Progress: Procedure completed
Role | Committee | Rapporteur | Shadows |
---|---|---|---|
Lead | LIBE | MELO Nuno ( PPE) | DALLI Miriam ( S&D), DALTON Daniel ( ECR), WIKSTRÖM Cecilia ( ALDE), FRANZ Romeo ( Verts/ALE) |
Committee Opinion | AFET | ||
Committee Opinion | BUDG | KÖLMEL Bernd ( ECR) |
Lead committee dossier:
Legal Basis:
TFEU 016-p2, TFEU 074, TFEU 078-p2, TFEU 079-p3, TFEU 082-p1, TFEU 085-p1-a2, TFEU 087-p2, TFEU 88-p2
Legal Basis:
TFEU 016-p2, TFEU 074, TFEU 078-p2, TFEU 079-p3, TFEU 082-p1, TFEU 085-p1-a2, TFEU 087-p2, TFEU 88-p2Subjects
Events
PURPOSE: to establish a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amend the legislation in force as a consequence.
LEGISLATIVE ACT: Regulation (EU) 2019/818 of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems in the field of police and judicial cooperation, asylum and migration and amending Regulations (EU) 2018/1726, (EU) 2018/1862 and (EU) 2019/816.
CONTENT: the interoperability of EU information systems in the fields of justice and home affairs has been a priority at the highest political level in recent years.
In a resolution adopted on 6 July 2016, the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the necessary data protection safeguards. In its conclusions of 23 June 2017, the European Council also stressed the need to improve the interoperability of databases.
Framework for the interoperability of EU information systems
This Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.
In addition, this Regulation:
- lays down provisions on data quality requirements, on a universal message format (UMF), on a central repository for reporting and statistics (CRRS) and on the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design, development and operation of the interoperability components;
- adapts the procedures and conditions for the designated authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) to access the EES, VIS, ETIAS and Eurodac for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences;
- lays down a framework for verifying the identity of persons and for identifying persons.
Elements of the interoperability framework
The interoperability of information systems shall enable the systems to complement each other and shall contribute to facilitating the correct identification of individuals and to combating identity fraud. The interoperability elements put in place by the Regulation are as follows:
- the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric);
- the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system);
- the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals;
- the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.
Objectives
Interoperability shall improve the management of external borders by establishing seamless, simple and efficient access to EU information systems. By ensuring interoperability, the Regulation pursues the following objectives:
- improve the effectiveness and efficiency of border checks at external borders;
- contribute to the prevention and the combating of illegal immigration;
- contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;
- improve the implementation of the common visa policy;
- assist in the examination of applications for international protection;
- contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;
- facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.
Non-discrimination and fundamental rights
The processing of personal data for the purposes of the Regulation shall not give rise to any discrimination against individuals. It must fully respect human dignity, the integrity of individuals and fundamental rights, including the right to privacy and the right to the protection of personal data. Particular attention will be paid to children, the elderly, people with disabilities and people in need of international protection. The best interests of the child shall be a primary consideration.
The Regulation provides for the provision of an online portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, erase and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.
ENTRY INTO FORCE: 11.6.2019.
The European Parliament adopted by 510 votes to 130, with 9 abstentions, a legislative resolution on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending Regulation (EU) 2018/XX [the Eurodac Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation].
The European Parliament's position adopted at first reading under the ordinary legislative procedure amended the Commission's proposal as follows:
Framework for the interoperability of EU information systems
The proposed Regulation, in conjunction with the Regulation of the European Parliament and of the Council on borders and visas, shall establish a framework to ensure interoperability between the entry/exit system (EES), the visa information system (VIS), the European Travel Information and Authorisation System (ETIAS), Eurodac, the Schengen Information System (SIS) and the European Criminal Records Information System for third-country nationals (ECRIS-TCN). It would also establish a framework for verifying the identity of individuals and identifying individuals.
This framework shall include the following interoperability components: (i) a European search portal (ESP); (ii) a shared biometric matching service (shared BMS); (iii) a common identity repository (CIR); (iv) a multiple-identity detector (MID).
Objectives
Interoperability shall improve the management of external borders by establishing rapid, simple and efficient access to EU information systems. According to the amended text, this Regulation has the following objectives:
- to improve the effectiveness and efficiency of border checks at external borders;
- to contribute to the prevention and the combating of illegal immigration;
- to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding security in the territories of the Member States;
- to contribute to the prevention, detection and investigation of terrorist offences and of other serious criminal offences;
- to facilitate the identification of unknown persons who are unable to identify themselves or unidentified human remains in case of a natural disaster, accident or terrorist attack.
Non-discrimination and fundamental rights
Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds. It shall fully respect human dignity and integrity and fundamental rights, including the right to respect for one’s private life and to the protection of personal data. Particular attention shall be paid to children, the elderly, persons with a disability and persons in need of international protection. The best interests of the child shall be a primary consideration.
Access to the European Search Portal (ESP)
The use of the ESP shall be reserved to the Member State authorities and Union agencies having access to at least one of the EU information systems in accordance with the legal instruments governing those EU information systems. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those EU information systems.
The ESP shall provide no information regarding data in EU information systems, Europol data and the Interpol databases to which the user has no access under the applicable Union and national law.
Any queries of the Interpol databases launched via the ESP shall be performed in such a way that no information shall be revealed to the owner of the Interpol alert.
Access to the common identity data repository (CIR) for identification
Under the amended text, queries of the CIR shall be carried out by a police authority only in the following circumstances:
- where a police authority is unable to identify a person due to the lack of a travel document or another credible document proving that person’s identity;
- where there are doubts about the identity data provided by a person and to the authenticity of the travel document or another credible document provided by a person;
- where a person is unable or refuses to cooperate.
Such queries shall not be allowed against minors under the age of 12 years old, unless in the best interests of the child.
Terrorist offences
In specific cases, where there are reasonable grounds to believe that searching EU information systems will contribute to the prevention or detection of terrorist offences or other serious criminal offences, designated authorities and Europol could consult the CIR to determine whether data on a particular person are stored in the EES, VIS or ETIAS.
In this context, a reply from the CIR should not be interpreted or used as a ground or reason to draw conclusions on or undertake measures in respect of a person, but should be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legal instruments governing such access.
As a general rule, where a match-flag indicates that the data are recorded in the EES, VIS, ETIAS or Eurodac, the designated authorities or Europol should request full access to at least one of the EU information systems concerned. Where exceptionally such full access is not requested, for example because designated authorities or Europol have already obtained the data by other means, or obtaining the data is no longer permitted under national law, the justification for not requesting access should be recorded. Europol shall record the justification in the relevant file.
Results of multiple identity detection
The MID should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. These links will be classified into four categories: white, yellow, green and red.
In order to facilitate the implementation of the necessary safeguards in accordance with applicable Union data protection rules, individuals who are subject to a red link or a white link following manual verification of different identities should be informed in writing without prejudice to limitations to protect security and public order, prevent crime and guarantee that national investigations are not jeopardised. Those individuals should receive a single identification number allowing them to identify the authority to which they should address themselves to exercise their rights.
Where a yellow link is created, the authority responsible for the manual verification of different identities should have access to the MID. Where a red link exists, Member State authorities and Union agencies having access to at least one EU information system included in the CIR or to SIS should have access to the MID. A red link should indicate that a person is using different identities in an unjustified manner or that a person is using somebody else’s identity.
Web portal
As the interoperability components will involve the processing of significant amounts of sensitive personal data, persons whose data are processed by these elements should be able to effectively exercise their rights as data subjects. To this end, the amended text provides for the provision of a web portal to facilitate the exercise by data subjects of their rights of access to their personal data and their rights to rectify, delete and limit the processing of such data. The implementation and management of the portal should be the responsibility of eu-LISA.
The Regulation also contains clear provisions on liability and the right to compensation in the event of unlawful processing of personal data or in the event of any other act incompatible with the Regulation.
The Committee on Civil Liberties, Justice and Home Affairs adopted the report by Nuno MELO (EPP, PT) on the amended proposal for a regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration) and amending Regulation (EU) 2018/XX [the Eurodac Regulation], Regulation (EU) 2018/XX [the Regulation on SIS in the field of law enforcement], Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] and Regulation (EU) 2018/XX [the eu-LISA Regulation].
The proposal Regulation establishes four interoperability components of EU information systems (police and judicial cooperation, asylum and migration): (i) the European Search Portal (ESP); (ii) the shared Biometric Matching Service (Shared BMS); (iii) the Common Identity Repository (CIR); (iv) and the Multiple Identity Detector (MID).
T he systems covered would include the entry/exit system (EES), the visa information system (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS) and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)].
The proposal lays down provisions on the objectives of the interoperability components, their technical architecture, rules regarding the use of the components, the storing of logs, the quality of the data, rules regarding data protection, supervision and responsibilities of the various agencies and the Member States.
The committee recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the Commission's proposal as follows.
Objectives : the establishment of interoperability should improve the management of the external borders by establishing fast, simple and efficient access to EU information systems . Its main elements should:
enhance the effectiveness and efficiency of border checks at the external borders; contribute to preventing and tackling irregular migration ; contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences; aid in the identification of unknown persons who are unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks.
These objectives should be achieved:
by facilitating the correct identification of third-country nationals registered in the Union information systems; by improving the data quality and harmonising the quality requirements for the data stored in the Union information systems while respecting the data processing requirements of the legal bases of the individual systems, data protection standards and principles; by improving judicial cooperation within the area of freedom, security and justice.
The eu-LISA Agency should develop and manage all interoperability components in such a way as to ensure fast, seamless, efficient, controlled access, their full availability and a response time in line with the operational needs of the Member Sates’ authorities.
Data protection : Members ensured that adequate safeguards are in place to protect fundamental rights and access to data by calling for all EU data protection rules to be applicable to all information systems .
Processing of personal data for the purposes of this Regulation should not result in discrimination against persons on any grounds such as sex, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. Particular attention shall be paid to children, the elderly and persons with a disability and persons in need of international protection . The best interests of the child shall be a primary consideration.
Auxiliary systems : in order to ensure rapid and continuous use of all relevant EU information systems, Members proposed that a central Union backup ESP should be established in order to provide all the functionalities of the principal ESP and a similar level of performance as it in the event of its failure. However, the national connection to the different relevant Union information systems should remain in order to provide a technical fall back.
Identification of persons : changes have been made so that the identity of a person is first established on the basis of the identity or travel document, following the rules and procedures provided for in national law, before it is possible to launch a search in the CIR using the biometric data of the person concerned.
The CIR could only be consulted for the purpose of identifying a person if the person concerned is physically present during the check.
Members also believe that there should be no strict obligation for border guards to carry out a second line check when the search carried out in the multiple identity detector (MID) through the European search portal (ESP) gives a yellow link or detects a red link. Such a decision should be left to the border guards as they are trained to detect identity fraud.
Access rights : Members specified that a hit-flag should reveal only personal data of the concerned individual other than an indication that some of his or her data are stored in one of the systems, provided the authority making the search has access to that system. No adverse decision for the concerned individual should be made by the authorised end-user solely on the basis of the simple occurrence of a hit-flag, and the hit-flag should be used by the relevant authorities only for the purpose of deciding which database to query.
It is necessary to provide for a transitional period which should entail, inter alia , training programmes for end users so as to ensure that the new instruments operate to their full potential.
Evaluation : amendments have been introduced to strengthen the ability of the European Commission, the Council and the European Parliament to monitor and evaluate the functioning of this proposal, further amendments have been made to this article. Especially, with regard to the use of the CIR for the purposes of identification, for the purposes of law enforcement and the use of the Interpol database through the ESP.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: this proposal seeks to amend the proposal submitted by the Commission in December 2017 for a Regulation of the European Parliament and of the Council establishing a framework for the interoperability between EU information systems (police and judicial cooperation, asylum and migration) ( see the summary of the initial proposal dated 12.12.2017 ).
This proposal also seeks to amend the original proposal only insofar as it presents the further necessary amendments to other legal instruments that are required under the interoperability proposal. These amendments were identified as necessary in the original proposal but, because of ongoing negotiations between co-legislators on some of the systems concerned, it was not possible to include the necessary amendments in the original proposal.
CONTENT: the proposed Regulation, together with the proposed Regulation on interoperability (police and judicial cooperation, asylum and migration), creates a framework to ensure interoperability between the entry/exit system ( EES ), the Visa Information System ( VIS ), the European Travel Information and Authorisation System ( ETIAS ), Eurodac , the Schengen Information System ( SIS ) and the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ) so that these systems and their data supplement each other.
Elements of the interoperability framework : the framework shall consist of the following elements of interoperability:
the European search portal (ESP) is the component that would enable the simultaneous query of multiple systems (Central-SIS, Eurodac, VIS, the future EES, and the proposed ETIAS and ECRIS-TCN systems, as well as the relevant Interpol systems and Europol data) using identity data (both biographical and biometric); the shared biometric matching service (shared BMS) would enable the querying and comparison of biometric data (fingerprints and facial images) from several central systems (in particular, SIS, Eurodac, VIS, the future EES and the proposed ECRIS-TCN system); the common identity repository (CIR) would be the shared component for storing biographical and biometric identity data of third-country nationals; the multiple-identity detector (MID) would check whether the queried identity data exists in more than one of the systems connected to it.
Objectives : the proposed Regulation:
lays down provisions on data quality requirements , on a Universal Message Format (UMF), on a central repository for reporting and statistics (CRRS); lays down the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice ( eu-LISA ), with respect to the design and operation of the interoperability components; lays down the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
By ensuring interoperability, the proposal shall have the following objectives:
to improve the management of the external borders; to contribute to preventing and combating irregular migration; to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States; to improve the implementation of the common visa policy; and to assist in examining application for international protection.
Scope : the proposed Regulation applies to Eurodac , the Schengen Information System ( SIS ) and [the European Criminal Records Information System for third-country nationals ( ECRIS-TCN ). It also applies to the Europol data to the extent of enabling querying it simultaneously to the EU information systems and to persons in respect of whom personal data may be processed in the EU information systems and in the Europol data.
Consequences for other legal instruments : the proposal includes detailed provisions for the necessary changes to the draft legal instruments that are currently stable texts as provisionally agreed by the co-legislators: the proposed Regulations on ETIAS, on SIS in the field of border checks, and on eu-LISA . It is also proposed to make the necessary changes to the text as it stood on 31 May 2018 for ECRIS-TCN.
However, the two amending proposals on interoperability do not include the amendments relating to Eurodac , the EU asylum and irregular migration database, given that discussions have not yet been concluded on the May 2016 legislative proposal to strengthen Eurodac. Once the co-legislators reach agreement on the legislative proposal to strengthen Eurodac, or have achieved sufficient progress, the Commission will present the related amendments to the interoperability proposals within two weeks.
BUDGETARY IMPLICATIONS: the proposed amendments necessitated an update of the legislative financial statement accordingly.
The total budget required over nine years (2019-2027) is estimated at EUR 461.0 million , which includes the following elements:
EUR 261.3 million for eu-LISA . A specific budget of EUR 36.3 million covers the cost of upgrading the network and the central SIS (Schengen Information System) for the estimated increase of searches that is likely to occur as a result of interoperability;
EUR 136.3 million to enable Member States to cover the changes to their national systems in order to use the interoperability components; EUR 48.9 million for Europol to cover the upgrade of Europol's IT systems; EUR 4.8 million for the European Border and Coast Guard Agency for hosting a team of specialists who during one year will validate the links between identities at the moment the multiple-identity detector goes live; EUR 2.0 million for European Union Agency for Law Enforcement Training (CEPOL) to cover the preparation and delivery of training to operational staff; a provision of EUR 7.7 million for DG HOME.
Opinion of the European Data Protection Supervisor on the Proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems.
In December 2017, the Commission published two legislative proposals for two Regulations establishing a framework for interoperability between EU large-scale information systems :
a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (borders and visa) ; a Regulation of the European Parliament and of the Council on establishing a framework for interoperability between EU information systems (police, and judicial cooperation, asylum and migration).
The proposals would introduce new possibilities to access and use the data stored in the various systems in order to combat identity fraud, facilitate identity checks, as well as streamline access to non-law information systems by law enforcement authorities.
In particular, the proposals create a new centralised database that would contain information about millions of third-country nationals, including their biometric data . Due to its scale and the nature of the data to be stored in this database, the consequences of any data breach could seriously harm a potentially very large number of individuals. If such information ever falls into the wrong hands, the database could become a dangerous tool against fundamental rights. It is therefore essential to build strong legal, technical and organisational safeguards .
In this context, the EDPS stresses the importance of:
further clarifying the extent of the problem of identity fraud among third-country nationals, in order to ensure that the proposed measure is appropriate and proportionate ; formulating more precisely the possibility of consulting the centralised database to facilitate identity checks on the territory of the Member States; putting in place effective safeguards to protect the fundamental rights of third-country nationals in so far as systematic access to law enforcement systems could represent a serious breach of the purpose limitation principle.
More specifically, the EDPS makes the following recommendations:
three of the six EU information systems the proposals seek to interconnect do not exist at the moment (the European Travel Information and Authorisation System ETIAS, the European Criminal Records Information System for third country nationals ECRIS-TCN and the EES entry/exit system), two are currently under revision (SIS and Eurodac) and one is to be revised later this year (VIS): the EDPS recalls the importance to ensure consistency between the legal texts already under negotiation (or upcoming) and the proposals in order to ensure a unified legal, organisational and technical environment for all data processing activities within the Union; access to the data to identify a person during an identity check would be allowed: (i) in principle, in the presence of the person and, where he or she is unable to cooperate and does not have document establishing his/her identity or, (ii) refuses to cooperate or, (iii) where there are justified or well-founded grounds to believe that documents presented are false or that the person is not telling the truth about his/her identity; access to the common repository of identity data to establish the identity of a third country national for purposes of ensuring a high level of security should only be allowed where access for the same purposes to similar national databases (e.g. register of nationals/residents etc.) exist and under the same conditions; the proposal should specify the conditions related to the existence of reasonable grounds, the carrying out of a prior search in national databases and the launching of a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA, prior to any search in the common repository for identity; the compliance with the conditions of access to even limited information such as a hit/no hit should always be verified, independently of further access to the data stored in the system that triggered the hit; ensure in the proposals that the data stored in the ECRIS- TCN could be accessed and used solely for the purposes of the ECRIS TCN as defined in its legal instrument; the fundamental data protection principles should be taken into account during all stages of the implementation of the proposals. The obligation for eu-LISA and the Member States to follow the principles of data protection by design and by default should also be included in the proposals.
