Progress: Procedure completed
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | LENAERS Jeroen ( PPE) | NIEDERMÜLLER Péter ( S&D), DALTON Daniel ( ECR), DEPREZ Gérard ( ALDE), VALERO Bodil ( Verts/ALE) |
Committee Opinion | AFET | ||
Committee Opinion | BUDG | KÖLMEL Bernd ( ECR) |
Lead committee dossier:
Legal Basis:
TFEU 016-p2, TFEU 074, TFEU 077-p2
Legal Basis:
TFEU 016-p2, TFEU 074, TFEU 077-p2Events
PURPOSE: to establish a framework for interoperability between EU information systems (borders and visas) and amend the legislation in force as a consequence.
LEGISLATIVE ACT: Regulation (EU) 2019/817 of the European Parliament and of the Council establishing a framework for interoperability between EU information systems in the field of borders and visa and amending Regulations (EC) No 767/2008, (EU) 2016/399, (EU) 2017/2226, (EU) 2018/1240, (EU) 2018/1726 and (EU) 2018/1861 of the European Parliament and of the Council and Council Decisions 2004/512/EC and 2008/633/JHA.
CONTENT: the interoperability of EU information systems in the fields of justice and home affairs has been a priority at the highest political level in recent years.
In a resolution adopted on 6 July 2016, the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards. In its conclusions of 23 June 2017, the European Council also stressed the need to improve the interoperability of databases.
Framework for the interoperability of EU information systems
This Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.
In addition, this Regulation:
- lays down provisions on data quality requirements, on a universal message format (UMF), on a central repository for reporting and statistics (CRRS) and on the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design, development and operation of the interoperability components;
- adapts the procedures and conditions for the designated authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) to access the EES, VIS, ETIAS and Eurodac for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
- lays down a framework for verifying the identity of persons and for identifying persons.
Elements of the interoperability framework
The interoperability of information systems shall enable the systems to complement each other and shall contribute to facilitating the correct identification of individuals and to combating identity fraud. The interoperability elements put in place by the Regulation are as follows:
- the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric);
- the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system);
- the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals;
- the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.
Objectives
Interoperability shall improve the management of external borders by establishing seamless, simple and efficient access to EU information systems. By ensuring interoperability, the Regulation pursues the following objectives:
- improve the effectiveness and efficiency of border checks at external borders;
- contribute to the prevention and the combating of illegal immigration;
- contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;
- improve the implementation of the common visa policy;
- assist in the examination of applications for international protection;
- contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;
- facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.
Non-discrimination and fundamental rights
The processing of personal data for the purposes of the Regulation shall not give rise to any discrimination against individuals. It must fully respect human dignity, the integrity of individuals and fundamental rights, including the right to privacy and the right to the protection of personal data. Particular attention will be paid to children, the elderly, people with disabilities and people in need of international protection. The best interests of the child shall be a primary consideration.
The Regulation provides for the provision of an online portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, erase and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.
ENTRY INTO FORCE: 11.6.2019.
The European Parliament adopted by 511 votes to 123, with 9 abstentions, a legislative resolution on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399, Regulation (EU) 2017/2226, Regulation (EU) 2018/XX [the ETIAS Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] and Regulation (EU) 2018/XX [the euLISA Regulation].
The European Parliament's position adopted at first reading under the ordinary legislative procedure amended the Commission's proposal as follows:
Framework for the interoperability of EU information systems
The proposed Regulation, together with the Regulation of the European Parliament and of the Council on police and judicial cooperation, asylum and migration, shall establish a framework to ensure interoperability between the entry/exit system (EES), the visa information system (VIS), the European Travel Information and Authorisation System (ETIAS), Eurodac, the Schengen Information System (SIS) and the European Criminal Records Information System for third-country nationals (ECRIS-TCN). It would also establish a framework for verifying the identity of individuals and identifying individuals.
This framework shall include the following interoperability components: (i) a European search portal (ESP); (ii) a shared biometric matching service (shared BMS); (iii) a common identity repository (CIR); (iv) a multiple-identity detector (MID).
Objectives
Interoperability shall improve the management of external borders by establishing rapid, simple and efficient access to EU information systems. According to the amended text, this Regulation has the following objectives:
- to improve the effectiveness and efficiency of border checks at external borders;
- to contribute to the prevention and the combating of illegal immigration;
- to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;
- to contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;
- to facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.
Non-discrimination and fundamental rights
Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly, persons with a disability and persons in need of international protection. The best interests of the child shall be a primary consideration.
Access to the European Search Portal (ESP)
The use of the ESP shall be reserved to the Member State authorities and Union agencies having access to at least one of the EU information systems in accordance with the legal instruments governing those EU information systems. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those EU information systems.
The ESP shall provide no information regarding data in EU information systems, Europol data and the Interpol databases to which the user has no access under the applicable Union and national law.
Any queries of the Interpol databases launched via the ESP shall be performed in such a way that no information shall be revealed to the owner of the Interpol alert.
Access to the common identity data repository (CIR) for identification
Under the amended text, queries of the CIR shall be carried out by a police authority only in the following circumstances:
- where a police authority is unable to identify a person due to the lack of a travel document or another credible document proving that person’s identity;
- where there are doubts about the identity data provided by a person and to the authenticity of the travel document or another credible document provided by a person;
- where a person is unable or refuses to cooperate.
Such queries shall not be allowed against minors under the age of 12 years old, unless in the best interests of the child.
Terrorist offences
In specific cases, where there are reasonable grounds to believe that searching EU information systems will contribute to the prevention or detection of terrorist offences or other serious criminal offences, designated authorities and Europol could consult the CIR to determine whether data on a particular person are stored in the EES, VIS or ETIAS.
In this context, a reply from the CIR should not be interpreted or used as a ground or reason to draw conclusions on or undertake measures in respect of a person, but should be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legal instruments governing such access.
As a general rule, where a match-flag indicates that the data are recorded in the EES, VIS, ETIAS or Eurodac, the designated authorities or Europol should request full access to at least one of the EU information systems concerned. Where exceptionally such full access is not requested, for example because designated authorities or Europol have already obtained the data by other means, or obtaining the data is no longer permitted under national law, the justification for not requesting access should be recorded. Europol shall record the justification in the relevant file.
Results of multiple identity detection
The MID should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. These links will be classified into four categories: white, yellow, green and red.
In order to facilitate the implementation of the necessary safeguards in accordance with applicable Union data protection rules, individuals who are subject to a red link or a white link following manual verification of different identities should be informed in writing without prejudice to limitations to protect security and public order, prevent crime and guarantee that national investigations are not jeopardised. Those individuals should receive a single identification number allowing them to identify the authority to which they should address themselves to exercise their rights.
Where a yellow link is created, the authority responsible for the manual verification of different identities should have access to the MID. Where a red link exists, Member State authorities and Union agencies having access to at least one EU information system included in the CIR or to SIS should have access to the MID. A red link should indicate that a person is using different identities in an unjustified manner or that a person is using somebody else’s identity.
Web portal
As the interoperability components will involve the processing of significant amounts of sensitive personal data, persons whose data are processed by these elements should be able to effectively exercise their rights as data subjects. To this end, the amended text provides for the provision of a web portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, delete and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.
The Regulation also contains clear provisions on liability and the right to compensation in the event of unlawful processing of personal data or in the event of any other act incompatible with the Regulation.
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Jeroen LENAERS (EPP, NL) on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399, Regulation (EU) 2017/2226, Regulation (EU) 2018/XX [the ETIAS Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] and Regulation (EU) 2018/XX [the euLISA Regulation].
The proposal Regulation establishes four interoperability components of EU information systems (borders and visas): (i) the European Search Portal (ESP); (ii) the shared Biometric Matching Service (Shared BMS); (iii) the Common Identity Repository (CIR); (iv) and the Multiple Identity Detector (MID).
T he systems covered would include the entry/exit system (EES), the visa information system (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS) and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)].
The proposal lays down provisions on the objectives of the interoperability components, their technical architecture, rules regarding the use of the components, the storing of logs, the quality of the data, rules regarding data protection, supervision and responsibilities of the various agencies and the Member States. It also lays down a framework for verifying identities of third-country nationals and for identifying third-country nationals.
The committee recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the Commission's proposal as follows.
Objectives : the establishment of interoperability should improve the management of the external borders by establishing fast, simple and efficient access to EU information systems . Its main elements should:
enhance the effectiveness and efficiency of border checks at the external borders; contribute to preventing and tackling irregular migration ; contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences; aid in the identification of unknown persons who are unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks.
The eu-LISA Agency should develop and manage all interoperability components in such a way as to ensure fast, seamless, efficient, controlled access, their full availability and a response time in line with the operational needs of the Member Sates’ authorities.
Data protection : Members ensured that adequate safeguards are in place to protect fundamental rights and access to data by calling for all EU data protection rules to be applicable to all information systems .
Data subjects should be provided with a single web service through which they can exercise their rights to access to and rectification, erasure and restriction of their personal data. eu-LISA should establish such a web service and host it in its technical site.
The interoperability components should be designed so that particular attention is paid to the protection of children and that their rights and integrity are fully respected.
Auxiliary systems : in order to ensure rapid and continuous use of all relevant EU information systems, Members proposed that a central Union backup ESP should be established in order to provide all the functionalities of the principal ESP and a similar level of performance as it in the event of its failure. However, the national connection to the different relevant Union information systems should remain in order to provide a technical fall back.
Identification of persons : changes have been made so that the identity of a person is first established on the basis of the identity or travel document, following the rules and procedures provided for in national law, before it is possible to launch a search in the CIR using the biometric data of the person concerned.
The CIR could only be consulted for the purpose of identifying a person if the person concerned is physically present during the check.
Members also believe that there should be no strict obligation for border guards to carry out a second line check when the search carried out in the multiple identity detector (MID) through the European search portal (ESP) gives a yellow link or detects a red link. Such a decision should be left to the border guards as they are trained to detect identity fraud.
Access rights : Members specified that a hit-flag should reveal only personal data of the concerned individual other than an indication that some of his or her data are stored in one of the systems, provided the authority making the search has access to that system. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag, and the hit-flag should be used by the relevant authorities only for the purpose of deciding which database to query.
It is necessary to provide for a transitional period which should entail, inter alia , training programmes for end users so as to ensure that the new instruments operate to their full potential.
Evaluation : amendments have been introduced to strengthen the ability of the European Commission, the Council and the European Parliament to monitor and evaluate the functioning of this proposal, further amendments have been made to this article. Especially, with regard to the use of the CIR for the purposes of identification, for the purposes of law enforcement and the use of the Interpol database through the ESP.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: this proposal seeks to amend the proposal submitted by the Commission in December 2017 for a Regulation of the European Parliament and of the Council establishing a framework for the interoperability between EU information systems (borders and visas) and amending Council Decision 2004/512/EC, Council Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226 ( see the summary of the initial proposal dated 12.12.2017 ).
This proposal also seeks to amend the original proposal only insofar as it presents the further necessary amendments to other legal instruments that are required under the interoperability proposal. These amendments were identified as necessary in the original proposal but, because of ongoing negotiations between co-legislators on some of the systems concerned, it was not possible to include the necessary amendments in the original proposal.
CONTENT: the proposed Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.
Elements of the interoperability framework : the framework shall consist of the following elements of interoperability:
the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric); the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system); the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals; the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.
Objectives : the proposed Regulation:
lays down provisions on data quality requirements , on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS); lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design and operation of the interoperability components; lays down the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
By ensuring interoperability, the proposal shall have the following objectives:
to improve the management of the external borders; to contribute to preventing and combating irregular migration; to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States; to improve the implementation of the common visa policy; and to assist in examining application for international protection.
Scope : the proposed Regulation applies to the Entry/Exit System ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ) and the Schengen Information System ( SIS ). It applies to persons in respect of whom personal data may be processed in the EU information systems.
Consequences for other legal instruments : the proposal includes detailed provisions for the necessary changes to the draft legal instruments that are currently stable texts as provisionally agreed by the co-legislators: the proposed Regulations on ETIAS, on SIS in the field of border checks, and on eu-LISA .
However, the two amending proposals on interoperability do not include the amendments relating to Eurodac , the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac. Once the co-legislators reach agreement on the legislative proposal to strengthen Eurodac, or have achieved sufficient progress, the Commission will present the related amendments to the interoperability proposals within two weeks.
BUDGETARY IMPLICATIONS: the proposed amendments necessitated an update of the legislative financial statement accordingly.
The total budget required over nine years (2019-2027) is estimated at EUR 461.0 million , which includes the following elements:
EUR 261.3 million for eu-LISA . A specific budget of EUR 36.3 million covers the cost of upgrading the network and the central SIS (Schengen Information System) for the estimated increase of searches that is likely to occur as a result of interoperability;
EUR 136.3 million to enable Member States to cover the changes to their national systems in order to use the interoperability components; EUR 48.9 million for Europol to cover the upgrade of Europol's IT systems; EUR 4.8 million for the European Border and Coast Guard Agency for hosting a team of specialists who during one year will validate the links between identities at the moment the multiple-identity detector goes live; EUR 2.0 million for European Union Agency for Law Enforcement Training (CEPOL) to cover the preparation and delivery of training to operational staff; a provision of EUR 7.7 million for DG HOME.
Opinion of the European Data Protection Supervisor on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems.
In December 2017, the Commission published two legislative proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems :
a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) ; a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police, and judicial cooperation, asylum and migration).
The proposals would introduce new possibilities to access and use the data stored in the various systems in order to combat identity fraud, facilitate identity checks, as well as streamline access to non-law information systems by law enforcement authorities.
In particular, the proposals create a new centralised database that would contain information about millions of third-country nationals, including their biometric data . Due to its scale and the nature of the data to be stored in this database, the consequences of any data breach could seriously harm a potentially very large number of individuals. If such information ever falls into the wrong hands, the database could become a dangerous tool against fundamental rights. It is therefore essential to build strong legal, technical and organisational safeguards .
In this context, the EDPS stresses the importance of:
further clarifying the extent of the problem of identity fraud among third-country nationals, in order to ensure that the proposed measure is appropriate and proportionate ; formulating more precisely the possibility of consulting the centralised database to facilitate identity checks on the territory of the Member States; putting in place effective safeguards to protect the fundamental rights of third-country nationals in so far as systematic access to law enforcement systems could represent a serious breach of the purpose limitation principle.
More specifically, the EDPS makes the following recommendations:
three of the six EU information systems the proposals seek to interconnect do not exist at the moment (the European Travel Information and Authorisation System ETIAS, the European Criminal Records Information System for third country nationals ECRIS-TCN and the EES entry/exit system), two are currently under revision (SIS and Eurodac) and one is to be revised later this year (VIS): the EDPS recalls the importance to ensure consistency between the legal texts already under negotiation (or upcoming) and the proposals in order to ensure a unified legal, organisational and technical environment for all data processing activities within the Union; access to the data to identify a person during an identity check would be allowed: (i) in principle, in the presence of the person and, where he or she is unable to cooperate and does not have document establishing his/her identity or, (ii) refuses to cooperate or, (iii) where there are justified or well-founded grounds to believe that documents presented are false or that the person is not telling the truth about his/her identity; access to the common repository of identity data to establish the identity of a third country national for purposes of ensuring a high level of security should only be allowed where access for the same purposes to similar national databases (e.g. register of nationals/residents etc.) exist and under the same conditions; the proposal should specify the conditions related to the existence of reasonable grounds, the carrying out of a prior search in national databases and the launching of a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA, prior to any search in the common repository for identity; the compliance with the conditions of access to even limited information such as a hit/no hit should always be verified, independently of further access to the data stored in the system that triggered the hit; ensure in the proposals that the data stored in the ECRIS- TCN could be accessed and used solely for the purposes of the ECRIS TCN as defined in its legal instrument; the fundamental data protection principles should be taken into account during all stages of the implementation of the proposals. The obligation for eu-LISA and the Member States to follow the principles of data protection by design and by default should also be included in the proposals.
The EDPS has additional recommendations related to the following aspects of the proposals: (i) the functionality of the European search portal (‘ESP’), the shared biometric matching service (‘shared BMS’), the common identity repository (‘CIR’) and, the multiple identity detector (‘MID’); (ii) the data retention periods in the CIR and the MID; (iii) the division of roles and responsibility between eu-LISA and the Member States; (iv) the data subjects' rights; (v) the access by eu-LISA staff.
Lastly, the EDPS calls for a wider debate on the future of the EU information exchange, their governance and the ways to safeguard fundamental rights in this context.
PURPOSE: to establish a framework for interoperability between EU information systems (borders and visa) and amend the relevant legislation in force as a consequence.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the importance of overcoming the current shortcomings in data management and of improving the interoperability of existing information systems has been stressed on many occasions. Recent terrorist attacks have brought this into even greater focus, highlighting the urgent need for information systems to be interoperable, and to eliminate the current blind spots where terrorist suspects can be recorded in different, unconnected databases under different aliases.
