Legal provisions of COM(2012)254 - Establishment of 'EURODAC' for the comparison of fingerprints for the effective application of Regulation (EU) No […/…] (establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person) and to request comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes and amending Regulation (EU) No 1077/2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (Recast version) - Main contents
Please note
This page contains a limited version of this dossier in the EU Monitor.
| dossier | COM(2012)254 - Establishment of 'EURODAC' for the comparison of fingerprints for the effective application of Regulation (EU) No […/…] ... |
|---|---|
| document | COM(2012)254  |
| date | May 30, 2012 |
Contents
- CHAPTER I - GENERAL PROVISIONS
- Article 2 - Definitions
- Article 3 - Central Unit Ö System architecture and basic principles Õ
- Article 4 - Operational management
- Article 5 - Designated Authorities for the purpose of law enforcement access
- Article 6 - Verifying Authorities
- Article 7 - Europol
- Article 8 - 3 Ö Statistics Õ
- CHAPTER II - APPLICANTS FOR ASYLUM Ö INTERNATIONAL PROTECTION Õ
- Article 9 - 4 Collection, transmission and comparison of fingerprints
- Article 10 - Information on the status of the data subject
- Article 11 - 5 Recording of data
- Article 12 - 6 Data storage
- Article 13 - 7 Advance data erasure
- CHAPTER III - ALIENS Ö THIRD COUNTRY NATIONALS or stateless persons Õ APPREHENDED IN CONNECTION WITH THE IRREGULAR CROSSING OF AN EXTERNAL BORDER
- Article 14 - 8 Collection and transmission of fingerprint data
- Article 15 - 9 Recording of data
- Article 16 - 10 Storage of data
- CHAPTER IV - ALIENS Ö THIRD COUNTRY NATIONALS or stateless persons Õ FOUND ILLEGALLY PRESENT Ö STAYING Õ IN A MEMBER STATE
- Article 17 - 11 Comparison of fingerprint data
- CHAPTER V - RECOGNISED REFUGEESÖ PERSONS GRANTED INTERNATIONAL PROTECTION Õ
- Article 18 - Marking of data
- CHAPTER VI - PROCEDURE FOR COMPARISON AND DATA TRANSMISSION FOR LAW ENFORCEMENT PURPOSES
- Article 19 - Procedure for comparison of fingerprint data with EURODAC data
- Article 20 - Conditions for access to EURODAC data by designated authorities
- Article 21 - Conditions for access to EURODAC data by Europol
- Article 22 - Communication between the verifying authorities and the National Access Points
- CHAPTER VI - VII
- Article 23 - 13 Responsibility for data processing use
- Article 24 - 2 Transmission
- Article 25 - 3 Carrying out comparisons and transmitting results
- Article 26 - 4 Communication between Member States and the Central Unit ð System ï
- Article 27 - 15 Access to, and correction or erasure of, data recorded in EurodacEURODAC
- Article 28 - 16 Keeping of records by the Central Unit
- Article 29 - 18 Rights of the data subject
- Article 30 - 19 Ö Supervision by the Õ National Ssupervisory Aauthority
- Article 31 - Supervision by the European Data Protection Supervisor
- Article 32 - Cooperation between National Supervisory Authorities and the European Data Protection Supervisor
- Article 33 - Protection of personal data for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences
- Article 34 - Data security
- Article 35 - Prohibition of transfers of data to third countries or to international bodies or to private parties
- Article 36 - Logging and documentation
- Article 37 - 17 Liability
- CHAPTER VII - I
- Article 38 - Provisions amending Regulation (EU) No 1077/2011
- CHAPTER VII - IX
- Article 39 - 21 Costs
- Article 41 - 25 Penalties
- Article 42 - 26 Territorial scope
- Article 43 - Notification of designated authorities and verifying authorities
- Article 44 - Transitional provision
- Article 45 - Repeal
- Article 46 - 27 Entry into force and applicability
CHAPTER I - GENERAL PROVISIONS
2. Eurodac shall consist of:
(a) the Central Unit referred to in Article 3;
(b) a computerised central database in which the data referred to in Article 5(1), Article 8(2) and Article 11(2) are processed for the purpose of comparing the fingerprint data of applicants for asylum and of the categories of aliens referred to in Article 8(1) and Article 11(1);
(c) means of data transmission between the Member States and the central database.
2. This Regulation also lays down the conditions under which Member States' designated authorities and the European Police Office (Europol) may request the comparison of fingerprint data with those stored in the EURODAC central database for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences.
ê 2725/2000/EC (adapted)
ð new
3. Without prejudice to the processing use of data intended for EurodacEURODAC by the Member State of origin in databases set up under the latter's national law, fingerprint data and other personal data may be processed in EurodacEURODAC only for the purposes set out in ð this Regulation and ï Article 15(1)32(1) of the Dublin Convention Ö Regulation Õ .
ê 2725/2000/EC (adapted)
ð new
Article 2 - Definitions
(a) 'the Dublin Convention Ö Regulation Õ ' means the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990 Ö Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ;
(b) an 'applicant for asylum ð international protection ï' means an alien Ö third-country national or a stateless person Õ who has made an application for asylum or on whose behalf such an application has been made ð international protection as defined in Article 2(g) of Council Directive 2004/83/EC in respect of which a final decision has not yet been taken ï;
(c) 'Member State of origin' means:
(i) in relation to an applicant for asylum Ö person covered by Article 6 Õ , the Member State which transmits the personal data to the Central Unit ð System ï and receives the results of the comparison;
(ii) in relation to a person covered by Article 8 11 , the Member State which transmits the personal data to the Central Unit ð System ï;
(iii) in relation to a person covered by Article 11 14 , the Member State which transmits such data to the Central Unit ð System ï and receives the results of the comparison;
ê 2725/2000/EC (adapted)
ð new
(d) 'refugee' ð 'person granted international protection' ï means a Ö third country national or a stateless Õ person who has been recognised as a refugee in accordance with the Geneva Convention on Refugees of 28 July 1951, as amended by the New York Protocol of 31 January 1967 ð entitled to international protection as defined in point (a) of Article 2 of Council Directive 2004/83/EC ï;
(e) 'hit' shall mean the existence of a match or matches established by the Central Unit ð System ï by comparison between fingerprint data recorded in the databank Ö central database Õ and those transmitted by a Member State with regard to a person, without prejudice to the requirement that Member States shall immediately check the results of the comparison pursuant to Article 4(6) 18(4);
ò new
(f) 'National Acces Point' means the designated national system which communicates with the Central System;
(g) 'Agency' means the Agency established by Regulation (EU) No 1077/2011;
(h) Europol means the European Police Office as established by Decision 2009/371/JHA;
(i) EURODAC data means all fingerprint data stored in the central database in accordance with Article 11 and Article 16(2);
(j) terrorist offences means the offences under national law which correspond or are equivalent to the offences referred to in Articles 1 to 4 of Framework Decision 2002/475/JHA;
(k) serious criminal offences means the forms of crime which correspond or are equivalent to those referred to in Article 2(2) of Framework Decision 2002/584/JHA if they are punishable by a custodial sentence or a detention order for a maximum period of at least three years under national law;
(l) fingerprint data means the data relating to fingerprints of all or at least the index fingers, and if those are missing, the prints of all other fingers of a person, or a latent.