The EDPS has additional recommendations related to the following aspects of the proposals: (i) the functionality of the European search portal (‘ESP’), the shared biometric matching service (‘shared BMS’), the common identity repository (‘CIR’) and, the multiple identity detector (‘MID’); (ii) the data retention periods in the CIR and the MID; (iii) the division of roles and responsibility between eu-LISA and the Member States; (iv) the data subjects' rights; (v) the access by eu-LISA staff.
Lastly, the EDPS calls for a wider debate on the future of the EU information exchange, their governance and the ways to safeguard fundamental rights in this context.
PURPOSE: to establish a framework for interoperability between EU information systems (police and judicial cooperation, asylum and migration).
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the importance of overcoming the current shortcomings in data management and of improving the interoperability of existing information systems has been stressed on many occasions. Recent terrorist attacks have brought this into even greater focus, highlighting the urgent need for information systems to be interoperable, and to eliminate the current blind spots where terrorist suspects can be recorded in different, unconnected databases under different aliases.
Currently, various information systems at EU level (the Schengen Information System ( SIS ), the Eurodac system with fingerprint data of asylum applicants and third-country nationals who have crossed the external borders irregularly or who are illegally staying in a Member State; and the Visa Information System ( VIS ) with data on short-stay visas) are currently not interoperable — that is, able to exchange data and share information so that authorities and competent officials have the information they need, when and where they need it. This risks pieces of information slipping through the net and terrorists and criminals escaping detection by using multiple or fraudulent identities, endangering the EU's internal security and making border and migration management more challenging.
In addition to these existing systems, the Commission proposed in 2016-2017 three new centralised EU information systems:
the Entry/Exit System ( EES ); the proposed European Travel Information and Authorisation System ( ETIAS ); the proposed European Criminal Record Information System for third-country nationals ( ECRIS -TCN system).
These six systems are complementary and — with the exception of the Schengen Information System (SIS) — exclusively focused on third-country nationals.
By simultaneously cross-checking information in different databases and streamlining access by law enforcement, the new tools will quickly alert border guards or police if a person is using multiple or fraudulent identities.
This proposal is presented in combination with its sister proposal .
CONTENT: the specific objectives of this proposal are to:
ensure that end-users, particularly border guards, law enforcement officers, immigration officials and judicial authorities have fast, seamless, systematic and controlled access to the information that they need to perform their tasks; provide a solution to detect multiple identities linked to the same set of biometric data, with the dual purpose of ensuring the correct identification of bona fide persons and combating identity fraud ; facilitate identity checks of third-country nationals , on the territory of a Member State, by police authorities; and facilitate and streamline access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime and terrorism.
Scope : the proposal concerns EU information systems for centrally managed security, borders and migration management, i.e. the three systems that already exist (the Schengen Information System ( SIS ) ), the Eurodac system and the Visa Information System ( VIS ) and the three systems proposed in 2016-2017 ( EES, ETIAS and ECRIS-TCN ).
The scope also includes Interpol’s Stolen and Lost Travel Documents ( SLTD ) database, which pursuant to the provisions of the Schengen Borders Code is systematically queried at the EU’s external borders, and Interpol's Travel Documents Associated with Notices ( TDAWN ) database.
In order to achieve the objectives of this proposal, four interoperability components need to be established:
European search portal – ESP; Shared biometric matching service - shared BMS; Common identity repository – CIR; Multiple-identity detector - MID.
In addition to the above components, this draft Regulation also includes the proposal to:
establish a central repository for reporting and statistics (CRRS) to enable the creation and sharing of reports with (anonymous) statistical data for policy, operational and data quality purposes; establish the Universal Message Format (UMF) as the standard that would be used at EU level to orchestrate interactions between multiple systems in an interoperable way, including the systems developed and managed by eu-LISA; introduce the concepts of automated data quality control mechanisms and common quality indicators , and the need for Member States to ensure the highest level of data quality.
BUDGETARY IMPLICATIONS: the total budget required over nine years (2019-2027) amounts to EUR 424.7 million.
Documents
- Follow-up document: COM(2022)0524
- Follow-up document: EUR-Lex
- Follow-up document: COM(2021)0688
- Follow-up document: EUR-Lex
- Follow-up document: COM(2020)0428
- Follow-up document: EUR-Lex
- Commission response to text adopted in plenary: SP(2019)440
- Final act published in Official Journal: Regulation 2019/818
- Final act published in Official Journal: OJ L 135 22.05.2019, p. 0085
- Final act published in Official Journal: Corrigendum to final act 32019R0818R(01)
- Final act published in Official Journal: OJ L 010 15.01.2020, p. 0005
- Final act published in Official Journal: Corrigendum to final act 32019R0818R(04)
- Final act published in Official Journal: OJ L 335 29.12.2022, p. 0112
- Draft final act: 00031/2019/LEX
- Results of vote in Parliament: Results of vote in Parliament
- Decision by Parliament, 1st reading: T8-0389/2019
- Debate in Parliament: Debate in Parliament
- Contribution: COM(2017)0794
- Committee report tabled for plenary, 1st reading: A8-0348/2018
- Economic and Social Committee: opinion, report: CES4547/2018
- Contribution: COM(2018)0480
- Committee draft report: PE622.253
- Amendments tabled in committee: PE625.531
- Amendments tabled in committee: PE625.514
- Amendments tabled in committee: PE625.532
- Committee opinion: PE616.792
- Legislative proposal published: COM(2018)0480
- Legislative proposal published: EUR-Lex
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Document attached to the procedure: N8-0084/2018
- Document attached to the procedure: OJ C 233 04.07.2018, p. 0012
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0473
- Document attached to the procedure: EUR-Lex
- Document attached to the procedure: SWD(2017)0474
- Initial legislative proposal published: COM(2017)0794
- Initial legislative proposal published: EUR-Lex
- Document attached to the procedure: EUR-Lex SWD(2017)0473
- Document attached to the procedure: EUR-Lex SWD(2017)0474
- Document attached to the procedure: N8-0084/2018 OJ C 233 04.07.2018, p. 0012
- Committee opinion: PE616.792
- Amendments tabled in committee: PE625.514
- Amendments tabled in committee: PE625.532
- Committee draft report: PE622.253
- Amendments tabled in committee: PE625.531
- Economic and Social Committee: opinion, report: CES4547/2018
- Draft final act: 00031/2019/LEX
- Commission response to text adopted in plenary: SP(2019)440
- Follow-up document: COM(2020)0428 EUR-Lex
- Follow-up document: COM(2021)0688 EUR-Lex
- Follow-up document: COM(2022)0524 EUR-Lex
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2017)0794
- Contribution: COM(2018)0480
- Contribution: COM(2017)0794
Votes
A8-0348/2018 - Nuno Melo - Am 312 16/04/2019 12:48:38.000 #
A8-0348/2018 - Nuno Melo - Am 312 #
Amendments | Dossier |
739 |
2017/0352(COD)
2018/05/25
BUDG
4 amendments...
Amendment 10 #
Proposal for a regulation Article 68 – paragraph 2 a (new) 2 a. In the event of delays in the development process of the different projects, the European Parliament and the Council shall be informed as soon as possible by the responsible agencies, such as EU-LISA and Europol, about any problems and risks that may have an impact on the timely delivery and financing of the projects.
Amendment 11 #
Proposal for a regulation Article 68 – paragraph 4 4.
Amendment 8 #
Proposal for a regulation Article 60 – paragraph 1 a (new) 1 a. The cost incurred in connection with the establishment and operation of a central EU backup solution for each system indicated in paragraph 1, where necessary, shall be borne by the general budget of the Union.
Amendment 9 #
Proposal for a regulation Article 60 – paragraph 2 – subparagraph 1 Costs incurred in connection with the integration of the existing national infrastructures and their connection to the national uniform interfaces as well as in connection with hosting and future developments of the national uniform interfaces shall be borne by the general budget of the Union.
source: 622.010
2018/07/23
LIBE
459 amendments...
Amendment 468 #
Proposal for a regulation Article 10 – paragraph 1 – introductory part 1. Without prejudice to [Article 39 of the Eurodac Regulation], [Articles 12 and 18 of the Regulation on SIS in the field of law enforcement], [Article 29 of the ECRIS-TCN Regulation] and Article 40 of Regulation (EU) 2016/794, eu-LISA shall keep logs of all data processing operations within the ESP. Those logs shall include
Amendment 469 #
Proposal for a regulation Article 10 – paragraph 1 – point a (a) the Member State authority or EU bodies and the individual user of the ESP, including the ESP profile used as referred to in Article 8;
Amendment 470 #
Proposal for a regulation Article 10 – paragraph 1 – point b a (new) (ba) the exact purpose of the query;
Amendment 471 #
Proposal for a regulation Article 10 – paragraph 1 – point c (c) the EU information systems and the Europol and Interpol data queried;
Amendment 472 #
Proposal for a regulation Article 10 – paragraph 1 – point d (d) in accordance with national rules or
Amendment 473 #
Proposal for a regulation Article 10 – paragraph 1 – point d a (new) (da) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 8(2).
Amendment 474 #
Proposal for a regulation Article 10 – paragraph 1 a (new) 1a. Each Member State and EU body shall keep logs of queries of the authority and the staff duly authorised to use the ESP.
Amendment 475 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 476 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 477 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 478 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing,
Amendment 479 #
Proposal for a regulation Article 10 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing in accordance with Regulation EU 2016/679, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun.
Amendment 480 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 481 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible
Amendment 482 #
Proposal for a regulation Article 11 – paragraph 1 1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall immediately be notified by eu-LISA.
Amendment 483 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 484 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1)
Amendment 485 #
Proposal for a regulation Article 11 – paragraph 2 2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall immediately notify eu-LISA and the Commission.
Amendment 486 #
Proposal for a regulation Article 11 – paragraph 2 a (new) 2a. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the infrastructure of an EU body, that EU body shall immediately notify eu-LISA and the Commission.
Amendment 487 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1) or the CIR
Amendment 488 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1)
Amendment 489 #
Proposal for a regulation Article 11 – paragraph 3 3. In both scenarios, and until the technical failure is addressed, the obligation referred to in Article 7(2) and (4) shall not apply and Member States may access the information systems referred to in Article 9(1)
Amendment 490 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS)
Amendment 491 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS)
Amendment 492 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS) s
Amendment 493 #
Proposal for a regulation Article 12 – paragraph 1 1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 494 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a
Amendment 495 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a central infrastructure, including a search engine
Amendment 496 #
Proposal for a regulation Article 12 – paragraph 2 – point a (a) a central infrastructure, including a search engine
Amendment 497 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS
Amendment 498 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS, Central-SIS, the EES, the VIS, EURODAC and [the
Amendment 499 #
Proposal for a regulation Article 12 – paragraph 2 – point b (b) a secure communication infrastructure between the shared BMS
Amendment 500 #
3. eu-LISA shall develop the shared BMS and ensure its technical management. It shall not, however, have access to any of the personal data processed through the shared BMS.
Amendment 501 #
Proposal for a regulation Article 13 Amendment 502 #
Proposal for a regulation Article 13 – title Data
Amendment 503 #
Proposal for a regulation Article 13 – paragraph 1 – introductory part 1. The shared BMS shall
Amendment 504 #
Proposal for a regulation Article 13 – paragraph 1 – point c (c) [the
Amendment 505 #
Proposal for a regulation Article 13 – paragraph 1 – point c (c) [the data referred to in Article 20(2)(w) and (x), excluding palm prints, of the Regulation on SIS in the field of border checks;
Amendment 506 #
Proposal for a regulation Article 13 – paragraph 1 – point d Amendment 507 #
Proposal for a regulation Article 13 – paragraph 1 – point d (d) the data referred to in Article 20(3)(w)
Amendment 508 #
Proposal for a regulation Article 13 – paragraph 1 – point d (d) the data referred to in Article 20(3)(w)
Amendment 509 #
Proposal for a regulation Article 13 – paragraph 1 – point e (e) the
Amendment 510 #
Proposal for a regulation Article 13 – paragraph 1 – point e (e) the data referred to in Article 4(3)(t) and (u), excluding palm prints, of the Regulation on SIS in the field of illegal return];
Amendment 511 #
Proposal for a regulation Article 13 – paragraph 1 – point g a (new) (ga) the biometric data processed by Europol.
Amendment 512 #
Proposal for a regulation Article 13 – paragraph 2 Amendment 513 #
Proposal for a regulation Article 13 – paragraph 2 2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. In all cases, in full respect of purpose limitation, the officer launching a query in the BMS shall only be able to see the references to those information systems that he or she is authorised to access.
Amendment 514 #
Proposal for a regulation Article 13 – paragraph 2 2. The shared BMS shall include in each biometric template a reference to the information systems in which the corresponding biometric data is stored. The officer launching a query using the shared BMS shall see only the references to those information systems that he or she is authorised to access.
Amendment 515 #
Proposal for a regulation Article 13 – paragraph 3 3.
Amendment 516 #
Proposal for a regulation Article 13 – paragraph 4 Amendment 517 #
Proposal for a regulation Article 14 Amendment 518 #
Proposal for a regulation Article 14 – paragraph 1 Amendment 519 #
Proposal for a regulation Article 14 – paragraph 1 In order to search the biometric data stored within the
Amendment 520 #
1a. Where a police authority has been so empowered by national legislative measures, it may, for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a natural disaster or an accident, query the shared BMS with the biometric data of those persons. Member States wishing to avail themselves of this possibility shall adopt national legislative measures laying down the procedures, conditions and criteria.
Amendment 521 #
Proposal for a regulation Article 15 Amendment 522 #
Proposal for a regulation Article 15 Amendment 523 #
Proposal for a regulation Article 15 – paragraph 1 The data referred to in Article 13 shall be stored in the shared BMS for as long as the corresponding biometric data is stored in the
Amendment 524 #
Proposal for a regulation Article 15 – paragraph 1 a (new) The data referred to in Article 13(1) and (2) shall be automatically deleted from the BMS in accordance with the data retention provisions of Regulation (EU) 2017/2226, Regulation (EC) No 767/2008, [Regulation on SIS in the field of border checks], [Regulation on SIS in the field of law enforcement], [Regulation on SIS in the field of illegal return], [Eurodac Regulation], and [ECRIS-TCN Regulation] respectively.
Amendment 525 #
Proposal for a regulation Article 16 – paragraph 1 – point a (a) the history related to the
Amendment 526 #
Proposal for a regulation Article 16 – paragraph 1 – point b (b) a reference to the EU information systems queried with the biometric templates
Amendment 527 #
Proposal for a regulation Article 16 – paragraph 1 – point c a (new) (ca) the exact purpose of the query;
Amendment 528 #
Proposal for a regulation Article 16 – paragraph 1 – point g (g) in accordance with national rules
Amendment 529 #
Proposal for a regulation Article 16 – paragraph 1 – point g a (new) (ga) the specific purpose of the query and, where applicable, the case reference, pursuant to Article 14.
Amendment 530 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be made available to the competent supervisory authority on request. They shall be protected by appropriate measures against unauthorised access and erased
Amendment 531 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 532 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 533 #
Proposal for a regulation Article 16 – paragraph 2 2. The logs may be used only for data protection monitoring and monitoring the impact on fundamental rights, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased one year after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
Amendment 534 #
Proposal for a regulation Article 17 Amendment 535 #
Proposal for a regulation Article 17 Amendment 536 #
Proposal for a regulation Article 17 Amendment 537 #
Proposal for a regulation Article 17 – paragraph 1 1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by
Amendment 538 #
Proposal for a regulation Article 17 – paragraph 1 1. A common identity repository
Amendment 539 #
Proposal for a regulation Article 17 – paragraph 3 a (new) 3a. Where it is technically impossible to query the CIR for the purpose of identifying a person pursuant Article 20, for the detection of multiple identities pursuant Article 21 or for law enforcement purposes pursuant Article 22, because of a failure of the CIR, the users of the CIR shall be immediately notified by eu-LISA.
Amendment 540 #
Proposal for a regulation Article 18 Amendment 541 #
Proposal for a regulation Article 18 Amendment 542 #
Proposal for a regulation Article 18 Amendment 543 #
Proposal for a regulation Article 18 – paragraph 1 – point e Amendment 544 #
Proposal for a regulation Article 18 – paragraph 1 – point e (e) [the data referred to in Article 5(1)(b) and 5(2) and the following data of Article 5(1)(a) of the ECRIS-TCN Regulation: surname or family name; first name(s) (given name(s)); sex; date of birth; place and country of birth; nationality or nationalities; gender and where applicable previous names, pseudonyms(s) and/or alias name(s) as well as information on travel documents.]
Amendment 545 #
Proposal for a regulation Article 18 – paragraph 2 2. For each set of data referred to in paragraph 1, the CIR shall include a reference to the information systems to which the data belongs. The officer accessing the CIR shall see only the components of the identity file stored in the repository, which originate from those information systems he or she is authorised to access.