Currently, various information systems at EU level (the Schengen Information System ( SIS ), the Eurodac system and the Visa Information System ( VIS ) with data on short-stay visas) are currently not interoperable — that is, able to exchange data and share information so that authorities and competent officials have the information they need, when and where they need it. This risks pieces of information slipping through the net and terrorists and criminals escaping detection by using multiple or fraudulent identities, endangering the EU's internal security and making border and migration management more challenging.
In addition to these existing systems, the Commission proposed in 2016-2017 three new centralised EU information systems:
the Entry/Exit System ( EES ); the proposed European Travel Information and Authorisation System ( ETIAS ); the proposed European Criminal Record Information System for third-country nationals ( ECRIS -TCN system).
These six systems are complementary and — with the exception of the Schengen Information System (SIS) — exclusively focused on third-country nationals.
By simultaneously cross-checking information in different databases and streamlining access by law enforcement, the new tools will quickly alert border guards or police if a person is using multiple or fraudulent identities.
This proposal presented in combination with its sister proposal includes detailed provisions for the necessary changes to the relevant legal instruments in force.
CONTENT: the specific objectives of this proposal are to:
ensure that end-users, particularly border guards, law enforcement officers, immigration officials and judicial authorities have fast, seamless, systematic and controlled access to the information that they need to perform their tasks; provide a solution to detect multiple identities linked to the same set of biometric data, with the dual purpose of ensuring the correct identification of bona fide persons and combating identity fraud ; facilitate identity checks of third-country nationals , on the territory of a Member State, by police authorities; and facilitate and streamline access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime and terrorism.
Scope : the proposal concerns EU information systems for centrally managed security, borders and migration management, i.e. the three systems that already exist (the Schengen Information System ( SIS ) ), the Eurodac system and the Visa Information System ( VIS ) and the three systems proposed in 2016-2017 ( EES, ETIAS and ECRIS-TCN ).
The scope also includes Interpol’s Stolen and Lost Travel Documents ( SLTD ) database, which pursuant to the provisions of the Schengen Borders Code is systematically queried at the EU’s external borders, and Interpol's Travel Documents Associated with Notices ( TDAWN ) database.
In order to achieve the objectives of this proposal, four interoperability components need to be established:
European search portal – ESP; Shared biometric matching service - shared BMS; Common identity repository – CIR; Multiple-identity detector - MID.
In addition to the above components, this draft Regulation also includes the proposal to:
establish a central repository for reporting and statistics (CRRS) to enable the creation and sharing of reports with (anonymous) statistical data for policy, operational and data quality purposes; establish the Universal Message Format (UMF) as the standard that would be used at EU level to orchestrate interactions between multiple systems in an interoperable way, including the systems developed and managed by eu-LISA; introduce the concepts of automated data quality control mechanisms and common quality indicators , and the need for Member States to ensure the highest level of data quality.
BUDGETARY IMPLICATIONS: the total budget required over nine years (2019-2027) amounts to EUR 424.7 million.
Documents
- Follow-up document: COM(2022)0524
- Follow-up document: EUR-Lex
- Follow-up document: COM(2021)0688
- Follow-up document: EUR-Lex
- Follow-up document: COM(2020)0428
- Follow-up document: EUR-Lex
- Commission response to text adopted in plenary: SP(2019)440
- Final act published in Official Journal: Regulation 2019/817
- Final act published in Official Journal: OJ L 135 22.05.2019, p. 0027
- Final act published in Official Journal: Corrigendum to final act 32019R0817R(01)
- Final act published in Official Journal: OJ L 010 15.01.2020, p. 0004
- Draft final act: 00030/2019/LEX
- Results of vote in Parliament: Results of vote in Parliament
- Decision by Parliament, 1st reading: T8-0388/2019
- Debate in Parliament: Debate in Parliament
- Contribution: COM(2017)0793
- Committee report tabled for plenary, 1st reading: A8-0347/2018
- Economic and Social Committee: opinion, report: CES4547/2018
- Contribution: COM(2018)0478
- Committee draft report: PE622.263
- Amendments tabled in committee: PE625.512
- Amendments tabled in committee: PE625.529
- Amendments tabled in committee: PE625.530
- Committee opinion: PE616.791
- Legislative proposal published: COM(2018)0478
- Legislative proposal published: EUR-Lex
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Document attached to the procedure: N8-0084/2018
- Document attached to the procedure: OJ C 233 04.07.2018, p. 0012
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0473
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0474
- Initial legislative proposal published: COM(2017)0793
- Initial legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SWD(2017)0473
- Document attached to the procedure: EUR-Lex SWD(2017)0474
- Document attached to the procedure: N8-0084/2018 OJ C 233 04.07.2018, p. 0012
- Committee opinion: PE616.791
- Amendments tabled in committee: PE625.512
- Amendments tabled in committee: PE625.529
- Amendments tabled in committee: PE625.530
- Committee draft report: PE622.263
- Economic and Social Committee: opinion, report: CES4547/2018
- Draft final act: 00030/2019/LEX
- Commission response to text adopted in plenary: SP(2019)440
- Follow-up document: COM(2020)0428 EUR-Lex
- Follow-up document: COM(2021)0688 EUR-Lex
- Follow-up document: COM(2022)0524 EUR-Lex
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2017)0793
- Contribution: COM(2018)0478
- Contribution: COM(2017)0793
Activities
Votes
A8-0347/2018 - Jeroen Lenaers - Am 326 16/04/2019 12:48:21.000 #
A8-0347/2018 - Jeroen Lenaers - Am 326 #
Amendments | Dossier |
822 |
2017/0351(COD)
2018/05/23
BUDG
4 amendments...
Amendment 10 #
Proposal for a regulation Article 68 – paragraph 2 a (new) 2 a. In the event of delays in the development process of the different projects, the European Parliament and the Council shall be informed as soon as possible by the responsible agencies, such as EU-LISA and Europol, about any problems and risks that may have an impact on the timely delivery and financing of the projects.
Amendment 11 #
Proposal for a regulation Article 68 – paragraph 4 4.
Amendment 8 #
Proposal for a regulation Article 60 – paragraph 1 a (new) 1 a. The cost incurred in connection with the establishment and operation of a central EU backup solution for each system indicated in paragraph 1, where necessary, shall be borne by the general budget of the Union.
Amendment 9 #
Proposal for a regulation Article 60 – paragraph 2 – subparagraph 1 Costs incurred in connection with the integration of the existing national infrastructures and their connection to the national uniform interfaces as well as in connection with hosting and future developments of the national uniform interfaces shall be borne by the general budget of the Union.
source: 622.009
2018/07/23
LIBE
818 amendments...
Amendment 1000 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – introductory part In addition,
Amendment 1001 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular the right to protection of personal data, the right to non-discrimination, the rights of the child and the right to an effective remedy;
Amendment 1002 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact on fundamental rights, particularly the use of CIR with biometric data taken during an identity check;
Amendment 1003 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular on the right to non-discrimination;
Amendment 1004 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point d a (new) (d a) an assessment of the security of the connection of Member States to the communication infrastructure of the ESP and the CIR and the security of the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 1005 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare
Amendment 1006 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored
Amendment 1007 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the
Amendment 1008 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information and the necessary limitations deriving from matters of national security, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on:
Amendment 1009 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, as well as the EU's obligation to act with outmost transparency, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on:
Amendment 1010 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – point c Amendment 1011 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 2 Member State and Europol
Amendment 1012 #
Proposal for a regulation Article 68 – paragraph 8 a (new) 8 a. While respecting the provisions of national law on the publication of sensitive information, each Member State shall prepare annual reports containing information and statistics on the access to data stored in the common identity repository for identification pursuant to Article 20.
Amendment 196 #
Proposal for a regulation Title 1 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for inter
Amendment 197 #
Proposal for a regulation Title 1 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for
Amendment 198 #
Proposal for a regulation Recital 2 a (new) (2a) The Austrian and Italian governments have demonstrated to be very effective in protecting their national borders against illegal migrants.
Amendment 199 #
Proposal for a regulation Recital 3 (3) In its Resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 201747 , the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards. Such safeguards should include the prevention of unauthorized access and sharing of data with unauthorized authorities, logging access and usage by authorized users, the implementation of minimum quality standards, ensuring the right to effective remedy and the practical possibility to rebut false assumptions and inaccurate data held by the relevant authorities. _________________ 47 European Parliament resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 2017 (2016/2773(RSP).
Amendment 200 #
Proposal for a regulation Recital 5 (5) In its final report of 11 May 201749 , the high-level expert group on information systems and interoperability concluded that it is necessary and technically feasible to work towards practical solutions for interoperability and that they can, in principle, both deliver operational gains and be established in compliance with data protection requirements. In the same final report, the EDPS stated that he was not in a position to endorse all the conclusions referred to by the high-level expert group, citing concerns related to legal bases, data protection and information security. _________________ 49
Amendment 201 #
Proposal for a regulation Recital 8 a (new) Amendment 202 #
Proposal for a regulation Recital 8 b (new) (8b) In its Opinion of 11 April 2018,2a the Article 29 Data Protection Working Party reiterated that the process towards interoperability of systems raises fundamental questions regarding the purpose, necessity, proportionality of the data processing as well as concerns regarding the principles of purpose limitation, data minimization, data retention and clear identification of a data controller. _________________ 2a http://ec.europa.eu/newsroom/article29/do cument.cfm?action=display&doc_id=5151 7
Amendment 203 #
Proposal for a regulation Recital 9 (9) With a view to
Amendment 204 #
Proposal for a regulation Recital 9 (9) With a view to improve the management of the external borders, to contribute to preventing and combating irregular migration and to contribute to a
Amendment 205 #
Proposal for a regulation Recital 9 (9) With a view to improve the management of the external borders, to facilitating regular border crossings, to contribute to preventing and combating irregular migration, and to
Amendment 206 #
Proposal for a regulation Recital 10 (10) The inter
Amendment 207 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to
Amendment 208 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, streamline the
Amendment 209 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity
Amendment 210 #
Proposal for a regulation Recital 11 (11) The inter
Amendment 211 #
Proposal for a regulation Recital 11 (11) The interoperability components
Amendment 212 #
Proposal for a regulation Recital 12 Amendment 213 #
Proposal for a regulation Recital 12 (12) The interoperability components should concern persons in respect of whom personal data may be processed in the EU information systems and by Europol, namely third-country nationals whose personal data is processed in the EU
Amendment 214 #
Proposal for a regulation Recital 12 a (new) (12a) Children and vulnerable persons merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safe guards concerned and their rights in relation to the processing of personal data. The interoperability components should pay particular attention to the protection of children and ensure that their rights and integrity are being fully respected.
Amendment 215 #
Proposal for a regulation Recital 12 a (new) (12a) The proposal at hand constitutes a first step in creating a comprehensive framework of interoperable Union information systems. Additional information systems, including decentralised European and national systems, should be included in the future.
Amendment 216 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP) should be established to facilitate technically the ability of Member State authorities and EU bodies to have fast, seamless, efficient, systematic and controlled access to the relevant EU information systems,
Amendment 217 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP)
Amendment 218 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP) should be established to facilitate technically the a
Amendment 219 #
Proposal for a regulation Recital 14 Amendment 220 #
Proposal for a regulation Recital 15 (15) The European search portal (ESP) should be developed and configured in such a way that it fully respects purpose and access limitations and, additionally, does not allow the use of fields of data for the query that are not related to persons or travel documents or that are not present in an EU information system
Amendment 221 #
Proposal for a regulation Recital 16 (16) To ensure fast and systematic use of all relevant EU information systems, the European search portal (ESP) should be used to query the common identity repository, the EES, the VIS, [the ETIAS]
Amendment 222 #
(16) To ensure fast and systematic use of all EU information systems, the European search portal (ESP) should be used to query
Amendment 223 #
Proposal for a regulation Recital 16 (16) To ensure fast and s
Amendment 224 #
Proposal for a regulation Recital 17 Amendment 225 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems.
Amendment 226 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore
Amendment 227 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and facilitate the work of the relevant EU information systems and the other interoperability components. The main purpose of the shared BMS should be to facilitate the identification of an individual who may be registered in different databases, by matching their biometric data across different systems and by relying on one unique technological component instead of five different ones in each of the underlying systems. The shared BMS should contribute to security, as well as financial, maintenance and operational benefits by relying on one unique technological component instead of different ones in each of the underlying systems. All automated fingerprint identification systems, including those currently used for Eurodac, the VIS and the SIS, use biometric templates comprised of
Amendment 228 #
Proposal for a regulation Recital 18 Amendment 229 #
Proposal for a regulation Recital 18 (18) Biometric data constitute sensitive personal data. This
Amendment 230 #
Proposal for a regulation Recital 18 (18) Biometric data and biometric templates constitute sensitive personal data. This regulation should lay down the basis for and the safeguards for processing of such data and templates for the purpose of uniquely identifying the persons concerned.
Amendment 231 #
Proposal for a regulation Recital 19 (19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council57
Amendment 232 #
Proposal for a regulation Recital 19 (19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council57 , Regulation (EC) No 767/2008 of the European Parliament and of the Council58 , [the ETIAS Regulation] for the management of the borders of the Union, the system established by [the Eurodac Regulation] to identify the applicants for international protection and combat irregular migration, and the system established by [the ECRIS-TCN system Regulation] require
Amendment 233 #
Proposal for a regulation Recital 20 Amendment 234 #
Proposal for a regulation Recital 20 Amendment 235 #
Proposal for a regulation Recital 20 Amendment 236 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities.
Amendment 237 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals.
Amendment 238 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should
Amendment 239 #
(21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals. The common identity repository (CIR) should store the personal data concerning
Amendment 240 #
Proposal for a regulation Recital 22 Amendment 241 #
Proposal for a regulation Recital 22 Amendment 242 #
Proposal for a regulation Recital 22 (22)
Amendment 243 #
Proposal for a regulation Recital 23 Amendment 244 #
Proposal for a regulation Recital 23 Amendment 245 #
Proposal for a regulation Recital 23 Amendment 246 #
Proposal for a regulation Recital 24 Amendment 247 #
Proposal for a regulation Recital 24 Amendment 248 #
Proposal for a regulation Recital 24 Amendment 249 #
Proposal for a regulation Recital 24 (24) The common identity repository (CIR) should thus support the functioning of the multiple-identity detector and to facilitate and streamline access by
Amendment 250 #
Proposal for a regulation Recital 25 Amendment 251 #
Proposal for a regulation Recital 25 Amendment 252 #
Proposal for a regulation Recital 25 Amendment 253 #
Proposal for a regulation Recital 26 Amendment 254 #
Proposal for a regulation Recital 26 Amendment 255 #
Proposal for a regulation Recital 26 Amendment 256 #
Proposal for a regulation Recital 27 Amendment 257 #
Proposal for a regulation Recital 27 Amendment 258 #
Proposal for a regulation Recital 27 (27) In order to
Amendment 259 #
Proposal for a regulation Recital 27 (27) In order to streamline and ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check.
Amendment 260 #
Proposal for a regulation Recital 27 (27) In order to ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common
Amendment 261 #
Proposal for a regulation Recital 27 a (new) (27a) In order to identify unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident, Member States should be allowed to query the CIR with the biometric data of those persons.
Amendment 262 #
Amendment 263 #
Proposal for a regulation Recital 28 Amendment 264 #
Proposal for a regulation Recital 28 Amendment 265 #
Proposal for a regulation Recital 28 (28) Where the biometric data of the person cannot be used or if the query with that data fails, the query should be carried out with identity data of that person in combination with travel document data. Where the query indicates that data on that person are stored in the common identity repository (CIR), Member State authorities
Amendment 266 #
Proposal for a regulation Recital 29 Amendment 267 #
Proposal for a regulation Recital 29 Amendment 268 #
Proposal for a regulation Recital 29 (29) Member States should adopt national legislative measures designating the authorities competent to perform identity checks with the use of the
Amendment 269 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated
Amendment 270 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated law enforcement authorities and Europol. Data, including data other than identity data contained in those systems, may be necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious criminal offences
Amendment 271 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated law enforcement authorities and Europol. Data, including data other than identity data contained in those systems, may be necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious criminal offences in a specific case where there are reasonable grounds to consider that consultation will substantially contribute to the prevention, detection or investigation of the criminal offences in question; in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under the category of third country nationals whose data are stored in the EES, the VIS, the ETIAS and the Eurodac system. Such streamlined access will be provided after a prior search in the national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched.
Amendment 272 #
Proposal for a regulation Recital 31 (31) Full access to the
Amendment 273 #
(31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences,
Amendment 274 #
Proposal for a regulation Recital 31 (31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data
Amendment 275 #
Proposal for a regulation Recital 31 (31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data covered under common identity repository (CIR) obtained using biometric data of that person taken during an identity check, should continue to be governed by the provisions in the respective legal instruments. The designated
Amendment 276 #
Proposal for a regulation Recital 31 a (new) (31a) Where such a search is carried out, a hit should not be interpreted as a ground or reason to draw conclusions about or undertake measures towards a person, but may be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legislative instruments governing such access. Any such act will be subject to the provisions measures set out in Chapter VII and the safeguards provided for in Regulation EU 2016/679, Directive 2016/680 or Regulation EC45/2001.