ê 2725/2000/EC (adapted)
ð new
2. The terms defined in Article 2 of Directive 95/46/EC shall have the same meaning in this Regulation ð unless the processing of personal data takes place by Member States' designated authorities for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences ï.
3. Unless stated otherwise, the terms defined in Article 1 2 of the Dublin Convention Ö Regulation Õ shall have the same meaning in this Regulation.
ò new
4. The terms defined in Article 2 of the Framework Decision 2008/977/JHA shall have the same meaning in this Regulation in so far as personal data are processed by Member States' designated authorities for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences pursuant to this Regulation.
ê 2725/2000/EC (adapted)
Article 3 - Central Unit Ö System architecture and basic principles Õ
ò new
1. EURODAC shall consist of:
(a) a computerised central fingerprint database (Central System) composed of
– a Central Unit,
– a Business Continuity System.
(b) a communication infrastructure between the Central System and Member States that provides an encrypted virtual network dedicated to EURODAC data (Communication Infrastructure).
2. Each Member State shall have a single National Access Point.
ê 2725/2000/EC (adapted)
ð new
2.3. Data on applicants for asylum, persons covered by Articles 8 and persons covered by Article 11 9, 14 and 17 which are processed in the Central Unit ð System ï shall be processed on behalf of the Member State of origin under the conditions set out in this Regulation Ö and separated by appropriate technical means Õ.
ê 2725/2000/EC Article 1(2) third subparagraph
ð new
4. The rules governing EurodacEURODAC shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit ð System ï until use is made of the results of the comparison.
ê 2725/2000/EC Article 4(1) second sentence
ð new
5. The procedure for taking fingerprints shall be determined ð and applied ï in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in ð the Charter of Fundamental Rights of the European Union, in the Convention for the Protection of Human Rights and Fundamental Freedoms and ï the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child.
ò new
Article 4 - Operational management
2. The Agency shall also be responsible for the following tasks relating to the Communication Infrastructure:
(a) supervision;
(b) security;
(c) the coordination of relations between the Member States and the provider.
3. The Commission shall be responsible for all other tasks relating to the Communication Infrastructure, in particular:
(a) tasks relating to implementation of the budget;
(b) acquisition and renewal;
(c) contractual matters.
4. Before the Agency takes up its responsibilities, the Commission shall be responsible for all tasks attributed to the Agency by this Regulation.
5. Operational management of EURODAC shall consist of all the tasks necessary to keep EURODAC functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central System.
6. Without prejudice to Article 17 of Regulation No 31 (EEC), 11 (EAEC), the Agency shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all its staff required to work with EURODAC data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.
ò new
Article 5 - Designated Authorities for the purpose of law enforcement access
2. Every Member State shall keep a list of the designated authorities.
3. At national level, each Member State shall keep a list of the operating units within the designated authorities that are authorised to request comparisons with EURODAC data through the National Access Point.
Article 6 - Verifying Authorities
2. The verifying authority shall ensure that the conditions for requesting comparisons of fingerprints with EURODAC data are fulfilled.
Only the verifying authority shall be authorised to forward requests for comparison of fingerprints to the National Access Point which communicates with the Central System.
Article 7 - Europol
2. Europol shall designate an operating unit that is authorised to request comparisons with EURODAC data through its designated National Access Point.
ê 2725/2000/EC (adapted)
ð new
Article 8 - 3 Ö Statistics Õ
(a) the number of data sets transmitted on persons referred to in Articles 9(1), 8(1) and 11(1) 14(1) and 17(1) ;
(b) the number of hits for applicants for asylum ð international protection ï who have lodged an application for asylum ð international protection ï in another Member State;
(c) the number of hits for persons referred to in Article 8(1) 14(1) who have subsequently lodged an application for asylum ð international protection ï;
(d) the number of hits for persons referred to in Article 11(1) 17(1) who had previously lodged an application for asylum ð international protection ï in another Member State;
(e) the number of fingerprint data which the Central Unit ð System ï had to ð repeatedly ï request a second time from the Member States of origin because the fingerprint data originally transmitted did not lend themselves to comparison using the computerised fingerprint recognition system;.
ò new
(f) the number of requests for marking and unmarking transmitted in accordance with Article 18(1) and (2).
(g) the number of hits for persons referred to in Article 18(1) for whom hits have been recorded under points (b) and (d) of this Article.
ê 2725/2000/EC
ð new
2. At the end of each year, statistical data shall be established in the form of a compilation of the ð monthly ï quarterly statistics drawn up since the beginning of Eurodac's activities ð for that year ï, including an indication of the number of persons for whom hits have been recorded under ð points ï (b), (c), and (d). ð The statistics shall contain a breakdown of data for each Member State. ï
4. Pursuant to the procedure laid down in Article 23(2), the Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data processed at the Central Unit.
ê 2725/2000/EC (adapted)
ð new
CHAPTER II - APPLICANTS FOR ASYLUM Ö INTERNATIONAL PROTECTION Õ
Article 9 - 4 Collection, transmission and comparison of fingerprints
ò new
ð Non compliance with the 72 hours time limit does not relieve Member States of the obligation to take and transmit the fingerprints to the Central System. Where the condition of the fingertips does not allow to take the fingerprints in a quality ensuring appropriate comparison under Article 25 of this Regulation, the Member State of origin shall retake the fingerprints of the applicant and resend them as soon as possible and no later than 48 hours after they have been successfully taken. ï
ê 2725/2000/EC
(2) The data referred to in Article 5(1) shall be immediately recorded in the central database by the Central Unit, or, provided that the technical conditions for such purposes are met, directly by the Member State of origin.
