176 Amendments of Cornelia ERNST related to 2017/0352(COD)
Amendment 192 #
Proposal for a regulation
–
–
The European Parliament rejects the Commission proposal.
Amendment 193 #
Proposal for a regulation
Title 1
Title 1
Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for interoperabilconnectivity between EU information systems (police and judicial cooperation, asylum and migration) (The change from ‘interoperability' to ‘interconnectivity' applies throughout the text. Adopting it will necessitate corresponding changes throughout.)
Amendment 199 #
Proposal for a regulation
Recital 9
Recital 9
(9) With a view to improve the management of the external borders, to contribute to preventing and combating irregular migration and to contribute to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States, interoperabilityinteraction between EU information systems, namely [the Entry/Exit System (EES)], the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)] should be established in order for these EU information systems and their data to supplement each other. To achieve this, a European search portal (ESP), a shared biometric matching service (shared BMS), a common identity repository (CIR) and a multiple-identity detector (MID) should be established as interoperability components. should be established maintaining all the requirements of the existing legal instruments, namely access rights and purpose limitation. (The deletion of references to EURODAC and ECRIS-TCN applies throughout the text. Adopting it will necessitate corresponding changes throughout.)
Amendment 202 #
(10) The interoperabilconnectivity between the EU information systems should allow said systems to supplementcrosscheck each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, streamline the law enforcement access to the EES, the VIS, the [ETIAS] and Eurodac, and support the purposes of the EES, the VIS, the [ETIAS], Eurodac, the SIS and the [ECRIS-TCN system].
Amendment 208 #
Proposal for a regulation
Recital 11
Recital 11
(11) The interoperabilconnectivity components should cover the EES, the VIS, the [ETIAS], Eurodac, the SIS, and the [ECRIS-TCN system]. They should also cover the Europol data to the extent of enabling it to be queried simultaneously with these EU information systems and the SIS.
Amendment 211 #
Proposal for a regulation
Recital 12
Recital 12
Amendment 215 #
Proposal for a regulation
Recital 13
Recital 13
(13) The European search portal (ESP) should be established to facilitate technically the ability of Member State authorities and EU bodies to have fast, seamless, efficient, systematic and controlled access to the relevant EU information systems, the Europol data and the Interpol databases needed to perform their tasks,always in accordance with their access rights, and to support the objectives of the EES, the VIS, the [ETIAS], Eurodac, the SIS, the [ECRIS-TCN system] and the Europol data. Enabling the simultaneous querying of all relevant EU information systems in parallel, as well as of the Europol data and the Interpol databasepurpose limitations. Enabling the simultaneous querying of all relevant EU information systems in parallel, in full respect of the access control and data protection requirements of the underlying systems, the ESP should act as a single window or ‘message broker’ to search various central systems and retrieve the necessary information seamlessly and in full respect of the access control and data protection requirements of the underlying systems.
Amendment 218 #
Proposal for a regulation
Recital 15
Recital 15
(15) The European search portal (ESP) should be developed and configured in such a way that it fully respects purpose and access limitations and, additionally, does not allow the use of fields of data for the query that are not related to persons or travel documents or that are not present in an EU information system, in the Europol data or in the Interpol database.
Amendment 219 #
Proposal for a regulation
Recital 16
Recital 16
(16) To ensure fast and systematic use of all relevant EU information systems, the European search portal (ESP) should be used to query the common identity repository, the EES, the VIS, [the ETIAS], Eurodac and [the ECRIS-TCN system]. However, the national connection to the different relevant EU information systems should remain in order to provide a technical fall back. The ESP should also be used by Union bodies to query the Central SIS in accordance with their access rights and in order to perform their tasks. The ESP should be an additional means to query the Central SIS, the Europol data and the Interpol systems, complementing the existing dedicated interfaces.
Amendment 222 #
Proposal for a regulation
Recital 17
Recital 17
Amendment 223 #
Proposal for a regulation
Recital 17
Recital 17
(17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits by relying on one unique technological component instead of different ones in each of the underlying systems. All automated fingerprint identification systems, including those currently used for Eurodac, the VIS and the SIS, use biometric templates comprised of data derived from a feature extraction of actual biometric samples. The shared BMS should regroup and store all these biometric templates in one single location, facilitating cross-system comparisons using biometric data and enabling economies of scale in developing and maintaining the EU central systems.
Amendment 228 #
Proposal for a regulation
Recital 18
Recital 18
(18) Biometric data and biometric templates constitute sensitive personal data. This regulation should lay down the basis for and the safeguards for processing of such data and templates for the purpose of uniquely identifying the persons concerned.
Amendment 229 #
Proposal for a regulation
Recital 19
Recital 19
(19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council54 ,and Regulation (EC) No 767/2008 of the European Parliament and of the Council55 , [the ETIAS Regulation] for the management of the borders of the Union, the system established by [the Eurodac Regulation] to identify the applicants for international protection and combat irregular migration, and the system established by [the ECRIS-TCN system Regulation] require in order to be effective to rely on the accurate identification of the third-country nationals whose personal data are stored therein. _________________ 54 Regulation (EU) 2017/2226 of the European Parliament and of the Council of 30 November 2017 establishing an Entry/Exit System (EES) to register entry and exit data and refusal of entry data of third-country nationals crossing the external borders of the Member States and determining the conditions for access to the EES for law enforcement purposes, and amending the Convention implementing the Schengen Agreement and Regulations (EC) No 767/2008 and (EU) No 1077/2011 (EES Regulation) (OJ L 327, 9.12.2017, p. 20–82). 55 Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation) (OJ L 218, 13.8.2008, p. 60).