Amendment 546 #
Proposal for a regulation Article 19 A
Amendment 547 #
Proposal for a regulation Article 19 A
Amendment 548 #
Proposal for a regulation Article 19 Amendment 549 #
Proposal for a regulation Article 20 A
Amendment 550 #
Proposal for a regulation Article 20 A
Amendment 551 #
Proposal for a regulation Article 20 – title 20
Amendment 552 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority is unable to identify a person on the basis of his/her travel document, or of another credible document proving his/her identity, or with the identity data provided by that person in accordance with rules and procedures laid down in national law, and where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, in the presence of that person, and solely for the purpose of identifying
Amendment 553 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric
Amendment 554 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. This query of the CIR shall only be carried out as a last resort measure, in presence of the person, where he or she is unable to cooperate and does not have a credible document proving his/her identity, where that person refuses to cooperate or where there are justified or well-founded grounds to believe that the documents presented are false or that the person is not telling the truth about his/her identity;
Amendment 555 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 1 Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such checks shall not be limited to cases where the designated authority personnel was unable to identify a person on the basis of a travel document or provision of identity data or where there were doubts as to the authenticity of the travel document or the identity of its holder.
Amendment 556 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 2 Where the query indicates that data on that person is stored in the
Amendment 557 #
Proposal for a regulation Article 20 – paragraph 1 – subparagraph 2 Where the query indicates that data on that person is stored in the CIR, the Member States authority shall have access to consult the data referred to in Article 18(1). The consultation shall reveal in any case to which Union information system the data belongs.
Amendment 558 #
Amendment 559 #
Proposal for a regulation Article 20 – paragraph 1 a (new) 1a. Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident query the CIR with the biometric data of those persons.
Amendment 560 #
1a. Where there is a national legal basis, Member States' designated authorities may query the CIR to identify unknown persons unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks with the biometric data of those persons.
Amendment 561 #
Proposal for a regulation Article 20 – paragraph 1 b (new) 1b. Where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where accessing the CIR may contribute to preventing and fighting irregular migration as well as to combating serious cross-border crime, terrorism, human trafficking and preventing people from being exploited and slaved, the authority shall be able to query the CIR in accordance with the rules provided for in paragraphs 1 and 2.
Amendment 562 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures
Amendment 563 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c).
Amendment 564 #
Proposal for a regulation Article 20 – paragraph 2 2. Member States wishing to avail themselves of the possibility provided for in this Article shall adopt national legislative measures. Such legislative measures shall specify the precise purposes of identity checks within the purposes referred to in Article 2(1)(b) and (c). They shall designate the police authorities competent and lay down the procedures, conditions and criteria of such checks. Access to the CIR to establish the identity of a third country national for purposes of ensuring a high level of security shall only be allowed where access for the same purposes to similar national databases exist and under equivalent conditions.
Amendment 565 #
Proposal for a regulation Article 21 A
Amendment 566 #
Proposal for a regulation Article 21 A
Amendment 567 #
Proposal for a regulation Article 21 – title 21 Access to
Amendment 568 #
Proposal for a regulation Article 21 – paragraph 1 1. Where a query
Amendment 569 #
Proposal for a regulation Article 21 – paragraph 2 2. Where a query
Amendment 570 #
Proposal for a regulation Article 22 Amendment 571 #
Proposal for a regulation Article 22 Amendment 572 #
Proposal for a regulation Article 22 – title 22 Querying
Amendment 573 #
Proposal for a regulation Article 22 – paragraph 1 1.
Amendment 574 #
Proposal for a regulation Article 22 – paragraph 1 1. For the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences in a specific case and in order to obtain information on whether data on a specific person is present in Eurodac, the Member State designated authorities and Europol may consult the CIR. The CIR can only be consulted: (a) where reasonable grounds exist that the consultation will substantially contribute to the prevention, detection or investigation of the terrorist or other serious criminal offences, in particular where there is a substantiated suspicion that the suspect, perpetrator or victim of a terrorist offence or other serious criminal offence falls under the category of third country nationals whose data are stored in the EES, the VIS, the ETIAS and the Eurodac system, and (b) after a prior search in the national databases has been carried out and a query of the automated fingerprint identification system of the other Member States under Decision 2008/615/JHA has been launched.
Amendment 575 #
Proposal for a regulation Article 22 – paragraph 1 a (new) 1a. The central access points established in Article 50(2) [ETIAS Regulation], Article29(3) of Regulation (EU) 2017/2226 and Article 3(2) of Regulation 767/2008 shall monitor the use made of the possibility provided for in paragraph 1. For that purpose, regular ex-post evaluations of this possibility shall be made and used for self-monitoring as referred to in Article 45. The central access points shall transmit a report to the supervisory authorities referred to in Article 49 every two years on the use made of this provision.
Amendment 576 #
Proposal for a regulation Article 22 – paragraph 2 Amendment 577 #
Proposal for a regulation Article 22 – paragraph 2 2. Member State designated authorities and Europol shall not be entitled to consult data belonging to [the ECRIS-TCN] when
Amendment 578 #
Proposal for a regulation Article 22 – paragraph 3 3. Where, in reply to a query the
Amendment 579 #
Proposal for a regulation Article 22 – paragraph 4 a (new) 4a. The Member State designated authorities and Europol getting a hit shall refer to the national supervisory authorities that shall check whether the conditions of accessing the CIR were complied with. In case the ex post independent verification determines that the consultation of the CIR was not justified, the law enforcement authority shall erase all data originating from the CIR.
Amendment 580 #
Proposal for a regulation Article 23 Amendment 581 #
Proposal for a regulation Article 23 Amendment 582 #
Proposal for a regulation Article 23 Amendment 583 #
Proposal for a regulation Article 23 – paragraph 1 1. The data referred to in Article 18(1) and (2) shall be automatically deleted from the CIR in accordance with the data retention provisions of [the Eurodac Regulation] and [the ECRIS-TCN Regulation] respectively.
Amendment 584 #
Proposal for a regulation Article 23 – paragraph 2 a (new) 2a. Where the MID establishes a red link according to Article 32, data retention in the CIR shall be prolonged so that linked data referred to in Article 18 shall be stored in the CIR for the period corresponding data remains stored in at least one of the originating EU information systems.
Amendment 588 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) the
Amendment 589 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) the
Amendment 590 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point a (a) only the national file reference;
Amendment 591 #
Proposal for a regulation Article 24 – paragraph 4 – subparagraph 1 – point e (e) the
Amendment 592 #
Proposal for a regulation Article 24 – paragraph 5 a (new) 5a. Europol shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Article 22.
Amendment 593 #
Proposal for a regulation Article 24 – paragraph 6 6. The logs referred to in paragraphs 1, 5 and 5a may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing,
Amendment 594 #
Proposal for a regulation Article 24 – paragraph 7 a (new) 7a. The competent national authorities in charge of checking whether or not access is lawful, monitoring the lawfulness of data processing, self- monitoring and ensuring the proper functioning, data integrity and security, shall have access, within the limits of their competence and at their request, to these logs for the purpose of fulfilling their duties.
Amendment 595 #
Proposal for a regulation Article 24 – paragraph 7 b (new) 7b. For the purposes of self- monitoring and ensuring the proper functioning of the CIR, data integrity and security, the EU-Lisa shall have access, within the limits of its competence, to those logs.
Amendment 596 #
Proposal for a regulation Article 24 – paragraph 7 c (new) 7c. The European Data Protection Supervisor shall have access, within the limits of its competence and at its request, to those logs for the purpose of fulfilling its tasks.
Amendment 597 #
Proposal for a regulation Article 25 Amendment 598 #
Proposal for a regulation Article 25 Amendment 599 #
Proposal for a regulation Article 25 – paragraph 1 1. A multiple-identity detector (MID) is established to creat
Amendment 600 #
Proposal for a regulation Article 25 – paragraph 1 1. A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating
Amendment 601 #
Proposal for a regulation Article 25 – paragraph 2 – point b (b) a secure communication infrastructure to connect the MID with the SIS and the central infrastructures of the European search portal and the
Amendment 602 #
Proposal for a regulation Article 25 – paragraph 3 3. eu-LISA shall develop the MID and ensure its technical management. It shall not, however, have access to any of the personal data processed through the MID.
Amendment 603 #
Proposal for a regulation Article 25 – paragraph 3 a (new) 3a. Eu-LISA(and the competent authorities of the Member States) should use appropriate procedures for the profiling, implement technical and organizational measures appropriate to ensure, in particular, that factors which result in inaccuracies in personal data are corrected and the risk of errors is minimized, secure personal data in a manner that takes account of the potential risks involved for the interests and rights of the data subject and that prevents discriminatory effects on natural persons on the basis of social, racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such effect.
Amendment 604 #
Proposal for a regulation Article 25 – paragraph 3 b (new) Amendment 605 #
Proposal for a regulation Article 26 A
Amendment 606 #
Proposal for a regulation Article 26 Amendment 607 #
Proposal for a regulation Article 26 – paragraph 1 – point e (e) the SIRENE Bureaux of the Member State creating or updating a [Regulation on SIS in the field of law enforcement or Regulation on SIS in the field of illegal return];
Amendment 608 #
Proposal for a regulation Article 26 – paragraph 2 2. Member State authorities and EU bodies having access to at least one EU information system
Amendment 611 #
Proposal for a regulation Article 27 – paragraph 1 – introductory part 1. A multiple-identity detection in the
Amendment 612 #
Proposal for a regulation Article 27 – paragraph 1 – point e a (new) (ea) The multiple-identity detection using the data referred to in paragraph 1(c) shall be launched only where an application file in ETIAS can be verified against an individual file in the EES.
Amendment 613 #
Proposal for a regulation Article 27 – paragraph 2 2. Where the data contained within an
Amendment 614 #
Proposal for a regulation Article 27 – paragraph 2 2. Where the data contained within an information system as referred to in paragraph 1 contains biometric data, the common identity repository (CIR) and the Central-SIS shall use the shared biometric matching service (shared BMS) in order to perform the multiple-identity detection. The shared BMS shall compare the biometric templates obtained from any new biometric data to the biometric templates already contained in the shared BMS in order to verify whether or not data belonging to the same
Amendment 615 #
Proposal for a regulation Article 27 – paragraph 3 – introductory part 3. In addition to the process referred to in paragraph 2, the
Amendment 616 #
Proposal for a regulation Article 27 – paragraph 3 – point h (h) [surname (family name); first name(s) (given names); previous name(s); pseudonym and/or alias name(s); date of birth, place of birth, nationality(ies) and gender as referred to in Article 5(1)(a) of the ECRIS-
Amendment 617 #
Proposal for a regulation Article 28 Amendment 618 #
Proposal for a regulation Article 28 Amendment 619 #
Proposal for a regulation Article 28 – paragraph 2 – subparagraph 1 Where the query laid down in Article 27(2) and (3) reports one or several hit(s), the
Amendment 620 #
Proposal for a regulation Article 28 – paragraph 5 5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in
Amendment 621 #
Proposal for a regulation Article 28 – paragraph 5 5. The Commission shall lay down the procedures to determine the cases where identity data can be considered as identical or similar in
Amendment 624 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point e (e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of law enforcement and on SIS in the field of illegal return];
Amendment 625 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 1 – point e (e) the SIRENE Bureaux of the Member State for hits that occurred when creating or updating a SIS alert in accordance with the [Regulations on SIS in the field of law enforcement and on SIS in the field of illegal return];
Amendment 626 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 2 The multiple-identity detector shall indicate the authority responsible for the verification of different identities in the identity verification file. The authority adding the last data that triggered the link as referred to in Article 30, shall be responsible for the verification of the different identities. In the absence of access rights to be informed of such a link, a competent authority of the Member State having added the last data triggering the link and having access rights to the link data will be informed in an automatic manner as to undertake verification of the different identities in the identity verification confirmation file.
Amendment 627 #
Proposal for a regulation Article 29 – paragraph 1 – subparagraph 2 a (new) The authority responsible shall verify the identity as soon as possible and, in any event, within eight hours. If verification proves impossible, the border authorities shall carry out the verification when the person concerned next enters or exits an external border.
Amendment 628 #
Proposal for a regulation Article 29 – paragraph 2 – point f Amendment 629 #
Proposal for a regulation Article 29 – paragraph 2 – point f a (new) (fa) Where the SIRENE Bureau is responsible for manually verifying different identities but has not been involved in the addition of the new identity data, which has given rise to a yellow link, it shall be informed immediately by the relevant authority which added the new identity data. The SIRENE Bureau shall carry out the manual verification of different identities as soon as possible and, in any event, within eight hours.
Amendment 630 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 (new) Amendment 631 #
Proposal for a regulation Article 29 – paragraph 2 – subparagraph 1 (new) The responsible Sirene Bureau shall be immediately informed when a yellow link has to be verified by it.
Amendment 632 #
Proposal for a regulation Article 29 – paragraph 3 3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the
Amendment 633 #
Proposal for a regulation Article 29 – paragraph 3 3. Without prejudice to paragraph 4, the authority responsible for verification of different identities shall have access to the related data contained in the relevant identity confirmation file and to the identity data linked in the common identity repository and, where relevant, in the SIS, and shall assess the different identities and shall update the link in accordance with Articles 31, 32 and 33 and add it to the identity confirmation file without delay, in any case within 24 hours.
Amendment 634 #
Proposal for a regulation Article 29 – paragraph 4 a (new) 4a. The verification of different identities shall, as a rule, take place in the presence of the person concerned who should be offered the opportunity to explain the circumstances to the authority responsible, which should take those explanations into account.
Amendment 635 #
Proposal for a regulation Article 29 – paragraph 5 5. Where more than one link is obtained, the authority responsible for the verification of different identities shall assess each link separately. The authority responsible must ensure that the data subject is given the possibility to explain plausible reasons why there may be contradicting information within the different IT systems.
Amendment 636 #
Proposal for a regulation Article 29 – paragraph 6 a (new) 6a. The authority responsible for the manual verification of multiple identities must also assess whether there are plausible arguments presented by the third country national when deciding on the colour of the links. Such assessment should be performed, where possible, in the presence of the third-country national and, where necessary, by requesting additional clarifications or information. Such assessment should be performed without delay, in line with legal requirements for the accuracy of information under Union and national law.
Amendment 637 #
Proposal for a regulation Article 30 Amendment 638 #
Proposal for a regulation Article 30 Amendment 639 #
Proposal for a regulation Article 30 – paragraph 1 – point b (b) the linked data has different identity data, there is no biometric data to compare, and no manual verification of different identity has taken place.
Amendment 640 #
Proposal for a regulation Article 31 Amendment 641 #
Proposal for a regulation Article 31 Amendment 642 #
Proposal for a regulation Article 31 – paragraph 1 1. A link between data from two or more information systems shall be classified as green where the linked data do not share: (i) the same biometric data but have the same or similar identity data; or (ii) the same or similar identity data but have indistinguishable biometric data, and the authority responsible for the verification of different
Amendment 643 #
Proposal for a regulation Article 31 – paragraph 2 2. Where the
Amendment 644 #
Proposal for a regulation Article 32 Amendment 645 #
Proposal for a regulation Article 32 Amendment 646 #
Proposal for a regulation Article 32 – paragraph 1 – point a (a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 647 #
Proposal for a regulation Article 32 – paragraph 1 – point a (a) the linked data shares the same biometric but different identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 648 #
Proposal for a regulation Article 32 – paragraph 1 – point b (b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers
Amendment 649 #
Proposal for a regulation Article 32 – paragraph 1 – point b (b) the linked data has similar identity data and the authority responsible for the verification of different identities concluded it refers unlawfully to the same person who has evidently provided false information with the intent of committing a serious criminal offence.
Amendment 650 #
Proposal for a regulation Article 32 – paragraph 2 2. Where the CIR or the SIS are queried and where a red link exists between two or more of the information systems constituting the CIR or with the SIS, the multiple-identity detector shall reply indicating the data referred to in Article 34
Amendment 651 #
Proposal for a regulation Article 32 – paragraph 3 Amendment 652 #
Proposal for a regulation Article 32 – paragraph 4 Amendment 653 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to limitations necessary to protect security and public order, prevent crime and guarantee that any national investigation will not be jeopardised, with particular emphasis to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return],
Amendment 654 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to the provisions related to the handling of alerts in the SIS referred to in the [Regulations on SIS in the field of border checks, on SIS in the field of law enforcement and on SIS in the field of illegal return], and without prejudice to limitations necessary to protect security
Amendment 655 #
Proposal for a regulation Article 32 – paragraph 4 4. Without prejudice to the provisions
Amendment 656 #
Proposal for a regulation Article 32 – paragraph 5 a (new) 5a. Where a Member State authority or EU body with access to one of the EU information systems or the SIS obtains evidence showing that a red link recorded in the MID is inaccurate or that the data processed in the MID, the relevant EU information systems and the SIS were processed in breach of this Regulation, that authority shall, where the link relates to EU information systems either rectify or erase the link from the MID immediately, or where the link relates to the SIS, inform the relevant SIRENE Bureau of the Member State that created the SIS alert immediately. That SIRENE Bureau shall verify the evidence provided by the Member State authority and rectify or erase the link from the MID immediately thereafter.
Amendment 657 #
Proposal for a regulation Article 32 – paragraph 5 a (new) 5a. A third-country national shall be notified of the existence of a red link as soon as such a notification can no longer jeopardize on-going investigations or proceedings.
Amendment 658 #
Proposal for a regulation Article 33 Amendment 659 #
Proposal for a regulation Article 33 Amendment 660 #
Proposal for a regulation Article 33 – paragraph 1 – point c a (new) (ca) the linked data shares the same identity data and different biometric data and the authority responsible for the verification of different identities has concluded it refers to the same person and their biometric data has changed due to injury, illness or other legitimate reason.
Amendment 661 #
Proposal for a regulation Article 33 – paragraph 2 2. Where
Amendment 662 #
Proposal for a regulation Article 33 – paragraph 3 Amendment 663 #
Proposal for a regulation Article 33 – paragraph 4 a (new) 4a. If a Member State authority has evidence to suggest that a red link/ white link recorded in the MID is factually inaccurate or not up-to-date or that data were processed in the MID, the EU information systems or the SIS in breach of this Regulation, it shall check the relevant data stored in the EU information systems and SIS and shall, if necessary, rectify or erase the link from the MID without delay. That Member State authority shall inform the Member State responsible for the manual verification without delay.