ò new
2. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of an applicant on account of measures taken to ensure the health of the applicant or the protection of public health, Member States shall take and send the fingerprints of the applicant as soon as possible and no later than 48 hours after these grounds no longer prevail.
ê 2725/2000/EC (adapted)
ð new
3. Fingerprint data within the meaning of point (b) (a) of Article 5(1) 11, transmitted by any Member State, Ö with exception to those transmitted in accordance with Article 10 point (b) Õ shall be compared ð automatically ï with the fingerprint data transmitted by other Member States and already stored in the Ccentral database ð System ï.
4. The Central Unit ð System ï shall ensure, on the request of a Member State, that the comparison referred to in paragraph 3 covers the fingerprint data previously transmitted by that Member State, in addition to the data from other Member States.
5. The Central Unit ð System ï shall forthwith ð automatically ï transmit the hit or the negative result of the comparison to the Member State of origin. Where there is a hit, it shall transmit for all data sets corresponding to the hit, the data referred to in Article 5(1) 8(a) to (ð g ï), although in the case of the data referred to in Article 5(1)(b), only insofar as they were the basis for the hit ð along with, where appropriate, the mark referred to in Article 18(1) ï.
Direct transmission to the Member State of origin of the result of the comparison shall be permissible where the technical conditions for such purpose are met.
7. The implementing rules setting out the procedures necessary for the application of paragraphs 1 to 6 shall be adopted in accordance with the procedure laid down in Article 22(1).
ò new
Article 10 - Information on the status of the data subject
(a) When an applicant for international protection or another person as referred to in point (d) of Article 18(1) of the Dublin Regulation arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take him/her back as referred to in Article 24 of the Dublin Regulation, the responsible Member State shall update its dataset recorded in conformity with Article 8 of this Regulation relating to the person concerned by adding their date of arrival .
(b) When an applicant for international protection arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take charge of them as referred to in Article 22 of the Dublin Regulation, the responsible Member State shall send a dataset in conformity with Article 11 of this Regulation relating to the person concerned and include their date of arrival.
(c) As soon as the Member State of origin can establish that the person concerned whose data was recorded in EURODAC in accordance with Article 11 of this Regulation has left the territory of the Member States, it shall update its dataset recorded in conformity with Article 11 of this Regulation relating to the person concerned by adding the date when the person left the territory, in order to facilitate the application of Articles 19(2) and 20(5) of the Dublin Regulation.
(d) As soon as the Member State of origin ensures that the person concerned whose data was recorded in EURODAC in accordance with Article 11 has left the territory of the Member States in compliance with a return decision or removal order it issued following the withdrawal or rejection of the application as provided for in Article 19(3) of the Dublin Regulation, it shall update its dataset recorded in conformity with Article 11 relating to the person concerned by adding the date of his/her removal or when the person left the territory.
(e) The Member State which assumes responsibility in accordance with Article 17(1) of the Dublin Regulation shall update its dataset recorded in conformity with Article 11 of this Regulation relating to that applicant by adding the date when the decision to examine the application was taken.
ê 2725/2000/EC
ð new
Article 11 - 5 Recording of data
(ab) fingerprint data;
(ba) Member State of origin, place and date of the application for asylum ð international protection; in the cases referred to in point (b) of Article 10, the date of application shall be the one entered by the Member State who transferred the applicant ï;
(c) sex;
(d) reference number used by the Member State of origin;
(e) date on which the fingerprints were taken;
(f) date on which the data were transmitted to the Central Unit ð System ï;
(g) date on which the data were entered in the central database ;
ò new
(g) operator user ID.
ê 2725/2000/EC
ð new
(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).
(h) where applicable in accordance with Article 10 point (a) or point (b), the date of the arrival of the person concerned after a successful transfer;
(i) where applicable in accordance with Article 10 point (c), the date when the person concerned left the territory of the Member States;
(j) where applicable in accordance with Article 10 point (d), the date when the person concerned left or was removed from the territory of the Member States;
(k) where applicable in accordance with Article 10 point (e), the date when the decision to examine the application was taken.
2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.
Article 12 - 6 Data storage
Upon expiry of this period, the Central Unit ð System ï shall automatically erase the data from the Ccentral database ð System ï.
Article 13 - 7 Advance data erasure
ò new
2. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in paragraph 1 by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 9(1) or Article 14(1).
ê 2725/2000/EC (adapted)
ð new
CHAPTER III - ALIENS Ö THIRD COUNTRY NATIONALS or stateless persons Õ APPREHENDED IN CONNECTION WITH THE IRREGULAR CROSSING OF AN EXTERNAL BORDER
Article 14 - 8 Collection and transmission of fingerprint data
2. The Member State concerned shall promptly ðas soon as possible and no later than 72 hours from the date of apprehension ï transmit to the Central Unit ð System ï the following data in relation to any alien Ö third country national or stateless person Õ, as referred to in paragraph 1, who is not turned back:
(ab) fingerprint data;
(ba) Member State of origin, place and date of the apprehension;
(c) sex;
(d) reference number used by the Member State of origin;
(e) date on which the fingerprints were taken;
(f) date on which the data were transmitted to the Central Unit ð System ï;
ò new
(g) operator user ID.
3. By way of derogation from paragraph 2, as regards persons apprehended in the manner described in paragraph 1 who remain physically on the territory of the Member States but are kept in custody, confinement or detention upon their apprehension for a period exceeding 72 hours, the transmission of the data specified in paragraph 2 relating to those persons shall take place before their release from custody, confinement or detention.
4. Non compliance with the 72 hours time limit referred to in paragraph 2 does not relieve Member States of the obligation to take and transmit the fingerprints to the Central System. Where the condition of the fingertips does not allow to take the fingerprints in a quality ensuring appropriate comparison under Article 25, the Member State of origin shall retake the fingerprints of such person and resend them as soon as possible and no later than 48 hours after they have been successfully taken.
5. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of such person on account of measures taken to ensure the health of the person or the protection of public health, the Member State concerned shall take and send the fingerprints of the person, in accordance with the deadline set out in paragraph 2, once these grounds no longer prevail.
ê 2725/2000/EC (adapted)
ð new
Article 15 - 9 Recording of data
Without prejudice to Article 3(3)8, data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 14(2) shall be recorded for the sole purpose of comparison with data on applicants for asylum ð international protection ï transmitted subsequently to the Central Unit ð System ï.