Amendment 277 #
Proposal for a regulation Recital 32 Amendment 278 #
Proposal for a regulation Recital 32 (32) The logs of the all queries
Amendment 279 #
Proposal for a regulation Recital 32 (32) The logs of the queries of the
Amendment 280 #
Proposal for a regulation Recital 33 Amendment 281 #
Proposal for a regulation Recital 33 (33) The query of the
Amendment 282 #
Proposal for a regulation Recital 33 (33) The query
Amendment 283 #
Proposal for a regulation Recital 34 Amendment 284 #
Proposal for a regulation Recital 34 Amendment 285 #
Proposal for a regulation Recital 34 (34) The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases
Amendment 286 #
Proposal for a regulation Recital 34 (34) The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases the common identity repository (CIR) should enable identifying the information system that knows the person in one single search. By creating the obligation to use this new law enforcement access approach in these cases, access to the personal data stored in the EES, the VIS, [the ETIAS] and Eurodac should take place without the requirements of a prior search in national databases and the launch of a prior search in the automated fingerprint identification system of other Member States under Decision 2008/615/JHA. The principle of prior search effectively limits the possibility of Member State’ authorities to consult systems for justified
Amendment 287 #
Proposal for a regulation Recital 35 Amendment 288 #
Proposal for a regulation Recital 35 Amendment 289 #
Proposal for a regulation Recital 35 (35) The multiple-identity detector (MID) should be established to support the
Amendment 290 #
Proposal for a regulation Recital 36 (36) T
Amendment 291 #
Proposal for a regulation Recital 36 (36) The possibility to achieve the objectives of the EU information systems is undermined by the current
Amendment 292 #
Proposal for a regulation Recital 37 Amendment 293 #
Proposal for a regulation Recital 37 Amendment 294 #
Proposal for a regulation Recital 37 (37) The multiple-identity detector (MID) should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The
Amendment 295 #
Proposal for a regulation Recital 38 (38) This Regulation provides for new data processing operations aimed at identifying the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights.
Amendment 296 #
Proposal for a regulation Recital 38 (38) This Regulation provides for new data processing operations aimed at
Amendment 297 #
Proposal for a regulation Recital 39 Amendment 298 #
Proposal for a regulation Recital 39 Amendment 299 #
Proposal for a regulation Recital 39 (39) The European search portal (ESP) and shared biometric matching service (shared BMS) should compare data in
Amendment 300 #
Proposal for a regulation Recital 40 Amendment 301 #
Proposal for a regulation Recital 40 Amendment 302 #
Proposal for a regulation Recital 40 (40) The national authority or EU body that recorded the new data in the respective EU information system should confirm or change these links. This authority should have access to the identity data stored in th
Amendment 303 #
Proposal for a regulation Recital 41 Amendment 304 #
Proposal for a regulation Recital 41 Amendment 305 #
Proposal for a regulation Recital 41 (41) Access to the multiple-identity detector (MID) by Member State authorities and EU bodies having access to at least one of the relevant EU information system
Amendment 306 #
Proposal for a regulation Recital 42 Amendment 307 #
Proposal for a regulation Recital 42 (42) The manual verification of multiple identities should be ensured by the authority creating or updating the data that triggered a hit resulting in a link with data already stored in another EU information system as described in this Regulation in full respect of access rights granted under Union and national law. The authority responsible for the verification of multiple identities should assess whether there are multiple lawful or unlawful identities. Such assessment should be performed
Amendment 308 #
Proposal for a regulation Recital 43 Amendment 309 #
Proposal for a regulation Recital 43 (43)
Amendment 310 #
Proposal for a regulation Recital 43 (43) For the links obtained in relation to the Schengen Information System (SIS) related to the alerts in respect of persons wanted for arrest or for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure, on persons for discreet checks or specific checks or on unknown wanted persons, the authority responsible for the verification of multiple identities should be the SIRENE Bureau of the Member State that created the alert. Indeed those categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating the data in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with the [SIS Regulations]. A link should only be created for types of alerts relating to serious criminal offences as defined in Article 4 (25) and (26) of the current Regulation and cannot be created for types of alerts that concern EU or dual citizens.
Amendment 311 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible
Amendment 312 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU
Amendment 313 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should send out automatic and immediate warnings to the authority entering data if minimum data quality standards are not met. eu-LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU information systems. The common quality indicators should include the minimum quality standards to store data in the EU information systems or the interoperability components. The goal of such a data quality standards should be for the EU information systems and interoperability components to automatically identify apparently incorrect or inconsistent data submissions so that the originating Member State is able to verify the data and carry out any necessary remedial actions.
Amendment 314 #
Proposal for a regulation Recital 45 (45) The Commission should evaluate eu-LISA quality reports and should issue recommendations to Member States where appropriate. Member States should be responsible for preparing an action plan describing actions to remedy any deficiencies in data quality and fundamental rights and should report on its progress regularly.
Amendment 315 #
Proposal for a regulation Recital 46 (46) The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective
Amendment 316 #
Proposal for a regulation Recital 46 (46) The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs, including SIS. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective to facilitate interoperability by enabling the creation and reading of the contents of the exchange in a consistent and semantically equivalent manner.
Amendment 317 #
Proposal for a regulation Recital 47 Amendment 318 #
Proposal for a regulation Recital 47 (47)
Amendment 319 #
Proposal for a regulation Recital 47 (47) A central repository for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes in line with the objectives of the underlying systems and inconformity with their respective legal bases. eu-LISA should establish, implement and host the CRRS in its technical sites. The CRRS should contain
Amendment 320 #
Proposal for a regulation Recital 48 (48) Regulation (EU) 2016/679 should apply to the processing of personal data under this Regulation by national authorities unless such processing is carried out by the designated authorities or central access points of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences,
Amendment 321 #
Proposal for a regulation Recital 49 Amendment 322 #
Proposal for a regulation Recital 51 (51) The national supervisory authorities established in accordance with
Amendment 323 #
Proposal for a regulation Recital 52 (52) “
Amendment 324 #
Proposal for a regulation Recital 55 (55) The implementation of the interoperability components provided for in this Regulation and the integration of the existing national systems and infrastructures with those components will have an impact on the way checks are carried out at border crossing points. These impacts will result from a combined application of the existing rules of the Regulation (EU) 2016/399 of the European Parliament and of the Council60 and the rules on interoperability provided for in this Regulation. _________________ 60 Regulation (EU) 2016/399 of the European Parliament and of the Council of 9 March 2016 on a Union Code on the rules governing the movement of persons across borders, OJ L 77, 23.3.2016, p.1.
Amendment 325 #
Proposal for a regulation Recital 56 Amendment 326 #
Proposal for a regulation Recital 56 (56) As a consequence of this combined application of the rules, the European search portal (ESP) should constitute the main access point for the compulsory systematic consultation of databases for third-country nationals at border crossing points provided for by the Schengen Borders Code.
Amendment 327 #
Proposal for a regulation Recital 56 (56) As a consequence of this combined application of the rules, the European search portal (ESP) should constitute the main access point for the compulsory systematic consultation of databases for third-country nationals at border crossing points provided for by the Schengen Borders Code.
Amendment 328 #
Proposal for a regulation Recital 57 a (new) (57a) It would be appropriate that, during the development phase of the interoperability components, the Commission assess the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. Those recommendations should also include an impact assessment and an assessment on their cost for the EU budget.
Amendment 329 #
Proposal for a regulation Recital 58 Amendment 330 #
Proposal for a regulation Recital 58 Amendment 331 #
Proposal for a regulation Recital 58 Amendment 332 #
Proposal for a regulation Recital 59 Amendment 333 #
Proposal for a regulation Recital 59 Amendment 334 #
Proposal for a regulation Recital 59 (59) Should the query of the multiple- identity detector (MID) through the European search portal (ESP) result in a yellow link or detect a red link, the border guard on second line should consult the
Amendment 335 #
Proposal for a regulation Recital 60 (60) To support the purposes of statistics and reporting on possible negative impact on fundamental rights, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation to consult certain data related to certain interoperability components without enabling individual identification.
Amendment 336 #
Proposal for a regulation Recital 61 (61) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period.
Amendment 337 #
Proposal for a regulation Recital 61 (61) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period.
Amendment 338 #
Proposal for a regulation Recital 61 (61) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period which should entail, inter alia, training programmes for end users so as to ensure that the new instruments operate to their full potential. Similarly, in order to allow for the coherent and optimal functioning of the multiple-identity detector (MID), transitional measures should be established for the start of its operations.
Amendment 339 #
Proposal for a regulation Recital 62 (62) The
Amendment 340 #
Proposal for a regulation Recital 62 (62) The costs for the development of the interoperability components projected under the current Multiannual Financial Framework are lower than the remaining amount on the budget earmarked for Smart Borders in Regulation (EU) No 515/2014 of the European Parliament and the Council61 . Accordingly, this Regulation, pursuant to Article 5(5)(b) of Regulation (EU) No 515/2014, should reallocate the amount currently attributed for developing IT systems supporting the management of migration flows across the external borders. In addition, eu-LISA shall use best endeavours to keep costs to a minimum and to identify and implement the most cost-effective technical solutions. _________________ 61 Regulation (EU) No 515/2014 of the European Parliament and of the Council of 16 April 2014 establishing as part of the Internal Security Fund, the Instrument for financial support for external borders and visa and repealing Decision No
Amendment 341 #
Proposal for a regulation Recital 63 (63) In order to supplement certain detailed technical aspects of this Regulation, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission. In particular, power should be delegated to the Commission in respect of the profiles for the users of the European search portal (ESP)
Amendment 342 #
Proposal for a regulation Recital 64 (64) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard;
Amendment 343 #
Proposal for a regulation Recital 64 (64) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities;
Amendment 344 #
Proposal for a regulation Recital 64 (64) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities;
Amendment 345 #
Proposal for a regulation Recital 65 Amendment 346 #
Proposal for a regulation Recital 65 a (new) (65a) As interoperability components will involve the processing of significant amounts of sensitive personal data, it is important that persons whose data is processed through those components can effectively exercise their rights as data subjects as laid down in Regulation (EU) 2016/679, Directive (EU) 680/2016 and Regulation (EC) No 45/2001. In that regard, in the same way as Member State authorities have been provided with a single portal to carry out searches of EU information systems, so data subjects should be provided with a single web service through which they can exercise their rights to access, rectification, erasure and restriction. eu.LISA should establish such a web service and host it in its technical site. As eu.LISA is not responsible for the entry of personal data or the verification of identities, the request should be transmitted via the web service to either the Member State responsible for the manual verification of different identities or the Member State responsible for the entry of the data into the underlying information system.
Amendment 347 #
Proposal for a regulation Recital 65 a (new) (65a) This Regulation should contain clear provisions on liability and right to compensation for unlawful processing of personal data or from any other act incompatible with it, without prejudice to the right to compensation from, and liability of the controller or processor under Regulation (EU) 2016/679, Directive EU 2016/680 and Regulation EU 45/2001. With regard to the role of eu- LISA as a data processor, this latter should be responsible for the damage it provoked where it has not complied with the specific obligations of this Regulation directed to it.
Amendment 348 #
Proposal for a regulation Recital 65 b (new) (65b) Article 8 (2) of the European Convention on Human Rights states that any interference with the right to respect for private life, must pursue a legitimate aim and must be both necessary and proportionate except in such cases when, in accordance with the law such an action is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Amendment 349 #
Proposal for a regulation Recital 65 c (new) (65c) Article 52(1) of the Charter of Fundamental Rights states that any limitation on the exercise of rights and freedoms recognised by the Charter must be provided for by law and respect the essence of those rights and freedoms and be subject to the principle of proportionality. Limitations may be made only if they are necessary if they genuinely meet the objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
Amendment 350 #
Proposal for a regulation Recital 65 d (new) Amendment 351 #
Proposal for a regulation Recital 65 e (new) Amendment 352 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and migration], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)]
Amendment 353 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on
Amendment 354 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and migration], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, and the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems
Amendment 355 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and migration], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data
Amendment 356 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability police and judicial cooperation, asylum and
Amendment 357 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 358 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 359 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 360 #
Proposal for a regulation Article 1 – paragraph 2 – point d Amendment 361 #
Proposal for a regulation Article 1 – paragraph 2 – point d Amendment 362 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF)
Amendment 363 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation also lays down provisions on data quality requirements
Amendment 364 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation also lays down provisions on data quality requirements
Amendment 365 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation also adapts the procedures and conditions for Member State
Amendment 366 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation also adapts the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access in specific cases and under specific conditions to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
Amendment 367 #
Proposal for a regulation Article 1 – paragraph 4 a (new) 4a. This Regulation also provides the option for Member States to use national legislative measures to empower police authorities to query the CIR for the purpose of identifying a person as well as to prevent and fight illegal migration and to preserve public security.
Amendment 368 #
Proposal for a regulation Article 2 – paragraph 1 – introductory part 1. By ensuring interoperability, the purpose of this Regulation shall
Amendment 369 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) to
Amendment 370 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) to improve the
Amendment 371 #
Proposal for a regulation Article 2 – paragraph 1 – point b Amendment 372 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) to contribute to preventing and
Amendment 373 #
Proposal for a regulation Article 2 – paragraph 1 – point c Amendment 374 #
Proposal for a regulation Article 2 – paragraph 1 – point c (c) to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and
Amendment 375 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 376 #
Proposal for a regulation Article 2 – paragraph 1 – point e a (new) (ea) to assist Member States law enforcement authorities and Europol in the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
Amendment 377 #
Proposal for a regulation Article 2 – paragraph 1 – point e a (new) (ea) contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
Amendment 378 #
Proposal for a regulation Article 2 – paragraph 1 – point e a (new) (ea) to aid in in the identification of unknown persons who are unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks.
Amendment 379 #
Proposal for a regulation Article 2 – paragraph 1 – point e b (new) (eb) in the event of a natural disaster or an accident, for humanitarian reasons, to assist in the identification of unknown persons who are not able to identify themselves or unidentified human remains.
Amendment 380 #
Proposal for a regulation Article 2 – paragraph 2 – introductory part 2. Those objectives
Amendment 381 #
Proposal for a regulation Article 2 – paragraph 2 – point a Amendment 382 #
Proposal for a regulation Article 2 – paragraph 2 – point a (a) ensuring the correct identification of
Amendment 383 #
Proposal for a regulation Article 2 – paragraph 2 – point a (a) ensuring and streamlining the correct identification of persons;
Amendment 384 #
Proposal for a regulation Article 2 – paragraph 2 – point b Amendment 385 #
Proposal for a regulation Article 2 – paragraph 2 – point b (b) contributing to
Amendment 386 #
Proposal for a regulation Article 2 – paragraph 2 – point c (c) improving and harmonising data quality requirements of the respective EU information systems while respecting the data processing requirements of the legal bases of the individual systems, data protection standards and principles;
Amendment 387 #
Proposal for a regulation Article 2 – paragraph 2 – point c a (new) (ca) improving judicial cooperation in the areas of freedom, security and justice;
Amendment 388 #
Proposal for a regulation Article 2 – paragraph 2 – point d (d)
Amendment 389 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and simplifying
Amendment 390 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and simplifying and making more uniform the data security and data protection conditions that govern the respective EU information systems, without prejudice to the special protection and safeguards afforded to certain categories of data in accordance with EU data protection rules;
Amendment 391 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and
Amendment 392 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and
Amendment 393 #
Proposal for a regulation Article 2 – paragraph 2 – point f Amendment 394 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f)
Amendment 395 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f) streamlining the conditions for
Amendment 396 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f) streamlining the conditions for law enforcement access in specific cases to the EES, the VIS, [the ETIAS] and Eurodac;
Amendment 397 #
Proposal for a regulation Article 2 – paragraph 2 – point g (g) supporting the purposes of the EES, the VIS, [the ETIAS]
Amendment 398 #
Proposal for a regulation Article 2 – paragraph 2 – point g a (new) (ga) supporting eu-LISA and Member States in providing training and education to experts and users of interoperability components.
Amendment 399 #
Proposal for a regulation Article 3 – paragraph 2 Amendment 400 #
Proposal for a regulation Article 3 – paragraph 2 2. This Regulation applies to persons in respect of whom personal data may be processed in the EU information systems referred to in paragraph 1, only for the purposes as defined in the underlying legal basis for those information systems.
Amendment 401 #
Proposal for a regulation Article 3 – paragraph 2 a (new) 2a. This Regulation shall not apply to personal data relating to an identified or identifiable citizen of the EU.