Amendment 233 #
Proposal for a regulation
Recital 20
Recital 20
Amendment 234 #
Proposal for a regulation
Recital 21
Recital 21
(21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third-country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals. The common identity repository (CIR) should store the personal data concerning third-country nationals present in the systems that are necessary to enable the more accurate identification of those individuals, therefore including their identity, travel document and biometric data, regardless of the system in which the data was originally collected. Only the personal data strictly necessary to perform an accurate identity check should be stored in the CIR. The personal data recorded in the CIR should be kept for no longer than is strictly necessary for the purposes of the underlying systems and should be automatically deleted when the data is deleted in the underlying systems in accordance with their logical separation.
Amendment 238 #
Proposal for a regulation
Recital 22
Recital 22
Amendment 241 #
Proposal for a regulation
Recital 23
Recital 23
Amendment 246 #
Proposal for a regulation
Recital 24
Recital 24
Amendment 250 #
Proposal for a regulation
Recital 25
Recital 25
Amendment 252 #
Proposal for a regulation
Recital 26
Recital 26
Amendment 254 #
Proposal for a regulation
Recital 27
Recital 27
Amendment 260 #
Proposal for a regulation
Recital 28
Recital 28
Amendment 265 #
Proposal for a regulation
Recital 29
Recital 29
Amendment 272 #
Proposal for a regulation
Recital 31
Recital 31
(31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data covered under common identity repository (CIR) obtained using biometric data of that person taken during an identity check, should continue to be governed by the provisions in the respective legal instruments. The designated law enforcement authorities and Europol do not know in advance which of the EU information systems contains data of the persons they need to inquire upon. This results in delays and inefficiencies in the conduct of their tasks. The end-user authorised by the designated authority should therefore be allowed to see in which of the EU information systems the data corresponding to the query introduced are recorded. The concerned system would thus be flagged following the automated verification of the presence of a hit in the system (a so-called hit-flag functionality).
Amendment 276 #
Proposal for a regulation
Recital 32
Recital 32
(32) The logs of the all queries of the common identity repository should indicate the purpose of the query. Where such a query was performed using the two- step data consultation approach, the logs should include a reference to the national file of the investigation or case, therefore indicating that such query was launched for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences.
Amendment 280 #
Proposal for a regulation
Recital 33
Recital 33
(33) The query of the common identity repository (CIR) by Member State designated authorities and Europol in order to obtain a hit-flag type of response indicating the data is recorded in the EES, the VIS, or [the ETIAS] or Eurodac requires automated processing of personal data. A hit-flag would not reveal personal data of the concerned individual other thanin the form of an indication that some of his or her data are stored in one of the systems if the end-user has access rights to the database/system that these data are stored in. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag. Access by the end-user of a hit-flag would therefore realise a very limited interference with the right to protection of personal data of the concerned individual, while it would be necessary to allow the designated authority and Europol to address its request for access for personal data more effectively directly to the system that was flagged as containing it while respecting purpose limitation and access rights .
Amendment 282 #
Proposal for a regulation
Recital 34
Recital 34
Amendment 286 #
Proposal for a regulation
Recital 35
Recital 35
Amendment 289 #
Proposal for a regulation
Recital 36
Recital 36
(36) The possibility to achieve the objectives of the EU information systems is undermined by the current inabilidifficulty for the authorities using these systems to conduct sufficiently reliable verifications of the identities of the third-country nationals whose data are stored in different systems. That inabilidifficulty is determined by the fact that the set of identity data stored in a given individual system may be fraudulent, incorrect, or incomplete, and that there is currently no possibility to detect such fraudulent, incorrect or incomplete identity data by way of comparison with data stored in another system. To remedy this situation it is necessary to have a technical instrument at Union level allowing accurate identification of third-country nationals for these purposes.
Amendment 291 #
Proposal for a regulation
Recital 37
Recital 37
Amendment 293 #
Proposal for a regulation
Recital 38
Recital 38
(38) This Regulation provides for new data processing operations aimed at identifying the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights. Since the effective implementation of the EU information systems is dependent upon correct identification of the individuals concerned, such interference is justified by the same objectives for which each of those systems have been established, the effective management of the Union's borders, the internal security of the Union, the effective implementation of the Union's asylum and visa policies and the fight against irregular migration.
Amendment 296 #
Proposal for a regulation
Recital 39
Recital 39
Amendment 298 #
Proposal for a regulation
Recital 40
Recital 40
Amendment 301 #
Proposal for a regulation
Recital 41
Recital 41
Amendment 308 #
Proposal for a regulation
Recital 43
Recital 43
(43) For the links obtained in relation to the Schengen Information System (SIS) related to the alerts in respect of persons wanted for arrest or for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure, on persons for discreet checks or specific checks or on unknown wanted persons, the authority responsible for the verification of multiple identities should be the SIRENE Bureau of the Member State that created the alert. Indeed those categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating the data in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with the [SIS Regulations]. A link should only be created for types of alerts relating to serious criminal offences as defined in Article 4 (25) and (26) of the current Regulation and cannot be created for types of alerts that concern EU or dual citizens.