The Central Unit ð System ï shall not compare data transmitted to it pursuant to Article 8(2) 14(2) with any data previously recorded in the central database ð Central System ï, nor with data subsequently transmitted to the Central Unit ð System ï pursuant to Article 8(2) 14(2).
2. The procedures provided for in Article 4(1), second sentence, Article 4(2) and Article 5(2) as well as the provisions laid down pursuant to Article 4(7) shall apply. As regards the comparison of data on applicants for asylum ð international protection ï subsequently transmitted to the Central Unit ð System ï with the data referred to in paragraph 1, the procedures provided for in Article 4(3), (5) and (6) 9(3) and (5) and in Article 25(4) shall apply.
Article 16 - 10 Storage of data
2. The data relating to an alien Ö third country national or stateless person Õ as referred to in Article 8(1) 14(1) shall be erased from the central database ð Central System ï in accordance with Article 15(3) 28(3)Ö as soon as Õ the Member State of origin becomes aware of one of the following circumstances before the two ð one ï-year period mentioned in paragraph 1 has expired:
(a) the alien Ö third country national or stateless person Õ has been issued with a residence permit Ö document Õ ;
(b) the alien Ö third country national or stateless person Õ has left the territory of the Member States;
(c) the alien Ö third country national or stateless person Õ has acquired the citizenship of any Member State.
ò new
3. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in point (a) or (b) of paragraph 2 or by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 14(1).
4. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in point (c) of paragraph 2 by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 9(1) or Article 14(1).
ê 2725/2000/EC (adapted)
ð new
CHAPTER IV - ALIENS Ö THIRD COUNTRY NATIONALS or stateless persons Õ FOUND ILLEGALLY PRESENT Ö STAYING Õ IN A MEMBER STATE
Article 17 - 11 Comparison of fingerprint data
As a general rule there are grounds for checking whether the alien Ö third country national or stateless person Õ has previously lodged an application for asylum ð international protection ï in another Member State where:
(a) the alien Ö third country national or stateless person Õ declares that he/she has lodged an application for asylum ð international protection ï but without indicating the Member State in which he/she made the application;
(b) the alien Ö third country national or stateless person Õ does not request asylum ð international protection ï but objects to being returned to his/her country of origin by claiming that he/she would be in danger, or
(c) the alien Ö third country national or stateless person Õ otherwise seeks to prevent his/her removal by refusing to cooperate in establishing his/her identity, in particular by showing no, or false, identity papers.
2. Where Member States take part in the procedure referred to in paragraph 1, they shall transmit to the Central Unit ð System ï the fingerprint data relating to all or at least the index fingers, and, if those are missing, the prints of all other fingers, of aliens Ö third country nationals or stateless persons Õ referred to in paragraph 1.
3. The fingerprint data of an alien Ö third country national or a stateless person Õ as referred to in paragraph 1 shall be transmitted to the Central Unit ð System ï solely for the purpose of comparison with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States and already recorded in the central database ð Central System ï.
The fingerprint data of such an alien Ö third country national or a stateless person Õ shall not be recorded in the central database ð Central System ï, nor shall they be compared with the data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 14(2).
4. As regards the comparison of fingerprint data transmitted under this Article with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States which have already been stored in the Central Unit ð System ï, the procedures provided for in Article 4(3) (5) and (6) 9(3) and (5) as well as the provisions laid down pursuant to Article 4(7) shall apply.
5. Once the results of the comparison have been transmitted to the Member State of origin, the Central Unit shall forthwith:
(a) erase the fingerprint data and other data transmitted to it under paragraph 1; and
(b) destroy the media used by the Member State of origin for transmitting the data to the Central Unit, unless the Member State of origin has requested their return.
CHAPTER V - RECOGNISED REFUGEESÖ PERSONS GRANTED INTERNATIONAL PROTECTION Õ
Article 12 - Blocking of data
1. Data relating to an applicant for asylum which have been recorded pursuant to Article 4(2) shall be blocked in the central database if that person is recognised and admitted as a refugee in a Member State. Such blocking shall be carried out by the Central Unit on the instructions of the Member State of origin.As long as a decision pursuant to paragraph 2 has not been adopted, hits concerning persons who have been recognised and admitted as refugees in a Member State shall not be transmitted. The Central Unit shall return a negative result to the requesting Member State.
2. Five years after Eurodac starts operations, and on the basis of reliable statistics compiled by the Central Unit on persons who have lodged an application for asylum in a Member State after having been recognised and admitted as refugees in another Member State, a decision shall be taken in accordance with the relevant provisions of the Treaty, as to whether the data relating to persons who have been recognised and admitted as refugees in a Member State should:
(a) be stored in accordance with Article 6 for the purpose of the comparison provided for in Article 4(3); or
(b) be erased in advance once a person has been recognised and admitted as a refugee.
3. In the case referred to in paragraph 2(a), the data blocked pursuant to paragraph 1 shall be unblocked and the procedure referred to in paragraph 1 shall no longer apply.
4. In the case referred to in paragraph 2(b):
(a) data which have been blocked in accordance with paragraph 1 shall be erased immediately by the Central Unit; and
(b) data relating to persons who are subsequently recognised and admitted as refugees shall be erased in accordance with Article 15(3), as soon as the Member State of origin becomes aware that the person has been recognised and admitted as a refugee in a Member State.
5. The implementing rules concerning the procedure for the blocking of data referred to in paragraph 1 and the compilation of statistics referred to in paragraph 2 shall be adopted in accordance with the procedure laid down in Article 22(1).
ò new
Article 18 - Marking of data
2. The Member State of origin shall unmark data concerning a third country national or stateless person whose data were previously marked in accordance with paragraph 1 if his or her status is revoked or ended or renewal of his status is refused under Article 14 or 19 of Council Directive 2004/83/EC.
ò new
CHAPTER VI - PROCEDURE FOR COMPARISON AND DATA TRANSMISSION FOR LAW ENFORCEMENT PURPOSES
Article 19 - Procedure for comparison of fingerprint data with EURODAC data
2. Where all the conditions for requesting a comparison are fulfilled, the verifying authority shall transmit the request for comparison to the National Access Point which will process it to the EURODAC Central System for the purpose of comparison with all the EURODAC data.
3. In exceptional cases of urgency, the verifying authority may transmit the fingerprint data to the National Access Point for comparison immediately upon receipt of a request by a designated authority and only verify ex-post whether all the conditions of Article 20 or Article 21 are fulfilled, including whether an exceptional case of urgency actually existed. The ex-post verification shall take place without undue delay after the processing of the request.