Amendment 402 #
Proposal for a regulation Article 4 – paragraph 1 – point 7 (7) ‘third-country national’ means a person who is not a citizen of the Union within the meaning of Article 20(1) of the Treaty, or a stateless person not residing in the EU or a person whose nationality is unknown;
Amendment 403 #
Proposal for a regulation Article 4 – paragraph 1 – point 9 Amendment 404 #
Proposal for a regulation Article 4 – paragraph 1 – point 9 (9) ‘identity data’ means the data
Amendment 405 #
Proposal for a regulation Article 4 – paragraph 1 – point 11 Amendment 406 #
Proposal for a regulation Article 4 – paragraph 1 – point 18 (18) ‘
Amendment 407 #
Proposal for a regulation Article 4 – paragraph 1 – point 18 (18) ‘EU information systems’ means the large-scale IT systems operationally managed by eu-
Amendment 408 #
Proposal for a regulation Article 4 – paragraph 1 – point 19 (19) ‘Europol data’ means personal data pro
Amendment 409 #
Proposal for a regulation Article 4 – paragraph 1 – point 20 (20) ‘Interpol databases’ means the Interpol Stolen and Lost Travel Document database (SLTD)
Amendment 410 #
Proposal for a regulation Article 4 – paragraph 1 – point 21 (21) ‘match’ means the existence of an exact correspondence established by comparing two or more occurrences of personal data recorded or being recorded in an information system or database;
Amendment 411 #
Proposal for a regulation Article 4 – paragraph 1 – point 25 (25) ‘terrorist offence’ means an offence
Amendment 412 #
Proposal for a regulation Article 4 – paragraph 1 – point 25 (25) ‘terrorist offence’ means an offence
Amendment 413 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 414 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 415 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 416 #
Proposal for a regulation Article 4 – paragraph 1 – point 36 Amendment 417 #
Proposal for a regulation Article 4 – paragraph 1 – point 36 Amendment 418 #
Proposal for a regulation Article 4 – paragraph 1 – point 37 Amendment 419 #
Proposal for a regulation Article 4 – paragraph 1 – point 37 Amendment 422 #
Proposal for a regulation Article 5 – title 5 Fundamental Rights and Non- discrimination
Amendment 423 #
Proposal for a regulation Article 5 – title Non-discrimination and fundamental rights
Amendment 424 #
Proposal for a regulation Article 5 – paragraph 1 This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, rac
Amendment 425 #
Proposal for a regulation Article 5 – paragraph 1 The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. Processing of personal data for the purposes of this Regulation by any user shall not result in discrimination against persons on any grounds such as sex, colour, social, racial or ethnic origin, religion or belief,
Amendment 426 #
Proposal for a regulation Article 5 – paragraph 1 This Regulation shall ensure respect of the fundamental rights and the observation of the principles recognized in the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result, either directly or indirectly, in undue interference with the right to respect for private and family life and the right to protection of personal data. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any ground
Amendment 427 #
This Regulation respects the fundamental rights and observes the principles recognized in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result, either directly or indirectly, in undue interferences with the right to respect for private and family life, and the right to protection of personal data. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial
Amendment 428 #
Proposal for a regulation Article 5 – paragraph 1 Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, social, racial or ethnic origin, religion or belief, disability, age or sexual
Amendment 429 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 1 (new) One year after to the date of entry into force of this legislation, the Commission shall conduct an ex-post evaluation which aims at assessing the impact of interoperability on the right to non- discrimination
Amendment 430 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 1 (new) To this end, no biometric data of children, elderly and persons with disabilities shall be processed.
Amendment 431 #
Proposal for a regulation Article 5 – paragraph 1 a (new) The Commission should be empowered, through a delegated act, to task EU-LISA with the development of pop-up alerts within the system which would help end- users identify when matches have a higher risk of being false, and would thus require manual verification to ascertain if the match is correct or not.
Amendment 432 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of
Amendment 433 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient
Amendment 434 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is
Amendment 435 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS],
Amendment 436 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) a secure communication
Amendment 437 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the
Amendment 438 #
Proposal for a regulation Article 6 – paragraph 3 3. eu-LISA shall develop the ESP and ensure its technical management. It shall not, however, have access to any of the personal data processed through the EPS.
Amendment 439 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS
Amendment 440 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU
Amendment 441 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system], to the
Amendment 442 #
Proposal for a regulation Article 7 – paragraph 1 a (new) 1a. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those Union information systems and in this Regulation, and only in specific cases where they have factual indications that a person is registered in one of the systems and the information about this is necessary for solving a specific on-going situation or facilitating a criminal investigation. They shall not use the ESP for systematic checks of large groups of persons.
Amendment 443 #
Proposal for a regulation Article 7 – paragraph 2 2.
Amendment 444 #
Proposal for a regulation Article 7 – paragraph 2 2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of the EES, the VIS and [the ETIAS] in accordance with their access rights under Union and national law.
Amendment 445 #
Proposal for a regulation Article 7 – paragraph 2 2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of the EES, the VIS and [the ETIAS] in accordance with their access rights under Union and national law.
Amendment 446 #
Proposal for a regulation Article 7 – paragraph 4 4.
Amendment 447 #
Proposal for a regulation Article 7 – paragraph 4 4. The EU
Amendment 448 #
Proposal for a regulation Article 7 – paragraph 4 4. The EU bodies as referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the Central SIS.
Amendment 449 #
Proposal for a regulation Article 7 – paragraph 5 5.
Amendment 450 #
Proposal for a regulation Article 7 – paragraph 5 a (new) 5a. The data owners referred in this article shall not be notified that a search has taken place.
Amendment 451 #
Proposal for a regulation Article 8 – paragraph 1 – point a (a) the fields of data possibly to be used for querying, including a mandatory field for the specific purpose of the query;
Amendment 452 #
Proposal for a regulation Article 8 – paragraph 1 – point a a (new) (aa) the purpose for which the EU information systems, the Europol data and the Interpol databases may be accessed;
Amendment 453 #
Proposal for a regulation Article 8 – paragraph 1 – point b (b) the EU information systems, the Europol data and the Interpol databases that shall and may be consulted and that shall provide a reply to the user, whereby it shall be ensured that access according to access rights is technically ensured; and
Amendment 454 #
Proposal for a regulation Article 8 – paragraph 1 – point c a (new) (ca) the purpose of the use of ESP by this category of user.
Amendment 455 #
Proposal for a regulation Article 8 – paragraph 1 – point c a (new) (ca) the purpose of the query
Amendment 456 #
Proposal for a regulation Article 8 – paragraph 2 a (new) 2a. eu-LISA shall review regularly – and at least once a year after their creation - the user profiles referred to in paragraph one, and shall update and delete those profiles where necessary.
Amendment 457 #
Proposal for a regulation Article 8 – paragraph 2 a (new) 2a. The profiles as referred to in paragraph 1 shall be regularly reviewed and if necessary updated.
Amendment 458 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS,
Amendment 459 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 460 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 461 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases. A search launched by the user of the ESP shall only query the systems he or she is authorised to access.
Amendment 462 #
Proposal for a regulation Article 9 – paragraph 2 2. The fields of data used to launch a query via the ESP shall correspond to the fields of data related to persons or travel documents that may be used to query the various EU information systems, the Europol data and the Interpol databases in accordance with the legal instruments governing them. An additional data field shall require the mandatory entering of the specific purpose of the query. For queries in the context of the prevention, detection or investigation of terrorist offences or other serious criminal offences, the case reference shall be required.
Amendment 463 #
Proposal for a regulation Article 9 – paragraph 2 2. The fields of data used to launch a query via the ESP shall correspond to the fields of data related to persons or travel documents that may be used to query the various EU information systems, the Europol databases and the Interpol databases in accordance with the legal instruments governing them.
Amendment 464 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS,
Amendment 465 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system],
Amendment 466 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system],
Amendment 467 #
Proposal for a regulation Article 9 – paragraph 5 5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query or any other data, is not shared with the owners of Interpol data. As regards to data on individuals registered in Eurodac, it must be ensured that the database owner does not receive information on whether their databases have been queried through the ESP.
Amendment 468 #
Proposal for a regulation Article 9 – paragraph 5 5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query is not shared with the owners of Interpol data. Any data from the Interpol databases and originating from a third country shall be marked as such, in order to warn the user about possible misuses of Interpol for political purposes.
Amendment 469 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 470 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 471 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 472 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 473 #
Proposal for a regulation Article 10 – paragraph 1 – introductory part 1. Without prejudice to [Article 46 of the EES Regulation], Article 34 of
Amendment 474 #
Proposal for a regulation Article 10 – paragraph 1 – point a (a) the Member State authority or EU bodies and the individual user of the ESP, including the ESP profile used as referred to in Article 8;
Amendment 475 #
Proposal for a regulation Article 10 – paragraph 1 – point b a (new) (ba) the exact purpose of the query;
Amendment 476 #
Proposal for a regulation Article 10 – paragraph 1 – point c (c) the EU information systems and the Europol and Interpol databases queried;
Amendment 477 #
Proposal for a regulation Article 10 – paragraph 1 – point d (d) in accordance with national rules or when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query
Amendment 478 #
Proposal for a regulation Article 10 – paragraph 1 – point d a (new) (da) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 8(2).
Amendment 479 #
Proposal for a regulation Article 10 – paragraph 1 a (new) 1a. Each Member State and EU body shall keep logs of queries of the authority and the staff duly authorised to use the ESP.
Amendment 480 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 481 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the
Amendment 482 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 483 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing,
Amendment 484 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing in accordance with Regulation EU 2016/679, and for ensuring data security pursuant to Article
Amendment 485 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 486 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 487 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall be immediately notified by eu-LISA.
Amendment 488 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 489 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 490 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall immediately notify eu-LISA and the Commission.
Amendment 491 #
Proposal for a regulation Article 11 – paragraph 2 a (new) 2a. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the infrastructure of a EU body, that EU body shall immediately notify eu-LISA and the Commission.
Amendment 492 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1) or the CIR
Amendment 493 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may
Amendment 494 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1)
Amendment 495 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS)
Amendment 496 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS)
Amendment 497 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS)
Amendment 498 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 499 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a
Amendment 500 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a central infrastructure, including a
Amendment 501 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a central infrastructure, including a search engine
Amendment 502 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS
Amendment 503 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS, Central-SIS the EES, the VIS, EURODAC and [the
Amendment 504 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS
Amendment 505 #
Proposal for a regulation Article 12 – paragraph 3 3. eu-LISA shall develop the shared BMS and ensure its technical management. It shall not, however, have access to any of the personal data processed through the shared BMS.
Amendment 506 #
Proposal for a regulation Article 13 Amendment 507 #
Proposal for a regulation Article 13 – title Data
Amendment 508 #
Proposal for a regulation Article 13 – paragraph 1 – introductory part 1. The shared BMS shall
Amendment 509 #
Proposal for a regulation Article 13 – paragraph 1 – point c (c) [the
Amendment 510 #
Proposal for a regulation Article 13 – paragraph 1 – point c (c) [the data referred to in Article 20(2)(w) and (x), excluding palm prints, of the Regulation on SIS in the field of border checks;
Amendment 511 #
Proposal for a regulation Article 13 – paragraph 1 – point d Amendment 512 #
Proposal for a regulation Article 13 – paragraph 1 – point d (d) the data referred to in Article 20(3)(w)
Amendment 513 #
Proposal for a regulation Article 13 – paragraph 1 – point d (d) the data referred to in Article 20(3)(w)
Amendment 514 #
Proposal for a regulation Article 13 – paragraph 1 – point e (e) the
Amendment 515 #
Proposal for a regulation Article 13 – paragraph 1 – point e (e) the data referred to in Article 4(3)(t) and (u), excluding palm prints, of the Regulation on SIS in the field of illegal return];
Amendment 516 #
Proposal for a regulation Article 13 – paragraph 1 – point g a (new) (ga) the biometric data processed by Europol.
Amendment 517 #
Proposal for a regulation Article 13 – paragraph 2 Amendment 518 #
Proposal for a regulation Article 13 – paragraph 2 2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. In all cases, in full respect of purpose limitation, the officer launching a query in the BMS shall only be able to see the references to those information system that he or she is authorised to access.
Amendment 519 #
Proposal for a regulation Article 13 – paragraph 2 2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. The officer launching a query using the shared BMS shall see only the references to those information systems that he or she is authorised to access.
Amendment 520 #
Proposal for a regulation Article 13 – paragraph 3 3.
Amendment 521 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 522 #
Proposal for a regulation Article 14 Amendment 523 #
Proposal for a regulation Article 14 – paragraph 1 Amendment 524 #
Proposal for a regulation Article 14 – paragraph 1 In order to search the biometric data stored within the
Amendment 525 #
Proposal for a regulation Article 14 – paragraph 1 a (new) 1a. Where a police authority has been so empowered by national legislative measures, it may, for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a natural disaster or an accident, query the shared BMS with the biometric data of those persons. Member States wishing to avail themselves of this possibility shall adopt national legislative measures laying down the procedures, conditions and criteria.
Amendment 526 #
Proposal for a regulation Article 15 Amendment 527 #
Proposal for a regulation Article 15 Amendment 528 #
Proposal for a regulation Article 15 – paragraph 1 The data referred to in Article 13 shall be stored in the shared BMS for as long as the corresponding biometric data is stored in the
Amendment 529 #
Proposal for a regulation Article 15 – paragraph 1 The data referred to in Article 13
Amendment 530 #
Proposal for a regulation Article 16 – paragraph 1 – point a (a) the history related to the
Amendment 531 #
Proposal for a regulation Article 16 – paragraph 1 – point a Amendment 532 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) a reference to the EU information systems queried with the biometric templates
Amendment 533 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) the exact purpose of the query;
Amendment 534 #
Proposal for a regulation Article 16 – paragraph 1 – point g (g) in accordance with national rules or, when applicable, Regulation (EU) 45/2001, the identifying mark of the person who carried out the query
Amendment 535 #
Proposal for a regulation Article 16 – paragraph 1 – point g a (new) (ga) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 14.
Amendment 536 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42.
Amendment 537 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. . To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 538 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 539 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring and monitoring the impact on fundamental rights, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
Amendment 540 #
Proposal for a regulation Article 17 Amendment 541 #
Amendment 542 #
Proposal for a regulation Article 17 Amendment 543 #
Proposal for a regulation Article 17 – paragraph 1 1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by
Amendment 544 #
Proposal for a regulation Article 17 – paragraph 1 1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime, while fully respecting the principles of necessity and proportionality.
Amendment 545 #
Proposal for a regulation Article 17 – paragraph 3 a (new) 3a. Where it is technically impossible to query the CIR for the purpose of identifying a person pursuant Article 20, for the detection of multiple identities pursuant Article 21 or for law enforcement purposes pursuant Article 22, because of a failure of the CIR, the users of the CIR shall be immediately notified by eu-LISA.
Amendment 546 #
Proposal for a regulation Article 18 Amendment 547 #
Proposal for a regulation Article 18 Amendment 548 #
Proposal for a regulation Article 18 Amendment 549 #
Proposal for a regulation Article 18 – paragraph 1 – point e (e) –
Amendment 550 #
Proposal for a regulation Article 18 – paragraph 2 2. For each set of data referred to in paragraph 1, the CIR shall include a reference to the information systems to which the data belongs. The officer accessing the CIR shall see only the components of the identity file stored in the repository which originate from those information systems he or she is authorised to access.
Amendment 551 #
Proposal for a regulation Article 19 A
Amendment 552 #
Proposal for a regulation Article 19 A
Amendment 553 #
Proposal for a regulation Article 19 A
Amendment 554 #
Proposal for a regulation Article 20 Amendment 555 #
Proposal for a regulation Article 20 Amendment 556 #
Proposal for a regulation Article 20 – title 20
Amendment 557 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority is unable to identify a person on the basis of his/her travel document, or of another credible document proving his/her identity, or with the identity data provided by that person in accordance with rules and procedures laid down in national law, and where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, in the presence of that person, and solely for the purpose of identifying
Amendment 558 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such query may be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuse to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query shall not be allowed against minors under the age of 12 years old.
Amendment 559 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. This query of the CIR shall only be carried out as a last resort measure, in presence of the person, where he or she is unable to cooperate and does not have a credible document proving his/her identity, where that person refuses to cooperate or where there are justified or well-founded grounds to believe that the documents presented are false or that the person is not telling the truth about his/her identity;
Amendment 560 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such checks shall not be limited to cases where the designated authority personnel was unable to identify a person on the basis of a travel document or provision of identity data or where there were doubts as to the authenticity of the travel document or the identity of its holder.
Amendment 561 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 2 Where the query indicates that data on that person is stored in the
Amendment 562 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 2 Where the query indicates that data on that person is stored in the CIR, the Member States authority shall have access to consult the data referred to in Article 18(1). The consultation shall reveal in any case to which Union information system the data belongs.
Amendment 563 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 3 Amendment 564 #
Proposal for a regulation Article 20 – paragraph 1 a (new) 1a. Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident query the CIR with the biometric data of those persons.
Amendment 565 #
Proposal for a regulation Article 20 – paragraph 1 a (new) 1a. Where there is a national legal basis, Member States' designated authorities may query the CIR to identify unknown persons unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks with the biometric data of those persons.
Amendment 566 #
Proposal for a regulation Article 20 – paragraph 1 b (new) 1b. Where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where accessing the CIR may contribute to preventing and fighting illegal migration as well as to preserving public security, the authority shall be able to query the CIR in accordance with the rules provided for in paragraphs 1 and 2.
Amendment 567 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures
Amendment 568 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c).
Amendment 569 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks.