Amendment 310 #
Proposal for a regulation
Recital 44
Recital 44
(44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU information systems. The common quality indicators should include the minimum quality standards to store data in the EU information systems or the interoperability components. The goal of such a data quality standards should be for the EU information systems and interoperability components to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions.
Amendment 312 #
Proposal for a regulation
Recital 45
Recital 45
(45) The Commission should evaluate eu-LISA quality reports and should issue recommendations to Member States where appropriate. Member States should be responsible for preparing an action plan describing actions to remedy any deficiencies in data quality and fundamental rights and should report on its progress regularly.
Amendment 315 #
Proposal for a regulation
Recital 47
Recital 47
Amendment 320 #
Proposal for a regulation
Recital 51
Recital 51
(51) The national supervisory authorities established in accordance with [Regulation (EU) 2016/679] or Directive (EU) 2016/680 should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Union institutions and bodies in relation to the processing of personal data. The European Data Protection Supervisor and the supervisory authorities should cooperate with each other in the monitoring of the processing of personal data by interoperability components.
Amendment 322 #
Proposal for a regulation
Recital 55
Recital 55
(55) To support the purposes of statistics and reporting on possible negative impact on fundamental rights, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation to consult certain data related to certain interoperability components without enabling individual identification.
Amendment 324 #
Proposal for a regulation
Recital 56
Recital 56
(56) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period. Similarly, in order to allow for the coherent and optimal functioning of the multiple-identity detector (MID), transitional measures should be established for the start of its operations.
Amendment 340 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperabilconnectivity between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, and the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data to supplement each other.
Amendment 346 #
Proposal for a regulation
Article 1 – paragraph 2 – point c
Article 1 – paragraph 2 – point c
Amendment 350 #
Proposal for a regulation
Article 1 – paragraph 2 – point d
Article 1 – paragraph 2 – point d
Amendment 352 #
Proposal for a regulation
Article 1 – paragraph 3
Article 1 – paragraph 3
3. This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS) and lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (eu-LISA), with respect to the design and operation of the interoperability components.
Amendment 353 #
Proposal for a regulation
Article 1 – paragraph 4
Article 1 – paragraph 4
Amendment 360 #
Proposal for a regulation
Article 2 – paragraph 1 – point b
Article 2 – paragraph 1 – point b
Amendment 365 #
Proposal for a regulation
Article 2 – paragraph 1 – point c
Article 2 – paragraph 1 – point c
(c) to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States;
Amendment 366 #
Proposal for a regulation
Article 2 – paragraph 1 – point e
Article 2 – paragraph 1 – point e
Amendment 371 #
Proposal for a regulation
Article 2 – paragraph 2 – point a
Article 2 – paragraph 2 – point a
Amendment 374 #
Proposal for a regulation
Article 2 – paragraph 2 – point b
Article 2 – paragraph 2 – point b
Amendment 382 #
Proposal for a regulation
Article 2 – paragraph 2 – point e
Article 2 – paragraph 2 – point e
(e) strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems;
Amendment 384 #
Proposal for a regulation
Article 2 – paragraph 2 – point f
Article 2 – paragraph 2 – point f
Amendment 388 #
Proposal for a regulation
Article 2 – paragraph 2 – point g
Article 2 – paragraph 2 – point g
(g) supporting the purposes of the EES, the VIS, [the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system].
Amendment 390 #
Proposal for a regulation
Article 3 – paragraph 1
Article 3 – paragraph 1
1. This Regulation applies to Eurodac, the Schengen Information System (SIS) and [the European Criminal Records Information System for third- country nationals (ECRIS-TCN)].
Amendment 391 #
Proposal for a regulation
Article 3 – paragraph 2
Article 3 – paragraph 2
2. This Regulation also applies to thedata held by Europol data, to the extent of enablingneeded in order to querying it simultaneously to with other EU information systems referred to in paragraph 1 in accordance with Union law.
Amendment 392 #
Proposal for a regulation
Article 3 – paragraph 3
Article 3 – paragraph 3
Amendment 394 #
Proposal for a regulation
Article 3 – paragraph 3 a (new)
Article 3 – paragraph 3 a (new)
3a. This Regulation shall not apply to personal data relating to an identified, or identifiable citizen of the EU.
Amendment 395 #
(7) ‘third-country national’ means a person who is not a citizen of the Union within the meaning of Article 20(1) of the Treaty, or a stateless person not residing in the EU or a person whose nationality is unknown;
Amendment 397 #
Proposal for a regulation
Article 4 – paragraph 1 – point 9
Article 4 – paragraph 1 – point 9
(9) ‘identity data’ means the data referred to in Article 27(3)(a) to (h);: names, nationality, date and place of birth.