4. Where the ex-post verification determines that the access was not justified, the information communicated from EURODAC shall be destroyed by all authorities that have accessed it and they shall inform the verifying authority of such destruction.
Article 20 - Conditions for access to EURODAC data by designated authorities
(a) the comparison is necessary for the purpose of the prevention, detection or investigation of terrorist offences or other serious criminal offences;
(b) the comparison is necessary in a specific case; systematic comparisons shall not be carried out; and
(c) there are reasonable grounds to consider that such comparison with EURODAC data will contribute to the prevention, detection or investigation of any of the criminal offences in question.
2. Requests for comparison with EURODAC data shall be limited to searching with fingerprint data.
Article 21 - Conditions for access to EURODAC data by Europol
2. Requests for comparison with EURODAC data shall be limited to comparisons of fingerprint data.
3. Processing of information obtained by Europol from comparison with EURODAC shall be subject to the authorisation of the Member State of origin. Such authorisation shall be obtained via the Europol national unit of that Member State.
Article 22 - Communication between the verifying authorities and the National Access Points
2. Fingerprints shall be digitally processed by the Member State and transmitted in the data format referred to in Annex I, in order to ensure that the comparison can be carried out by means of the computerised fingerprint recognition system.
ê 2725/2000/EC (adapted)
ð new
CHAPTER VI - VII
DATA PROCESSING USE, DATA PROTECTION AND LIABILITY
Article 23 - 13 Responsibility for data processing use
(a) fingerprints are taken lawfully;
(b) fingerprint data and the other data referred to in Article 5(1) 11, Article 8(2) 14(2) and Article 11(2) 17(2) are lawfully transmitted to the Central Unit ð System ï;
(c) data are accurate and up-to-date when they are transmitted to the Central Unit ð System ï;
(d) without prejudice to the responsibilities of the Commission ð Agency ï , data in the central database ð Central System ï are lawfully recorded, stored, corrected and erased;
(e) the results of fingerprint data comparisons transmitted by the Central Unit ð System ï are lawfully processed used.
2. In accordance with Article 14 34, the Member State of origin shall ensure the security of the data referred to in paragraph 1 before and during transmission to the Central Unit ð System ï as well as the security of the data it receives from the Central Unit ð System ï.
3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6) 25(4).
4. The Commission ð Agency ï shall ensure that the Central Unit ð System ï is operated in accordance with the provisions of this Regulation and its implementing rules. In particular, the Commission ð Agency ï shall:
(a) adopt measures ensuring that persons working ð with ï in the Central Unit ð System ï process use the data recorded Ö therein Õ in the central database only in accordance with the purpose of EurodacEURODAC as laid down in Article 1(1);
(b) ensure that persons working in the Central System comply with all requests from Member States made pursuant to this Regulation in relation to recording, comparison, correction and erasure of data for which they are responsible;
(b) (c) take the necessary measures to ensure the security of the Central Unit ð System ï in accordance with Article 14 34;
(c) (d) ensure that only persons authorised to work ð with ï in the Central Unit ð System ï have access Ö thereto Õ to data recorded in the central database, without prejudice to Article 20 and the powers of the independent supervisory body which will be established under Article 286(2) of the Treaty Ö the competences of the European Data Protection Supervisor Õ.
The Commission ð Agency ï shall inform the European Parliament and the Council ð as well as the European Data Protection Supervisor ï of the measures it takes pursuant to the first subparagraph.
ê 407/2002/EC Article 2 (adapted)
ð new
Article 24 - 2 Transmission
2. Member States should Ö shall Õ transmit the data referred to in Article 5(1) 11(1), Article 14(2) and Article 17(2) of the Eurodac Regulation electronically. ð The data referred to in Article 11(1) and Article 14(2) shall be automatically recorded in the Central System. ï As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit ð Agency ï shall establish the technical requirements to ensure that data can be properly electronically transmitted from the Member States to the Central Unit ð System ï and vice versa. Transmission of data in paper form using the form set out in Annex II or by other means of data support (diskettes, CD-ROM or other means of data support which may be developed and generally used in future) should be limited to situations in which there are continuous technical problems.
3. The reference number referred to in Article 5(1)(d) 11(d) and Article 14(2)(d) and 17(1) of the Eurodac Regulation shall make it possible to relate data unambiguously to one particular person and to the Member State which is transmitting the data. In addition, it shall make it possible to tell whether such data relate to an asylum seeker or a person referred to in Article 8 or Article 11 of the Eurodac Regulation9, Article 14 or Article 17.
4. The reference number shall begin with the identification letter or letters by which, in accordance with the norm referred to in Annex I, the Member State transmitting the data is identified. The identification letter or letters shall be followed by the identification of the category of person. '1' refers to data relating to asylum seekers Ö persons referred to in Article 9(1) Õ, '2' to persons referred to in Article 8 14(1) of the Eurodac Regulation and '3' to persons referred to in Article 11 17 of the Eurodac Regulation.
5. The Central Unit Ö Agency Õ shall establish the technical procedures necessary for Member States to ensure receipt of unambiguous data by the Central Unit ð System ï.
64. The Central Unit ð System ï shall confirm receipt of the transmitted data as soon as possible. To this end the Central Unit Ö Agency Õ shall establish the necessary technical requirements to ensure that Member States receive the confirmation receipt if requested.
Article 25 - 3 Carrying out comparisons and transmitting results
2. The Central Unit ð System ï shall carry out comparisons in the order of arrival of requests. Each request must be dealt with within 24 hours. In the case of data which are transmitted electronically, a A Member State may for reasons connected with national law require particularly urgent comparisons to be carried out within one hour. Where these times cannot be respected owing to circumstances which are outside the Central Unit ð Agency's ï responsibility, the Central Unit ð System ï shall process the request as a matter of priority as soon as those circumstances no longer prevail. In such cases, as far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Agency ï shall establish criteria to ensure the priority handling of requests.
3. As far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Agency ï shall establish the operational procedures for the processing of the data received and for transmitting the result of the comparison.
ê 2725/2000/EC Article 4(6) (adapted)
ð new
4. The results of the comparison shall be immediately checked in the Member State of origin ð by a fingerprint expert ï. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 15 32 of the Dublin Convention Ö Regulation Õ.