Amendment 570 #
Proposal for a regulation Article 21 A
Amendment 571 #
Proposal for a regulation Article 21 A
Amendment 572 #
Proposal for a regulation Article 21 A
Amendment 573 #
Proposal for a regulation Article 21 – title Access to
Amendment 574 #
Proposal for a regulation Article 21 – paragraph 1 1. Where a query
Amendment 575 #
Proposal for a regulation Article 21 – paragraph 2 2. Where a query
Amendment 576 #
Proposal for a regulation Article 22 Amendment 577 #
Proposal for a regulation Article 22 Amendment 578 #
Proposal for a regulation Article 22 – title 22 Querying
Amendment 579 #
Proposal for a regulation Article 22 – paragraph 1 1.
Amendment 580 #
Proposal for a regulation Article 22 – paragraph 1 1. For the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences in a specific case and in order to obtain information on whether data on a specific person is present in the EES, the VIS and [the ETIAS] or the Member State designated authorities and Europol may consult the CIR. The CIR can only be consulted: (a) where reasonable grounds exist that the consultation will substantially contribute to the prevention, detection or investigation of the terrorist or other serious criminal offences, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under the category of third country nationals whose data are stored in the EES, the VIS, the ETIAS and the Eurodac system, and (b) after a prior search in the national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched.
Amendment 581 #
Proposal for a regulation Article 22 – paragraph 1 a (new) 1a. The central access points established in Article 50(2) [ETIAS Regulation], Article 29(3) of Regulation (EU) 2017/2226 and Article 3(2) of Regulation 767/2008 shall monitor the use made of the possibility provided for in paragraph 1. For that purpose, regular ex-post evaluations of this possibility shall be made and used for self-monitoring as referred to in Article 45. The central access points shall transmit a report to the supervisory authorities referred to in Article 49 every two years on the use made of this provision.
Amendment 582 #
Proposal for a regulation Article 22 – paragraph 2 Amendment 583 #
Proposal for a regulation Article 22 – paragraph 2 2. Member State designated authorities and Europol shall not be entitled to consult data belonging to [the ECRIS-TCN] when
Amendment 584 #
Proposal for a regulation Article 22 – paragraph 3 3. Where, in reply to a query the
Amendment 585 #
Proposal for a regulation Article 22 – paragraph 4 a (new) 4a. The Member State designated authorities and Europol getting a hit shall refer to the national supervisory authorities that shall check whether the conditions of accessing the CIR were complied with. In case the ex post independent verification determines that the consultation of the CIR was not justified, the law enforcement authority shall erase all data originating from the CIR.
Amendment 586 #
Proposal for a regulation Article 23 Amendment 587 #
Proposal for a regulation Article 23 Amendment 588 #
Proposal for a regulation Article 23 Amendment 589 #
Proposal for a regulation Article 23 – paragraph 1 1. The data referred to in Article 18(1) and (2) shall be automatically deleted from the CIR in accordance with the data retention provisions of [the EES Regulation], the VIS Regulation and [the ETIAS Regulation] respectively.
Amendment 590 #
Proposal for a regulation Article 23 – paragraph 2 a (new) 2a. Where the MID establishes a red link according to Article 32, data retention in the CIR shall be prolonged as to linked data referred to in Article 18 shall be stored in the CIR for the period corresponding data remains stored in at least one of the originating EU information systems.
Amendment 594 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) the
Amendment 595 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) the
Amendment 596 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) only the national file reference;
Amendment 597 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point e (e) the
Amendment 598 #
Proposal for a regulation Article 24 – paragraph 5 a (new) 5a. Europol shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Article 22.
Amendment 599 #
Proposal for a regulation Article 24 – paragraph 6 6. The logs referred to in paragraphs 1, 5 and 5a may be used only for data protection monitoring, including checking the admissibility of a request
Amendment 600 #
Proposal for a regulation Article 24 – paragraph 7 a (new) 7a. The competent national authorities in charge of checking whether or not access is lawful, monitoring the lawfulness of data processing, self- monitoring and ensuring the proper functioning, data integrity and security, shall have access, within the limits of their competence and at their request, to these logs for the purpose of fulfilling their duties.
Amendment 601 #
7b. For the purposes of self- monitoring and ensuring the proper functioning of the CIR, data integrity and security, the EU-Lisa shall have access, within the limits of its competence, to those logs.
Amendment 602 #
Proposal for a regulation Article 24 – paragraph 7 c (new) 7c. The European Data Protection Supervisor shall have access, within the limits of its competence and at its request, to those logs for the purpose of fulfilling its tasks.
Amendment 603 #
Proposal for a regulation Article 25 Amendment 604 #
Proposal for a regulation Article 25 Amendment 605 #
Proposal for a regulation Article 25 – paragraph 1 1. A multiple-identity detector (MID) is established to creat
Amendment 606 #
Proposal for a regulation Article 25 – paragraph 1 1. A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating identity fraud, is established for the purpose of supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 607 #
Proposal for a regulation Article 25 – paragraph 2 – point b (b) a secure communication infrastructure to connect the MID with the SIS and the central infrastructures of the European search portal and the
Amendment 608 #
Proposal for a regulation Article 25 – paragraph 3 3. eu-LISA shall develop the MID and ensure its technical management. It shall not, however, have access to any of the personal data processed through the MID.
Amendment 609 #
Proposal for a regulation Article 25 – paragraph 3 a (new) 3a. Eu-LISA(and the competent authorities of the Member States) should use appropriate procedures for the profiling, implement technical and organizational measures appropriate to ensure, in particular, that factors which result in inaccuracies in personal data are corrected and the risk of errors is minimized, secure personal data in a manner that takes account of the potential risks involved for the interests and rights of the data subject and that prevents discriminatory effects on natural persons on the basis of social, racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such effect.
Amendment 610 #
Proposal for a regulation Article 25 – paragraph 3 b (new) 3b. The process of creating links for the purpose of multiple-identity detection constitutes profiling within the meaning of Article 4(4) of Regulation (EU) 2016/679 and Article 3(4) of Directive (EU) 2016/680. Transparency towards the individuals and adequate safeguards, as provided by relevant EU law, in particular Article 22 of Regulation (EU) 2016/679 and Article 11 of Directive (EU) 2016/680 should be therefore guaranteed.
Amendment 611 #
Proposal for a regulation Article 26 A
Amendment 612 #
Proposal for a regulation Article 26 A
Amendment 613 #
Proposal for a regulation Article 26 – paragraph 1 – point d Amendment 614 #
Proposal for a regulation Article 26 – paragraph 1 – point e (e) the SIRENE Bureaux of the Member State creating or updating a [SIS alert in accordance with the Regulation on SIS in the field of border checks];
Amendment 615 #
Proposal for a regulation Article 26 – paragraph 1 – point f Amendment 616 #
Proposal for a regulation Article 26 – paragraph 2 2. Member State authorities and EU bodies having access to at least one EU information system
Amendment 617 #
Proposal for a regulation Article 27 Amendment 618 #
Proposal for a regulation Article 27 Amendment 619 #
Proposal for a regulation Article 27 – paragraph 1 – introductory part 1. A multiple-identity detection in the
Amendment 620 #
Proposal for a regulation Article 27 – paragraph 1 – point d Amendment 621 #
Proposal for a regulation Article 27 – paragraph 1 – point f Amendment 622 #
Proposal for a regulation Article 27 – paragraph 1 a (new) 1a. The multiple-identity detection using the data referred to in paragraph 1(c) shall be launched only where an application file in ETIAS can be verified against an individual file in the EES.
Amendment 623 #
Proposal for a regulation Article 27 – paragraph 2 2. Where the data contained within an information system as referred to in paragraph 1 contains biometric data, th
Amendment 624 #
Proposal for a regulation Article 27 – paragraph 2 2. Where the data contained within an information system as referred to in paragraph 1 contains biometric data, the common identity repository (CIR) and the Central-SIS shall use the shared biometric matching service (shared BMS) in order to perform the multiple-identity detection. The shared BMS shall compare the biometric templates obtained from any new biometric data to the biometric templates already contained in the shared BMS in order to verify whether or not data belonging to the same
Amendment 625 #
Proposal for a regulation Article 27 – paragraph 3 – introductory part 3. In addition to the process referred to in paragraph 2, the
Amendment 626 #
Proposal for a regulation Article 27 – paragraph 3 – point d Amendment 627 #
Proposal for a regulation Article 27 – paragraph 3 – point f Amendment 628 #
Proposal for a regulation Article 27 – paragraph 3 – point g Amendment 629 #
Proposal for a regulation Article 27 – paragraph 3 – point h Amendment 630 #
Proposal for a regulation Article 27 – paragraph 3 – point h (h) –
Amendment 631 #
Proposal for a regulation Article 28 Amendment 632 #
Proposal for a regulation Article 28 Amendment 633 #
Proposal for a regulation Article 28 – paragraph 2 – subparagraph 1 Where the query laid down in Article 27(2) and (3) reports one or several hit(s), the
Amendment 634 #
Proposal for a regulation Article 28 – paragraph 5 5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in
Amendment 635 #
Proposal for a regulation Article 28 – paragraph 5 5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in
Amendment 638 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point d Amendment 639 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point e (e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of border checks];
Amendment 640 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point e (e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of border checks];
Amendment 641 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point f Amendment 642 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 a (new) The authority responsible shall verify the identity as soon as possible and, in any event, within eight hours. If verification proves impossible, the border authorities shall carry out the verification when the person concerned next enters or exits an external border.
Amendment 643 #
Proposal for a regulation Article 29 – paragraph 2 – point f Amendment 644 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 (new) The responsible Sirene Bureau is immediately informed when a yellow link has to be manually verified by it.
Amendment 645 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 (new) The responsible Sirene Bureau shall be immediately informed when a yellow link has to be verified by it.
Amendment 646 #
Proposal for a regulation Article 29 – paragraph 2 a (new) 2a. Where the SIRENE Bureau is responsible for manually verifying different identities but has not been involved in the addition of the new identity data which has given rise to a yellow link, it shall be informed immediately by the relevant authority which added the new identity data. The SIRENE Bureau shall carry out the manual verification of different identities as soon as possible and, in any event, within eight hours.
Amendment 647 #
Proposal for a regulation Article 29 – paragraph 3 3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the
Amendment 648 #
Proposal for a regulation Article 29 – paragraph 3 3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the common identity repository and, where relevant, in the SIS,
Amendment 649 #
Proposal for a regulation Article 29 – paragraph 4 4. Where the authority responsible for the verification of different identities in the identity confirmation file is the border authority creating or updating an individual file in the EES in accordance with Article 14 of the EES Regulation, and where a yellow link is obtained, the border authority shall carry out additional verifications
Amendment 650 #
Proposal for a regulation Article 29 – paragraph 4 a (new) 4a. The verification of different identities shall, as a rule, take place in the presence of the person concerned who should be offered the opportunity to explain the circumstances to the authority responsible, which should take those explanations into account. Where the verification leads to the establishment of a red link, the person concerned should receive a justification in writing.
Amendment 651 #
Proposal for a regulation Article 29 – paragraph 5 5. Where more than one link is obtained, the authority responsible for the verification of different identities shall assess each link separately. The authority responsible must ensure that the data subject is given the possibility to explain plausible reasons why there may be contradicting information within the different IT systems.
Amendment 652 #
Proposal for a regulation Article 29 – paragraph 5 a (new) 5a. The authority responsible for the manual verification of multiple identities must also assess whether there are plausible arguments presented by the third country national when deciding on the colour of the links. Such assessment should be performed, where possible, in the presence of the third-country national and, where necessary, by requesting additional clarifications or information. Such assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law.
Amendment 653 #
Proposal for a regulation Article 30 Amendment 654 #
Proposal for a regulation Article 30 Amendment 655 #
Proposal for a regulation Article 30 – paragraph 1 – point b (b) the linked data has different identity data, there is no biometric data to compare, and no manual verification of different identity has taken place.
Amendment 656 #
Proposal for a regulation Article 31 Amendment 657 #
Proposal for a regulation Article 31 Amendment 658 #
Proposal for a regulation Article 31 – paragraph 1 1. A link between data from two or more information systems shall be classified as green where the linked data do not share: (i) the same biometric data but have the same or similar identity data; or (ii) the same or similar identity data but have indistinguishable biometric data, and the authority responsible for the verification of different identities concluded it refers to two different persons.
Amendment 659 #
Proposal for a regulation Article 31 – paragraph 2 2. Where the
Amendment 660 #
Proposal for a regulation Article 32 Amendment 661 #
Proposal for a regulation Article 32 Amendment 662 #
Proposal for a regulation Article 32 – paragraph 1 – point a (a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 663 #
Proposal for a regulation Article 32 – paragraph 1 – point a (a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 664 #
Proposal for a regulation Article 32 – paragraph 1 – point b (b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 665 #
Proposal for a regulation Article 32 – paragraph 1 – point b (b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person who has evidently provided false information with the intent of committing a serious criminal offence.
Amendment 666 #
Proposal for a regulation Article 32 – paragraph 2 2. Where the
Amendment 667 #
Proposal for a regulation Article 32 – paragraph 3 Amendment 668 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations
Amendment 669 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any national investigation will not be jeopardised, with particular emphasis to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return],
Amendment 670 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security
Amendment 671 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security
Amendment 672 #
Proposal for a regulation Article 32 – paragraph 5 a (new) 5a. Where a Member State authority or EU body with access to one of the EU information systems or the SIS obtains evidence showing that a red link recorded in the MID is incorrect or that the data processed in the MID, the relevant EU information systems and the SIS were processed in breach of this Regulation, that authority shall, where the link relates to EU information systems either rectify or erase the link from the MID immediately, or where the link relates to the SIS, inform the relevant SIRENE Bureau of the Member State that created the SIS alert immediately. That SIRENE Bureau shall verify the evidence provided by the Member State authority and rectify or erase the link from the MID immediately thereafter.
Amendment 673 #
Proposal for a regulation Article 32 – paragraph 5 a (new) 5a. A third-country national shall be notified of the existence of a red link as soon as such a notification can no longer jeopardize on-going investigations or proceedings.
Amendment 674 #
Proposal for a regulation Article 33 Amendment 675 #
Proposal for a regulation Article 33 Amendment 676 #
Proposal for a regulation Article 33 – paragraph 1 – point c a (new) (ca) the linked data shares the same identity data and different biometric data and the authority responsible for the verification of different identities has concluded it refers to the same person and their biometric data has changed due to injury, illness or other legitimate reason.
Amendment 677 #
Proposal for a regulation Article 33 – paragraph 2 2. Where
Amendment 678 #
Proposal for a regulation Article 33 – paragraph 3 Amendment 679 #
Proposal for a regulation Article 33 – paragraph 4 a (new) 4a. If a Member State authority has evidence to suggest that a red link/ white link recorded in the MID is factually inaccurate or not up-to-date or that data were processed in the MID, the EU information systems or the SIS in breach of this Regulation, it shall check the relevant data stored in the EU information systems and SIS and shall, if necessary, rectify or erase the link from the MID without delay. That Member State authority shall inform the Member State responsible for the manual verification without delay.
Amendment 680 #
Proposal for a regulation Article 34 Amendment 681 #
Proposal for a regulation Article 34 Amendment 682 #
Proposal for a regulation Article 35 Amendment 683 #
Proposal for a regulation Article 35 Amendment 684 #
Proposal for a regulation Article 35 – paragraph 1 The identity confirmation files and its data, including the links, shall be stored in the multiple-identity detector (MID) only for as long as the linked data is stored in two or more EU information systems. Once this condition is no longer met, the identity confirmation files and their data, including all related links, shall be deleted automatically.
Amendment 685 #
Proposal for a regulation Article 35 – paragraph 1 The identity confirmation files and its data, including the links, shall be
Amendment 686 #
Proposal for a regulation Article 35 – paragraph 1 a (new) In case of the establishment of a red link between data in the CIR, the identity confirmation files and its data, including the red link, shall be stored in the MID only for as long as the corresponding data are stored in at least one of the originating EU information systems.
Amendment 687 #
Proposal for a regulation Article 36 Amendment 688 #
Proposal for a regulation Article 36 Amendment 689 #
Proposal for a regulation Article 36 – paragraph 2 a (new) 2a. Each EU body shall keep logs of queries of the authority and the staff duly authorised to use the MID.