Amendment 664 #
Proposal for a regulation Article 34 Amendment 665 #
Proposal for a regulation Article 34 Amendment 666 #
Proposal for a regulation Article 35 Amendment 667 #
Proposal for a regulation Article 35 Amendment 668 #
Proposal for a regulation Article 35 – paragraph 1 The identity confirmation files and its data,
Amendment 669 #
Proposal for a regulation Article 35 – paragraph 1 The identity confirmation files and its data, including the links, shall be stored in the multiple-identity detector (MID) only for as long as the linked data is stored in two or more EU information systems. Once this condition is no longer met, the identity confirmation files and their data, including all related links, shall be deleted automatically.
Amendment 670 #
Proposal for a regulation Article 35 – paragraph 1 a (new) Amendment 671 #
Proposal for a regulation Article 36 Amendment 672 #
Proposal for a regulation Article 36 Amendment 673 #
Proposal for a regulation Article 36 – paragraph 2 a (new) 2a. Each EU body shall keep logs of queries of the authority and the staff duly authorised to use the MID.
Amendment 674 #
Proposal for a regulation Article 36 – paragraph 3 3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing,
Amendment 675 #
Proposal for a regulation Article 36 – paragraph 3 3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. To that end, access to those logs shall be granted as appropriate to the data controllers identified pursuant to Article 40, to national supervisory authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680, and to the European Data Protection Supervisor. The logs shall be protected by appropriate measures against unauthorised access and erased
Amendment 676 #
Proposal for a regulation Article 37 – paragraph 1 1. eu-LISA shall establish as soon as possible automated data quality control mechanisms and procedures on the data stored in the
Amendment 677 #
Proposal for a regulation Article 37 – paragraph 1 1. eu-LISA shall establish automated data quality control mechanisms and
Amendment 678 #
Proposal for a regulation Article 37 – paragraph 1 1. eu-LISA shall establish automated data quality control mechanisms and procedures on the data stored in or accessed through the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 679 #
Proposal for a regulation Article 37 – paragraph 2 2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the SIS,
Amendment 680 #
Proposal for a regulation Article 37 – paragraph 2 2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in or access data through the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 681 #
Proposal for a regulation Article 37 – paragraph 2 2. eu-LISA shall establish common data quality indicators and the minimum quality standards to store data in the SIS, Eurodac, [the ECRIS-TCN system],
Amendment 682 #
Proposal for a regulation Article 37 – paragraph 3 3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the
Amendment 683 #
Proposal for a regulation Article 37 – paragraph 3 3. eu-LISA shall provide regular reports on the automated data quality control mechanisms and procedures and the common data quality indicators to the Member States and the European Data Protection Board. eu-LISA shall also provide a regular report to the Commission covering the issues encountered and the Member States concerned.
Amendment 684 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store
Amendment 685 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures and the common data quality indicators and the minimum quality standards to store data in or access data through the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 686 #
Proposal for a regulation Article 37 – paragraph 4 4. The details of the automated data quality control mechanisms and procedures
Amendment 687 #
Proposal for a regulation Article 37 – paragraph 5 5. One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and in particular, data quality issues deriving from erroneous historical data in existing EU information systems and in the SIS. The Commission shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies identified in the evaluation report and shall report on any progress against this action plan until it is fully implemented. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007.63 _________________
Amendment 688 #
Proposal for a regulation Article 37 – paragraph 5 5. One year after the establishment of the automated data quality control mechanisms and procedures and common data quality indicators and every year thereafter, the Commission shall evaluate Member State implementation of data quality and shall make any necessary recommendations. The Member States shall provide the Commission with an action plan to remedy any deficiencies identified in the evaluation report and shall report on any progress against this action plan until it is fully implemented. The Commission shall transmit the evaluation report to the European Parliament, to the Council, to the European Data Protection Supervisor, the European Data Protection Board and to the European Union Agency for Fundamental Rights established by Council Regulation (EC) No 168/2007.63 _________________ 63 Council Regulation (EC) No 168/2007 of 15 February 2007 establishing a European Union Agency for Fundamental Rights (OJ L 53, 22.2.2007, p. 1).
Amendment 689 #
Proposal for a regulation Article 38 – paragraph 2 2. The UMF standard shall be used in the development of the [Eurodac], the [ECRIS-TCN system], the European search portal,
Amendment 690 #
Proposal for a regulation Article 38 – paragraph 2 2. The UMF standard shall be used in the development of the [Eurodac], the [ECRIS-TCN system], the European search portal,
Amendment 691 #
Proposal for a regulation Article 38 – paragraph 3 Amendment 692 #
Proposal for a regulation Article 38 – paragraph 3 3. The implementation of the UMF standard
Amendment 693 #
Proposal for a regulation Article 39 Amendment 694 #
Proposal for a regulation Article 39 Amendment 695 #
Proposal for a regulation Article 39 – paragraph 2 2. eu-LISA shall establish, implement and host the CRRS in its technical sites
Amendment 696 #
Proposal for a regulation Article 39 – paragraph 2 a (new) 2a. Europol may access data contained in the CRRS for the performance of its tasks referred to in Article 4 of Regulation (EU) 2016/794.
Amendment 697 #
Proposal for a regulation Article 39 – paragraph 2 b (new) 2b. The European Border and Coast Guard Agency may access data contained in the CRRS for the performance of its analytical tasks referred to in Article 8 of Regulation (EU)2016/1624.
Amendment 698 #
Proposal for a regulation Article 39 – paragraph 3 3. eu-LISA shall render the data
Amendment 699 #
Proposal for a regulation Article 39 – paragraph 3 3. eu-LISA shall render the data anonymous, by ensuring that the data is non-identifiable, and shall record such anonymous data in the CRRS. The process for rendering the data anonymous shall be automated.
Amendment 700 #
Proposal for a regulation Article 39 – paragraph 4 – point b (b) a secure communication infrastructure to connect the CRRS to the SIS, Eurodac and [the ECRIS-TCN], as well as the central infrastructures of the shared BMS
Amendment 701 #
Proposal for a regulation Article 39 – paragraph 5 5. The Commission shall lay down detailed rules on the operation of the CRRS, including specific safeguards for processing of personal data referred to under paragraph 2 and 3 and security rules applicable to the repository by means of
Amendment 702 #
Proposal for a regulation Article 39 a (new) Article 39a Statistics 1. eu-LISA shall develop functionalities to allow Member States’ authorities, the Commission, eu-LISA as well as the EDPS to automatically extract statistics directly from the system. Such extraction shall take place only in duly justified cases, at reasonable intervals, and for a specific purpose. Extracted statistics shall only contain anonymous data. 2. Before developing the functionalities laid down in paragraph 1, eu-LISA shall perform a thorough information security risk assessment and establish secure access points.
Amendment 703 #
Proposal for a regulation Article 40 – paragraph 1 1. In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the
Amendment 704 #
Proposal for a regulation Article 40 – paragraph 1 1. In relation to the processing of data in the shared biometric matching service (shared BMS), the Member State authorities that are controllers for the Eurodac, SIS and [the ECRIS-TCN system] respectively, shall also be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 or Article 3(8) of Directive (EU) 2016/680 in relation to the biometric templates obtained from the data referred to in Article 13 that they enter into respective systems and shall have responsibility for the processing of the biometric templates in the shared BMS.
Amendment 705 #
Amendment 706 #
Proposal for a regulation Article 40 – paragraph 2 Amendment 707 #
Proposal for a regulation Article 40 – paragraph 3 Amendment 708 #
Proposal for a regulation Article 40 – paragraph 3 – point a (a) the European Border and Coast Guard Agency shall be considered a data controller in accordance with Article 2(b) of Regulation No 45/2001 in relation to processing of personal data by the ETIAS Central Unit. In relation to information security management of the ETIAS Central System, eu-LISA shall be considered a controller;
Amendment 709 #
Proposal for a regulation Article 40 – paragraph 3 – point b (b) the Member State authorities adding or modifying the data in the identity confirmation file are also to be considered as controllers in accordance with Article 4(7) of Regulation (EU) 2016/679 and shall have responsibility for the processing of the personal data in the multiple-identity detector. In relation to information security management of the multiple- identity detector, eu-LISA shall be considered a controller;
Amendment 710 #
Proposal for a regulation Article 40 – paragraph 3 a (new) 3a. eu-LISA shall also be considered to be a controller in relation to all processing under this Regulation. Relevant provisions of Regulation (EC) 45/2001 shall apply.
Amendment 711 #
Proposal for a regulation Article 41 Amendment 712 #
Proposal for a regulation Article 41 Amendment 713 #
Proposal for a regulation Article 41 Amendment 714 #
Proposal for a regulation Article 42 – paragraph 1 1. Both eu-LISA and the Member State authorities shall ensure the security of the processing of personal data that takes place pursuant to the application of this Regulation. eu-LISA shall be responsible for the central systems and Member State authorities shall be responsible for the security at the end-points controlling access to the systems, [the ETIAS Central Unit] and the Member State authorities shall cooperate on security-related tasks.
Amendment 715 #
Proposal for a regulation Article 42 – paragraph 3 – point i (i) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation and to assess those security measures in the light of new technological developments.
Amendment 716 #
Proposal for a regulation Article 43 – paragraph 1 1. Each Member State shall apply its rules of professional secrecy or other
Amendment 717 #
Proposal for a regulation Article 43 – paragraph 2 a (new) 2a. Where eu-LISA or a Member State cooperates with external contractors in any task related to the accessibility components, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Regulation, including in particular security, confidentiality and data protection. In case potential and existing contractors are also established in third countries, eu-LISA or the respective Member State shall closely monitor and assess any legal obligations in those third countries that might have a detrimental impact on the confidentiality of the accessibility components and the information systems operated by eu-LISA and by the Member States in the scope of this Regulation, and take all necessary steps to ensure the confidentiality, including, where necessary, declining a contract.
Amendment 718 #
Proposal for a regulation Article 44 – paragraph 1 1. Any event that has or may have an impact on the security of the interoperability components and may cause unauthorised access to, damage to or loss of data stored in them shall be considered to be a security incident, in particular where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.
Amendment 719 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA and the European Data Protection Supervisor of security incidents. Without prejudice to Article 35 of Regulation (EC) 45/2001 [or Article 37 of Regulation XX/2018 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC] and Article 34 of Regulation (EU) 2016/794, [the ETIAS Central Unit] and Europol shall notify the Commission, eu-LISA and the European Data Protection Supervisor of any security incident. In the
Amendment 720 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor as well as national supervisory authorities concerned.
Amendment 721 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authorities and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 722 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the
Amendment 723 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authority and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 724 #
Proposal for a regulation Article 44 – paragraph 3 3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall immediately notify the Commission, eu-
Amendment 725 #
Proposal for a regulation Article 44 – paragraph 3 a (new) 3a. The Commission shall report serious incidents immediately to the European Parliament and the Council. These reports shall be classified as EU RESTRICTED/RESTREINT UE in accordance with applicable security rules.
Amendment 726 #
Proposal for a regulation Article 44 – paragraph 3 b (new) 3b. Where a security incident is caused by the misuse of data, Member States or the relevant EU Agencies shall ensure that penalties or disciplinary measures are imposed in accordance with Union and national law.
Amendment 727 #
Proposal for a regulation Article 44 – paragraph 5 a (new) 5a. The European Commission shall carry out annual evaluations to ensure that Member States are in full compliance with the obligations under each respective IT-systems. The concrete findings of the evaluations shall be communicated to the European Parliament and the Council, and in case of a breach, appropriate measures shall be taken thereafter.
Amendment 728 #
Proposal for a regulation Article 45 – paragraph 1 Member States and the relevant EU bodies shall ensure that each authority entitled to access the
Amendment 729 #
Proposal for a regulation Article 45 – paragraph 1 Member States and the relevant EU bodies shall ensure that each authority entitled to access the interoperability components takes the measures necessary to monitor its compliance with this Regulation and cooperates, where necessary, with the supervisory authority. Where the Member States establish that this Regulation has been infringed, they must define and apply the appropriate penalties.
Amendment 730 #
Proposal for a regulation Article 45 a (new) Article 45a Penalties Member States shall take the necessary measures to ensure that any use of data in a manner contrary to this Regulation is punishable by effective, proportionate and dissuasive penalties in accordance with national law, Article 84 of Regulation (EU) 2016/679 and Article 57 of Directive (EU) 2016/680 as well as [relevant Article of new] Regulation 45/2001.
Amendment 732 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right to
Amendment 733 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service
Amendment 734 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001
Amendment 735 #
Proposal for a regulation Article 46 – paragraph 1 1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data. Persons whose data is stored should also be informed of retention periods, automated decision- making and the fact that personal data is not transferred or made available to third countries, international organisations of private parties, with the exception of transfers to Interpol.
Amendment 736 #
Proposal for a regulation Article 46 – paragraph 1 Amendment 737 #
Proposal for a regulation Article 46 – paragraph 1 a (new) 1a. All information must be provided to data subjects in a manner and language which they understand, or are reasonably expected to understand. This must include providing information in an age- appropriate manner for data subjects who are minors.
Amendment 738 #
Proposal for a regulation Article 46 – paragraph 2 Amendment 739 #
Proposal for a regulation Article 46 – paragraph 2 – introductory part 2. Persons whose data is recorded in Eurodac or [the ECRIS-TCN system] shall be informed about the processing of data for the purposes of this Regulation in accordance with paragraph 1
Amendment 740 #
Proposal for a regulation Article 46 – paragraph 2 – point d Amendment 741 #
Proposal for a regulation Article 46 – paragraph 2 – point e Amendment 742 #
Proposal for a regulation Article 46 – paragraph 2 a (new) 2a. The data subject should also be informed about the relevant retention periods, the automated decision-making and the fact that personal data is not transferred or made available to third countries, international organizations or private parties with the exception of transfers to Interpol.
Amendment 743 #
Proposal for a regulation Article 46 – paragraph 2 b (new) 2b. The information referred to in this Article shall be given in a language that the person understands. The information shall be provided to children in an age- appropriate manner. The provision of the information shall also take into account specific needs of a person concerned.
Amendment 744 #
Proposal for a regulation Article 46 a (new) Article 46a Information Campaign The Commission shall, in cooperation with the supervisory authorities and the European Data Protection Supervisor, accompany the start of operations of each interconnectivity component with an information campaign informing the public and, in particular, third-country nationals, about the objectives and the functioning of those components, the authorities having access and the conditions for such access, and the rights of persons concerned. Such information campaigns shall be conducted continuously.
Amendment 745 #
Proposal for a regulation Article 47 – title Right of access
Amendment 746 #
Proposal for a regulation Article 47 – title 47 Right of access, correction and erasure - Web Service
Amendment 747 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001
Amendment 748 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, a
Amendment 749 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001
Amendment 750 #
Proposal for a regulation Article 47 – paragraph 1 1. In order to exercise their rights under Articles 13, 14, 15 and 16 of Regulation (EC) 45/2001 and Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679, any person shall have the right to address him or herself to the Member State responsible for the manual verification of different identities stored in the MID or of any Member State, who shall examine and reply to the request.
Amendment 751 #
Proposal for a regulation Article 47 – paragraph 1 a (new) 1a. Without prejudice to paragraph 1, and in order to facilitate and better enable the effective exercise of the rights of data subjects as described in paragraph 1 to access, rectify, erase or restrict the processing of their personal data under interoperability components, in particular for those third country nationals who may be outside the territory of the Member States, eu-LISA shall establish a web service, hosted in its technical site, which shall enable data subjects to make a request for access, correction, erasure or rectification of their personal data. The web service shall act as a single point of contact for those third country nationals outside the territory of the Member States. On the basis of such a request, the web service shall immediately transmit the request to the Member State responsible for manual verification of different identities in accordance with Article 29, or, where appropriate, to the Member State responsible for the entry of the data in the underlying information system which is the subject of the request.
Amendment 752 #
Proposal for a regulation Article 47 – paragraph 1 b (new) 1b. The Commission shall adopt implementing acts concerning the detailed rules on the conditions for the operation of the web service and the data protection and security rules applicable. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 64.
Amendment 753 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has
Amendment 754 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within
Amendment 755 #
Proposal for a regulation Article 47 – paragraph 2 2. The Member State responsible for the manual verification of different
Amendment 756 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within
Amendment 757 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within
Amendment 758 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction, restriction of processing or erasure of personal data is made to a Member State other than the Member State responsible, the Member State to which the request has been made shall contact the authorities of the Member State responsible within seven days and the Member State responsible shall check the accuracy of the data and the lawfulness of the data processing within
Amendment 759 #
Proposal for a regulation Article 47 – paragraph 3 3. If a request for correction
Amendment 760 #
Proposal for a regulation Article 47 – paragraph 4 Amendment 761 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct
Amendment 762 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State to which the request has been made shall inform the data subject about the correction or deletion without delay.
Amendment 763 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data. The Member State shall send a written confirmation to the data subject.
Amendment 764 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the common identity repository (CIR) or multiple-identity detector (MID) are factually inaccurate or have been recorded unlawfully, the Member State responsible or, where applicable, the Member State to which the request has been made shall correct or delete these data.