Information received from the Central Unit ð System ï relating to other data found to be unreliable shall be erased or destroyed as soon as the unreliability of the data is established.
ò new
5. Where final identification in accordance with paragraph 4 reveal that the result of the comparison received from the Central System is inaccurate, Member States shall communicate this fact to the Commission and to the Agency.
ê 407/2002/EC (adapted)
ð new
Article 26 - 4 Communication between Member States and the Central Unit ð System ï
Article 14 - Security
1. The Member State of origin shall take the necessary measures to:(a) prevent any unauthorised person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac (checks at the entrance to the installation);
(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorised persons (control of data media);
(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac when and by whom (control of data recording);
(d) prevent the unauthorised recording of data in Eurodac and any unauthorised modification or erasure of data recorded in Eurodac (control of data entry);
(e) guarantee that, in using Eurodac, authorised persons have access only to data which are within their competence (control of access);
(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment (control of transmission);
(g) prevent the unauthorised reading, copying, modification or erasure of data during both the direct transmission of data to or from the central database and the transport of data media to or from the Central Unit (control of transport).
2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the measures mentioned under paragraph 1.
ê 2725/2000/EC
ð new
Article 27 - 15 Access to, and correction or erasure of, data recorded in EurodacEURODAC
No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5) 9(5).
ê 2725/2000/EC (adapted)
ð new
2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database ð Central System ï shall be those designated by each Member State ð for the purpose of Article 1(1). This designation shall specify the exact unit responsible for carrying out tasks related to the application of this Regulation. ï Each Member State shall without delay communicate to the Commission ð and the Agency ï a list of those authorities ð and any amendments thereto. The Agency shall publish the consolidated list in the Official Journal of the European Union. Where there are amendments thereto, the Agency shall publish once a year an updated consolidated list. ï
3. Only the Member State of origin shall have the right to amend the data which it has transmitted to the Central Unit ð System ï by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in pursuance of Article 6, Article 10(1) or Article 12(4)(a) 12 or Article 16(1).
Where the Member State of origin records data directly in the central database, it may amend or erase the data directly.
Where the Member State of origin does not record data directly in the central database, the Central Unit shall amend or erase the data at the request of that Member State.
4. If a Member State or the Central Unit ð Agency ï has evidence to suggest that data recorded in the central database ð Central System ï are factually inaccurate, it shall advise the Member State of origin as soon as possible.
If a Member State has evidence to suggest that data were recorded in the central database ð Central System ï contrary to this Regulation, it shall similarly advise ð the Agency, the Commission and ï the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase them without delay.
5. The Central Unit ð Agency ï shall not transfer or make available to the authorities of any third country data recorded in the central database ð Central System ï, unless it is specifically authorised to do so in the framework of a Community agreement on the criteria and mechanisms for determining the State responsible for examining an application for asylum ð international protection ï .
Article 22 - Implementing rules
1. The Council shall adopt, acting by the majority laid down in Article 205(2) of the Treaty, the implementing provisions necessary for– laying down the procedure referred to in Article 4(7),
– laying down the procedure for the blocking of the data referred to in Article 12(1),
– drawing up the statistics referred to in Article 12(2).
In cases where these implementing provisions have implications for the operational expenses to be borne by the Member States, the Council shall act unanimously.
2. The measures referred to in Article 3(4) shall be adopted in accordance with the procedure referred to in Article 23(2).
Article 28 - 16 Keeping of records by the Central Unit
2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security pursuant to Article 14 34. The records must be protected by appropriate measures against unauthorised access and erased after a period of one year ð after the retention period referred to in Article 12 and in Article 16(1) has expired ï, if they are not required for monitoring procedures which have already begun.
ò new
3. Each Member State shall take the necessary measures in order to achieve the objectives set out in paragraph 1 and 2 in relation to its national system. In addition, each Member State shall keep records of the staff duly authorised to enter or retrieve the data.
ê 2725/2000/EC (adapted)
ð new
Article 23 - Committee
1. The Commission shall be assisted by a committee.2. In the cases where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC shall apply.
The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at three months.
3. The committee shall adopt its rules of procedure.
Article 29 - 18 Rights of the data subject
(a) the identity of the controller and of his representative, if any;
(b) ÖregardingÕ the purpose for which the Ö his or her Õ data will be processed within EurodacEURODAC ð including a description of the aims of the Dublin Regulation, in accordance with Article 4 of that Regulation ï.
(c) the recipients of the data;
(d) in relation to a person covered by Article 4 9 or Article 8 14, the obligation to have his/her fingerprints taken;
(e) the existence of the right of access to, and the right to rectify, the data Örelating to him/herÕconcerning him/herÖ , and the right to request that inaccurate data relating to him/her be corrected Õ ð or that unlawfully processed data relating to them be erased, as well as the right to receive information on the procedures for exercising those rights including the contact details of the controller and the National Supervisory Authorities referred to in Article 31(1) ï.
In relation to a person covered by Article 4 9 or Article 8 14, the information referred to in the first subparagraph shall be provided when his/her fingerprints are taken.
In relation to a person covered by Article 11 17, the information referred to in the first subparagraph shall be provided no later than the time when the data relating to the person are transmitted to the Central Unit ð System ï. This obligation shall not apply where the provision of such information proves impossible or would involve a disproportionate effort.
ò new
A common leaflet, containing at least the information referred to in paragraph 1 of this Article and the information referred to in Article 4(1) of the Dublin Regulation shall be drawn up in accordance with the procedure referred to in Article 40(2) of the Dublin Regulation. The leaflet should be "clear and simple, drafted in a language that the person understands or may reasonably be presumed to understand.
Where a person covered by this Regulation is a minor, Member States shall provide the information in an age-appropriate manner.
ê 2725/2000/EC
ð new
2. In each Member State any data subject may, in accordance with the laws, regulations and procedures of that State, exercise the rights provided for in Article 12 of Directive 95/46/EC.
Without prejudice to the obligation to provide other information in accordance with point (a) of Article 12 of Directive 95/46/EC, the data subject shall have the right to obtain communication of the data relating to him/her recorded in the central database ð Central System ï and of the Member State which transmitted them to the Central Unit ð System ï. Such access to data may be granted only by a Member State.
3. In each Member State, any person may request that data which are factually inaccurate be corrected or that data recorded unlawfully be erased. The correction and erasure shall be carried out without excessive delay by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.
4. If the rights of correction and erasure are exercised in a Member State, other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State, or States, in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database ð Central System ï.