Amendment 690 #
Proposal for a regulation Article 36 – paragraph 3 3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing,
Amendment 691 #
Proposal for a regulation Article 36 – paragraph 3 3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU)2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. The logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 692 #
Proposal for a regulation Article 37 – paragraph 1 1. eu-LISA shall establish as soon as possible automated data quality control mechanisms and procedures on the data stored in the EES, the [ETIAS], the VIS
Amendment 693 #
Proposal for a regulation Article 37 – paragraph 1 1. eu-LISA shall establish automated data quality control mechanisms and procedures on the data stored in or accessed through the EES, the [ETIAS], the VIS, the SIS, and the shared biometric matching service (shared BMS)
Amendment 694 #
Proposal for a regulation Article 37 – paragraph 2 2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in or access data through the EES, the [ETIAS], the VIS, the SIS, and the shared BMS
Amendment 695 #
Proposal for a regulation Article 37 – paragraph 2 2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the EES, the [ETIAS], the VIS, the SIS
Amendment 696 #
Proposal for a regulation Article 37 – paragraph 3 3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the Member States. eu-LISA shall also provide a regular report to the Commission
Amendment 697 #
Proposal for a regulation Article 37 – paragraph 3 3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the
Amendment 698 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in the EES, the [ETIAS], the VIS, the SIS, the shared BMS,
Amendment 699 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in or access data through the EES, the [ETIAS], the VIS, the SIS, the shared BMS,
Amendment 700 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in the EES, the [ETIAS], the VIS, the SIS, the shared BMS
Amendment 701 #
Proposal for a regulation Article 37 – paragraph 5 5. One year after the establishment of the automated data quality control mechanisms and procedures and common
Amendment 702 #
Proposal for a regulation Article 37 – paragraph 5 5. One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies
Amendment 703 #
Proposal for a regulation Article 38 – paragraph 2 2. The UMF standard shall be used in the development of the EES, the [ETIAS],
Amendment 704 #
Proposal for a regulation Article 38 – paragraph 2 2. The UMF standard shall be used in the development of the EES, the [ETIAS], , the European search portal,
Amendment 705 #
Proposal for a regulation Article 38 – paragraph 3 Amendment 706 #
Proposal for a regulation Article 38 – paragraph 3 3. The implementation of the UMF standard
Amendment 707 #
Proposal for a regulation Article 39 Amendment 708 #
Proposal for a regulation Article 39 Amendment 709 #
Proposal for a regulation Article 39 – paragraph 2 2. eu-LISA shall establish, implement and host the CRRS in its technical sites
Amendment 710 #
Proposal for a regulation Article 39 – paragraph 2 a (new) 2a. Europol may access data contained in the CRRS for the performance of its tasks referred to in Article 4 of Regulation (EU) 2016/794.
Amendment 711 #
Proposal for a regulation Article 39 – paragraph 2 b (new) 2b. The European Border and Coast Guard Agency may access data contained in the CRRS for the performance of its analytical tasks referred to in Article 8 of Regulation (EU)2016/1624.
Amendment 712 #
Proposal for a regulation Article 39 – paragraph 3 3. eu-LISA shall render the data
Amendment 713 #
Proposal for a regulation Article 39 – paragraph 3 3. eu-LISA shall render the data anonymous, by ensuring that the data is non-identifiable, and shall record such anonymous data in the CRRS. The process for rendering the data anonymous shall be automated.
Amendment 714 #
Proposal for a regulation Article 39 – paragraph 4 – point b (b) a secure communication infrastructure to connect the CRRS to the EES, [the ETIAS], the VIS and the SIS, as well as the central infrastructures of the shared BMS
Amendment 715 #
Proposal for a regulation Article 39 – paragraph 5 5. The Commission shall lay down detailed rules on the operation of the CRRS, including specific safeguards for processing of personal data referred to under paragraph 2 and 3 and security rules applicable to the repository by means of
Amendment 716 #
Proposal for a regulation Article 39 a (new) Article 39a Statistics 1. eu-LISA shall develop functionalities to allow Member States’ authorities, the Commission, eu-LISA as well as the EDPS to automatically extract statistics directly from the system. Such extraction shall take place only in duly justified cases, at reasonable intervals, and for a specific purpose. Extracted statistics shall only contain anonymous data. 2. Before developing the functionalities laid down in paragraph 1, eu-LISA shall perform a thorough information security risk assessment and establish secure access points.
Amendment 717 #
Proposal for a regulation Article 40 – paragraph 1 1. In relation to the processing of data
Amendment 718 #
Proposal for a regulation Article 40 – paragraph 1 1. In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the VIS, EES, and SIS respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU)
Amendment 719 #
Proposal for a regulation Article 40 – paragraph 2 Amendment 720 #
Proposal for a regulation Article 40 – paragraph 2 Amendment 721 #
Proposal for a regulation Article 40 – paragraph 3 Amendment 722 #
Proposal for a regulation Article 40 – paragraph 3 – point a (a) the European Border and Coast Guard Agency shall be considered a data controller in accordance with Article 2(b)
Amendment 723 #
Proposal for a regulation Article 40 – paragraph 3 – point b (b) the Member State authorities adding or modifying the data in the identity confirmation file are also to be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 and shall have responsibility for the processing of the personal data in the multiple-identity detector. In relation to information security management of the multiple- identity detector, eu-LISA shall be considered a controller;
Amendment 724 #
Proposal for a regulation Article 40 – paragraph 3 a (new) 3a. eu-LISA shall also be considered to be a controller in relation to all processing under this Regulation. Relevant provisions of Regulation (EC) 45/2001 shall apply.
Amendment 725 #
Proposal for a regulation Article 41 Amendment 726 #
Proposal for a regulation Article 41 Amendment 727 #
Proposal for a regulation Article 41 – paragraph 1 Amendment 728 #
Proposal for a regulation Article 42 – paragraph 1 1. Both eu-LISA and the Member State authorities shall ensure the security of the processing of personal data that takes place pursuant to the application of this Regulation. eu-LISA shall be responsible for the central systems and Member State authorities shall be responsible for the security at the end-points controlling access to the systems, [the ETIAS Central Unit] and the Member State authorities shall cooperate on security-related tasks.
Amendment 729 #
Proposal for a regulation Article 42 – paragraph 3 – point i (i) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation and to assess those security measures in the light of new technological developments.
Amendment 730 #
Proposal for a regulation Article 43 – paragraph 1 1. Each Member State shall apply its rules of professional secrecy or other equivalent duties of confidentiality to all persons and bodies
Amendment 731 #
Proposal for a regulation Article 43 – paragraph 2 a (new) 2a. Where eu-LISA or a Member State cooperates with external contractors in any task related to the accessibility components, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Regulation, including in particular security, confidentiality and data protection. In case potential and existing contractors are also established in third countries, eu-LISA or the respective Member State shall closely monitor and assess any legal obligations in those third countries that might have a detrimental impact on the confidentiality of the accessibility components and the information systems operated by eu-LISA and by the Member States in the scope of this Regulation, and take all necessary steps to ensure the confidentiality, including, where necessary, declining a contract.
Amendment 732 #
Proposal for a regulation Article 44 – paragraph 1 1. Any event that has or may have an impact on the security of the interoperability components and may cause unauthorised access to, damage to or loss of data stored in them shall be considered to be a security incident, in particular where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.
Amendment 733 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation
Amendment 734 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor as well as national supervisory authorities concerned.
Amendment 735 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authorities and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 736 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 737 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 738 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall immediately notify the Commission, eu-
Amendment 739 #
Proposal for a regulation Article 44 – paragraph 3 a (new) 3a. The Commission shall report serious incidents immediately to the European Parliament and the Council. These reports shall be classified as EU RESTRICTED/RESTREINT UE in accordance with applicable security rules.
Amendment 740 #
Proposal for a regulation Article 44 – paragraph 3 b (new) 3b. Where a security incident is caused by the misuse of data, Member States or the relevant EU Agencies shall ensure that penalties or disciplinary measures are imposed in accordance with Union and national law.
Amendment 741 #
Proposal for a regulation Article 44 – paragraph 5 a (new) 5a. The European Commission shall carry out annual evaluations to ensure that Member States are in full compliance with the obligations under each respective IT-systems. The concrete findings of the evaluations shall be communicated to the European Parliament and the Council, and in case of a breach, appropriate measures shall be taken thereafter.
Amendment 742 #
Proposal for a regulation Article 45 – paragraph 1 Member States and the relevant EU bodies shall ensure that each authority entitled to access the interoperability components takes the measures necessary to monitor its compliance with this Regulation and cooperates, where necessary, with the supervisory authority. Where the Member States establish that this Regulation has been infringed, they must define and apply the appropriate penalties.
Amendment 743 #
Member States and the relevant EU bodies shall ensure that each authority entitled to access the
Amendment 744 #
Proposal for a regulation Article 45 a (new) Article 45a Penalties Member States shall take the necessary measures to ensure that any use of data in a manner contrary to this Regulation is punishable by effective, proportionate and dissuasive penalties in accordance with national law, Article 84 of Regulation (EU) 2016/679 and Article 57 of Directive (EU) 2016/680 as well as [relevant Article of new] Regulation 45/2001.
Amendment 746 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right to
Amendment 747 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13
Amendment 748 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001
Amendment 749 #
Proposal for a regulation Article 46 – paragraph 1 Amendment 750 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, as well as Article 13 of Directive (EU) 2016/680, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data.
Amendment 751 #
Proposal for a regulation Article 46 – paragraph 1 a (new) 1a. All information must be provided to data subjects in a manner and language which they understand, or are reasonably expected to understand. This must include providing information in an age- appropriate manner for data subjects who are minors.
Amendment 752 #
Proposal for a regulation Article 46 – paragraph 2 – introductory part 2. Persons whose data is recorded in the EES, the VIS or [the ETIAS] shall be informed about the processing of data for the purposes of this Regulation in accordance with paragraph 1
Amendment 753 #
Proposal for a regulation Article 46 – paragraph 2 – point a Amendment 754 #
Proposal for a regulation Article 46 – paragraph 2 – point b Amendment 755 #
Proposal for a regulation Article 46 – paragraph 2 – point c Amendment 756 #
Proposal for a regulation Article 46 – paragraph 2 a (new) 2a. The data subject should also be informed about the relevant retention periods, the automated decision-making and the fact that personal data is not transferred or made available to third countries, international organizations or private parties.
Amendment 757 #
Proposal for a regulation Article 46 – paragraph 2 b (new) 2b. The information referred to in this Article shall be given in a language that the person understands. The information shall be provided to children in an age-appropriate manner. The provision of the information shall also take into account specific needs of a person concerned.
Amendment 758 #
Article 46a Information Campaign The Commission shall, in cooperation with the supervisory authorities and the European Data Protection Supervisor, accompany the start of operations of each interconnectivity component with an information campaign informing the public and, in particular, third-country nationals, about the objectives and the functioning of those components, the authorities having access and the conditions for such access, and the rights of persons concerned. Such information campaigns shall be conducted continuously.
Amendment 759 #
Proposal for a regulation Article 47 – title Right of access
Amendment 760 #
Proposal for a regulation Article 47 – title Right of access, correction and erasure - Web Service
Amendment 761 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001
Amendment 762 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, a
Amendment 763 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001
Amendment 764 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities stored in the MID or of any Member State, who shall examine and reply to the request.
Amendment 765 #
Proposal for a regulation Article 47 – paragraph 1 a (new) Amendment 766 #
Proposal for a regulation Article 47 – paragraph 1 b (new) 1b. The Commission shall adopt implementing acts concerning the detailed rules on the conditions for the operation of the web service and the data protection and security rules applicable. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64.
Amendment 767 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made, either directly from the data subject in accordance with paragraph 1 or via the web service established by eu- LISA in accordance with paragraph 2, shall reply to such requests at the latest within 14
Amendment 768 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for
Amendment 769 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests with
Amendment 770 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the
Amendment 771 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within
Amendment 772 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction, restriction of processing or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within
Amendment 773 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction
Amendment 774 #
Proposal for a regulation Article 47 – paragraph 4 Amendment 775 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The person concerned shall be informed that his or her data was corrected or deleted.
Amendment 776 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State to which the request has been made shall inform the data subject about the correction or deletion without delay.
Amendment 777 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State shall send a written confirmation to the data subject.
Amendment 778 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the common identity repository (CIR) or multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data.
Amendment 779 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the
Amendment 780 #
Proposal for a regulation Article 47 – paragraph 4 a (new) 4a. Any person shall have the right to lodge a complaint and the right to a legal remedy in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, in accordance with national or Union law;
Amendment 781 #
Proposal for a regulation Article 47 – paragraph 5 Amendment 782 #
Proposal for a regulation Article 47 – paragraph 5 5. Where data in the MID is amended by the responsible Member State during its validity period, the responsible Member State shall carry out the processing laid down in Article 27 and, where relevant, Article 29 to determine whether the amended data shall be linked. Where the processing does not report any hit, the responsible Member State or, where
Amendment 783 #
Proposal for a regulation Article 47 – paragraph 6 Amendment 784 #
Proposal for a regulation Article 47 – paragraph 6 6. Where the responsible Member State or, where applicable, the Member
Amendment 785 #
Proposal for a regulation Article 47 – paragraph 7 Amendment 786 #
Proposal for a regulation Article 47 – paragraph 7 7. This decision shall also provide the person concerned with information
Amendment 787 #
Proposal for a regulation Article 47 – paragraph 8 8. Any request made pursuant to paragraph
Amendment 788 #
Proposal for a regulation Article 47 – paragraph 9 9. The responsible Member State or, where applicable, the Member State to which the request has been made shall keep a record in the form of a written document that a request referred to in paragraph
Amendment 789 #
Proposal for a regulation Article 47 a (new) Article 47 a Liability Without prejudice to the right to compensation from, and liability under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EC) No 45/2001: (a) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by a Member State which is incompatible with this Regulation shall be entitled to receive compensation from that Member State; (b) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by Europol or by the European Border and Coast Guard Agency which is incompatible with this Regulation shall be entitled to receive compensation from Europol or the European Border and Coast Guard as appropriate. The Member State, Europol or the European Border and Coast Guard Agency shall be exempted from liability, in whole or in part, if they prove that they are not responsible for the event which gave rise to the damage.
Amendment 790 #
Proposal for a regulation Article 47 b (new) Article 47 b Penalties Member States shall ensure that any misuse of data, processing of data or exchange of data contrary to this Regulation is punishable in accordance with national law. The penalties provided shall be effective, proportionate and dissuasive and shall include the possibility for administrative and criminal penalties. Europol and the European Border and Coast Guard Agency shall ensure that members of their staff or members of their teams who misuse, process or exchange data contrary to this Regulation are subject to penalties. Those penalties shall be effective, proportionate and dissuasive.
Amendment 791 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party,
Amendment 792 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party, with the exception of transfers to Interpol for the purpose of carrying out the automated processing referred to in [Article 18(2)(b) and (m) of the ETIAS Regulation] or for the purposes of Article 8(2) of Regulation (EU) 2016/399. Such transfers of personal data to Interpol shall be compliant with the provisions of Article 9 of Regulation (EC) No 45/2001 and Chapter V of Regulation (EU) 2016/679. Any breach to this shall be considered a serious security incident and shall be immediately reported and addressed in accordance with Article 44.
Amendment 793 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in, processed or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party, with the exception of transfers to Interpol for the purpose of carrying out the automated processing referred to in [Article 18(2)(b) and (m) of the ETIAS Regulation] or for the purposes of Article 8(2) of Regulation (EU) 2016/399. Such transfers of personal data to Interpol shall be compliant with the provisions of Article 9 of Regulation (EC) No 45/2001 and Chapter V of Regulation (EU) 2016/679.
Amendment 794 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party
Amendment 795 #
Proposal for a regulation Article 48 – paragraph 1 a (new) The prohibition referred to in paragraph 1a of this Article shall not apply to personal data originating from those EU information systems for which the respective legal instruments allow for such a transfer.
Amendment 796 #
Proposal for a regulation Article 49 – paragraph -1 (new) -1. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation 2016/678 and Article 41 of Directive 2016/680 shall monitor the lawfulness of the processing of personal data.
Amendment 797 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or
Amendment 798 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every
Amendment 799 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 or pursuant to Article 41 of Directive (EU) 2016/680 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing
Amendment 800 #
Proposal for a regulation Article 49 – paragraph 1 a (new) 1 a. Member States shall ensure that their supervisory authorities designated pursuant to Article 51 of Regulation2016/679 and Article 41 of Directive 2016/680 monitor the lawfulness of the processing of personal data under this Regulation carried out by Member States’ relevant authorities.
Amendment 801 #
Proposal for a regulation Article 49 – paragraph 1 a (new) 1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU)2016/679 and Article 41 of Directive (EU)2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation.
Amendment 802 #
Proposal for a regulation Article 49 – paragraph 1 a (new) 1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation.
Amendment 803 #
Proposal for a regulation Article 49 – paragraph 2 2. Member States shall ensure that their supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation. Member States shall grant the supervisory authority access to their logs when facts justify the assumption of severe data protection breaches without prejudice to constraints imposed by national security interests.
Amendment 804 #
Proposal for a regulation Article 49 – paragraph 2 2. Member States shall ensure that their supervisory authority has sufficient
Amendment 805 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every
Amendment 806 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EU Budgetary Authority shall ensure that the European Data Protection Supervisor has sufficient additional resources, including both human and financial resources, to fulfil the tasks entrusted to it under this Regulation.
Amendment 807 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EDPS shall be endowed with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 808 #
Proposal for a regulation Article 50 – paragraph 1 a (new) The European Commission, the European Parliament and Member States shall ensure that the European Data Protection Supervisor has sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 809 #
Proposal for a regulation Article 50 – paragraph 1 a (new) The EDPS should be provided with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 810 #
Proposal for a regulation Article 51 – title Cooperation
Amendment 811 #
Proposal for a regulation Article 51 – paragraph 1 1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities
Amendment 812 #
Proposal for a regulation Article 51 – paragraph 1 1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities and the European Data Protection Board with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the interoperability components, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.
