23 Amendments of Cornelia ERNST related to 2009/0089(COD)
Amendment 41 #
Proposal for a regulation
Recital 15
Recital 15
(15) Without prejudice to future Union legislation relating to the protection of personal data and implementing Article 16 of the Treaty on the Functioning of the European Union and Article 8 of the Charter of Fundamental Rights of the European Union, Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data applies to the processing of personal data by the Agency. This Regulation provides, inter alia, that the European Data Protection Supervisor shall have the power to obtain from the Agency access to all information necessary for his or her enquiries.
Amendment 42 #
Proposal for a regulation
Recital 1 a (new)
Recital 1 a (new)
(1a) If the development of SIS II fails, the implementation of an alternative solution should be subject to the adoption of a separate legal act.
Amendment 43 #
Proposal for a regulation
Recital 4
Recital 4
(4) In order to ensure the operational management of SIS II, VIS and EURODAC after the transitional period and potentially of other information technology ("IT") systems in the area of freedom, security and justice, it is necessary, it would be useful to establish a Management Authority subject to appropriate oversight.
Amendment 44 #
Proposal for a regulation
Recital 4 a (new)
Recital 4 a (new)
(4a) Bearing in mind that the risk of mistakes or wrong use of personal data is likely to increase when more large-scale IT systems are entrusted to the same operational manager, the total number of managed large-scale IT systems should be limited and should be extended only after a proper evaluation of the Agency's work, an impact assessment concerning respect for fundamental rights, data protection and security, and the adoption of a separate legal act.
Amendment 45 #
Proposal for a regulation
Recital 5
Recital 5
(5) With a view to achieving synergies, it is necessary to provide for the operational management of these systems in one entity, benefiting from economies of scale, creating critical mass and, ensuring the highest possible utilisation rate of capital and human resources, and ensuring the highest level of security, transparency and democratic control, and, where possible, implementing the "privacy by design" principle.
Amendment 46 #
Proposal for a regulation
Recital 9
Recital 9
Amendment 47 #
Proposal for a regulation
Recital 9 a (new)
Recital 9 a (new)
(9a) To prevent the Agency from function creeping and from developing schemes in its own interest, it should be responsible for monitoring research and for pilot schemes only at the specific and precise request of the European Parliament, the Commission or the European Data Protection Supervisor and only within the framework of the large-scale IT systems which it is already in charge of.
Amendment 48 #
Proposal for a regulation
Recital 13
Recital 13
(13) Within the framework of their respective competences, the Agency should cooperate with other agencies of the European Union, especially agencies established in the area of freedom, security and justice and, in particular, those concerned with the defence of fundamental rights.
Amendment 50 #
Proposal for a regulation
Article 1
Article 1
A European Agency ("the Agency") for the operational management of the second- generation Schengen Information System (SIS II), the Visa Information System (VIS), EURODAC and for developing and managing other large-scale information technology ("IT") systems, in application of Title V of the Treaty on the Functioning of the European Union is hereby established.
Amendment 51 #
Proposal for a regulation
Article 1 – paragraph 1 b (new)
Article 1 – paragraph 1 b (new)
Operational management shall consist of all the tasks necessary to keep the large- scale IT systems referred to in the first paragraph functioning in accordance with the specific provisions applicable to each of those IT systems, including responsibility for the communication infrastructure used by the IT systems. There shall be by no means the possibility of interoperability between those large- scale IT systems.
Amendment 52 #
Proposal for a regulation
Article 1 a (new)
Article 1 a (new)
Article 1a Objectives of the Agency Without prejudice to the respective responsibilities of the Commission and of the Member States under the instruments governing the IT systems referred to in Article 1, the Agency shall ensure: – the implementation of effective and secure operation, and the continuous, efficient and financially accountable management, of the IT systems referred to in Article 1; – a high-level quality of service for users of those IT systems; – continuity and uninterrupted service; – a high level of data protection, in accordance with the applicable rules, including specific provisions for each IT system referred to in Article 1; – a high level of physical security and data integrity and security, in accordance with the applicable rules, including specific provisions for each IT system, as referred to in Article 1; – the use of a professional project management structure for the efficient development of large-scale IT systems.