5. If it emerges that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 15(3) 27(3). That Member State shall confirm in writing to the data subject without excessive delay that it has taken action to correct or erase data relating to him/her.
6. If the Member State which transmitted the data does not agree that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, it shall explain in writing to the data subject without excessive delay why it is not prepared to correct or erase the data.
That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information on how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.
7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to permit the exercise of the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.
8. The competent authorities of the Member States shall cooperate actively to enforce promptly the rights laid down in paragraphs 3, 4 and 5.
ò new
9. Whenever a person requests data relating to him or her in accordance with paragraph 2, the competent authority shall keep a record in the form of a written document that such a request was made, and shall make this document available to the National Supervisory Authorities without delay, upon their request.
ê 2725/2000/EC (adapted)
ð new
9. 10. In each Member State, the national supervisory authority shall ð on the basis of his/her request, ïassist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.
10. 11. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the data subject is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both national supervisory authorities shall cooperate to this end. Requests for such assistance may be made to the national supervisory authority of the Member State in which the data subject is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up by Article 20.
11. 12. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.
12. 13. Any person may, in accordance with the laws, regulations and procedures of the Member State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database ð Central System ï, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the data subject, in accordance with paragraph 10 13 , shall subsist throughout the proceedings.
Article 30 - 19 Ö Supervision by the Õ National Ssupervisory Aauthority
2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.
ò new
Article 31 - Supervision by the European Data Protection Supervisor
2. The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the National Supervisory Authorities. The Agency shall be given an opportunity to make comments before the report is adopted.
Article 32 - Cooperation between National Supervisory Authorities and the European Data Protection Supervisor
2. They shall, each acting within the scope of its respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Regulation, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.
3. The National Supervisory Authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs and servicing of these meetings shall be for the account of the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Agency every two years.
Article 33 - Protection of personal data for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences
2. The processing of personal data by Europol pursuant to this Regulation shall be in accordance with Decision 2009/371/JHA.
3. Personal data obtained pursuant to this Regulation from EURODAC shall only be processed for the purposes of the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
4. Personal data obtained by a Member State or Europol pursuant to this Regulation from EURODAC shall be erased in national and Europol files after a period of one month, if the data are not required for a specific ongoing criminal investigation by that Member State, or Europol.
5. The monitoring of the lawfulness of the processing of personal data under this Regulation by the Member States, including their transmission to and from EURODAC shall be carried out by the national competent authorities designated pursuant to Framework Decision 2008/977/JHA.
Article 34 - Data security
2. Each Member State shall, in relation to its national system, adopt the necessary measures, including a security plan, in order to:
(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;
(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purpose of EURODAC (checks at entrance to the installation);
(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);
(d) prevent the unauthorised input of data and the unauthorised inspection, modification or erasure of stored personal data (storage control);
(e) prevent the unauthorised processing of data in EURODAC and any unauthorised modification or erasure of data processed in EURODAC (control of data entry);
(f) ensure that persons authorised to access EURODAC have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);
(g) ensure that all authorities with a right of access to EURODAC create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, erase and search the data and make these profiles available to the National Supervisory Authorities referred to in Article 25 of Framework Decision 2008/977/JHA without delay at their request (personnel profiles);
(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);
(i) ensure that it is possible to verify and establish what data have been processed in EURODAC, when, by whom and for what purpose (control of data recording);
(j) prevent the unauthorised reading, copying, modification or erasure of personal data during the transmission of personal data to or from EURODAC or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);
(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).
3. The Agency shall take the necessary measures in order to achieve the objectives set out in paragraph 2 as regards the operation of EURODAC, including the adoption of a security plan.
Article 35 - Prohibition of transfers of data to third countries or to international bodies or to private parties
Article 36 - Logging and documentation
2. The log or documentation shall show in all cases:
(a) the exact purpose of the request for comparison, including the concerned form of a terrorist offence or other serious criminal offence and for Europol, the exact purpose of the request for comparison;
(b) the respective national file reference;
(c) the date and exact time of the request for comparison by the National Access Point to the EURODAC Central System;
(d) the name of the authority having requested access for comparison, and the person responsible who has made the request and processed the data;
(e) where applicable the use of the urgent procedure referred to in Article 19(3) and the decision taken with regard to the ex-post verification;
(f) the data used for comparison;
(g) according to national rules or the rules of the Europol decision the identifying mark of the official who carried out the search and of the official who ordered the search or supply.
3. Such logs or documentation shall be used only for the data protection monitoring of the lawfulness of data processing as well as to ensure data security. Only logs containing non-personal data may be used for the monitoring and evaluation referred to in Article 38. The competent national supervisory authorities responsible for checking the admissibility of the request and monitoring the lawfulness of the data processing and data integrity and security, shall have access to these logs at their request for the purpose of fulfilling their duties.
ê 2725/2000/EC
ð new
Article 37 - 17 Liability
2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the central database ð Central System ï, that Member State shall be held liable for such damage, unless and insofar as the Commission ð Agency or another Member State ï failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.
3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.
ò new
CHAPTER VII - I
AMENDMENTS TO THE REGULATION (EU) No 1077/2011
Article 38 - Provisions amending Regulation (EU) No 1077/2011
“Article 5 Tasks relating to EURODAC
In relation to EURODAC, the Agency shall perform :
(a) the tasks conferred on the Agency by Regulation (EU) No …./…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No {…/….}].
(b) tasks relating to training on the technical use of EURODAC.”
2. Article 12(1) is amended as follows:
(a) points (t), (u) and (v) are replaced by the following:
“(t) to adopt the reports on the technical functioning of SIS II pursuant to Article 50(4) of Regulation (EC) No 1987/2006 and Article 66(4) of Decision 2007/533/JHA respectively, of VIS pursuant to Article 50(3) of Regulation (EC) No 767/2008 and Article 17(3) of Decision 2008/633/JHA; and of EURODAC pursuant to Article 40(4) of Regulation (EU) No …./… [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No {…/….} establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third country national or a stateless person] and to request comparisons with EURODAC data by Member States' law enforcement authorities for law enforcement purposes;
(u) to adopt the annual report on the activities of the Central System of EURODAC pursuant to Article 40(1) of Regulation (EU) No …./…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No …/….];
(v) to make comments on the European Data Protection Supervisor's reports on the audits pursuant to Article 45 of Regulation (EC) 1987/2006 , Article 42(2) of Regulation (EC) No 767/2008 and Article 31 (2) of Regulation (EU) No …./…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No …/….] and ensure appropriate follow‑up of the audit;”
(b) point (x) is replaced by the following:
“(x) to compile statistics on the work of the Central System of EURODAC pursuant to Article 8(2) of Regulation (EU) No …./…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No {…/….]”