Amendment 813 #
Proposal for a regulation Article 51 – paragraph 2 2.
Amendment 814 #
Proposal for a regulation Article 52 – paragraph 1 1. eu-LISA shall ensure that the central infrastructures of the interoperability components are operated in accordance with this Regulation. In that respect, eu-LISA shall follow the principles of data protection by design and by default.
Amendment 815 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 1 eu-LISA shall be responsible for the development of the
Amendment 816 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 1 eu-LISA shall be responsible for the development of the interoperability components, for any adaptations required for establishing interoperability between the central systems of the EES, VIS, [ETIAS], SIS, and Eurodac, and [the ECRIS-TCN system], and the European search portal, the shared biometric matching service
Amendment 817 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination. In that regard, the tasks of eu-LISA shall also be: (a) perform a security risk assessment; (b) follow the principles of privacy by design and by default during the entire lifecycle of the development of the interoperability components; and (c) conduct a security risk assessment regarding the interoperability of EU information systems, interoperability components, Europol data and Interpol databases.
Amendment 818 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination, including the provision of technical solutions that would exclude the creation of links on EU or dual citizens that are recorded in the SIS or for types of alerts that are not relating to terrorist offences or serious criminal offences as defined in the present Regulation.
Amendment 819 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 a (new) eu-LISA shall ensure the application of the principle of privacy by design during design and development stage.
Amendment 820 #
Proposal for a regulation Article 52 – paragraph 5 – subparagraph 1 a (new) Where relevant, experts to provide independent advise in matters relating to data protection shall be invited to the meetings.
Amendment 821 #
Proposal for a regulation Article 53 – paragraph 1 – subparagraph 1 a (new) eu-LISA shall perform regular information security risk assessments for the interoperability components, implement a comprehensive information security risk management process and follow the principles of privacy by design and by default during the entire lifecycle of those interoperability components.
Amendment 822 #
Proposal for a regulation Article 53 – paragraph 2 2. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with
Amendment 823 #
Proposal for a regulation Article 53 – paragraph 3 Amendment 824 #
3. eu-LISA shall develop and maintain a mechanism and procedures for carrying out quality checks on the data
Amendment 825 #
Proposal for a regulation Article 54 – paragraph 1 – point a (a) the connection to the communication infrastructure of the European search portal (ESP)
Amendment 826 #
Proposal for a regulation Article 54 – paragraph 1 – point a (a) the connection to the communication infrastructure of the European search portal (ESP)
Amendment 827 #
Proposal for a regulation Article 54 – paragraph 1 – point b (b) the integration of the existing national systems and infrastructures with the ESP, and the shared biometric matching service
Amendment 828 #
Proposal for a regulation Article 54 – paragraph 1 – point b (b) the integration of the existing national systems and infrastructures with the ESP, shared biometric matching service
Amendment 829 #
Proposal for a regulation Article 54 – paragraph 1 – point d (d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national
Amendment 830 #
Proposal for a regulation Article 54 – paragraph 1 – point d (d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP
Amendment 831 #
Proposal for a regulation Article 54 – paragraph 1 – point e Amendment 832 #
Proposal for a regulation Article 54 – paragraph 1 – point e (e) the adoption of the legislative measures referred to in Article 20(3) in order to access
Amendment 833 #
Proposal for a regulation Article 54 – paragraph 1 – point f Amendment 834 #
Proposal for a regulation Article 54 – paragraph 1 – point g a (new) (g a) fully complying with the rules of each IT-system to ensure the security and integrity of personal data;
Amendment 835 #
Proposal for a regulation Article 54 – paragraph 1 – point h a (new) (h a) reporting any security incidents involving personal data to the Commission, eu-LISA, the national supervisory authorities and the European Data Protection Supervisor
Amendment 836 #
Proposal for a regulation Article 54 – paragraph 2 Amendment 837 #
Proposal for a regulation Article 55 Amendment 838 #
Proposal for a regulation Article 55 a (new) Article 55 a Penalties Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
Amendment 839 #
Proposal for a regulation Article 55a Regulation (EU) 2016/399 Article 8 – paragraph 4 a (new) Amendment 840 #
Proposal for a regulation Article 55a – paragraph 1 – subparagraph 1 Regulation (EU) 2016/399 The border guard at second line shall consult the multiple-identity detector together with the
Amendment 841 #
Proposal for a regulation Article 55b – paragraph 1 – point 1 Regulation (EU) 2017/2226 Article 1 – paragraph 1 a (new) Amendment 842 #
Proposal for a regulation Article 55b – paragraph 1 – point 1 Regulation (EU) 2017/2226 Article 1a 1a. By
Amendment 843 #
Proposal for a regulation Article 55b – paragraph 1 – point 2 Regulation (EU) 2017/2226 Article 3 – point 21 a (new) Amendment 844 #
Proposal for a regulation Article 55b – paragraph 1 – point 2 Regulation (EU) 2017/2226 Article 3 (21)(a) Amendment 845 #
Proposal for a regulation Article 55b – paragraph 1 – point 3 Regulation (EU) 2017/2226 Article 3(1)(22) (22) 'EES data' means all data stored in the EES Central System
Amendment 846 #
Proposal for a regulation Article 55b – paragraph 1 – point 6 Regulation (EU) 2017/2226 Article 7(1)(a) Amendment 847 #
Proposal for a regulation Article 55b – paragraph 1 – point 6 Regulation (EU) 2017/2226 Article 7 – paragraph 1 – point a Amendment 848 #
Proposal for a regulation Article 55b – paragraph 1 – point 7 Regulation (EU) 2017/2226 Article 7(1), point (f) (f) a secure communication infrastructure between the EES Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on
Amendment 849 #
Proposal for a regulation Article 55b – paragraph 1 – point 7 Regulation (EU) 2017/2226 Article 7 – paragraph 1 – point f (f) a secure communication infrastructure between the EES Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability], the shared biometric matching service established by [Article 12 of Regulation 2018/XX on
Amendment 850 #
Proposal for a regulation Article 55b – paragraph 1 – point 8 Regulation (EU) 2017/2226 Amendment 851 #
Proposal for a regulation Article 55b – paragraph 1 – point 8 Regulation (EU) 2017/2226 Article 7 – paragraph 1 a (new) Amendment 852 #
Proposal for a regulation Article 55b – paragraph 1 – point 9 Regulation (EU) 2017/2226 Article 9 – paragraph 3 a (new) Amendment 853 #
Proposal for a regulation Article 55b – paragraph 1 – point 9 Regulation (EU) 2017/2226 Article 9 3. Access to consulting the EES data
Amendment 854 #
Proposal for a regulation Article 55b – paragraph 1 – point 10 Regulation (EU) 2017/2226 Article 21 – paragraph 1 Amendment 855 #
Proposal for a regulation Article 55b – paragraph 1 – point 10 Regulation (EU) 2017/2226 Article 21(2) Amendment 856 #
Proposal for a regulation Article 55b – paragraph 1 – point 11 Regulation (EU) 2017/2226 Article 21 – paragraph 2 Amendment 857 #
Proposal for a regulation Article 55b – paragraph 1 – point 11 Regulation (EU) 2017/2226 Article 21(2) Amendment 858 #
Proposal for a regulation Article 55b – paragraph 1 – point 12 Regulation (EU) 2017/2226 Article 21 – paragraph 2 Amendment 859 #
Proposal for a regulation Article 55b – paragraph 1 – point 12 Regulation (EU) 2017/2226 Article 21(2) Amendment 860 #
Proposal for a regulation Article 55b – paragraph 1 – point 13 Regulation (EU) 2017/2226 Article 32 – paragraph 1 a new Amendment 861 #
Proposal for a regulation Article 55b – paragraph 1 – point 13 Regulation (EU) 2017/2226 Article 32(1)(a) 1a. In cases where the designated authorities launched a query to the
Amendment 862 #
Proposal for a regulation Article 55b – paragraph 1 – point 14 Regulation (EU) 2017/2226 Article 32 – paragraph 2 Amendment 863 #
Proposal for a regulation Article 55b – paragraph 1 – point 14 Regulation (EU) 2017/2226 Article 32(2) Access to the EES as a tool for the purpose of identifying an unknown suspect, perpetrator or suspected victim of a terrorist office or otherwise serious criminal offence shall only be allowed when a query to the
Amendment 864 #
Proposal for a regulation Article 55b – paragraph 1 – point 16 Regulation (EU) 2017/2226 Article 33 – paragraph 1 a (new) Amendment 865 #
Proposal for a regulation Article 55b – paragraph 1 – point 16 Regulation (EU) 2017/2226 Article 33(1)(a) 1a. In cases where Europol launched a query to the
Amendment 866 #
Proposal for a regulation Article 55b – paragraph 1 – point 18 Amendment 867 #
Proposal for a regulation Article 55b – paragraph 1 – point 18 Amendment 868 #
Proposal for a regulation Article 55b – paragraph 1 – point 19 Regulation (EU) 2017/2226 Article 34(5) Amendment 869 #
Proposal for a regulation Article 55b – paragraph 1 – point 19 Regulation (EU) 2017/2226 Article 34 – paragraph 5 Amendment 870 #
Proposal for a regulation Article 55b – paragraph 1 – point 20 Regulation (EU) 2017/2226 Article 35(7) Amendment 871 #
Amendment 872 #
Proposal for a regulation Article 55b – paragraph 1 – point 21 Regulation (EU) 2017/2226 Article 36 Amendment 873 #
Proposal for a regulation Article 55b – paragraph 1 – point 21 Regulation (EU) 2017/2226 Article 36 Amendment 874 #
Proposal for a regulation Article 55b – paragraph 1 – point 22 Regulation (EU) 2017/2226 Article 37(1) Amendment 875 #
Proposal for a regulation Article 55b – paragraph 1 – point 22 Regulation (EU) 2017/2226 Article 37 – paragraph 1 Amendment 876 #
Proposal for a regulation Article 55b – paragraph 1 – point 23 Regulation (EU) 2017/2226 Article 37(3) Amendment 877 #
Proposal for a regulation Article 55b – paragraph 1 – point 23 Regulation (EU) 2017/2226 Article 37 – paragraph 3 – subparagraph 1 Amendment 878 #
Proposal for a regulation Article 55b – paragraph 1 – point 24 a (new) 24 a) In Article 52, the following paragraph is added: (7a) Third-country nationals wishing to exercise their rights under this Article may make use of the web service as provided for in Article 47 of [the Regulation on establishing a framework for interoperability between EU information systems (border and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226].
Amendment 879 #
Proposal for a regulation Article 55b – paragraph 1 – point 25 Regulation (EU) 2017/2226 Article 63 – paragraph 2 Amendment 880 #
Proposal for a regulation Article 55b – paragraph 1 – point 26 Regulation (EU) 2017/2226 Amendment 881 #
Proposal for a regulation Article 55c – paragraph 1 – subparagraph 1 Council Decision 2004/512/EC Article 1 – paragraph 2 – point a Amendment 882 #
Proposal for a regulation Article 55c – paragraph 1 – subparagraph 1 Council Decision 2004/512/EC Article 1(2) Amendment 883 #
Proposal for a regulation Article 55c – paragraph 1 – subparagraph 1 Council Decision 2004/512/EC Article 1 – paragraph 2 – point f f) a secure communication infrastructure between the VIS Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability], shared biometric matching service established by [Article 12 of Regulation 2018/XX on
Amendment 884 #
Proposal for a regulation Article 55c – paragraph 1 – subparagraph 1 Council Decision 2004/512/EC Article 1(2) f) a secure communication infrastructure between the VIS Central System and the central infrastructures of the European search portal established by
Amendment 885 #
Proposal for a regulation Article 55d – paragraph 1 Regulation (EC) 767/2008 Article 1 – paragraph 1 a (new) Amendment 886 #
Proposal for a regulation Article 55d – paragraph 1 Regulation (EC) 767/2008 Article 1 2. By storing identity, travel document and biometric data
Amendment 887 #
Proposal for a regulation Article 55d – paragraph 2 Regulation (EC) 767/2008 Article 4 Amendment 888 #
Proposal for a regulation Article 55d – paragraph 2 Regulation (EC) 767/2008 Article 4 – point 11 a (new) Amendment 889 #
Proposal for a regulation Article 55d – paragraph 3 Regulation (EC) 767/2008 Article 5 – paragraph 1 a (new) Amendment 890 #
Proposal for a regulation Article 55d – paragraph 3 Regulation (EC) 767/2008 Article 5 Amendment 891 #
Proposal for a regulation Article 55d – paragraph 4 Regulation (EC) 767/2008 Article 6 – paragraph 2 Amendment 892 #
Proposal for a regulation Article 55d – paragraph 7 Regulation (EC) 737/2008 Article 29(2)(a) Amendment 893 #
Proposal for a regulation Article 55d – paragraph 7 Regulation (EC) 767/2008 Article 29 – paragraph 2 – point a Amendment 894 #
Proposal for a regulation Article 55d – paragraph 7 a (new) 7 a) In Article 38, the following paragraph is added: (6a) Third country nationals wishing to exercise their rights under this Article may make use of the web service provided for in Article 47 of the [Regulation on establishing a framework for interoperability between EU information systems (borders and visa) and amending Council Decision 2004/512/EC, Regulation (EC) No 767/2008, Council Decision 2008/633/JHA, Regulation (EU) 2016/399 and Regulation (EU) 2017/2226].
Amendment 895 #
Proposal for a regulation Article 55e Council Decision 2008/633/JHA Article 5 – paragraph 1 a (new) and Article 7 – paragraph 1 a (new) A
Amendment 896 #
Proposal for a regulation Article 55e – paragraph 1 Council Decision 2008/633/JHA Article 5 1a. In cases where the designated authorities launch
Amendment 897 #
1a. In cases where Europol launche
Amendment 898 #
Proposal for a regulation Article 55f Amendment 899 #
Proposal for a regulation Article 55f – paragraph 1 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 1 – paragraph 1a Amendment 900 #
Proposal for a regulation Article 55f – paragraph 1 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 1 – paragraph 1a Amendment 901 #
Proposal for a regulation Article 55f – paragraph 2 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 3 – paragraph 1 – point pa Amendment 902 #
Amendment 903 #
Proposal for a regulation Article 55f – paragraph 2 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 3 – paragraph 1 – point pb Amendment 904 #
Proposal for a regulation Article 55f – paragraph 2 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 3 – paragraph 1 – point pb Amendment 905 #
Proposal for a regulation Article 55f – paragraph 3 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 4 – point g Amendment 906 #
Proposal for a regulation Article 55f – paragraph 4 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2 – point a Amendment 907 #
Proposal for a regulation Article 55f – paragraph 4 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2 – point a Amendment 908 #
Proposal for a regulation Article 55f – paragraph 5 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2 – point ab Amendment 909 #
Proposal for a regulation Article 55f – paragraph 6 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2 – point n (n) a secure communication infrastructure between the ETIAS Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability]
Amendment 910 #
Proposal for a regulation Article 55f – paragraph 6Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2 – point n (n) a secure communication infrastructure between the ETIAS Central System and the central infrastructures of the European search portal established by [Article 6 of Regulation 2018/XX on interoperability],
Amendment 911 #
Proposal for a regulation Article 55f – paragraph 7 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2a Amendment 912 #
Proposal for a regulation Article 55f – paragraph 7 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 6 – paragraph 2a Amendment 913 #
Proposal for a regulation Article 55f – paragraph 8 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 13 – paragraph 5 Amendment 914 #
Proposal for a regulation Article 55f – paragraph 8 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 13 – paragraph 5 (a) paragraph 5 is replaced by the following: "5. Access to consulting the ETIAS identity and travel document
Amendment 915 #
Proposal for a regulation Article 55f – paragraph 14 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 52 – paragraph 1a Amendment 916 #
Proposal for a regulation Article 55f – paragraph 14 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 52 – paragraph 1a 14. In Article 52, the following paragraph is inserted: "1a. In cases where the designated authorities launched a query to
Amendment 917 #
Proposal for a regulation Article 55f – paragraph 15 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 53 – paragraph 1a Amendment 918 #
Proposal for a regulation Article 55f – paragraph 15 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 53 – paragraph 1a 15. In Article 53, the following paragraph is inserted: "1a. In cases where Europol launched a query to
Amendment 919 #
Proposal for a regulation Article 55f – paragraph 18 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 73 – paragraph 2 Amendment 920 #
Proposal for a regulation Article 55f – paragraph 19 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 74 – paragraph 1 Amendment 921 #
Proposal for a regulation Article 55f – paragraph 20 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 84 – paragraph 2 Amendment 922 #
Proposal for a regulation Article 55f – paragraph 21 Regulation (EU) 2018/XXX (the ETIAS Regulation) Article 84 – paragraph 4 Amendment 923 #
Proposal for a regulation Article 55g A
Amendment 924 #
Proposal for a regulation Article 55g – paragraph 1 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 3 –paragraph 1 – point v Amendment 925 #
Amendment 926 #
Proposal for a regulation Article 55g – paragraph 1 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 3 –paragraph 1 – point w Amendment 927 #
(a) in paragraph 3, the following point (d) is added: "d) a secure communication infrastructure between CS-SIS and the central infrastructures of the ESP
Amendment 928 #
Proposal for a regulation Article 55g – paragraph 3 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 7 –paragraph 2a Amendment 929 #
Proposal for a regulation Article 55g – paragraph 3 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 7 – paragraph 2a 3. In Article 7 the following paragraph 2a is added: "2a. The SIRENE Bureaux shall also ensure the verification of different identities in accordance with [Article 29 Regulation 2018/XX on interoperability]. To the extent necessary to carry out this task, the SIRENE Bureaux shall have access to consulting the data stored in othe
Amendment 930 #
Proposal for a regulation Article 55g – paragraph 4 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 8 – paragraph 4 Amendment 931 #
Proposal for a regulation Article 55g – paragraph 4 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 8 – paragraph 4 Amendment 932 #
Proposal for a regulation Article 55g – paragraph 4 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 8 – paragraph 4 Amendment 933 #
Proposal for a regulation Article 55g – paragraph 6 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 29 – paragraph 1 – point g Amendment 934 #
Amendment 935 #
Proposal for a regulation Article 55g – paragraph 7 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 54 – paragraph 6 Amendment 936 #
Proposal for a regulation Article 55g – paragraph 7 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 54 – paragraph 6 7. in Article 54 paragraph 6, is replaced by the following: "For the purpose of paragraphs 3, 4 and 5 of this Article and of Article 15(5), the Agency shall est
Amendment 937 #
Proposal for a regulation Article 55g – paragraph 7 Regulation (EU) 2018/XX [the Regulation on SIS in the field of border checks] Article 54 – paragraph 6 7. in Article 54 paragraph 6, is replaced by the following: "For the purpose of paragraphs 3, 4 and 5 of this Article and of Article 15(5), the Agency shall store data referred to in paragraph 3 of this Article and in Article 15(5), which shall be anonymised and which shall not allow for the identification of individuals in the central repository for reporting and statistics referred to in [Article 39 of the Regulation 2018/XX on interoperability]. The Agency shall allow the Commission and the agencies referred to in paragraph 5 to obtain bespoke reports and statistics. Upon request, the Agency shall give access to Member States, the Commission, Europol, and the European Border and Coast Guard Agency to the central repository in accordance with [Article 39 of the Regulation 2018/XX on
Amendment 938 #
Proposal for a regulation Article 55h A
Amendment 939 #
Proposal for a regulation Article 55h – paragraph 1 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 8 – paragraph 2 Amendment 940 #
Proposal for a regulation Article 55h – paragraph 2 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 8 – paragraph 2 2. eu-LISA shall establish a central repository for reporting and statistics containing only anonymised data in accordance with [Article 39 of Regulation 2018/XX on interoperability]."