Amendment 402 #
Proposal for a regulation
Article 4 – paragraph 1 – point 20
Article 4 – paragraph 1 – point 20
(20) ‘Interpol databases’ means the Interpol Stolen and Lost Travel Document database (SLTD) and the Interpol Travel Documents Associated with Notices database (Interpol TDAWN);
Amendment 407 #
Proposal for a regulation
Article 4 – paragraph 1 – point 35
Article 4 – paragraph 1 – point 35
Amendment 409 #
Proposal for a regulation
Article 4 – paragraph 1 – point 36
Article 4 – paragraph 1 – point 36
Amendment 411 #
Proposal for a regulation
Article 4 – paragraph 1 – point 37
Article 4 – paragraph 1 – point 37
Amendment 422 #
Proposal for a regulation
Article 5 – paragraph 1
Article 5 – paragraph 1
Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, social, racial or ethnic origin, religion or belief, disability, age or sexual orientation. It shall fully respect human dignity and integrity. Particular attention shall be paid to children, the elderly and persons with a disability.
Amendment 424 #
Proposal for a regulation
Article 5 – paragraph 1 – subparagraph 1 (new)
Article 5 – paragraph 1 – subparagraph 1 (new)
To this end, no biometric data of children, elderly and persons with disabilities shall be processed.
Amendment 428 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system]the SIS, and the Europol data.
Amendment 430 #
Proposal for a regulation
Article 6 – paragraph 2 – point a
Article 6 – paragraph 2 – point a
(a) a central infrastructure, including a search portal enabling the simultaneous querying of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS-TCN system]the SIS, as well as of the Europol data and the Interpol databases;
Amendment 431 #
Proposal for a regulation
Article 6 – paragraph 2 – point c
Article 6 – paragraph 2 – point c
(c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the common identity repository (CIR) and the multiple-identity detector.
Amendment 435 #
Proposal for a regulation
Article 7 – paragraph 1
Article 7 – paragraph 1
1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system], to the CIR and the multiple-identity detector as well as the Europol data and the Interpol databases in accordance with Union or national law governing such access.
Amendment 440 #
Proposal for a regulation
Article 7 – paragraph 2
Article 7 – paragraph 2
2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of Eurodac and [the ECRIS-TCN system] in accordance with their access rights under Union and national law. They shall also use the ESP to query the CIR in accordance with their access rights under this Regulation for the purposes referred to in Articles 20, 21 and 22.
Amendment 448 #
Proposal for a regulation
Article 8 – paragraph 1 – point a a (new)
Article 8 – paragraph 1 – point a a (new)
(aa) the purpose for which the EU information systems, the Europol data and the Interpol databases may be accessed;
Amendment 454 #
Proposal for a regulation
Article 9 – paragraph 1
Article 9 – paragraph 1
1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases.
Amendment 459 #
Proposal for a regulation
Article 9 – paragraph 4
Article 9 – paragraph 4
4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system], the CIR and the multiple-identity detector, as well as the Europol data and the Interpol databases, shall provide the data that they contain resulting from the query of the ESP.
Amendment 468 #
Proposal for a regulation
Article 10 – paragraph 1 – introductory part
Article 10 – paragraph 1 – introductory part
1. Without prejudice to [Article 39 of the Eurodac Regulation], [Articles 12 and 18 of the Regulation on SIS in the field of law enforcement], [Article 29 of the ECRIS-TCN Regulation] and Article 40 of Regulation (EU) 2016/794, eu-LISA shall keep logs of all data processing operations within the ESP. Those logs shall include, in all cases and in particular, the following:
Amendment 470 #
Proposal for a regulation
Article 10 – paragraph 1 – point b a (new)
Article 10 – paragraph 1 – point b a (new)
(ba) the exact purpose of the query;
Amendment 472 #
Proposal for a regulation
Article 10 – paragraph 1 – point d
Article 10 – paragraph 1 – point d
(d) in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query., the name of the authority which requested the query and of the official who ordered it;
Amendment 475 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onthree years after their creation, unles datasets they are required for monitoring procedures that have already begunfer to have been deleted.
Amendment 490 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across severalrelevant EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system].
Amendment 494 #
Proposal for a regulation
Article 12 – paragraph 2 – point a
Article 12 – paragraph 2 – point a
(a) a central infrastructure, including a search engine and the storage ofsearch engine in order to query the relevant EU databases with the data referred to in Article 13;
Amendment 499 #
Proposal for a regulation
Article 12 – paragraph 2 – point b
Article 12 – paragraph 2 – point b
(b) a secure communication infrastructure between the shared BMS, and the Central-SIS and the CIR.
Amendment 504 #
Proposal for a regulation
Article 13 – paragraph 1 – point c
Article 13 – paragraph 1 – point c
(c) [the datafingerprints referred to in Article 20(2)(w) and (x) of the Regulation on SIS in the field of border checks;
Amendment 508 #
Proposal for a regulation
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
(d) the data referred to in Article 20(3)(w) and (x) of the Regulation on SIS in the field of law enforcement;
Amendment 509 #
Proposal for a regulation
Article 13 – paragraph 1 – point e
Article 13 – paragraph 1 – point e
(e) the datafingerprints referred to in Article 4(3)(t) and (u) of the Regulation on SIS in the field of illegal return];
Amendment 513 #
Proposal for a regulation
Article 13 – paragraph 2
Article 13 – paragraph 2
2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. In all cases, in full respect of purpose limitation, the officer launching a query in the BMS shall only be able to see the references to those information systems that he or she is authorised to access.
