EU budget.
Amendment 356 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and migration], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data contained in those systems to supplement each other.
Amendment 377 #
Proposal for a regulation
Article 2 – paragraph 1 – point e a (new)
Article 2 – paragraph 1 – point e a (new)
(ea) contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
Amendment 387 #
Proposal for a regulation
Article 2 – paragraph 2 – point c a (new)
Article 2 – paragraph 2 – point c a (new)
(ca) improving judicial cooperation in the areas of freedom, security and justice;
Amendment 423 #
Proposal for a regulation
Article 5 – title
Article 5 – title
Non-discrimination and fundamental rights
Amendment 425 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. Processing of personal data for the purposes of this Regulation by any user shall not result in discrimination against persons on any grounds such as sex, colour, social, racial or ethnic origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integritypolitical or any other opinion, membership of a national minority, property, birth, genetic features, language, disability, age or sexual orientation. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly and persons with a disability. The best interests of the child shall be a primary consideration.
Amendment 434 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol data, while fully respecting the principles of necessity and proportionality.
Amendment 469 #
Proposal for a regulation
Article 9 – paragraph 6
Article 9 – paragraph 6
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongs.
Amendment 474 #
Proposal for a regulation
Article 10 – paragraph 1 – point a
Article 10 – paragraph 1 – point a
(a) the Member State authority or EU bodies and the individual user of the ESP, including the ESP profile used as referred to in Article 8;
Amendment 479 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. Each Member State and EU body shall keep logs of queries of the authority and the staff duly authorised to use the ESP.
Amendment 483 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
Amendment 487 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall be immediately notified by eu-LISA.
Amendment 490 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall immediately notify eu-LISA and the Commission.
Amendment 491 #
Proposal for a regulation
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the infrastructure of a EU body, that EU body shall immediately notify eu-LISA and the Commission.
Amendment 498 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 511 #
Proposal for a regulation
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
Amendment 538 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
Amendment 544 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime, while fully respecting the principles of necessity and proportionality.
Amendment 545 #
Proposal for a regulation
Article 17 – paragraph 3 a (new)
Article 17 – paragraph 3 a (new)
3a. Where it is technically impossible to query the CIR for the purpose of identifying a person pursuant Article 20, for the detection of multiple identities pursuant Article 21 or for law enforcement purposes pursuant Article 22, because of a failure of the CIR, the users of the CIR shall be immediately notified by eu-LISA.
Amendment 558 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 1
Article 20 – paragraph 1 – subparagraph 1
Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such query may be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuse to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query shall not be allowed against minors under the age of 12 years old.
Amendment 564 #
Proposal for a regulation
Article 20 – paragraph 1 a (new)
Article 20 – paragraph 1 a (new)
1a. Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident query the CIR with the biometric data of those persons.
Amendment 594 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point a
Article 24 – paragraph 4 – subparagraph 1 – point a
(a) the national file referencreference to the national investigation or case;
Amendment 597 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point e
Article 24 – paragraph 4 – subparagraph 1 – point e
(e) the name of the authorityindividual and unique user identifiers of both the competent authority and the person consulting the CIR;
Amendment 598 #
Proposal for a regulation
Article 24 – paragraph 5 a (new)
Article 24 – paragraph 5 a (new)
5a. Europol shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Article 22.
Amendment 599 #
Proposal for a regulation
Article 24 – paragraph 6
Article 24 – paragraph 6
6. The logs referred to in paragraphs 1, 5 and 5a may be used only for data protection monitoring, including checking the admissibility of a request and, the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. They shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
Amendment 600 #
Proposal for a regulation
Article 24 – paragraph 7 a (new)
Article 24 – paragraph 7 a (new)
7a. The competent national authorities in charge of checking whether or not access is lawful, monitoring the lawfulness of data processing, self- monitoring and ensuring the proper functioning, data integrity and security, shall have access, within the limits of their competence and at their request, to these logs for the purpose of fulfilling their duties.
Amendment 601 #
7b. For the purposes of self- monitoring and ensuring the proper functioning of the CIR, data integrity and security, the EU-Lisa shall have access, within the limits of its competence, to those logs.
Amendment 602 #
Proposal for a regulation
Article 24 – paragraph 7 c (new)
Article 24 – paragraph 7 c (new)
7c. The European Data Protection Supervisor shall have access, within the limits of its competence and at its request, to those logs for the purpose of fulfilling its tasks.
Amendment 606 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating identity fraud, is established for the purpose of supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 689 #
Proposal for a regulation
Article 36 – paragraph 2 a (new)
Article 36 – paragraph 2 a (new)
2a. Each EU body shall keep logs of queries of the authority and the staff duly authorised to use the MID.
Amendment 690 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. The logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs related to the history of the identity confirmation file shall be erased once the data in the identity confirmation file is erased.