Amendment 765 #
Proposal for a regulation Article 47 – paragraph 4 4. Where, following an examination, it is found that the data stored in the
Amendment 766 #
Proposal for a regulation Article 47 – paragraph 4 a (new) 4a. Any person shall have the right to lodge a complaint and the right to a legal remedy in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, in accordance with national or Union law;
Amendment 767 #
Amendment 768 #
Proposal for a regulation Article 47 – paragraph 5 5. Where data in the MID is amended by the responsible Member State during its validity period, the responsible Member State shall carry out the processing laid down in Article 27 and, where relevant, Article 29 to determine whether the amended data shall be linked. Where the processing does not report any hit, the responsible Member State or, where applicable, the Member State to which the request has been made shall delete the data from the identity confirmation file. Where the automated processing reports one or
Amendment 769 #
Proposal for a regulation Article 47 – paragraph 6 Amendment 770 #
Proposal for a regulation Article 47 – paragraph 6 Amendment 771 #
Proposal for a regulation Article 47 – paragraph 7 Amendment 772 #
Proposal for a regulation Article 47 – paragraph 7 7. This decision shall also provide the person concerned with information explaining the possibility to challenge the decision taken in respect of the request referred in paragraph
Amendment 773 #
Proposal for a regulation Article 47 – paragraph 8 8. Any request made pursuant to paragraph
Amendment 774 #
Proposal for a regulation Article 47 – paragraph 9 9. The responsible Member State or,
Amendment 775 #
Proposal for a regulation Article 47 a (new) Article 47a Liability Without prejudice to the right to compensation from, and liability under Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EC) No 45/2001: (a) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by a Member State which is incompatible with this Regulation shall be entitled to receive compensation from that Member State; (b) any person who has suffered material or non-material damage as a result of an unlawful personal data processing operation through the use of interoperability components or any other act by Europol or by the European Border and Coast Guard Agency which is incompatible with this Regulation shall be entitled to receive compensation from Europol or the European Border and Coast Guard as appropriate. The Member State, Europol or the European Border and Coast Guard Agency shall be exempted from liability, in whole or in part, if they prove that they are not responsible for the event which gave rise to the damage.
Amendment 776 #
Proposal for a regulation Article 47 b (new) Article 47b Penalties Member States shall ensure that any misuse of data, processing of data or exchange of data contrary to this Regulation is punishable in accordance with national law. The penalties provided shall be effective, proportionate and dissuasive and shall include the possibility for administrative and criminal penalties. Europol and the European Border and Coast Guard Agency shall ensure that members of their staff or members of their teams who misuse, process or exchange data contrary to this Regulation are subject to penalties. Those penalties shall be effective, proportionate and dissuasive.
Amendment 777 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party, unless such transfers may help to prevent an imminent serious threat to public security, e.g. posed by terrorists or other serious cross-border criminal organisations.
Amendment 778 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party. Any breach to this shall be considered a serious security incident and shall be immediately reported and addressed in accordance with Article 44.
Amendment 779 #
Proposal for a regulation Article 48 – paragraph 1 Personal data stored in, processed or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party.
Amendment 780 #
Proposal for a regulation Article 48 – paragraph 1 a (new) The prohibition referred to in paragraph 1a of this Article shall not apply to personal data originating from those EU information systems for which the respective legal instruments allow for such a transfer.
Amendment 781 #
Proposal for a regulation Article 49 – paragraph -1 (new) -1. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation 2016/678 and Article 41 of Directive 2016/680 shall monitor the lawfulness of the processing of personal data.
Amendment 782 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or authorities designated pursuant to Article
Amendment 783 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance with relevant international auditing standards at least every
Amendment 784 #
Proposal for a regulation Article 49 – paragraph 1 1. The supervisory authority or authorities designated pursuant to Article 49 of Regulation (EU) 2016/679 or pursuant to Article 41 of Directive (EU) 2016/680 shall ensure that an audit of the data processing operations by the responsible national authorities is carried out in accordance
Amendment 785 #
Proposal for a regulation Article 49 – paragraph 1 a (new) 1 a. Member States shall ensure that their supervisory authorities designated pursuant to Article 51 of Regulation 2016/679 and Article 41 of Directive 2016/680 monitor the lawfulness of the processing of personal data under this Regulation carried out by Member States’ relevant auhtorities.
Amendment 786 #
Proposal for a regulation Article 49 – paragraph 1 a (new) Amendment 787 #
Proposal for a regulation Article 49 – paragraph 1 a (new) 1 a. Each Member State shall ensure that the supervisory authority or authorities designated pursuant to Article 51 of Regulation (EU) 2016/679 and Article 41 of Directive (EU) 2016/680 shall monitor the lawfulness of the processing of personal data under this Regulation.
Amendment 788 #
Proposal for a regulation Article 49 – paragraph 2 2. Member States shall ensure that their supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation. Member States shall grant the supervisory authority access to their logs when facts justify the assumption of severe data protection breaches without prejudice to constraints imposed by national security interests.
Amendment 789 #
Proposal for a regulation Article 49 – paragraph 2 2. Member States shall ensure that their supervisory authority has sufficient
Amendment 790 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every
Amendment 791 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EU Budgetary Authority shall ensure that the European Data Protection Supervisor has sufficient additional resources, including both human and financial resources, to fulfil the tasks entrusted toit under this Regulation.
Amendment 792 #
Proposal for a regulation Article 50 – paragraph 1 The European Data Protection Supervisor shall ensure that an audit of eu-LISA’s personal data processing activities is carried out in accordance with relevant international auditing standards at least every four years. A report of that audit shall be sent to the European Parliament, the Council, eu-LISA, the Commission and the Member States. eu-LISA shall be given an opportunity to make comments before the reports are adopted. The EDPS shall be endowed with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 793 #
Proposal for a regulation Article 50 – paragraph 1 a (new) The European Commission, the European Parliament and Member States shall ensure that the European Data Protection Supervisor has sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 794 #
Proposal for a regulation Article 50 – paragraph 1 a (new) The EDPS should be provided with sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 795 #
Proposal for a regulation Article 51 – title Cooperation
Amendment 796 #
Proposal for a regulation Article 51 – paragraph 1 1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities
Amendment 797 #
Proposal for a regulation Article 51 – paragraph 1 1. The European Data Protection Supervisor shall act in close cooperation with national supervisory authorities and the European Data Protection Board with respect to specific issues requiring national involvement, in particular if the European Data Protection Supervisor or a national supervisory authority finds major discrepancies between practices of Member States or finds potentially unlawful transfers using the communication channels of the interoperability components, or in the context of questions raised by one or more national supervisory authorities on the implementation and interpretation of this Regulation.
Amendment 798 #
Proposal for a regulation Article 51 – paragraph 2 2.
Amendment 799 #
Proposal for a regulation Article 52 – paragraph 1 1. eu-LISA shall ensure that the central infrastructures of the interoperability components are operated in accordance with this Regulation. In that respect, eu-LISA shall follow the principles of data protection by design and by default.
Amendment 800 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 1 eu-LISA shall be responsible for the development of the
Amendment 801 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 1 eu-LISA shall be responsible for the development of the interoperability components, for any adaptations required for establishing interoperability between the central systems of the EES, VIS, [ETIAS], SIS, and Eurodac, and [the ECRIS-TCN system], and the European search portal, the shared biometric matching service,
Amendment 802 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination. In that regard, the tasks of eu-LISA shall also be: (a) perform a security risk assessment; (b) follow the principles of privacy by design and by default during the entire lifecycle of the development of the interoperability components and; (c) conduct a security risk assessment regarding the interoperability of EU information systems, interoperability components, Europol data and Interpol databases
Amendment 803 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 The development shall consist of the elaboration and implementation of the technical specifications, testing and overall project coordination, including the provision of technical solutions that would exclude the creation of links on EU or dual citizens that are recorded in the SIS or for types of alerts that are not relating to terrorist offences or serious criminal offences as defined in the present Regulation.
Amendment 804 #
Proposal for a regulation Article 52 – paragraph 3 – subparagraph 4 a (new) Amendment 805 #
Proposal for a regulation Article 52 – paragraph 5 – subparagraph 1 The Programme Management Board shall meet regularly and at least three times per quarter. It shall ensure the adequate management of the design and development phase of the interoperability components. Where relevant, experts to provide independent advise in matters relating to data protection shall be invited to the meetings.
Amendment 806 #
Proposal for a regulation Article 53 – paragraph 1 – subparagraph 2 a (new) Eu.LISA shall perform regular information security risk assessments for the interoperability components, implement a comprehensive information security risk management process and follow the principles of privacy by design and by default during the entire lifecycle of those interoperability components.
Amendment 807 #
Proposal for a regulation Article 53 – paragraph 2 2. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Union, eu-LISA shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to its entire staff required to work with data
Amendment 808 #
Proposal for a regulation Article 53 – paragraph 3 Amendment 809 #
Proposal for a regulation Article 53 – paragraph 3 3. eu-LISA shall develop and maintain a mechanism and procedures for carrying out quality checks on the data
Amendment 810 #
Proposal for a regulation Article 54 – paragraph 1 – point a (a) the connection to the communication infrastructure of the European search portal (ESP)
Amendment 811 #
(a) the connection to the communication infrastructure of the European search portal (ESP)
Amendment 812 #
Proposal for a regulation Article 54 – paragraph 1 – point b (b) the integration of the existing national systems and infrastructures with the ESP
Amendment 813 #
Proposal for a regulation Article 54 – paragraph 1 – point b (b) the integration of the existing national systems and infrastructures with the ESP, shared biometric matching service,
Amendment 814 #
Proposal for a regulation Article 54 – paragraph 1 – point d (d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP
Amendment 815 #
Proposal for a regulation Article 54 – paragraph 1 – point d (d) the management of, and arrangements for, access by the duly authorised staff, and by the duly empowered staff, of the competent national authorities to the ESP,
Amendment 816 #
Amendment 817 #
Proposal for a regulation Article 54 – paragraph 1 – point e (e) the adoption of the legislative measures referred to in Article 20(3) in order to access
Amendment 818 #
Proposal for a regulation Article 54 – paragraph 1 – point f Amendment 819 #
Proposal for a regulation Article 54 – paragraph 1 – point g a (new) (g a) fully complying with the rules of each IT-system to ensure the security and integrity of personal data;
Amendment 820 #
Proposal for a regulation Article 54 – paragraph 1 – point h a (new) (h a) reporting any security incidents involving personal data to the Commission, eu-LISA, the national supervisory authorities and the European Data Protection Supervisor
Amendment 821 #
Proposal for a regulation Article 54 – paragraph 2 Amendment 822 #
Proposal for a regulation Article 54a – paragraph 2 2. Europol shall be responsible for the management of, and arrangements for, its duly authorised staff to use and access respectively the ESP
Amendment 823 #
Proposal for a regulation Article 55 Amendment 824 #
Proposal for a regulation Article 55 a (new) Article 55 a Penalties Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
Amendment 825 #
Proposal for a regulation Article 55a Amendment 826 #
Proposal for a regulation Article 55b Amendment 827 #
Proposal for a regulation Article 55b – paragraph 1 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 3 – paragraph 1 – point s Amendment 828 #
Proposal for a regulation Article 55b – paragraph 1 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 3 – paragraph 1 – point s Amendment 829 #
Proposal for a regulation Article 55b – paragraph 1 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 3 – paragraph 1 – point t Amendment 830 #
Proposal for a regulation Article 55b – paragraph 2 – point a Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 4 – paragraph 1 – point d (d) a secure communication infrastructure between CS-SIS and the central infrastructures of the European Search Portal (ESP) established in accordance with [Article 6 of Regulation 2018/XX on interoperability], and the shared biometric matching service (BMS) established in accordance with [Article 12 of Regulation 2018/XX on interoperability]
Amendment 831 #
Proposal for a regulation Article 55b – paragraph 3 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 7 – paragraph 2a Amendment 832 #
Proposal for a regulation Article 55b – paragraph 3 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 7 – paragraph 2a The SIRENE Bureaux shall also ensure the verification of different identities in accordance with [Article 29 Regulation 2018/XX on interoperability].
Amendment 833 #
Proposal for a regulation Article 55b – paragraph 4 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 8 – paragraph 4 Amendment 834 #
Proposal for a regulation Article 55b – paragraph 6 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 43 – paragraph 1 – point g Amendment 835 #
Proposal for a regulation Article 55b – paragraph 7 Regulation (EU) 2018/XX [the SIS Regulation in the field of law enforcement] Article 71 – paragraph 6 Amendment 836 #
Proposal for a regulation Article 55c Amendment 837 #
Proposal for a regulation Article 55c Amendment 838 #
Proposal for a regulation Article 55c – paragraph 1 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 1 – point c (c) the conditions under which the ECRIS-TCN system contributes to facilitating and assisting in the correct identification of persons registered in the
Amendment 839 #
Proposal for a regulation Article 55c – paragraph 4 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 3 Amendment 840 #
Proposal for a regulation Article 55c – paragraph 5 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 4 – paragraph 1 Amendment 841 #
Proposal for a regulation Article 55c – paragraph 5 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 4 – paragraph 1 – point a Amendment 842 #
Proposal for a regulation Article 55c – paragraph 5 – point c Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 4 – paragraph 1 – point e (e) a secure communication infrastructure between the ECRIS-TCN Central System and the central infrastructures of the European search
Amendment 843 #
Proposal for a regulation Article 55c – paragraph 6 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 5 – paragraph 1a Amendment 844 #
Proposal for a regulation Article 55c – paragraph 7 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 8 – paragraph 2 Amendment 845 #
Proposal for a regulation Article 55c – paragraph 8 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 9 Amendment 846 #
Proposal for a regulation Article 55c – paragraph 9 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 12 – paragraph 2 Amendment 847 #
Proposal for a regulation Article 55c – paragraph 10 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 13 Amendment 848 #
Proposal for a regulation Article 55c – paragraph 11 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 21 – paragraph 2 Amendment 849 #
Proposal for a regulation Article 55c – paragraph 12 – point a Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 22 – paragraph 1 Amendment 850 #
Proposal for a regulation Article 55c – paragraph 12 – point b Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 22 – paragraph 3 Access to consulting the ECRIS-TCN data stored
Amendment 851 #
Proposal for a regulation Article 55c – paragraph 14 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 31 – paragraph 1 Amendment 852 #
Proposal for a regulation Article 55c – paragraph 15 Regulation (EU) 2018/XX [the ECRIS-TCN Regulation] Article 38 – paragraph 2 Amendment 853 #
Proposal for a regulation Article 55d Amendment 854 #
Proposal for a regulation Article 55d – paragraph 1 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 8 – paragraph 2 Amendment 855 #
Proposal for a regulation Article 55d – paragraph 2 Regulation (EU) 2018/XX [Regulation on eu-LISA] Article 9 Amendment 856 #
Proposal for a regulation Article -56 (new) Article -56 Access by third country jurisdictions With reference to Article 48 of Regulation (EU) 2016/679, Directive (EU) 2016/680, and Articles XIV and XIV bis of the General Agreement on Trade in Services, companies present in a third country jurisdiction where they may be subject to (court) orders or subpoenas by third country authorities requiring them to retrieve data from the interoperability components or different information systems made interoperable, shall be excluded from preparing, designing, developing, hosting or managing any part of an interoperability component, or processing personal data of these systems.
Amendment 857 #
Proposal for a regulation Article 56 – paragraph 1 – introductory part 1. The duly authorised staff of the competent authorities of Member States
Amendment 858 #
Proposal for a regulation Article 56 – paragraph 1 – introductory part 1. The duly authorised staff of the competent authorities of Member States, the Commission and eu-LISA shall have access to consult the following data related to the European search portal (ESP), solely for the purposes of reporting and statistics without enabling individual identification and in accordance with the safeguards related to non-discrimination referred to in Article 5:
Amendment 859 #
Proposal for a regulation Article 56 – paragraph 1 – point b (b)
Amendment 860 #
Proposal for a regulation Article 56 – paragraph 2 Amendment 861 #
Proposal for a regulation Article 56 – paragraph 2 Amendment 862 #
Proposal for a regulation Article 56 – paragraph 2 – point b Amendment 863 #
Proposal for a regulation Article 56 – paragraph 2 – point b (b) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 864 #
Proposal for a regulation Article 56 – paragraph 3 Amendment 865 #
Proposal for a regulation Article 56 – paragraph 3 – introductory part 3. The duly authorised staff of the competent authorities of Member States
Amendment 866 #
Proposal for a regulation Article 56 – paragraph 3 – point a Amendment 867 #
Proposal for a regulation Article 56 – paragraph 3 – point a (a) nationality, sex and year of birth of the person, which shall not lead to identification of the person concerned;
Amendment 868 #
Proposal for a regulation Article 56 – paragraph 5 Amendment 869 #
Proposal for a regulation Article 56 – paragraph 5 5.
Amendment 870 #
Proposal for a regulation Article 56 – paragraph 5 5. For the purpose of paragraph 1 of this Article, eu-LISA shall store the data referred to in paragraph 1 of this Article in the central repository for reporting and statistics referred to in Chapter VII of this Regulation. The data included in the repository shall
Amendment 871 #
Proposal for a regulation Article 56 – paragraph 5 a (new) 5 a. Meaningful summaries shall be made available to the Agency for Fundamental Rights in order to evaluate the impact on fundamental rights of this Regulation.
Amendment 872 #
Proposal for a regulation Article 57 – paragraph 1 For a period of
Amendment 873 #
Proposal for a regulation Article 58 Amendment 874 #
Proposal for a regulation Article 58 Amendment 875 #
Proposal for a regulation Article 58 – title 58 Transitional period applicable to the provisions on access to the
Amendment 876 #
Proposal for a regulation Article 59 Amendment 877 #
Proposal for a regulation Article 59 Amendment 878 #
Proposal for a regulation Article 59 – paragraph 1 a (new) 1 a. Following the period referred to in paragraph 1, the Commission, in close cooperation with the ETIAS Central Unit shall create a network of liaison officers to be hosed in the ETIAS Central Unit and/or single points of contact of the competent Member States’ authorities for the performance of the task laid down in this Article.
Amendment 879 #
Proposal for a regulation Article 59 – paragraph 1 b (new) 1 b. Member States and the ETIAS Central Unit, shall assess the need to extend the transitional period in which the ETIAS Central Unit performs the tasks referred to in this Article and/or whether the task implemented by the ECU should continue once the MID starts operations.
Amendment 880 #
6.