Amendment 517 #
Proposal for a regulation
Article 14
Article 14
Amendment 523 #
Proposal for a regulation
Article 15 – paragraph 1
Article 15 – paragraph 1
The data referred to in Article 13 shall be stored in the shared BMS for as long as the corresponding biometric data is stored in the CIR or the SISSIS and automatically deleted when the data retention time, as regulated in the individual IT system, expires.
Amendment 527 #
Proposal for a regulation
Article 16 – paragraph 1 – point c a (new)
Article 16 – paragraph 1 – point c a (new)
(ca) the exact purpose of the query;
Amendment 528 #
Proposal for a regulation
Article 16 – paragraph 1 – point g
Article 16 – paragraph 1 – point g
(g) in accordance with national rules or with Regulation (EU) 2016/794 or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query. and the name of the authority which requested the query and of the official who ordered it;
Amendment 533 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring and monitoring the impact on fundamental rights, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
Amendment 535 #
Proposal for a regulation
Article 17
Article 17
Amendment 541 #
Proposal for a regulation
Article 18
Article 18
Amendment 546 #
Proposal for a regulation
Article 19
Article 19
Adding, amending and deleting data inrticle 1.9 deleted in Eurodac or [the ECRIS-TCN system], the data referred to in Article 18 stored in the individual file of the CIR shall be added, amended or deleted accordingly in an automated manner. 2. detector creates a white or red link in accordance with Articles 32 and 33 between the data of two or more of the EU information systems constituting the CIR, instead of creating a new individual file, the CIR shall add the new data to the individual file of the linked data.the common identity repository Where data is added, amended or Where the multiple-identity
Amendment 549 #
Proposal for a regulation
Article 20
Article 20
Access to the common identity repository 1. authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Where the query indicates that data on that person is stored in the CIR, the Member States authority shall have access to consult the data referred to in Article 18(1). Where the biometric data of the person cannot be used or where the query with that data fails, the query shall be carried out with identity data of the person in combination with travel document data, or with the identity data provided by that person. 2. themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks.rticle 20 deleted for identification Where a Member State police Member States wishing to avail
Amendment 566 #
Proposal for a regulation
Article 21
Article 21
Access to the common identity repository for the detection of multiple identities 1. in a yellow link in accordance with Article 28(4), the authority responsible for the verification of different identities determined in accordance with Article 29 shall have access, solely for the purpose of that verification, to the identity data stored in the CIR belonging to the various information systems connected to a yellow link. 2. in a red link in accordance with Article 32, the authorities referred to in Article 26(2) shall have access, solely for the purposes of fighting identity fraud, to the identity data stored in the CIR belonging to the various information systems connected to a red link.rticle 21 deleted Where a query of the CIR results Where a query of the CIR results
Amendment 570 #
Proposal for a regulation
Article 22
Article 22
Amendment 580 #
Proposal for a regulation
Article 23
Article 23
Amendment 586 #
Proposal for a regulation
Article 24
Article 24
Amendment 597 #
Proposal for a regulation
Article 25
Article 25
Amendment 603 #
Proposal for a regulation
Article 25 – paragraph 3 a (new)
Article 25 – paragraph 3 a (new)
3a. Eu-LISA(and the competent authorities of the Member States) should use appropriate procedures for the profiling, implement technical and organizational measures appropriate to ensure, in particular, that factors which result in inaccuracies in personal data are corrected and the risk of errors is minimized, secure personal data in a manner that takes account of the potential risks involved for the interests and rights of the data subject and that prevents discriminatory effects on natural persons on the basis of social, racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such effect.
Amendment 604 #
Proposal for a regulation
Article 25 – paragraph 3 b (new)
Article 25 – paragraph 3 b (new)
Amendment 605 #
Proposal for a regulation
Article 26
Article 26
Access to the multiple-identity detector 1. identity verification referred to in Article 29, access to the data referred to in Article 34 stored in the MID shall be granted to: (a) (b) (c) (d) the authorities competent to asrticle 26 deleted For the purposess a request for international protection provided for in the Eurodac Regulation when assessing a new request for international protection; (e) Member State creating a [Regulation on SIS in the field of law enforcement or Regulation on SIS in the field of illegal return]; (f) [the central authorities of the convicting Member State when recording or updating data in the ECRIS-TCN system in accordance with Article 5 of the ECRIS-TCN Regulation.] 2. bodies having access to at least one EU information system included in the common identity repository or to the SIS shall have access to the data referred to in Article 34(a) and (b) regarding any red links as referred to in Article 32.of the manual – (not applicable); – (not applicable); – (not applicable); the SIRENE Bureaux of the Member State authorities and EU
Amendment 610 #
Proposal for a regulation
Article 27
Article 27
Amendment 618 #
Proposal for a regulation
Article 28
Article 28
Amendment 621 #
Proposal for a regulation
Article 28 – paragraph 5
Article 28 – paragraph 5
5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to indelegated acts. Such delegated acts should be designed in a manner that protects persons with multiple lawful identities against discrimination. Those delegated acts shall be adopted in accordance with Article 64(2)3.