Amendment 941 #
Proposal for a regulation Article 55h – paragraph 2 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 9 Amendment 942 #
Proposal for a regulation Article 55h – paragraph 6 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 23 – point a – point ea 6. In Article 23
Amendment 943 #
Proposal for a regulation Article -56 (new) Article -56 Access by third country jurisdictions With reference to Article 48 of Regulation (EU) 2016/679, Directive (EU) 2016/680, and Articles XIV and XIV bis of the General Agreement on Trade in Services, companies present in a third country jurisdiction where they may be subject to (court) orders or subpoenas by third country authorities requiring them to retrieve data from the interoperability components or different information systems made interoperable, shall be excluded from preparing, designing, developing, hosting or managing any part of an interoperability component, or processing personal data of these systems.
Amendment 944 #
Proposal for a regulation Article 56 – paragraph 1 – introductory part 1. The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the European search portal (ESP), solely for the purposes of reporting and statistics without enabling individual identification and in accordance with the safeguards related to non-discrimination referred to in Article 5:
Amendment 945 #
Proposal for a regulation Article 56 – paragraph 1 – introductory part 1. The duly authorised staff of the competent authorities of Member States
Amendment 946 #
Proposal for a regulation Article 56 – paragraph 2 Amendment 947 #
Proposal for a regulation Article 56 – paragraph 2 Amendment 948 #
Proposal for a regulation Article 56 – paragraph 2 – point b Amendment 949 #
Proposal for a regulation Article 56 – paragraph 2 – point b (b) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 950 #
Proposal for a regulation Article 56 – paragraph 3 Amendment 951 #
Proposal for a regulation Article 56 – paragraph 3 – introductory part 3. The duly authorised staff of the competent authorities of Member States
Amendment 952 #
Proposal for a regulation Article 56 – paragraph 3 – point a Amendment 953 #
Proposal for a regulation Article 56 – paragraph 3 – point a (a) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 954 #
Proposal for a regulation Article 56 – paragraph 5 Amendment 955 #
Proposal for a regulation Article 56 – paragraph 5 5.
Amendment 956 #
Proposal for a regulation Article 56 – paragraph 5 5. For the purpose of paragraph 1 of this Article, eu-LISA shall store the data referred to in paragraph 1 of this Article in the central repository for reporting and statistics referred to in Chapter VII of this Regulation. The data included in the repository shall
Amendment 957 #
Proposal for a regulation Article 56 – paragraph 5 a (new) 5 a. Meaningful summaries shall be made available to the Agency for Fundamental Rights in order to evaluate the impact on fundamental rights of this Regulation.
Amendment 958 #
Proposal for a regulation Article 57 – paragraph 1 For a period of
Amendment 959 #
Proposal for a regulation Article 58 Amendment 960 #
Proposal for a regulation Article 58 Amendment 961 #
Proposal for a regulation Article 58 – title 58 Transitional period applicable to the provisions on access to the
Amendment 962 #
Proposal for a regulation Article 59 Amendment 963 #
Proposal for a regulation Article 59 Amendment 964 #
Proposal for a regulation Article 59 – paragraph 1 a (new) 1 a. Following the period referred to in paragraph 1, the Commission, in close cooperation with the ETIAS Central Unit shall create a network of liaison officers to be hosed in the ETIAS Central Unit and/or single points of contact of the competent Member States’ authorities for the performance of the task laid down in this Article.
Amendment 965 #
Proposal for a regulation Article 59 – paragraph 1 b (new) 1 b. Member States and the ETIAS Central Unit, shall assess the need to extend the transitional period in which the ETIAS Central Unit performs the tasks referred to in this Article and/or whether the task implemented by the ECU should continue once the MID starts operations.
Amendment 966 #
Proposal for a regulation Article 59 – paragraph 6 6.
Amendment 967 #
Proposal for a regulation Article 60 – paragraph 1 1. The costs incurred in connection with the establishment and operation of the ESP
Amendment 968 #
Proposal for a regulation Article 60 – paragraph 1 1. The costs incurred in connection with the establishment and operation of the ESP
Amendment 969 #
1. The costs incurred in connection with the establishment and operation of the ESP, the shared biometric matching service
Amendment 970 #
Proposal for a regulation Article 60 – paragraph 3 3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol.
Amendment 971 #
Proposal for a regulation Article 60 – paragraph 3 3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol.
Amendment 972 #
Proposal for a regulation Article 61 – paragraph 1 – subparagraph 1 The Member States shall notify eu-LISA of the authorities referred to in Articles 7, 20, 21 and 26 that may use or have access to the ESP
Amendment 973 #
Proposal for a regulation Article 61 – paragraph 1 – subparagraph 2 A consolidated list of those authorities shall be published in the Official Journal of the European Union within a period of three months from the date on which each interoperability component commenced operations in accordance with Article 62. Where there are amendments to the list, eu-
Amendment 974 #
Proposal for a regulation Article 61 – paragraph 3 Amendment 975 #
Proposal for a regulation Article 62 – paragraph 1 – point -a (new) (-a) following the successful completion of a pilot project
Amendment 976 #
Proposal for a regulation Article 62 – paragraph 1 – point c (c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1),
Amendment 977 #
Proposal for a regulation Article 62 – paragraph 1 – point c (c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1), 13
Amendment 978 #
Proposal for a regulation Article 62 – paragraph 1 – point e Amendment 979 #
Proposal for a regulation Article 62 – paragraph 1 a (new) 1 a. By way of derogation from paragraph 1, the measures referred to in Article 37 shall apply as of one year after the entry into force of this Regulation.
Amendment 980 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2),9(7), 28(5) and 39(
Amendment 981 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2) and 9(7) shall be conferred on the Commission for a
Amendment 982 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2), 9(7) and
Amendment 983 #
Proposal for a regulation Article 63 – paragraph 3 3. The delegation of power referred to in Articles 8(2),9(7), 28(5) and 39(
Amendment 984 #
Proposal for a regulation Article 63 – paragraph 6 6. A delegated act adopted pursuant to Articles 8(2),9(7), 28(5) and 39(
Amendment 985 #
Proposal for a regulation Article 63 – paragraph 6 6. A delegated act adopted pursuant to Articles 8(2), 9(7) and
Amendment 986 #
Proposal for a regulation Article 65 – paragraph 1 An Advisory Group shall be established by eu-LISA in order to provide it with the expertise related to interoperability, including its fundamental rights dimension, in particular in the context of the preparation of its annual work programme and its annual activity report. During the design and development phase of the interoperability instruments, Article 52(4) to (6) shall apply.
Amendment 987 #
Proposal for a regulation Article 66 – paragraph 1 a (new) Member States and EU bodies shall organise for their staff authorised to process data from the interoperability components, appropriate training programme about data security, data quality, data protection rules and the procedures of the data processing.
Amendment 988 #
Proposal for a regulation Article 66 – paragraph 1 b (new) Common training courses about data security, data quality, data protection rules and the procedures of the data processing shall be organised at EU level at least once a year to enhance cooperation and exchange of best practices between staff of Member States and EU bodies authorised to process data from the interoperability components.
Amendment 989 #
Proposal for a regulation Article 67 – paragraph 1 a (new) The practical handbook should provide guidance to Member States on how to deal with yellow links that are the results of inconsistencies with the identity data contained in ETIAS. Such modalities should not create disproportionate burdens on persons who, without any intention to deceive the authorities, have entered inaccurate or ambiguous data in ETIAS.
Amendment 990 #
Proposal for a regulation Article 68 – paragraph 1 1. eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components and the integration of the existing national infrastructures and the connection to the national uniform interface in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.
Amendment 991 #
Proposal for a regulation Article 68 – paragraph 2 2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the European Parliament
Amendment 992 #
Proposal for a regulation Article 68 – paragraph 2 2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the EDPS, European Parliament and the Council on the state of play of the development of the interoperability components. Once the development is finalised, a report shall be submitted to the European Parliament and the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.
Amendment 993 #
Proposal for a regulation Article 68 – paragraph 2 a (new) Amendment 994 #
Proposal for a regulation Article 68 – paragraph 2 b (new) 2 b. During the development phase of the interoperability components, the Commission shall evaluate the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. The Commission shall transmit the evaluation report to the European Parliament and the Council. These evaluation reports shall include recommandations, an impact assessment and an assessment on their cost for the EU budget.
Amendment 995 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components. Access to personal data shall be subject to strict safeguards. Any access to personal data under this provision shall be logged.
Amendment 996 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components without having access to any personal data processed by those components.
Amendment 997 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components. Any access by eu-LISA shall be logged.
Amendment 998 #
4.
Amendment 999 #
Proposal for a regulation Article 68 – paragraph 4 4. Four years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the EDPS, European Parliament, the Council and the Commission a report on the technical functioning of the interoperability components, including the security thereof.
source: 625.512
|
History
(these mark the time of scraping, not the official date of the change)
docs/0 |
|
docs/4 |
|
docs/10 |
|
docs/11 |
|
docs/12 |
|
docs/13 |
|
docs/13 |
|
docs/13/docs/0/url |
/oeil/spdoc.do?i=31685&j=0&l=en
|
docs/14 |
|
docs/15 |
|
docs/15 |
|
docs/16 |
|
docs/16 |
|
docs/17 |
|
docs/17 |
|
docs/18 |
|
docs/18 |
|
docs/19 |
|
docs/19 |
|
docs/20 |
|
docs/20 |
|
docs/21 |
|
docs/22 |
|
events/0 |
|
events/2 |
|
events/13 |
|
events/15 |
|
events/15/docs/2/url |
Old
https://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&model=guicheti&numdoc=32019R0817R(01)New
https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:[%SECTOR]2020[%DESCRIPTOR]32019081701:EN:NOT |
links/Research document/url |
Old
http://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI(2018)628267New
https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2018)628267 |
committees/0/shadows/3 |
|
docs/1/docs/0 |
|
docs/3 |
|
docs/3 |
|
docs/4 |
|
docs/4 |
|
docs/5 |
|
docs/5 |
|
docs/5/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE616.791&secondRef=02New
https://www.europarl.europa.eu/doceo/document/BUDG-AD-616791_EN.html |
docs/6 |
|
docs/6 |
|
docs/6/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.512New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625512_EN.html |
docs/7 |
|
docs/7 |
|
docs/7/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.529New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625529_EN.html |
docs/8 |
|
docs/8 |
|
docs/8/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.530New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625530_EN.html |
docs/9 |
|
docs/9 |
|
docs/9/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE622.263New
https://www.europarl.europa.eu/doceo/document/LIBE-PR-622263_EN.html |
docs/10 |
|
docs/10/docs/0/url |
https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:4547)(documentyear:2018)(documentlanguage:EN)
|
docs/14 |
|
docs/15 |
|
events/0 |
|
events/0 |
|
events/0/type |
Old
Committee referral announced in Parliament, 1st reading/single readingNew
Committee referral announced in Parliament, 1st reading |
events/1 |
|
events/1 |
|
events/1/type |
Old
Vote in committee, 1st reading/single readingNew
Vote in committee, 1st reading |
events/2 |
|
events/3 |
|
events/3 |
|
events/4 |
|
events/5 |
|
events/5 |
|
events/7/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20190327&type=CRENew
https://www.europarl.europa.eu/doceo/document/CRE-8-2019-03-27-TOC_EN.html |
events/9 |
|
events/9 |
|
events/13 |
|
events/13 |
|
procedure/Legislative priorities/0/title |
Old
Joint Declaration 2018New
Joint Declaration 2018-19 |
procedure/Notes |
|
procedure/instrument/1 |
Amending Decision 2004/512/EC 2004/0029(CNS) Amending Regulation (EC) No 767/2008 2004/0287(COD) Amending Decision 2008/633/JHA 2005/0232(CNS) Amending Regulation (EU) 2016/399 2015/0006(COD) Amending Regulation (EU) 2017/2226 2016/0106(COD) See also 2017/0352(COD) Amended by 2018/0152A(COD) Amended by 2019/0001A(COD)
|
procedure/instrument/1 |
Amending Decision 2004/512/EC 2004/0029(CNS) Amending Regulation (EC) No 767/2008 2004/0287(COD) Amending Decision 2008/633/JHA 2005/0232(CNS) Amending Regulation (EU) 2016/399 2015/0006(COD) Amending Regulation (EU) 2017/2226 2016/0106(COD) See also 2017/0352(COD) Amended by 2018/0152(COD) Amended by 2019/0001(COD)
|
docs/10/docs/0/url |
http://www.europarl.europa.eu/RegData/docs_autres_institutions/parlements_nationaux/com/2018/0478/IE_HOUSES-OF-OIREACHTAS_AVIS-COM(2018)0478_EN.pdf
|
docs/12 |
|
events/5/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2018-0347&language=ENNew
http://www.europarl.europa.eu/doceo/document/A-8-2018-0347_EN.html |
events/8 |
|
events/8 |
|
events/9 |
|
events/9/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0388New
http://www.europarl.europa.eu/doceo/document/TA-8-2019-0388_EN.html |
committees/0 |
|
committees/0 |
|
committees/2 |
|
committees/2 |
|
events/12/summary |
|
activities |
|
commission |
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/2 |
|
committees/2 |
|
council |
|
docs |
|
events |
|
links/Research document |
|
other |
|
otherinst |
|
procedure/Legislative priorities |
|
procedure/Mandatory consultation of other institutions |
European Economic and Social Committee European Committee of the Regions
|
procedure/Notes |
|
procedure/dossier_of_the_committee |
Old
LIBE/8/12007New
|
procedure/final |
|
procedure/instrument |
Old
RegulationNew
|
procedure/legislative_priorities |
|
procedure/other_consulted_institutions |
European Economic and Social Committee European Committee of the Regions
|
procedure/stage_reached |
Old
Awaiting committee decisionNew
Procedure completed |
procedure/subject |
Old
New
|
procedure/summary |
|
activities/0/commission/0 |
|
activities/0/docs/0/text |
|
activities/1 |
|
committees/1/date |
2018-01-25T00:00:00
|
committees/1/rapporteur |
|
committees/2/date |
2018-02-01T00:00:00
|
committees/2/rapporteur |
|
committees/2/shadows |
|
other/0 |
|
procedure/Mandatory consultation of other institutions |
European Economic and Social Committee European Committee of the Regions
|
procedure/dossier_of_the_committee |
LIBE/8/12007
|
procedure/legislative_priorities |
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
procedure/summary/0 |
Amended by
|
activities |
|
committees |
|
links |
|
other |
|
procedure |
|