Amendment 881 #
Proposal for a regulation Article 60 – paragraph 1 1. The costs incurred in connection with the establishment and operation of the ESP
Amendment 882 #
Proposal for a regulation Article 60 – paragraph 1 1. The costs incurred in connection with the establishment and operation of the ESP
Amendment 883 #
Proposal for a regulation Article 60 – paragraph 1 1. The costs incurred in connection with the establishment and operation of the ESP, the shared biometric matching service,
Amendment 884 #
Proposal for a regulation Article 60 – paragraph 3 3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol.
Amendment 885 #
Proposal for a regulation Article 60 – paragraph 3 3. The costs incurred by the designated authorities referred to in Article 4(24) shall be borne, respectively, by each Member State and Europol.
Amendment 886 #
Proposal for a regulation Article 61 – paragraph 1 – subparagraph 1 The Member States shall notify eu-LISA of the authorities referred to in Articles 7, 20, 21 and 26 that may use or have access to the ESP
Amendment 887 #
Proposal for a regulation Article 61 – paragraph 1 – subparagraph 2 A consolidated list of those authorities shall be published in the Official Journal of the European Union within a period of three months from the date on which each interoperability component commenced operations in accordance with Article 62. Where there are amendments to the list, eu-
Amendment 888 #
Proposal for a regulation Article 61 – paragraph 3 Amendment 889 #
Proposal for a regulation Article 62 – paragraph 1 – point -a (new) (-a) following the successful completion of a pilot project
Amendment 890 #
Proposal for a regulation Article 62 – paragraph 1 – point c (c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1),
Amendment 891 #
Proposal for a regulation Article 62 – paragraph 1 – point c (c) eu-LISA has validated the technical and legal arrangements to collect and transmit the data referred to in Articles 8(1), 13
Amendment 892 #
Proposal for a regulation Article 62 – paragraph 1 – point e Amendment 893 #
Proposal for a regulation Article 62 – paragraph 1 a (new) 1 a. By way of derogation from paragraph 1, the measures referred to in Article 37 shall apply as of one year after the entry into force of this Regulation.
Amendment 894 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2), 9(7), 28(5) and 39(
Amendment 895 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2), 9(7) and
Amendment 896 #
Proposal for a regulation Article 63 – paragraph 2 2. The power to adopt delegated acts referred to in Articles 8(2) and 9(7) shall be conferred on the Commission for a
Amendment 897 #
Proposal for a regulation Article 63 – paragraph 3 3. The delegation of power referred to in Articles 8(2), 9(7), 28(5) and 39(
Amendment 898 #
Proposal for a regulation Article 63 – paragraph 6 6. A delegated act adopted pursuant to Articles 8(2), 9(7), 28(5) and 39(
Amendment 899 #
Proposal for a regulation Article 63 – paragraph 6 6. A delegated act adopted pursuant to Articles 8(2), 9(7) and
Amendment 900 #
Proposal for a regulation Article 65 – paragraph 1 An Advisory Group shall be established by eu-LISA in order to provide it with the expertise related to interoperability, including its fundamental rights dimension, in particular in the context of the preparation of its annual work programme and its annual activity report. During the design and development phase of the interoperability instruments, Article 52(4) to (6) shall apply.
Amendment 901 #
Proposal for a regulation Article 66 – paragraph 1 a (new) Member States and EU bodies shall organise for their staff authorised to process data from the interoperability components, appropriate training programme about data security, data quality, data protection rules and the procedures of the data processing.
Amendment 902 #
Proposal for a regulation Article 66 – paragraph 1 b (new) Common training courses about data security, data quality, data protection rules and the procedures of the data processing shall be organised at EU level at least once a year to enhance cooperation and exchange of best practices between staff of Member States and EU bodies authorised to process data from the interoperability components.
Amendment 903 #
Proposal for a regulation Article 67 – paragraph 1 – subparagraph 1 (new) The practical handbook should provide guidance to Member States on how to deal with yellow links that are the results of inconsistencies with the identity data contained in ETIAS. Such modalities should not create disproportionate burdens on persons who, without any intention to deceive the authorities, have entered inaccurate or ambiguous data in ETIAS.
Amendment 904 #
Proposal for a regulation Article 68 – paragraph 1 1. eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components and the integration of the existing national infrastructures and the connection to the national uniform interface in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.
Amendment 905 #
Proposal for a regulation Article 68 – paragraph 2 2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the European Parliament
Amendment 906 #
Proposal for a regulation Article 68 – paragraph 2 2. By [Six months after the entry into force of this Regulation — OPOCE, please replace with the actual date] and every six months thereafter during the development phase of the interoperability components, eu-LISA shall submit a report to the EDPS, European Parliament and the Council on the state of play of the development of the interoperability components. Once the development is finalised, a report shall be submitted to the European Parliament and the Council explaining in detail how the objectives, in particular relating to planning and costs, were achieved as well as justifying any divergences.
Amendment 907 #
Proposal for a regulation Article 68 – paragraph 2 a (new) 2 a. Six months after the start of the operations of each interoperability component, eu-LISA shall submit a report to the European Parliament and the Council on the state of play of the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 908 #
Proposal for a regulation Article 68 – paragraph 2 b (new) 2 b. During the development phase of the interoperability components, the Commission shall evaluate the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. The Commission shall transmit the evaluation report to the European Parliament and the Council. These evaluation reports shall include recommandations, an impact assessment and an assessment on their cost for the EU budget.
Amendment 909 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in
Amendment 910 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components without having access to any personal data processed by those components.
Amendment 911 #
Proposal for a regulation Article 68 – paragraph 3 3. For the purposes of technical maintenance, eu-LISA shall have access to the necessary information relating to the data processing operations performed in the interoperability components. Any access by eu-LISA shall be logged.
Amendment 912 #
Proposal for a regulation Article 68 – paragraph 4 4.
Amendment 913 #
Proposal for a regulation Article 68 – paragraph 4 4. Four years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the EDPS, European Parliament, the Council and the Commission a report on the technical functioning of the interoperability components, including the security thereof.
Amendment 914 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – introductory part In addition,
Amendment 915 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular the right to protection of personal data, the right to non-discrimination, the rights of the child and the right to an effective remedy;
Amendment 916 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact
Amendment 917 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point b (b) an examination of the results achieved against objectives and the impact on fundamental rights, in particular on the right to non-discrimination;
Amendment 918 #
Proposal for a regulation Article 68 – paragraph 5 – subparagraph 1 – point d a (new) (d a) an assessment of the security of the connection of Member States to the communication infrastructure of the ESP and the CIR and the security of the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 919 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare
Amendment 920 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data
Amendment 921 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the
Amendment 922 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information and the necessary limitations deriving from matters of national security, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on:
Amendment 923 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – introductory part While respecting the provisions of national law on the publication of sensitive information, as well as the EU's obligation to act with utmost transparency, each Member State and Europol shall prepare annual reports on the effectiveness of access to data stored in the common identity repository for law enforcement purposes, containing information and statistics on:
Amendment 924 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 1 – point c Amendment 925 #
Proposal for a regulation Article 68 – paragraph 8 – subparagraph 2 Member State and Europol
Amendment 926 #
Proposal for a regulation Article 68 – paragraph 8 a (new) 8 a. While respecting the provisions of national law on the publication of sensitive information, each Member State shall prepare annual reports containing information and statistics on the access to data stored in the common identity repository for identification pursuant to Article 20.
source: PE-625.514
2018/07/24
LIBE
276 amendments...
Amendment 193 #
Proposal for a regulation Title 1 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for inter
Amendment 194 #
Proposal for a regulation Title 1 Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on establishing a framework for
Amendment 195 #
Proposal for a regulation Recital 3 (3) In its Resolution of 6 July 2016 on the strategic priorities for the Commission Work Programme 201747 , the European Parliament called for proposals to improve and develop existing EU information systems, address information gaps and move towards their interoperability, as well as proposals for compulsory information sharing at EU level, accompanied by the
Amendment 196 #
Proposal for a regulation Recital 5 (5) In its final report of 11 May 201749 , the high-level expert group on information systems and interoperability concluded that it is necessary and technically feasible to work towards practical solutions for interoperability and that they can, in principle, both deliver operational gains and be established in compliance with data protection requirements. In the same final report, the European Data Protection Supervisor stated that he was not in a position to endorse all the conclusions referred to by the high-level expert group, citing concerns related to legal bases, data protection and information security. _________________ 49
Amendment 197 #
Proposal for a regulation Recital 8 a (new) (8a) In his Opinion 4/2018 of 16 April 20181a, the European Data Protection Supervisor emphasised that the decision to make large scale IT systems interoperable would not only permanently and profoundly affect their structure and their way of operating, but would also change the way legal principles have been interpreted in this area so far and would as such mark a ‘point of no return’. _________________ 1a http://edps.europa.eu/sites/edp/files/public ation/2018-04- 16_interoperability_opinion_en.pdf
Amendment 198 #
Proposal for a regulation Recital 8 b (new) (8b) In its Opinion of 11 April 20182a, the Article 29 Data Protection Working Party reiterated that the process towards interoperability of systems raises fundamental questions regarding the purpose, necessity, proportionality of the data processing as well as concerns regarding the principles of purpose limitation, data minimization, data retention and clear identification of a data controller. _________________ 2a http:// ec.europa.eu/newsroom/article29/docume nt.cfm?action=display&doc_id=51517
Amendment 199 #
Proposal for a regulation Recital 9 (9) With a view to
Amendment 200 #
Proposal for a regulation Recital 9 (9) With a view to improve the management of the external borders, to contribute to preventing and combating irregular migration and to contribute to a high level of security within the area of freedom, security and justice of the Union, including the maintenance of public security and public policy and safeguarding the security in the territories of the Member States, interoperability between EU information systems, namely the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and the [European Criminal Records Information System for third-country nationals (ECRIS-TCN)] should be established in order for these EU information systems and their data to supplement each other. To achieve this, a European search portal (ESP)
Amendment 201 #
Proposal for a regulation Recital 9 (9) With a view to improve the management of the external borders, to facilitating regular border crossings, to contribute to preventing and combating irregular migration, and
Amendment 202 #
(10) The inter
Amendment 203 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to
Amendment 204 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen and simplify the data security and data protection safeguards that govern the respective EU information systems, streamline the
Amendment 205 #
Proposal for a regulation Recital 10 (10) The interoperability between the EU information systems should allow said systems to supplement each other in order to facilitate the correct identification of persons, contribute to fighting identity fraud, improve and harmonise data quality requirements of the respective EU information systems, facilitate the technical and operational implementation by Member States of existing and future EU information systems, strengthen
Amendment 206 #
Proposal for a regulation Recital 10 a (new) (10a) The cross-border nature of terrorism and serious crime such as human trafficking and exploitation as well as modern slavery of human beings makes it essential to bring together relevant information from different Union and prospectively national information systems at EU level by full-fledged interoperability of such systems with substantial and adequate access rights for competent designated authorities in order to detect and comprehend the underlying criminal and terrorist networks and their modi operandi and fight such structures effectively.
Amendment 207 #
Proposal for a regulation Recital 10 a (new) (10a) Links between Eurodac and EES will be rare as illegal migrants are not in EES, leaving asylum authorities unable to determine multiple illegal crossings and asylum requests in various Member States.
Amendment 208 #
Proposal for a regulation Recital 11 (11) The inter
Amendment 209 #
Proposal for a regulation Recital 11 (11) The interoperability components should cover the EES, the VIS, the [ETIAS], Eurodac, the SIS, and the [ECRIS-TCN system]. They should also cover the Europol data to the extent of enabling
Amendment 210 #
Proposal for a regulation Recital 11 a (new) (11a) The interoperability proposal is insufficient for combating illegal migration as the utility of Eurodac and the use of ESP have been neglected by the proposal, because asylum authorities won't have automatic access to VIS, SIS, or EES via ESP when receiving asylum applications.
Amendment 211 #
Proposal for a regulation Recital 12 Amendment 212 #
Proposal for a regulation Recital 12 (12) The interoperability components should concern persons in respect of whom personal data may be processed in the EU
Amendment 213 #
Proposal for a regulation Recital 12 a (new) (12a) Children and vulnerable persons merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. The interoperability components should pay particular attention to the protection of children and ensure that their rights and integrity are being fully respected.
Amendment 214 #
Proposal for a regulation Recital 12 a (new) (12a) The proposal at hand constitutes a first step in creating a comprehensive framework of interoperable Union information systems. Additional information systems, including decentralised European and national systems, should be included in the future.
Amendment 215 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP) should be established to facilitate technically the ability of Member State authorities and EU bodies to have fast, seamless, efficient, systematic and controlled access to the relevant EU information systems,
Amendment 216 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP) should
Amendment 217 #
Proposal for a regulation Recital 13 (13) The European search portal (ESP) should be established to facilitate technically the a
Amendment 218 #
Proposal for a regulation Recital 15 (15) The European search portal (ESP) should be developed and configured in such a way that it fully respects purpose and access limitations and, additionally, does not allow the use of fields of data for the query that are not related to persons or travel documents or that are not present in an EU information system
Amendment 219 #
Proposal for a regulation Recital 16 (16) To ensure fast and systematic use of all relevant EU information systems, the European search portal (ESP) should be used to query the common identity
Amendment 220 #
Proposal for a regulation Recital 16 (16) To ensure fast and systematic use of all EU information systems, the European search portal (ESP) should be used to query
Amendment 221 #
Proposal for a regulation Recital 16 (16) To ensure fast and s
Amendment 222 #
Proposal for a regulation Recital 17 Amendment 223 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared biometric matching service (shared BMS) should be a technical tool to reinforce and
Amendment 224 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore
Amendment 225 #
Proposal for a regulation Recital 17 (17) Biometric data, such as fingerprints and facial images, are unique and therefore much more reliable than alphanumeric data for identifying a person. The shared
Amendment 226 #
Proposal for a regulation Recital 18 Amendment 227 #
Proposal for a regulation Recital 18 (18) Biometric data constitute sensitive personal data. This
Amendment 228 #
Proposal for a regulation Recital 18 (18) Biometric data and biometric templates constitute sensitive personal data. This regulation should lay down the basis for and the safeguards for processing of such data and templates for the purpose of uniquely identifying the persons concerned.
Amendment 229 #
Proposal for a regulation Recital 19 (19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council54
Amendment 230 #
Proposal for a regulation Recital 19 (19) The systems established by Regulation (EU) 2017/2226 of the European Parliament and of the Council54 , Regulation (EC) No 767/2008 of the European Parliament and of the Council55 , [the ETIAS Regulation] for the management of the borders of the Union, the system established by [the Eurodac Regulation] to identify the applicants for international protection and combat irregular migration, and the system established by [the ECRIS-TCN system Regulation] require
Amendment 231 #
Proposal for a regulation Recital 20 Amendment 232 #
Proposal for a regulation Recital 20 Amendment 233 #
Proposal for a regulation Recital 20 Amendment 234 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities.
Amendment 235 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals.
Amendment 236 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should
Amendment 237 #
Proposal for a regulation Recital 21 (21) Personal data stored in these EU information systems may relate to the same persons but under different or incomplete identities. Member States dispose of efficient ways to identify their citizens or registered permanent residents in their territory, but the same is not true for third- country nationals. The interoperability between EU information systems should contribute to the correct identification of third-country nationals. The common identity repository (CIR) should store the personal data concerning
Amendment 238 #
Proposal for a regulation Recital 22 Amendment 239 #
Proposal for a regulation Recital 22 Amendment 240 #
Proposal for a regulation Recital 22 (22)
Amendment 241 #
Proposal for a regulation Recital 23 Amendment 242 #
Proposal for a regulation Recital 23 Amendment 243 #
Proposal for a regulation Recital 23 Amendment 244 #
Proposal for a regulation Recital 24 Amendment 245 #
Proposal for a regulation Recital 24 Amendment 246 #
Proposal for a regulation Recital 24 Amendment 247 #
Proposal for a regulation Recital 24 (24) The common identity repository (CIR) should thus support the functioning of the multiple-identity detector and to facilitate and streamline access by
Amendment 248 #
Proposal for a regulation Recital 25 Amendment 249 #
Proposal for a regulation Recital 25 Amendment 250 #
Proposal for a regulation Recital 25 Amendment 251 #
Proposal for a regulation Recital 26 Amendment 252 #
Proposal for a regulation Recital 26 Amendment 253 #
Proposal for a regulation Recital 26 Amendment 254 #
Proposal for a regulation Recital 27 Amendment 255 #
Proposal for a regulation Recital 27 Amendment 256 #
(27) In order to
Amendment 257 #
Proposal for a regulation Recital 27 (27) In order to streamline and ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check.
Amendment 258 #
Proposal for a regulation Recital 27 (27) In order to ensure the correct identification of a person, Member State authorities competent for preventing and combating irregular migration and competent authorities within the meaning of Article 3(7) of Directive 2016/680 should be allowed to query the common identity repository (CIR) with the biometric data of that person taken during an identity check. Such query should be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuses to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query should not be allowed against minors under the age of 12 years old.
Amendment 259 #
Proposal for a regulation Recital 27 a (new) (27a) In order to identify unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident, Member States should be allowed to query the CIR with the biometric data of those persons.