Amendment 622 #
Proposal for a regulation
Article 29
Article 29
Amendment 624 #
Proposal for a regulation
Article 29 – paragraph 1 – subparagraph 1 – point e
Article 29 – paragraph 1 – subparagraph 1 – point e
(e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of law enforcement and on SIS in the field of illegal return];
Amendment 630 #
Proposal for a regulation
Article 29 – paragraph 2 – subparagraph 1 (new)
Article 29 – paragraph 2 – subparagraph 1 (new)
Amendment 633 #
Proposal for a regulation
Article 29 – paragraph 3
Article 29 – paragraph 3
3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the common identity repository and, where relevant, in the SIS, and shall assess the different identities and shall update the link in accordance with Articles 31, 32 and 33 and add it to the identity confirmation file without delay, in any case within 24 hours.
Amendment 637 #
Proposal for a regulation
Article 30
Article 30
Amendment 641 #
Proposal for a regulation
Article 31
Article 31
Amendment 645 #
Proposal for a regulation
Article 32
Article 32
Amendment 646 #
Proposal for a regulation
Article 32 – paragraph 1 – point a
Article 32 – paragraph 1 – point a
(a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person who has evidently provided false information with the intent of committing a serious criminal offence;
Amendment 649 #
Proposal for a regulation
Article 32 – paragraph 1 – point b
Article 32 – paragraph 1 – point b
(b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person who has evidently provided false information with the intent of committing a serious criminal offence.
Amendment 654 #
Proposal for a regulation
Article 32 – paragraph 4
Article 32 – paragraph 4
4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any national investigation will not be jeopardised, in accordance with Article 13 of Directive (EU) 2016/680 and Article 23 of Regulation (EU) 2016/679 and other relevant EU legislation, where a red link is created, the authority responsible for verification of different identities shall inform the person of the presence of multiple unlawful identities.
Amendment 657 #
Proposal for a regulation
Article 32 – paragraph 5 a (new)
Article 32 – paragraph 5 a (new)
5a. A third-country national shall be notified of the existence of a red link as soon as such a notification can no longer jeopardize on-going investigations or proceedings.
Amendment 659 #
Proposal for a regulation
Article 33
Article 33
Amendment 665 #
Proposal for a regulation
Article 34
Article 34
Amendment 667 #
Proposal for a regulation
Article 35
Article 35
Amendment 668 #
Proposal for a regulation
Article 35 – paragraph 1
Article 35 – paragraph 1
The identity confirmation files and its data, including the links, shall be stored in the multiple-identity detector (MID) only for as long as the linked data is stodeleted after their use, except if thered in two or more EU information systemss a green link.
Amendment 671 #
Proposal for a regulation
Article 36
Article 36
Amendment 677 #
Proposal for a regulation
Article 37 – paragraph 1
Article 37 – paragraph 1
1. eu-LISA shall establish automated data quality control mechanisms and procedures on the data stored in the SIS, Eurodac, [the ECRIS-TCN system], the shared biometric matching service (shared BMS), the common identity repository (CIR) and the multiple-identity detector (MID).
Amendment 679 #
Proposal for a regulation
Article 37 – paragraph 2
Article 37 – paragraph 2
2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the SIS, Eurodac, [the ECRIS-TCN system], the shared BMS, the CIR and the MIDthe shared BMS.
Amendment 683 #
Proposal for a regulation
Article 37 – paragraph 3
Article 37 – paragraph 3
3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the Member States and the European Data Protection Board. eu-LISA shall also provide a regular report to the Commission covering the issues encountered and the Member States concerned.
Amendment 684 #
Proposal for a regulation
Article 37 – paragraph 4
Article 37 – paragraph 4
4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in the SIS, Eurodac, [the ECRIS- TCN system], the shared BMS, the CIR and the MIDthe shared BMS, in particular regarding biometric data, shall be laid down in implementing acts. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64(2).
Amendment 694 #
Proposal for a regulation
Article 39
Article 39
Amendment 710 #
Proposal for a regulation
Article 40 – paragraph 3 a (new)
Article 40 – paragraph 3 a (new)
3a. eu-LISA shall also be considered to be a controller in relation to all processing under this Regulation. Relevant provisions of Regulation (EC) 45/2001 shall apply.
Amendment 711 #
Proposal for a regulation
Article 41
Article 41
Amendment 720 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor as well as national supervisory authorities concerned.
Amendment 725 #
Proposal for a regulation
Article 44 – paragraph 3 a (new)
Article 44 – paragraph 3 a (new)
3a. The Commission shall report serious incidents immediately to the European Parliament and the Council. These reports shall be classified as EU RESTRICTED/RESTREINT UE in accordance with applicable security rules.
Amendment 726 #
Proposal for a regulation
Article 44 – paragraph 3 b (new)
Article 44 – paragraph 3 b (new)
3b. Where a security incident is caused by the misuse of data, Member States or the relevant EU Agencies shall ensure that penalties or disciplinary measures are imposed in accordance with Union and national law.
Amendment 730 #
Proposal for a regulation
Article 45 a (new)
Article 45 a (new)
Article 45a Penalties Member States shall take the necessary measures to ensure that any use of data in a manner contrary to this Regulation is punishable by effective, proportionate and dissuasive penalties in accordance with national law, Article 84 of Regulation (EU) 2016/679 and Article 57 of Directive (EU) 2016/680 as well as [relevant Article of new] Regulation 45/2001.
