Opinion of the European Data Protection Supervisor on the proposal for a Regulation establishing a Registered Traveller Programme (RTP) .

On 28 February 2013, the Commission adopted a proposal for a Regulation of the European Parliament and of the Council establishing a Registered Traveller Programme (RTP). On the same day, this and a parallel proposal to establish an Entry/Exit System (EES) to register entry and exit data of third-country nationals crossing the external borders of the Member States of the European Union were sent to the EDPS for consultation.

The analysis of the EES and RTP proposals from a privacy and data protection angle must be done in the light of the EU’s Charter on Fundamental Rights which provides for a general right to respect for private and family life, and protects the individual against interference by public authorities, and which gives the individual the right that his or her personal can only be processed under certain specified conditions . The so-called Smart Borders package was assessed in this perspective.

The lawful character of the proposed system from a data protection angle: the EDPS confirms that the proposed EES system constitutes an interference with the right to respect for private and family life . While he welcomes the safeguards in the proposals and recognises the efforts made by the Commission in that sense, he concludes that necessity remains the essential issue : the cost/efficiency of the system is at stake, not only in financial terms, but also in relation to fundamental rights, seen in the global context of existing schemes and border policies.

As regards more specifically the RTP, the EDPS considers that the proposal does not raise the same substantial questions with regard to interference with fundamental rights as the EES. He still calls the attention of the legislator on the following aspects:

· the voluntary basis of the system is acknowledged, but consent should only be considered as a valid legal ground for processing the data if it is freely given, which means that RTP should not become the only valid alternative to long queues and administrative burdens;

· risks of discrimination should be prevented: the vast number of travellers who do not travel frequently enough to undergo registration or whose fingerprints are unreadable should not be de facto in the ‘higher-risk’ category of travellers;

· the verification process leading to registration should be based on selective access to clearly identified databases.

With regard to security aspects, the EDPS considers that for EES and RTP a Business Continuity Plan and Information Security Risk Management practices should be developed to assess and prioritise risks .

PURPOSE: to establish a Registered Traveller Programme (RTP) for third country national who travel frequently in the European Union.

PROPOSED ACT: Regulation of the European Parliament and of the Council.

ROLE OF THE EUROPEAN PARLIAMENT: Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.

BACKGROUND: according to the Schengen Borders Code , EU citizens and other persons enjoying the right of free movement under Union law (e.g. family members of EU citizens) crossing the external border shall be subject to a minimum check, both at entry and exit, consisting of the verification of the travel document in order to establish the identity of the person. On the other hand, all third country nationals however must be subject, at entry, to a thorough check.

However, current rules for third-country nationals could be described as "one-size-fits-all" as the same checks apply regardless of any differences in risk between different travellers or their frequency of travel. This is because current legislation does not allow for exceptions to the principle of thorough border checks except for certain categories of third-country nationals, such as Heads of States, cross-border workers and border residents. Only a very small minority of persons crossing the external border are able to benefit from the above-mentioned exceptions (equivalent to 0.2 % of total passenger flows).

Taking into account the foreseen increase in passenger flows at the external borders, an alternative border check procedure should be offered for frequent third-country travellers moving gradually away from a "country-centric" approach towards a "person-centric" approach.

This is what is proposed in this proposed Regulation establishing a totally automated Registered Traveller Programme.

The establishment of an Entry/Exit System (EES) with or without biometrics which would record entries and exits of third-country nationals for short stays at the external borders would be the precondition for allowing full automation of the border checks for registered travellers.

The RTP together with the EES will improve management and control of travel flows at the border substantially by reinforcing checks while speeding up border crossings for frequent, pre-vetted non EU travellers.

It should be noted that this proposal has been presented together with a proposal to establish an Entry/Exit System (EES) for third country nationals and a proposal to amend the Community Code on the rules governing checks at external border crossing points and surveillance at the external border ( Schengen Borders Code ) for the purpose of the functioning of the two new systems.

IMPACT ASSESSMENT: a first impact assessment was carried out in 2008 when preparing the Commission Communication on this subject (please refer to the European Parliament’s position on this question – 2008/2181(INI) ).

A second was completed in 2013. It analysed key implementation options. After the analysis of the options and their sub-options, a fee-based RTP for pre-vetted and pre-screened frequent third-country travellers with the data (biometrics, alphanumeric data and unique identifier number) stored in a Central Repository and the unique identifier (application number) stored in a token was found to be the most feasible option to guarantee smooth passenger flows at the external borders without decreasing the level of security at the EU.

This option would entail:

the retention of information for a maximum of five years; an initial access to the RTP should be granted for one year that may be extended for two years, followed by a further two years without a new application; four fingerprints should be stored in the Central Repository; minimal use of personal data in a totally computerised EU system and a very limited consultation of data stored in the Central Repository (during border checks, the border guard will only receive a positive or negative response from the central repository).

The preferred option would therefore provide for a proportionate balance between security, facilitation and data protection.

LEGAL BASIS: Articles 74 and 77(2)(b) and (d) of the Treaty on the Functioning of the European Union (TFEU).

CONTENT: the proposal has three main objectives:

to establish the procedures and conditions for access to the RTP; to define the purpose, the functionalities and responsibilities for a system combining tokens and a Central Repository for the storage of data on registered travellers; and to confer on the Agency for the operational management of large-scale information systems in the area of freedom, security and justice the development and operational management of the Central Repository and the definition of technical specifications for a token.

Set-up and technical architecture of the RTP: the RTP shall be based on a system for the storage of data on registered travellers which relies on tokens kept by the individual travellers on the one hand and on a Central Repository, a centrally located physical storage of the RTP data, on the other, together referred to as the "token-Central Repository".