Amendment 53 #
Proposal for a regulation
Article 4 a (new)
Article 4 a (new)
Amendment 55 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. UponOnly at the specific and precise request of the CommissionEuropean Parliament, the Commission or the European Data Protection Supervisor, and after informing the Council at least three months in advance, the Agency shallmay implement pilot schemes for the development and/or the operational management ofas referred to in Article 49(6), point (a), of Regulation (EC, Euratom) No 1605/2002, but only within the framework of the large- scale IT systems of which it is already in charge, in application of Title V of the Treaty on the Functioning of the European Union. 1a. The European Parliament, the Council and the European Data Protection Supervisor shall be consulted when proposals are drawn up for the further development of those pilot schemes.
Amendment 63 #
Proposal for a regulation
Article 9 – paragraph 1 – point i
Article 9 – paragraph 1 – point i
(i) before 30 September each year, and after receiving the opinion of the Commission, adopt by a two-thirds majority of its members with the right to vote, and in accordance with the annual Union budgetary procedure and the Union legislative programme in areas of Title V of the Treaty on the Functioning of the European Union, the Agency's annual work programme for the coming year; and ensure that the adopted work programme is forwarded to the European Parliament, the Council and, the Commission and the European Data Protection Supervisor, and that it is published;
Amendment 64 #
Proposal for a regulation
Article 9 – paragraph 1 – point j
Article 9 – paragraph 1 – point j
(j) before 31 March each year, adopt the Agency's annual activity report for the previous year and transmit it by 15 June at the latest to the European Parliament, the Council, the Commission, the European Data Protection Supervisor, the European Economic and Social Committee and the Court of Auditors; the annual activity report shall be published;
Amendment 67 #
Proposal for a regulation
Article 10 – paragraph 3
Article 10 – paragraph 3
3. The members of the Management Board shall be appointed on the basis of their high level relevant experience and expertise in the field of large-scale IT systems in the area of freedom, security and justice, and in the field of data protection.
Amendment 68 #
Proposal for a regulation
Article 12 – paragraph 3 a (new)
Article 12 – paragraph 3 a (new)
3a. The European Data Protection Supervisor shall be granted observer status at the meetings of the Management Board.
Amendment 73 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
1. The Executive Director of the Agency shall be appointed by the Management Board, from a list of candidates proposed by the Commission, for a period of five year for a period of five years from among the suitable candidates identified in an open competition organised by the Commission. That selection procedure shall provide for publication in the Official Journal of the European Union and elsewhere of a call for expressions of interest. The Management Board may require a new procedure to be initiated if it is not satisfied with the suitability of any of the candidates retained in the first list. The Executive Director shall be appointed on the basis of his or her personal merits, experience in the field of large-scale IT systems, experience in the field of data protection, and administrative and management skills.
Amendment 74 #
Proposal for a regulation
Article 16 – paragraph 2 a (new)
Article 16 – paragraph 2 a (new)
2a. The European Data Protection Supervisor may appoint a representative to each of the Advisory Groups referred to in paragraph 1.
Amendment 76 #
Proposal for a regulation
Article 26 – paragraph 2
Article 26 – paragraph 2
2. The Agency shall also apply the security principles relating to the processing of non- classified sensitive information as adopted and implemented by the European Commission. In addition, the Agency shall apply the security principles and relevant provisions of the legal instruments concerning the three large-scale IT systems SIS II, VIS and EURODAC.
Amendment 77 #
Proposal for a regulation
Article 27 – paragraph 1
Article 27 – paragraph 1
1. Within threewo years from the date of the Agency having taken up its responsibilities, and every fivthree years thereafter, the Management Board shall commission an independent external evaluation of the implementation of this Regulation on the basis of terms of reference issued by the Management Board after consultation with the CommissionEuropean Parliament, the Council, the Commission and the European Data Protection Supervisor.
Amendment 79 #
Proposal for a regulation
Article 27 – paragraph 2
Article 27 – paragraph 2
2. The evaluation shall assess the utility, relevance and effectiveness of the Agency and its working practices. It shall also assess the protection of data, data security and respect for fundamental rights. The evaluation shall take into account the views of stakeholders, including parliaments and data protection supervisors, at both European and national level.
Amendment 80 #
Proposal for a regulation
Article 27 – paragraph 3
Article 27 – paragraph 3
3. The Management Board shall receive the evaluation and issue recommendations regarding changes to this Regulation, the Agency and its working practices to the Commission, which shall forward them, together with its own opinion as well as appropriate proposals, to the Council and, the European Parliament and the European Data Protection Supervisor. An action plan with a timetable shall be included, if appropriate. Both the evaluation and the recommendations shall be made public.