Amendment 735 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authorities and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 741 #
Proposal for a regulation
Article 44 – paragraph 5 a (new)
Article 44 – paragraph 5 a (new)
5a. The European Commission shall carry out annual evaluations to ensure that Member States are in full compliance with the obligations under each respective IT-systems. The concrete findings of the evaluations shall be communicated to the European Parliament and the Council, and in case of a breach, appropriate measures shall be taken thereafter.
Amendment 749 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
Amendment 769 #
Proposal for a regulation
Article 47 – paragraph 2
Article 47 – paragraph 2
2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within 45 days ofout undue delay and no longer than 45 days with in the receipt of the request.
Amendment 777 #
Proposal for a regulation
Article 47 – paragraph 4
Article 47 – paragraph 4
4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State shall send a written confirmation to the data subject.
Amendment 780 #
Proposal for a regulation
Article 47 – paragraph 4 a (new)
Article 47 – paragraph 4 a (new)
4a. Any person shall have the right to lodge a complaint and the right to a legal remedy in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, in accordance with national or Union law;
Amendment 792 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party, with the exception of transfers to Interpol for the purpose of carrying out the automated processing referred to in [Article 18(2)(b) and (m) of the ETIAS Regulation] or for the purposes of Article 8(2) of Regulation (EU) 2016/399. Such transfers of personal data to Interpol shall be compliant with the provisions of Article 9 of Regulation (EC) No 45/2001 and Chapter V of Regulation (EU) 2016/679. Any breach to this shall be considered a serious security incident and shall be immediately reported and addressed in accordance with Article 44.
Amendment 801 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
Article 49 – paragraph 1 a (new)
1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU)2016/679 and Article 41 of Directive (EU)2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation.
Amendment 808 #
Proposal for a regulation
Article 50 – paragraph 1 a (new)
Article 50 – paragraph 1 a (new)
The European Commission, the European Parliament and Member States shall ensure that the European Data Protection Supervisor has sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 834 #
Proposal for a regulation
Article 54 – paragraph 1 – point g a (new)
Article 54 – paragraph 1 – point g a (new)
(g a) fully complying with the rules of each IT-system to ensure the security and integrity of personal data;
Amendment 835 #
Proposal for a regulation
Article 54 – paragraph 1 – point h a (new)
Article 54 – paragraph 1 – point h a (new)
(h a) reporting any security incidents involving personal data to the Commission, eu-LISA, the national supervisory authorities and the European Data Protection Supervisor
Amendment 838 #
Proposal for a regulation
Article 55 a (new)
Article 55 a (new)
Article 55 a Penalties Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
Amendment 987 #
Proposal for a regulation
Article 66 – paragraph 1 a (new)
Article 66 – paragraph 1 a (new)
Member States and EU bodies shall organise for their staff authorised to process data from the interoperability components, appropriate training programme about data security, data quality, data protection rules and the procedures of the data processing.
Amendment 988 #
Proposal for a regulation
Article 66 – paragraph 1 b (new)
Article 66 – paragraph 1 b (new)
Common training courses about data security, data quality, data protection rules and the procedures of the data processing shall be organised at EU level at least once a year to enhance cooperation and exchange of best practices between staff of Member States and EU bodies authorised to process data from the interoperability components.
Amendment 990 #
Proposal for a regulation
Article 68 – paragraph 1
Article 68 – paragraph 1
1. eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components and the integration of the existing national infrastructures and the connection to the national uniform interface in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.
Amendment 993 #
Proposal for a regulation
Article 68 – paragraph 2 a (new)
Article 68 – paragraph 2 a (new)
Amendment 994 #
Proposal for a regulation
Article 68 – paragraph 2 b (new)
Article 68 – paragraph 2 b (new)
2 b. During the development phase of the interoperability components, the Commission shall evaluate the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. The Commission shall transmit the evaluation report to the European Parliament and the Council. These evaluation reports shall include recommandations, an impact assessment and an assessment on their cost for the EU budget.
Amendment 998 #
4. FourTwo years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the European Parliament, the Council and the Commission a report on the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR, as well as on the technical functioning of the interoperability components, including the security thereof.
Amendment 1000 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – introductory part
Article 68 – paragraph 5 – subparagraph 1 – introductory part
In addition, one year after each report from eu-LISAeach year, the Commission shall produce an overall evaluation of the components, including:
Amendment 1002 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point b
Article 68 – paragraph 5 – subparagraph 1 – point b
(b) an examination of the results achieved against objectives and the impact on fundamental rights, particularly the use of CIR with biometric data taken during an identity check;
Amendment 1004 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point d a (new)
Article 68 – paragraph 5 – subparagraph 1 – point d a (new)
(d a) an assessment of the security of the connection of Member States to the communication infrastructure of the ESP and the CIR and the security of the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 1012 #
Proposal for a regulation
Article 68 – paragraph 8 a (new)
Article 68 – paragraph 8 a (new)
8 a. While respecting the provisions of national law on the publication of sensitive information, each Member State shall prepare annual reports containing information and statistics on the access to data stored in the common identity repository for identification pursuant to Article 20.