The “token-Central Repository” system comprises the following: (i) a Central Repository and back-up Central Repository; (ii) uniform interfaces in each Member State, based on common technical specifications ; (iii) national network entry points linked to the Central Repository; (iv) a communications infrastructure linking the Central Repository and the network entry points; and (v) a token in the form of a machine-readable card, based on common technical standards, containing only a unique identifier.

Lodging an application for inclusion in the RTP: the proposal stipulates the procedures for acceptance to the RTP for those persons concerned. Technically, third-country nationals should be able to lodge an application for the RTP at the consulate of any Member State, at any common application centre, or at any external border crossing point.

An online application may also be made. Where an applicant is applying for access to the RTP for the first time, he/she shall be required to appear in person, in order to provide his/her fingerprints , for interview and for the travel document to be checked.

Where an applicant submits an on-line application, the biometric data shall be collected, the travel document checked and an interview carried out, if applicable, when the decision on the application is made and the token is issued.

Technical provisions are laid down stipulating the conditions to be met by the applicant to obtain his/her token:

application form: the applicant must fill in the form, an example of which is provided in Annex 1 of the proposal; supporting documents: the applicant must provide supporting documents (travel documents…) a non-exhaustive list of which is provided in Annex II of the proposal, as well as proof of sufficient means of subsistence in relation to the travel and accommodation; fees: when making an application, the applicant shal pay a registration fee of EUR 20 . If the RTP application is examined at the same time with the multiple-entry visa application, the applicant shall pay a fee of EUR 10; biometric data: where the applicant has not previously applied for access to the RTP, Member States shall collect biometric data from applicants comprising their four fingerprints taken flat and collected digitally. Where fingerprints collected from the applicant as part of an earlier application were entered in the Central Repository for the first time less than 59 months before the date of the new application, they may be copied to the subsequent application.

An application which is admissible shall be decided on by the competent authorities within 25 calendar days from the date of submission.

Duration of granting of access to the RTP: initial access to the RTP shall be granted for one year . Access may be extended for two years upon request, followed by a further two years without a new application in the case of travellers who have followed the rules and regulations laid down for crossing the external border and for staying in the Schengen area. The period of access granted shall not exceed the validity of the travel document(s), visa, residence permit or residence card, if applicable.

Provisions are laid down in regard to the extension, refusal or revocation of access to the RTP.

Operation of the system for registered travellers:

Once an application for the RTP has been validated, a registered traveller would be issued a token in the form of a machine-readable card containing only a unique identifier (i.e. application number), which is swiped on arrival and departure at the border using an automated gate. The gate would read the token and the travel document (and visa sticker number, if applicable) and the fingerprints of the travellers, which would be compared to the ones stored in the Central Repository and other databases, including the Visa Information system (VIS) for visa holders. If all checks are successful, the traveller is able to pass through the automated gate.

Administrative management and organisation: provisions are laid down for ensuring the administrative management of the system. Each Member State shall be responsible for organising the procedures related to submission and examination of applications as well as issuing tokens.

Data protection and use of data: the proposal includes a number of provisions on data protection, as well as defining strictly those persons with exclusive access to the RTP having the right to enter, amend, delete and consult data depending on the objectives pursued. National authorities should be designated to this end.

The proposal specifies the categories of data that will be entered by the competent authorities in the combined system of the Central Repository and the tokens, the procedures to be followed when entering data, as well as the specific and strictly limited cases of where these data may be used by the authorised persons.

Retention of data: Each individual application file shall be stored in the Central Repository for a maximum of five years . The registered traveller shall inform the issuing authority if the token has been lost or stolen.

Communication of data to third parties: data stored in the Central Repository shall not, under any circumstance , be transferred or made available to a third country, to an international organisation or any private party.

Provision is also made for data security, control of the use of data, as well as for sanctions in the event of their inappropriate use and for procedural guarantees for persons whose data have been used (including appeal mechanisms, etc.).

Role of the Agency: the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice shall be entrusted with the tasks of development and operational management of the EES. The Agency shall be responsible for the development of the Central Unit, the Back-Up Central Unit, the Uniform Interfaces including the Network Entry Points and the Communication Infrastructure. Technical provisions lay down the tasks, mission and responsibilities of the Agency in this context. Provisions are also included defining the Member States’ responsibilities in regard to the EES infrastructure and its use.

Operational management of the EES shall consist of all the tasks necessary to keep the EES functioning 24 hours a day, 7 days a week.

Evaluation: two years after the start of operations of the EES and every two years thereafter, the Agency shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of EES, including the security thereof. For its part, , the Commission shall produce an overall evaluation of the EES two years after the EES is brought into operation and every four years thereafter.

Territorial measures: given that the proposal constitutes a further development of the Schengen acquis, it will have direct consequences for certain Member States and associated countries, in accordance with the relevant texts of the Treaties, Protocols and Agreements concluded with third countries:

Denmark shall decide within a period of six months after the Council has decided on this proposal whether it will implement it in its national law; Ireland and the United Kingdom: these Member States are not taking part in the adoption of this Regulation and are not bound by it or subject to its application; Iceland, Norway, Switzerland and Liechtenstein shall be associated with the application of this Regulation; Cyprus, Bulgaria and Romania shall apply this Regulation because it replaces the requirement to check the length of stay of third country nationals.

BUDGETARY IMPLICATION: the Commission's proposal for the next multi-annual financial framework (MFF) includes a proposal of EUR 4.6 billion for the Internal Security Fund (ISF) for the period 2014-2020. In the proposal, EUR 1.1 billion is set aside as an indicative amount for the development of an EES and an RTP assuming development costs would start from 2015 .

This financial support would cover not only the costs of central components for the entire MFF period (EU level, both development and operational cost) but also the development costs for the national, Member States, components of these two systems, within the resources available.

DELEGATED ACTS: the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of the adoption of technical amendments to the annexes.