Amendment 736 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
Amendment 738 #
Proposal for a regulation
Article 46 – paragraph 2
Article 46 – paragraph 2
Amendment 739 #
Proposal for a regulation
Article 46 – paragraph 2 – introductory part
Article 46 – paragraph 2 – introductory part
2. Persons whose data is recorded in Eurodac or [the ECRIS-TCN system] shall be informed about the processing of data for the purposes of this Regulation in accordance with paragraph 1 when:.
Amendment 740 #
Proposal for a regulation
Article 46 – paragraph 2 – point d
Article 46 – paragraph 2 – point d
Amendment 741 #
Proposal for a regulation
Article 46 – paragraph 2 – point e
Article 46 – paragraph 2 – point e
Amendment 742 #
Proposal for a regulation
Article 46 – paragraph 2 a (new)
Article 46 – paragraph 2 a (new)
2a. The data subject should also be informed about the relevant retention periods, the automated decision-making and the fact that personal data is not transferred or made available to third countries, international organizations or private parties with the exception of transfers to Interpol.
Amendment 743 #
Proposal for a regulation
Article 46 – paragraph 2 b (new)
Article 46 – paragraph 2 b (new)
2b. The information referred to in this Article shall be given in a language that the person understands. The information shall be provided to children in an age- appropriate manner. The provision of the information shall also take into account specific needs of a person concerned.
Amendment 744 #
Proposal for a regulation
Article 46 a (new)
Article 46 a (new)
Article 46a Information Campaign The Commission shall, in cooperation with the supervisory authorities and the European Data Protection Supervisor, accompany the start of operations of each interconnectivity component with an information campaign informing the public and, in particular, third-country nationals, about the objectives and the functioning of those components, the authorities having access and the conditions for such access, and the rights of persons concerned. Such information campaigns shall be conducted continuously.
Amendment 745 #
Proposal for a regulation
Article 47 – title
Article 47 – title
Right of access, correction and erasure to, rectification, completion and erasure of personal data, and of restriction of the processing thereof
Amendment 748 #
Proposal for a regulation
Article 47 – paragraph 1
Article 47 – paragraph 1
1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities or of any Member State, who shall examine and reply to the requests well as under Articles 14 and 16 of Directive (EU) 2016/689, any person shall have the right to address him or herself to any controller in accordance with Article 40.
Amendment 758 #
Proposal for a regulation
Article 47 – paragraph 3
Article 47 – paragraph 3
3. If a request for correction, restriction of processing or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within 3021 days of such contact.
Amendment 762 #
Proposal for a regulation
Article 47 – paragraph 4
Article 47 – paragraph 4
4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State to which the request has been made shall inform the data subject about the correction or deletion without delay.
Amendment 784 #
Proposal for a regulation
Article 49 – paragraph 1
Article 49 – paragraph 1
1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 or pursuant to Article 41 of Directive (EU) 2016/680 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every four years.
Amendment 787 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
Article 49 – paragraph 1 a (new)
1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation.
Amendment 794 #
Proposal for a regulation
Article 50 – paragraph 1 a (new)
Article 50 – paragraph 1 a (new)
The EDPS should be provided with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 795 #
Proposal for a regulation
Article 51 – title
Article 51 – title
Cooperation between national supervisory authorities and the European Data Protection Supervisorand supervision
Amendment 796 #
Proposal for a regulation
Article 51 – paragraph 1
Article 51 – paragraph 1
1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the interoperability components, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of thisin accordance with Article 61 of Regulation (EU) XXXX/2018 [revised Regulation 45/2001].
Amendment 798 #
Proposal for a regulation
Article 51 – paragraph 2
Article 51 – paragraph 2
2. In the cases referred to in paragraph 1, cCoordinated supervision shall be ensured in accordance with Article 62 of Regulation (EU) XXXX/2018 [revised Regulation 45/2001].
Amendment 803 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 4
Article 52 – paragraph 3 – subparagraph 4
The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination, including the provision of technical solutions that would exclude the creation of links on EU or dual citizens that are recorded in the SIS or for types of alerts that are not relating to terrorist offences or serious criminal offences as defined in the present Regulation.
Amendment 804 #
Proposal for a regulation
Article 52 – paragraph 3 – subparagraph 4 a (new)
Article 52 – paragraph 3 – subparagraph 4 a (new)
Amendment 805 #
Proposal for a regulation
Article 52 – paragraph 5 – subparagraph 1
Article 52 – paragraph 5 – subparagraph 1
The Programme Management Board shall meet regularly and at least three times per quarter. It shall ensure the adequate management of the design and development phase of the interoperability components. Where relevant, experts to provide independent advise in matters relating to data protection shall be invited to the meetings.