(c) point (z) is replaced by the following:
“(z) to ensure annual publication of the list of authorities designated pursuant to Article 27(2) of Regulation (EU) No …/…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No …/….]”
3. In Article 15 paragraph (4) is replaced by the following:
“4. Europol and Eurojust may attend the meetings of the Management Board as observers when a question concerning SIS II, in relation to the application of Decision 2007/533/JHA, is on the agenda. Europol may also attend the meetings of the Management Board as observer when a question concerning VIS, in relation to the application of Decision 2008/633/JHA, is on the agenda or when a question concerning EURODAC, in relation with the application of Regulation (EU) No …/…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No …./….]is on the agenda.”
4. Article 17 is amended as follows:
(a) in paragraph 5 point (g) is replaced by the following:
“(g) without prejudice to Article 17 of the Staff Regulations, establish confidentiality requirements in order to comply with Article 17 of Regulation (EC) No 1987/2006, Article 17 of Decision 2007/533/JHA and Article 26(9) of Regulation (EC) No 767/2008 respectively and Article 4(6) of Regulation (EU) No …/…. [of the European Parliament and the Council on the establishment of EURODAC for the comparison of fingerprints for the effective application of Regulation (EU) No …/…];”
(b) in paragraph 6 point (i) is replaced by the following:
“(i) reports on the technical functioning of each large-scale IT system referred to in point (t) of Article 12(1) and the annual report on the activities of the Central System of EURODAC referred to in point (u) of Article 12(1), on the basis of the results of monitoring and evaluation.”
5. In Article 19 paragraph 3 is replaced by the following:
"3. Europol and Eurojust may each appoint a representative to the SIS II Advisory Group. Europol may also appoint a representative to the VIS and to the EURODAC Advisory Groups."
ê 2725/2000/EC (adapted)
ð new
CHAPTER VII - IX
FINAL PROVISIONS
Article 39 - 21 Costs
2. The costs incurred by national ð access points ï units and the costs for connection to the central database ð Central System ï shall be borne by each Member State.
3. Each Member State and Europol shall set up and maintain at their expense the technical infrastructure necessary to implement this Regulation, and be responsible for bearing its costs resulting from requests for comparison with EURODAC data for the purposes of the prevention, detection or investigation of any of the criminal offences defined in this Regulation.
3. The costs of transmission of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.
Article 40 24 Annual report:, mMonitoring and evaluation
1. The Commission ð Agency ï shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit ð System ï. The annual report shall include information on the management and performance of EurodacEURODAC against pre-defined quantitative indicators for the objectives referred to in paragraph 2.
2. The Commission ð Agency ï shall ensure that Ö procedures Õ systems are in place to monitor the functioning of the Central Unit ð System ï against objectives Ö relating to Õ in terms of outputs, cost-effectiveness and quality of service.
3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively and with a view to providing guidelines for improving the efficiency of future operations.
4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.
ò new
3. For the purposes of technical maintenance, reporting and statistics, the Agency shall have access to the necessary information relating to the processing operations performed in the Central System.
4. Every two years, the Agency shall submit to the European Parliament, the Council, the Commission and the European Data Protection Supervisor a report on the technical functioning of the Central System, including the security thereof.
ê 2725/2000/EC
ð new
5. Three years after Eurodac starts operations ð the start of application of this Regulation as provided for in Article 46(2) ï and every six ð four ï years thereafter, the Commission shall produce an overall evaluation of EurodacEURODAC, examining results achieved against objectives and assessing the continuing validity of the underlying rationale, and any implications for future operations ð , as well as make any necessary recommendations ï . ð The Commission shall transmit the evaluation to the European Parliament and the Council. ï
ò new
6. Member States shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraph 4 and 5.
7. The Agency shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 5.
8. Each Member State and Europol shall prepare annual reports on the effectiveness of the comparison of fingerprint data with EURODAC data for law enforcement access purposes, containing information and statistics on the exact purpose of the comparison, including the type of a terrorist offence or a serious criminal offence, number of requests for comparison, the number and type of cases which have ended in successful identifications and on the need and use made of the exceptional case of urgency as well as on those cases where that urgency was not accepted by the ex post verification carried out by the verifying authority. Such reports shall be transmitted to the Commission.
9. The Agency, Member States and Europol shall provide the Commission the information necessary to draft the evaluation reports referred to in paragraph 5. This information shall not jeopardise working methods nor include information that reveals sources, staff members or investigations of the designated authorities.
ê 2725/2000/EC (adapted)
ð new
Article 41 - 25 Penalties
Article 42 - 26 Territorial scope
ò new
Article 43 - Notification of designated authorities and verifying authorities
2. By [three months after the date of entry into force of this Regulation] at the latest each Member State shall notify the Commission of its verifying authority and shall notify without delay any amendment thereto.
3. By [three months after the date of entry into force of this Regulation] at the latest Europol shall notify the Commission of its verifying authority and the National Access Point which it has designated and shall notify without delay any amendment thereto.
4. The Commission shall publish information referred to in paragraphs 1, 2 and 3 in the Official Journal of the European Union on an annual basis.
ò new
Article 44 - Transitional provision
Article 45 - Repeal
References to the repealed Regulations shall be read in accordance with the correlation table in Annex III.
ê 2725/2000/EC Article 27 (adapted)
ð new
Article 46 - 27 Entry into force and applicability
2. This Regulation shall apply ð two years from the date of the entry into force of this Regulation.ï , and Eurodac shall start operations,from the date which the Commission shall publish in the Official Journal of the European Communities, when the following conditions met:
(a) each Member State has notified the Commission that it has made the necessary technical arrangements to transmit data to the Central Unit in accordance with the implementing rules adopted under Article 4(7) and to comply with the implementing rules adopted under Article 12(5); and
(b) the Commission has made the necessary technical arrangements for the Central Unit to begin operations in accordance with the implementing rules adopted under Article 4(7) and Article 12(5).
ò new
3. Member States shall notify the Commission and the Agency as soon as they have made the technical arrangements to transmit data to the Central System, and in any event no later than two years from the date of the entry into force of this Regulation.
4. This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
ê 2725/2000/EC