Amendment 260 #
Proposal for a regulation Recital 28 Amendment 261 #
Proposal for a regulation Recital 28 Amendment 262 #
Proposal for a regulation Recital 28 Amendment 263 #
Proposal for a regulation Recital 28 (28) Where the biometric data of the person cannot be used or if the query with that data fails, the query should be carried out with identity data of that person in combination with travel document data. Where the query indicates that data on that person are stored in the common identity repository (CIR), Member State authorities should have access to consult the identity data of that person stored in the CIR,
Amendment 264 #
Proposal for a regulation Recital 29 Amendment 265 #
Proposal for a regulation Recital 29 Amendment 266 #
Proposal for a regulation Recital 29 (29) Member States should adopt national legislative measures designating the authorities competent to perform identity checks with the use of the
Amendment 267 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated
Amendment 268 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State
Amendment 269 #
Proposal for a regulation Recital 30 (30) This Regulation should also introduces a new possibility for streamlined access to data beyond identity data present in the EES, the VIS, [the ETIAS] or Eurodac by Member State designated law enforcement authorities and Europol. Data, including data other than identity data contained in those systems, may be necessary for the prevention, detection, investigation and prosecution of terrorist offences or serious criminal offences in a specific case
Amendment 270 #
Proposal for a regulation Recital 31 (31) Full access to the
Amendment 271 #
Proposal for a regulation Recital 31 (31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences
Amendment 272 #
Proposal for a regulation Recital 31 (31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist offences or other serious criminal offences, beyond the relevant identity data
Amendment 273 #
Proposal for a regulation Recital 31 (31) Full access to the necessary data contained in the EU information systems necessary for the purposes of preventing, detecting and investigating terrorist
Amendment 274 #
Proposal for a regulation Recital 31 a (new) (31a) Where such a search is carried out, a hit should not be interpreted as a ground or reason to draw conclusions about or undertake measures towards a person, but may be used only for the purpose of submitting an access request to the underlying EU information systems, subject to the conditions and procedures laid down in the respective legislative instruments governing such access. Any such act will be subject to the provisions measures set out in Chapter VII and the safeguards provided for in Regulation EU2016/679, Directive 2016/680 or Regulation EC 45/2001.
Amendment 275 #
Proposal for a regulation Recital 32 Amendment 276 #
Proposal for a regulation Recital 32 (32) The logs of the all queries
Amendment 277 #
Proposal for a regulation Recital 32 (32) The logs of the queries of the
Amendment 278 #
Proposal for a regulation Recital 33 Amendment 279 #
Proposal for a regulation Recital 33 (33) The query of the
Amendment 280 #
Proposal for a regulation Recital 33 (33) The query
Amendment 281 #
Proposal for a regulation Recital 34 Amendment 282 #
Proposal for a regulation Recital 34 Amendment 283 #
Proposal for a regulation Recital 34 (34) The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases
Amendment 284 #
Proposal for a regulation Recital 34 (34) The two-step data consultation approach is particularly valuable in cases where the suspect, perpetrator or suspected victim of a terrorist offence or other serious criminal offence is unknown. In those cases the common identity repository (CIR) should enable identifying the information system that knows the person in one single search. By creating the obligation to use this new law enforcement access approach in these cases, access to the personal data stored in the EES, the VIS, [the ETIAS] and Eurodac should take place without the requirements of a prior search in national databases and the launch of a prior search in the automated fingerprint identification system of other Member States under Decision 2008/615/JHA. The principle of prior search effectively limits the possibility of Member State’ authorities to consult systems for justified
Amendment 285 #
Proposal for a regulation Recital 35 Amendment 286 #
Proposal for a regulation Recital 35 Amendment 287 #
Proposal for a regulation Recital 35 (35) The multiple-identity detector (MID) should be established to support the
Amendment 288 #
Proposal for a regulation Recital 36 (36) T
Amendment 289 #
Proposal for a regulation Recital 36 (36) The possibility to achieve the objectives of the EU information systems is undermined by the current
Amendment 290 #
Proposal for a regulation Recital 37 Amendment 291 #
Proposal for a regulation Recital 37 Amendment 292 #
Proposal for a regulation Recital 37 (37) The multiple-identity detector (MID) should create and store links between data in the different EU information systems in order to detect multiple identities, with the dual purpose of facilitating identity checks for bona fide travellers and combating identity fraud. The creation of those links constitutes automated decision-making as referred to in Regulation (EU) 2016/679 and in Directive(EU) 2016/680 and therefore requires transparency towards the individuals affected and the implementation of necessary safeguards in accordance with EU data protection rules. The MID should only contain the links between individuals present in more than one EU information system, strictly limited to the data necessary to verify that a person is recorded lawfully or unlawfully under different biographical identities in different systems, or to clarify that two persons having similar biographical data may not be the same person. Data processing through the European search portal (ESP) and the shared biometric matching service (shared BMS) in order to link individual files across individual systems should be kept to an absolute minimum and therefore is limited to a multiple-identity detection at the time new data is added to one of the
Amendment 293 #
Proposal for a regulation Recital 38 (38) This Regulation provides for new data processing operations aimed at identifying the persons concerned correctly. This constitutes an interference with their fundamental rights as protected by Articles 7 and 8 of the Charter of Fundamental Rights.
Amendment 294 #
Proposal for a regulation Recital 38 (38) This Regulation provides for new data processing operations aimed at
Amendment 295 #
Proposal for a regulation Recital 39 Amendment 296 #
Proposal for a regulation Recital 39 Amendment 297 #
Proposal for a regulation Recital 39 (39) The European search portal (ESP) and shared biometric matching service (shared BMS) should compare data in
Amendment 298 #
Proposal for a regulation Recital 40 Amendment 299 #
Proposal for a regulation Recital 40 Amendment 300 #
Proposal for a regulation Recital 40 (40) The national authority or EU body that recorded the new data in the respective EU information system should confirm or change these links. This authority should have access to the identity data stored in th
Amendment 301 #
Proposal for a regulation Recital 41 Amendment 302 #
Proposal for a regulation Recital 41 Amendment 303 #
Proposal for a regulation Recital 41 (41) Access to the multiple-identity detector (MID) by Member State authorities and EU bodies having access to at least one of the relevant EU information system
Amendment 304 #
Proposal for a regulation Recital 42 Amendment 305 #
Proposal for a regulation Recital 42 (42) The manual verification of multiple identities should be ensured by the authority creating or updating the data that triggered a hit resulting in a link with data already stored in another EU information system as described in this Regulation in full respect of access rights granted under Union and national law. The authority responsible for the verification of multiple identities should assess whether there are multiple lawful or unlawful identities. Such assessment should be performed
Amendment 306 #
Proposal for a regulation Recital 43 Amendment 307 #
Proposal for a regulation Recital 43 (43)
Amendment 308 #
Proposal for a regulation Recital 43 (43) For the links obtained in relation to the Schengen Information System (SIS) related to the alerts in respect of persons wanted for arrest or for surrender or extradition purposes, on missing or vulnerable persons, on persons sought to assist with a judicial procedure, on persons for discreet checks or specific checks or on unknown wanted persons, the authority responsible for the verification of multiple identities should be the SIRENE Bureau of the Member State that created the alert. Indeed those categories of SIS alerts are sensitive and should not necessarily be shared with the authorities creating or updating the data in one of the other EU information systems. The creation of a link with SIS data should be without prejudice to the actions to be taken in accordance with the [SIS Regulations]. A link should only be created for types of alerts relating to serious criminal offences as defined in Article 4 (25) and (26) of the current Regulation and cannot be created for types of alerts that concern EU or dual citizens.
Amendment 309 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible
Amendment 310 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU information systems. The common quality indicators should include the minimum quality standards to store data in the EU information systems
Amendment 311 #
Proposal for a regulation Recital 44 (44) eu-LISA should establish automated data quality control mechanisms and common data quality indicators. eu- LISA should send out automatic and immediate warnings to the authority entering data if minimum data quality standards are not met. eu-LISA should be responsible to develop a central monitoring capacity for data quality and to produce regular data analysis reports to improve the control of implementation and application by Member States of EU
Amendment 312 #
Proposal for a regulation Recital 45 (45) The Commission should evaluate eu-LISA quality reports and should issue recommendations to Member States where appropriate. Member States should be responsible for preparing an action plan describing actions to remedy any deficiencies in data quality and fundamental rights and should report on its progress regularly.
Amendment 313 #
Proposal for a regulation Recital 46 (46) The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective
Amendment 314 #
Proposal for a regulation Recital 46 (46) The Universal Message Format (UMF) should establish a standard for structured, cross-border information exchange between information systems, authorities and/or organisations in the field of Justice and Home affairs, including SIS. UMF should define a common vocabulary and logical structures for commonly exchanged information with the objective to facilitate interoperability by enabling the creation and reading of the contents of the exchange in a consistent and semantically equivalent manner.
Amendment 315 #
Proposal for a regulation Recital 47 Amendment 316 #
Proposal for a regulation Recital 47 (47)
Amendment 317 #
Proposal for a regulation Recital 47 (47) A central repository for reporting and statistics (CRRS) should be established to generate cross-system statistical data and analytical reporting for policy, operational and data quality purposes in line with the objectives of the underlying systems and inconformity with their respective legal bases. eu-LISA should establish, implement and host the CRRS in its technical sites. The CRRS should contain
Amendment 318 #
Proposal for a regulation Recital 48 (48) Regulation (EU) 2016/679 should apply to the processing of personal data under this Regulation by national authorities unless such processing is carried out by the designated authorities or central access points of the Member States for the purposes of the prevention, detection or investigation of terrorist offences or of other serious criminal offences,
Amendment 319 #
Proposal for a regulation Recital 49 Amendment 320 #
Proposal for a regulation Recital 51 (51) The national supervisory authorities established in accordance with
Amendment 321 #
Proposal for a regulation Recital 55 (55) To support the purposes of statistics and reporting, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation and the integration of the existing national systems and infrastructures with those components to consult certain data related to certain interoperability components without enabling individual identification.
Amendment 322 #
Proposal for a regulation Recital 55 (55) To support the purposes of statistics and reporting on possible negative impact on fundamental rights, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation to consult certain data related to certain interoperability components without enabling individual identification.
Amendment 323 #
Proposal for a regulation Recital 56 (56) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period.
Amendment 324 #
Proposal for a regulation Recital 56 (56) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period.
Amendment 325 #
(56) In order to allow competent authorities and the EU bodies to adapt to the new requirements on the use of the European search portal (ESP), it is necessary to provide for a transitional period which should entail, inter alia, training programmes for end users so as to ensure that the new instruments operate to their full potential. Similarly, in order to allow for the coherent and optimal functioning of the multiple-identity detector (MID), transitional measures should be established for the start of its operations.
Amendment 326 #
Proposal for a regulation Recital 57 (57) The
Amendment 327 #
Proposal for a regulation Recital 57 (57) The costs for the development of the interoperability components projected under the current Multiannual Financial Framework are lower than the remaining amount on the budget earmarked for Smart Borders in Regulation (EU) No 515/2014 of the European Parliament and the Council57 . Accordingly, this Regulation, pursuant to Article 5(5)(b) of Regulation (EU) No 515/2014, should reallocate the amount currently attributed for developing IT systems supporting the management of migration flows across the external borders. In addition, eu-LISA shall use best endeavours to keep costs to a minimum and to identify and implement the most cost-effective technical solutions. _________________ 57 Regulation (EU) No 515/2014 of the European Parliament and of the Council of 16 April 2014 establishing as part of the Internal Security Fund, the Instrument for
Amendment 328 #
Proposal for a regulation Recital 57 a (new) (57a) It would be appropriate that, during the development phase of the interoperability components, the Commission assess the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. Those recommendations should also include an impact assessment and an assessment on their cost for the EU budget.
Amendment 329 #
Proposal for a regulation Recital 58 (58) In order to supplement certain
Amendment 330 #
Proposal for a regulation Recital 59 (59) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard;
Amendment 331 #
Proposal for a regulation Recital 59 (59) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred on the Commission to adopt detailed rules on: automated data quality control mechanisms, procedures and indicators; development of the UMF standard; procedures for determining cases of similarity of identities;
Amendment 332 #
Proposal for a regulation Recital 60 Amendment 333 #
Proposal for a regulation Recital 60 Amendment 334 #
Proposal for a regulation Recital 60 a (new) (60a) This Regulation should contain clear provisions on liability and right to compensation for unlawful processing of personal data or from any other act incompatible with it, without prejudice to the right to compensation from, and liability of the controller or processor under Regulation (EU) 2016/679, Directive EU 2016/680 and Regulation EU45/2001. With regard to EU-LISA as a data processor, it should be responsible for the damage provoked, if and where it does not comply with the specific obligations of this Regulation, or where it has acted outside or contrary to lawful instructions of the Member State designated as the data controller.
Amendment 335 #
Proposal for a regulation Recital 65 a (new) (65a) As interoperability components will involve the processing of significant amounts of sensitive personal data, it is important that persons whose data is processed through those components can effectively exercise their rights as data subjects as laid down in Regulation (EU) 2016/679, Directive (EU) 680/2016 and Regulation (EC) No 45/2001. In that regard, in the same way as Member State authorities have been provided with a single portal to carry out searches of EU information systems, so data subjects should be provided with a single web service through which they can exercise their rights to access, rectification, erasure and restriction. eu.LISA should establish such a web service and host it in its technical site. As eu.LISA is not responsible for the entry of personal data or the verification of identities, the request should be transmitted via the web service to either the Member State responsible for the manual verification of different identities or the Member State responsible for the entry of the data into the underlying information system.
Amendment 336 #
Proposal for a regulation Recital 68 a (new) (68a) Article 8 (2) of the European Convention on Human Rights states that any interference with the right to respect for private life, must pursue a legitimate aim and must be both necessary and proportionate except in such cases when, in accordance with the law such an action is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Amendment 337 #
Proposal for a regulation Recital 68 b (new) (68b) Article 52(1) of the Charter of Fundamental Rights states that any limitation on the exercise of rights and freedoms recognised by the Charter must be provided for by law and respect the essence of those rights and freedoms and be subject to the principle of proportionality. Limitations may be made only if they are necessary if they genuinely meet the objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
Amendment 338 #
Proposal for a regulation Recital 68 c (new) (68c) One of the core principles of data protection is data minimisation as highlighted in Article 5 (1)(c) of the GDPR1a which states that the processing of personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed _________________ 1a REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Amendment 339 #
Proposal for a regulation Recital 68 d (new) Amendment 340 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the inter
Amendment 341 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with
Amendment 342 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, and the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems
Amendment 343 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data to
Amendment 344 #
Proposal for a regulation Article 1 – paragraph 1 1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the
Amendment 345 #
Proposal for a regulation Article 1 – paragraph 2 – introductory part 2. The framework shall include the following
Amendment 346 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 347 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 348 #
Proposal for a regulation Article 1 – paragraph 2 – point c Amendment 349 #
Proposal for a regulation Article 1 – paragraph 2 – point d Amendment 350 #
Proposal for a regulation Article 1 – paragraph 2 – point d Amendment 351 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF)
Amendment 352 #
Proposal for a regulation Article 1 – paragraph 3 3. This Regulation also lays down provisions on data quality requirements, on a Universal Message Format (UMF)
Amendment 353 #
Proposal for a regulation Article 1 – paragraph 4 Amendment 354 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation also adapts the procedures and conditions for Member State
Amendment 355 #
Proposal for a regulation Article 1 – paragraph 4 4. This Regulation also adapts the procedures and conditions for Member State law enforcement authorities and for the European Union Agency for Law Enforcement Cooperation (Europol) access in specific cases and under specific conditions to the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS),] and Eurodac for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence.
Amendment 356 #
Proposal for a regulation Article 1 – paragraph 4 a (new) 4a. This Regulation also provides the option for Member States to use national legislative measures to empower police authorities to query the CIR for the purpose of identifying a person as well as to prevent and fight illegal migration and to preserve public security.
Amendment 357 #
Proposal for a regulation Article 2 – paragraph 1 – introductory part 1. By ensuring interoperability, the purpose of this Regulation shall
Amendment 358 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) to
Amendment 359 #
Proposal for a regulation Article 2 – paragraph 1 – point a (a) to improve the
Amendment 360 #
Proposal for a regulation Article 2 – paragraph 1 – point b Amendment 361 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) to contribute to
Amendment 362 #
Proposal for a regulation Article 2 – paragraph 1 – point b (b) to contribute to preventing and
Amendment 363 #
Proposal for a regulation Article 2 – paragraph 1 – point b a (new) (ba) to facilitate the smooth entry into the Union of bona fide third-country travellers;
Amendment 364 #
Proposal for a regulation Article 2 – paragraph 1 – point c Amendment 365 #
Proposal for a regulation Article 2 – paragraph 1 – point c (c) to contribute to a high level of security within the area of freedom, security and justice of the Union including the maintenance of public security and
Amendment 366 #
Proposal for a regulation Article 2 – paragraph 1 – point e Amendment 367 #
Proposal for a regulation Article 2 – paragraph 1 – point e a (new) (ea) to assist Member States law enforcement authorities and Europol in the prevention, detection and investigation of terrorist offences or of other serious criminal offences falling under their competence;
Amendment 368 #
Proposal for a regulation Article 2 – paragraph 1 – point e b (new) (eb) in the event of a natural disaster or an accident, for humanitarian reasons, to assist in the identification of unknown persons who are not able to identify themselves or unidentified human remains.
Amendment 369 #
Proposal for a regulation Article 2 – paragraph 1 – point e a (new) (ea) to aid in in the identification of unknown persons who are unable to identify themselves or unidentified human remains in cases of natural disasters, accidents or terrorist attacks.
Amendment 370 #
Proposal for a regulation Article 2 – paragraph 2 – introductory part 2. Those objectives
Amendment 371 #
Proposal for a regulation Article 2 – paragraph 2 – point a Amendment 372 #
Proposal for a regulation Article 2 – paragraph 2 – point a (a) ensuring the correct identification of
Amendment 373 #
Proposal for a regulation Article 2 – paragraph 2 – point a (a) ensuring and streamlining the correct identification of persons;
Amendment 374 #
Proposal for a regulation Article 2 – paragraph 2 – point b Amendment 375 #
Proposal for a regulation Article 2 – paragraph 2 – point b (b) contributing to
Amendment 376 #
Proposal for a regulation Article 2 – paragraph 2 – point c (c) improving and harmonising data quality requirements of the respective EU information systems while respecting the data processing requirements of the legal bases of the individual systems, data protection standards and principles;
Amendment 377 #
Proposal for a regulation Article 2 – paragraph 2 – point c a (new) (ca) improving judicial cooperation in the areas of freedom, security and justice;
Amendment 378 #
Proposal for a regulation Article 2 – paragraph 2 – point d (d)
Amendment 379 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and simplifying
Amendment 380 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and simplifying
Amendment 381 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and
Amendment 382 #
Proposal for a regulation Article 2 – paragraph 2 – point e (e) strengthening and
Amendment 383 #
Proposal for a regulation Article 2 – paragraph 2 – point e a (new) (ea) contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
Amendment 384 #
Proposal for a regulation Article 2 – paragraph 2 – point f Amendment 385 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f)
Amendment 386 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f) streamlining the conditions for
Amendment 387 #
Proposal for a regulation Article 2 – paragraph 2 – point f (f) streamlining the conditions for law
Amendment 388 #
Proposal for a regulation Article 2 – paragraph 2 – point g (g) supporting the purposes of the EES, the VIS, [the ETIAS], Eurodac, the SIS
Amendment 389 #
Proposal for a regulation Article 2 – paragraph 2 – point g a (new) (ga) supporting eu-LISA and Member States in providing training and education to experts and users of interoperability components.
Amendment 390 #
Proposal for a regulation Article 3 – paragraph 1 1. This Regulation applies to
Amendment 391 #
Proposal for a regulation Article 3 – paragraph 2 2. This Regulation also applies to
Amendment 392 #
Proposal for a regulation Article 3 – paragraph 3 Amendment 393 #
Proposal for a regulation Article 3 – paragraph 3 3. This Regulation applies to persons in respect of whom personal data may be processed in the EU information systems referred to in paragraph 1 and in the Europol data referred to in paragraph 2, only for the purposes as defined in the underlying legal basis for those information systems.
Amendment 394 #
Proposal for a regulation Article 3 – paragraph 3 a (new) 3a. This Regulation shall not apply to personal data relating to an identified, or identifiable citizen of the EU.
Amendment 395 #
(7) ‘third-country national’ means a person who is not a citizen of the Union within the meaning of Article 20(1) of the Treaty, or a stateless person not residing in the EU or a person whose nationality is unknown;
Amendment 396 #
Proposal for a regulation Article 4 – paragraph 1 – point 9 Amendment 397 #
Proposal for a regulation Article 4 – paragraph 1 – point 9 (9) ‘identity data’ means the data
Amendment 398 #
Proposal for a regulation Article 4 – paragraph 1 – point 11 Amendment 399 #
Proposal for a regulation Article 4 – paragraph 1 – point 18 (18) ‘
Amendment 400 #
Proposal for a regulation Article 4 – paragraph 1 – point 18 (18) ‘EU information systems’ means the large-scale IT systems operationally managed by eu-
Amendment 401 #
Proposal for a regulation Article 4 – paragraph 1 – point 19 (19) ‘Europol data’ means personal data pro
Amendment 402 #
Proposal for a regulation Article 4 – paragraph 1 – point 20 (20) ‘Interpol databases’ means the Interpol Stolen and Lost Travel Document database (SLTD)
Amendment 403 #
Proposal for a regulation Article 4 – paragraph 1 – point 21 (21) ‘match’ means the existence of an exact correspondence established by comparing two or more occurrences of personal data recorded or being recorded in an information system or database;
Amendment 404 #
Proposal for a regulation Article 4 – paragraph 1 – point 25 (25) ‘terrorist offence’ means an offence
Amendment 405 #
Proposal for a regulation Article 4 – paragraph 1 – point 25 (25) ‘terrorist offence’ means an offence
Amendment 406 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 407 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 408 #
Proposal for a regulation Article 4 – paragraph 1 – point 35 Amendment 409 #
Proposal for a regulation Article 4 – paragraph 1 – point 36 Amendment 410 #
Proposal for a regulation Article 4 – paragraph 1 – point 36 Amendment 411 #
Proposal for a regulation Article 4 – paragraph 1 – point 37 Amendment 412 #
Proposal for a regulation Article 4 – paragraph 1 – point 37 Amendment 416 #
Proposal for a regulation Article 5 – title 5 Non-discrimination and fundamental rights
Amendment 417 #
Proposal for a regulation Article 5 – paragraph 1 This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, rac
Amendment 418 #
Proposal for a regulation Article 5 – paragraph 1 The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her. Processing of personal data for the purposes of this Regulation by any user shall not result in discrimination against persons on any grounds such as sex, colour, social, racial or ethnic origin, religion or belief,
Amendment 419 #
Amendment 420 #
Proposal for a regulation Article 5 – paragraph 1 This Regulation respects the fundamental rights and observes the principles recognized in particular by the Charter of Fundamental Rights of the European Union and shall be applied in accordance with those rights and principles. Processing of personal data for the purposes of this Regulation shall not result, either directly or indirectly, in undue interferences with the right to respect for private and family life, and the right to protection of personal data. Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial
Amendment 421 #
Proposal for a regulation Article 5 – paragraph 1 Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, racial or ethnic origin, religion or belief, nationality, disability, age or sexual orientation. It shall fully respect human rights, dignity
Amendment 422 #
Proposal for a regulation Article 5 – paragraph 1 Processing of personal data for the purposes of this Regulation shall not result in discrimination against persons on any grounds such as sex, social, racial or ethnic origin,
Amendment 423 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 1 (new) One year after the date of entry into force of this legislation, the Commission shall conduct an ex-post evaluation which aims at assessing the impact of interoperability on the right to non-discrimination
Amendment 424 #
Proposal for a regulation Article 5 – paragraph 1 – subparagraph 1 (new) To this end, no biometric data of children, elderly and persons with disabilities shall be processed.
Amendment 425 #
Proposal for a regulation Article 5 – paragraph 1 a (new) The Commission should be empowered, through a delegated act, to task EU-LISA with the development of pop-up alerts within the system which would help end- users identify when matches have a higher risk of being false, and would thus require manual verification to ascertain if the match is correct or not.
Amendment 426 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of
Amendment 427 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient
Amendment 428 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS],
Amendment 429 #
Proposal for a regulation Article 6 – paragraph 1 1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol data, while fully respecting the principles of necessity and proportionality.
Amendment 430 #
Proposal for a regulation Article 6 – paragraph 2 – point a (a) a central infrastructure, including a search portal enabling the simultaneous querying of the EES, the VIS, [the ETIAS],
Amendment 431 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS,
Amendment 432 #
(c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases
Amendment 433 #
Proposal for a regulation Article 6 – paragraph 2 – point c (c) a secure communication infrastructure between the ESP and the EES, the VIS, [the ETIAS], Eurodac, the Central-SIS, [the ECRIS-TCN system], the Europol data and the Interpol databases as well as between the ESP and the central infrastructures of the
Amendment 434 #
Proposal for a regulation Article 6 – paragraph 3 3. eu-LISA shall develop the ESP and ensure its technical management. It shall not, however, have access to any of the personal data processed through the EPS.
Amendment 435 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS,
Amendment 436 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU
Amendment 437 #
Proposal for a regulation Article 7 – paragraph 1 1. The use of the ESP shall be reserved to the Member State authorities and EU bodies having access to the EES, [the ETIAS], the VIS, the SIS, Eurodac and [the ECRIS-TCN system],
Amendment 438 #
Proposal for a regulation Article 7 – paragraph 1 a (new) 1a. Those Member State authorities and Union agencies may make use of the ESP and the data provided by it only for the objectives and purposes laid down in the legal instruments governing those Union information systems and in this Regulation, and only in specific cases where they have factual indications that a person is registered in one of the systems and the information about this is necessary for solving a specific on-going situation or facilitating a criminal investigation. They shall not use the ESP for systematic checks of large groups of persons.
Amendment 439 #
Proposal for a regulation Article 7 – paragraph 2 2.
Amendment 440 #
Proposal for a regulation Article 7 – paragraph 2 2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of Eurodac and [the ECRIS-TCN system] in accordance with their access rights under Union and national law.
Amendment 441 #
Proposal for a regulation Article 7 – paragraph 2 2. The authorities referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the central systems of Eurodac and [the ECRIS-TCN system] in accordance with their access rights under Union and national law.
Amendment 442 #
Proposal for a regulation Article 7 – paragraph 4 4.
Amendment 443 #
Proposal for a regulation Article 7 – paragraph 4 4. The EU
Amendment 444 #
Proposal for a regulation Article 7 – paragraph 4 4. The EU bodies as referred to in paragraph 1 shall use the ESP to search data related to persons or their travel documents in the Central SIS.
Amendment 445 #
Proposal for a regulation Article 7 – paragraph 5 5.
Amendment 446 #
Proposal for a regulation Article 7 – paragraph 5 a (new) 5a. The data owners referred in this article shall not be notified that a search has taken place.
Amendment 447 #
Proposal for a regulation Article 8 – paragraph 1 – point a (a) the fields of data possibly to be used for querying, including a mandatory field for the specific purpose of the query;
Amendment 448 #
Proposal for a regulation Article 8 – paragraph 1 – point a a (new) (aa) the purpose for which the EU information systems, the Europol data and the Interpol databases may be accessed;
Amendment 449 #
Proposal for a regulation Article 8 – paragraph 1 – point b (b) the EU information systems, the Europol data and the Interpol databases that shall and may be consulted and that shall provide a reply to the user, whereby it shall be ensured that access according to access rights is technically ensured; and
Amendment 450 #
Proposal for a regulation Article 8 – paragraph 1 – point c a (new) (ca) the purpose of the use of ESP by this category of user;
Amendment 451 #
Proposal for a regulation Article 8 – paragraph 1 – point c a (new) (ca) the purpose of the query;
Amendment 452 #
Proposal for a regulation Article 8 – paragraph 2 a (new) 2a. eu-LISA shall review regularly – and at least once a year after their creation - the user profiles referred to in paragraph one, and shall update and delete those profiles where necessary.
Amendment 453 #
Proposal for a regulation Article 8 – paragraph 2 a (new) 2a. The profiles as referred to in paragraph 1 shall be regularly reviewed and if necessary updated.
Amendment 454 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in
Amendment 455 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system]
Amendment 456 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in
Amendment 457 #
Proposal for a regulation Article 9 – paragraph 1 1. The users of the ESP shall launch a query by introducing data in the ESP in accordance with their user profile and access rights. Where a query has been launched, the ESP shall query simultaneously, with the data introduced by the user of the ESP, the EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system] and the CIR as well as the Europol data and the Interpol databases. A search launched by the user of the ESP shall only query the systems he or she is authorised to access.
Amendment 458 #
Proposal for a regulation Article 9 – paragraph 2 2. The fields of data used to launch a
Amendment 459 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS,
Amendment 460 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system],
Amendment 461 #
Proposal for a regulation Article 9 – paragraph 4 4. The EES, [the ETIAS], the VIS, the SIS, Eurodac, [the ECRIS-TCN system],
Amendment 462 #
Proposal for a regulation Article 9 – paragraph 5 5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query, or any other data, is not shared with the owners of Interpol data. As regards to data on individuals registered in Eurodac, it must be ensured that the database owner does not receive information on whether their databases have been queried through the ESP.
Amendment 463 #
Proposal for a regulation Article 9 – paragraph 5 5. When querying the Interpol databases, the design of the ESP shall ensure that the data used by the user of the ESP to launch a query is not shared with the owners of Interpol data. Any data from the Interpol databases and originating from a third country shall be marked as such, in order to warn the user about possible misuses of Interpol for political purposes.
Amendment 464 #
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 465 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 466 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
Amendment 467 #
Proposal for a regulation Article 9 – paragraph 6 6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law.
source: 625.531
|
History
(these mark the time of scraping, not the official date of the change)
docs/0 |
|
docs/4 |
|
docs/10 |
|
docs/11 |
|
docs/12 |
|
docs/12 |
|
docs/13 |
|
docs/14 |
|
docs/14 |
|
docs/14/docs/0/url |
/oeil/spdoc.do?i=31686&j=0&l=en
|
docs/15 |
|
docs/16 |
|
docs/16 |
|
docs/17 |
|
docs/17 |
|
docs/18 |
|
docs/18 |
|
docs/19 |
|
docs/19 |
|
docs/20 |
|
docs/20 |
|
docs/21 |
|
docs/22 |
|
docs/23 |
|
events/0 |
|
events/2 |
|
events/13 |
|
events/15 |
|
committees/0/shadows/3 |
|
docs/0 |
|
docs/0 |
|
docs/1 |
|
docs/1/docs/0 |
|
docs/2 |
|
docs/3 |
|
docs/4 |
|
docs/5 |
|
docs/5 |
|
docs/5/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE616.792&secondRef=02New
https://www.europarl.europa.eu/doceo/document/BUDG-AD-616792_EN.html |
docs/6 |
|
docs/6 |
|
docs/6/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.514New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625514_EN.html |
docs/7 |
|
docs/7 |
|
docs/7/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.532New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625532_EN.html |
docs/8 |
|
docs/8 |
|
docs/8/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE622.253New
https://www.europarl.europa.eu/doceo/document/LIBE-PR-622253_EN.html |
docs/9 |
|
docs/9 |
|
docs/9/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=COMPARL&mode=XML&language=EN&reference=PE625.531New
https://www.europarl.europa.eu/doceo/document/LIBE-AM-625531_EN.html |
docs/10 |
|
docs/10/docs/0/url |
https://dmsearch.eesc.europa.eu/search/public?k=(documenttype:AC)(documentnumber:4547)(documentyear:2018)(documentlanguage:EN)
|
docs/15 |
|
docs/16 |
|
events/0 |
|
events/0 |
|
events/0/type |
Old
Committee referral announced in Parliament, 1st reading/single readingNew
Committee referral announced in Parliament, 1st reading |
events/1 |
|
events/1 |
|
events/1/type |
Old
Vote in committee, 1st reading/single readingNew
Vote in committee, 1st reading |
events/2 |
|
events/3 |
|
events/3 |
|
events/4 |
|
events/5 |
|
events/5 |
|
events/7/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?secondRef=TOC&language=EN&reference=20190327&type=CRENew
https://www.europarl.europa.eu/doceo/document/CRE-8-2019-03-27-TOC_EN.html |
events/9 |
|
events/9 |
|
events/13 |
|
events/13 |
|
procedure/Legislative priorities/0/title |
Old
Joint Declaration 2018New
Joint Declaration 2018-19 |
procedure/Notes |
|
procedure/instrument/1 |
See also 2017/0351(COD) Amended by 2018/0152B(COD)
|
procedure/instrument/1 |
See also 2017/0351(COD)
|
docs/11/docs/0/url |
http://www.europarl.europa.eu/RegData/docs_autres_institutions/parlements_nationaux/com/2018/0480/IE_CHAMBER_AVIS-COM(2018)0480_EN.pdf
|
docs/13 |
|
events/5/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=REPORT&mode=XML&reference=A8-2018-0348&language=ENNew
http://www.europarl.europa.eu/doceo/document/A-8-2018-0348_EN.html |
events/8 |
|
events/8 |
|
events/9 |
|
events/9/docs/0/url |
Old
http://www.europarl.europa.eu/sides/getDoc.do?type=TA&language=EN&reference=P8-TA-2019-0389New
http://www.europarl.europa.eu/doceo/document/TA-8-2019-0389_EN.html |
committees/0 |
|
committees/0 |
|
committees/2 |
|
committees/2 |
|
events/12/summary |
|
activities |
|
commission |
|
committees/0 |
|
committees/0 |
|
committees/1 |
|
committees/1 |
|
committees/2 |
|
committees/2 |
|
council |
|
docs |
|
events |
|
links |
|
other |
|
otherinst |
|
procedure/Legislative priorities |
|
procedure/Mandatory consultation of other institutions |
European Economic and Social Committee European Committee of the Regions
|
procedure/Notes |
|
procedure/dossier_of_the_committee |
Old
LIBE/8/12010New
|
procedure/final |
|
procedure/instrument |
Old
RegulationNew
|
procedure/legislative_priorities |
|
procedure/other_consulted_institutions |
European Economic and Social Committee European Committee of the Regions
|
procedure/stage_reached |
Old
Awaiting Parliament 1st reading / single reading / budget 1st stageNew
Procedure completed |
procedure/subject |
Old
New
|
procedure/summary |
|
activities/5/docs/0/text |
|
activities/1/committees/2/shadows/4/mepref |
Old
4f1ac5d6b819f25efd000004New
5b3af5acd1d1c56997000000 |
activities/1/committees/2/shadows/4/name |
Old
ALBRECHT Jan PhilippNew
FRANZ Romeo |
activities/3 |
|
activities/4 |
|
activities/5 |
|
committees/2/shadows/4/mepref |
Old
4f1ac5d6b819f25efd000004New
5b3af5acd1d1c56997000000 |
committees/2/shadows/4/name |
Old
ALBRECHT Jan PhilippNew
FRANZ Romeo |
procedure/stage_reached |
Old
Awaiting committee decisionNew
Awaiting Parliament 1st reading / single reading / budget 1st stage |
activities/0/docs/0/text |
|
activities/0/docs/0/type |
Old
Legislative proposal publishedNew
Initial legislative proposal published |
activities/0/type |
Old
Legislative proposal publishedNew
Initial legislative proposal published |
activities/2 |
|
procedure/legal_basis/7 |
Old
Treaty on the Functioning of the EU TFEU 088-p2New
Treaty on the Functioning of the EU TFEU 88-p2 |
activities/1/committees/2/shadows/1 |
|
committees/2/shadows/1 |
|
procedure/legislative_priorities |
|
activities/1 |
|
procedure/dossier_of_the_committee |
LIBE/8/12010
|
procedure/stage_reached |
Old
Preparatory phase in ParliamentNew
Awaiting committee decision |
procedure/Mandatory consultation of other institutions |
European Economic and Social Committee European Committee of the Regions
|
activities/0/docs/0/text |
|
committees/2/shadows |
|
activities/0/commission/0 |
|
committees/2/date |
2018-02-01T00:00:00
|
committees/2/rapporteur |
|
other/0 |
|
committees/1/date |
2018-01-25T00:00:00
|
committees/1/rapporteur |
|
activities |
|
committees |
|
links |
|
other |
|
procedure |
|