Amendment 825 #
Proposal for a regulation
Article 55a
Article 55a
Amendment 826 #
Proposal for a regulation
Article 55b
Article 55b
Amendment 836 #
Proposal for a regulation
Article 55c
Article 55c
Amendment 853 #
Proposal for a regulation
Article 55d
Article 55d
Amendment 858 #
Proposal for a regulation
Article 56 – paragraph 1 – introductory part
Article 56 – paragraph 1 – introductory part
1. The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the European search portal (ESP), solely for the purposes of reporting and statistics without enabling individual identification and in accordance with the safeguards related to non-discrimination referred to in Article 5:
Amendment 862 #
Proposal for a regulation
Article 56 – paragraph 2 – point b
Article 56 – paragraph 2 – point b
Amendment 866 #
Proposal for a regulation
Article 56 – paragraph 3 – point a
Article 56 – paragraph 3 – point a
Amendment 869 #
Proposal for a regulation
Article 56 – paragraph 5
Article 56 – paragraph 5
5. For the purpose of paragraph 1 of this Article, eu-LISA shall store the data referred to in paragraph 1 of this Article in the central repository for reporting and statistics referred to in Chapter VII of this Regulation. The data included in the repositoryThe data shall not enable the identification of individuals, but it shall allow the authorities listed in paragraph 1 of this Article to obtain customisable reports and statistics to enhance the efficiency of border checks, to help authorities and processing of visa applications and to support evidence-based policymaking on migration and security in the Union. The data shall also be made available to supervisory authorities to facilitate fulfilment of their tasks. When storing the data, eu-LISA shall take into account the principle of privacy by design and take proactive measures to ensure that the data will not lead to the identification of individuals.
Amendment 871 #
Proposal for a regulation
Article 56 – paragraph 5 a (new)
Article 56 – paragraph 5 a (new)
5 a. Meaningful summaries shall be made available to the Agency for Fundamental Rights in order to evaluate the impact on fundamental rights of this Regulation.
Amendment 874 #
Proposal for a regulation
Article 58
Article 58
Amendment 877 #
Proposal for a regulation
Article 59
Article 59
Amendment 881 #
Proposal for a regulation
Article 60 – paragraph 1
Article 60 – paragraph 1
1. The costs incurred in connection with the establishment and operation of the ESP, the shared biometric matching service, the common identity repository (CIR) and the MID shall be borne by the general budget of the Union.
Amendment 887 #
Proposal for a regulation
Article 61 – paragraph 1 – subparagraph 2
Article 61 – paragraph 1 – subparagraph 2
A consolidated list of those authorities shall be published in the Official Journal of the European Union within a period of three months from the date on which each interoperability component commenced operations in accordance with Article 62. Where there are amendments to the list, eu- LISA shall publish an updated consolidated list once a year. The list shall include the date of notification for each authority listed.
Amendment 889 #
Proposal for a regulation
Article 62 – paragraph 1 – point -a (new)
Article 62 – paragraph 1 – point -a (new)
(-a) following the successful completion of a pilot project
Amendment 895 #
Proposal for a regulation
Article 63 – paragraph 2
Article 63 – paragraph 2
2. The power to adopt delegated acts referred to in Articles 8(2), 9(7) and 9(728(5) shall be conferred on the Commission for an indeterminate period of time from [the date of entry into force of this Regulation].
Amendment 899 #
Proposal for a regulation
Article 63 – paragraph 6
Article 63 – paragraph 6
6. A delegated act adopted pursuant to Articles 8(2), 9(7) and 9(728(5) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of [twohree months] of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by [two months] at the initiative of the European Parliament or of the Council.
Amendment 900 #
Proposal for a regulation
Article 65 – paragraph 1
Article 65 – paragraph 1
An Advisory Group shall be established by eu-LISA in order to provide it with the expertise related to interoperability, including its fundamental rights dimension, in particular in the context of the preparation of its annual work programme and its annual activity report. During the design and development phase of the interoperability instruments, Article 52(4) to (6) shall apply.
Amendment 903 #
Proposal for a regulation
Article 67 – paragraph 1 – subparagraph 1 (new)
Article 67 – paragraph 1 – subparagraph 1 (new)
The practical handbook should provide guidance to Member States on how to deal with yellow links that are the results of inconsistencies with the identity data contained in ETIAS. Such modalities should not create disproportionate burdens on persons who, without any intention to deceive the authorities, have entered inaccurate or ambiguous data in ETIAS.
Amendment 906 #
Proposal for a regulation
Article 68 – paragraph 2
Article 68 – paragraph 2
2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the EDPS, European Parliament and the Council on the state of play of the development of the interoperability components. Once the development is finalised, a report shall be submitted to the European Parliament and the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.
Amendment 909 #
Proposal for a regulation
Article 68 – paragraph 3
Article 68 – paragraph 3
3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components. Access to personal data shall be subject to strict safeguards. Any access to personal data under this provision shall be logged.
Amendment 913 #
Proposal for a regulation
Article 68 – paragraph 4
Article 68 – paragraph 4
4. Four years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the EDPS, European Parliament, the Council and the Commission a report on the technical functioning of the interoperability components, including the security thereof.
Amendment 915 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point b
Article 68 – paragraph 5 – subparagraph 1 – point b
(b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular the right to protection of personal data, the right to non-discrimination, the rights of the child and the right to an effective remedy;
Amendment 923 #
Proposal for a regulation
Article 68 – paragraph 8 – subparagraph 1 – introductory part
Article 68 – paragraph 8 – subparagraph 1 – introductory part
While respecting the provisions of national law on the publication of sensitive information, as well as the EU's obligation to act with utmost transparency, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on: