Considerations on COM(2013)97 - Registered Traveller Programme

Please note

This page contains a limited version of this dossier in the EU Monitor.

 
dossier COM(2013)97 - Registered Traveller Programme.
document COM(2013)97 EN
date February 28, 2013
 
(1) Border checks must ensure a high level of security while limiting waiting times to the greatest extent possible. Increasing travel flows at the external borders contributes to the need for finding new solutions to meet these objectives. A greater differentiation of border checks will allow Member States to use simplified checks for third-country nationals who are assesed as low risk.

(2) Automated border control systems can be used by EU citizens and have proven their efficiency in speeding up border checks. Their use should be made possible for third-country nationals also, to contribute to limiting waiting time while ensuring a high level of security.

(3) The Communication of the Commission of 13 February 2008 entitled preparing the next steps in border management in the European Union[19] outlined the need for the setting-up of a Registered Traveller Programme (RTP) for frequent third-country national travellers and the introduction of Automated Border Control facilities in order to facilitate the crossing of the external border as part of the European integrated border management strategy.

(4) The European Council of 19 and 20 June 2008 underlined the importance of continuing to work on the development of the EU's integrated border management strategy, including better use of modern technologies to improve the management of external borders.

(5) The Communication of the Commission of 10 June 2009 entitled an area of freedom, security and justice serving the citizens[20] highlighted the need for the establishment of a RTP to ensure smooth entry into the Union.

(6) The European Council of 23 and 24 of June 2011 called at its meeting for work on 'smart borders' to be pushed forward rapidly. As a first response to this call, the Commission published a Communication "Smart borders – options and the way ahead" on 25 of October 2011.

(7) The RTP should have the purpose of facilitating the crossing of the external borders of the Union by frequent, pre-screened and pre-vetted third-country travellers.

(8) The provisions on the RTP should be common to all Member States, in order to allow a registered traveller to benefit from facilitated border checks at all Member States' external border crossing points without the need for separate pre-screening and pre-vetting by each individual Member State.

(9) It is necessary to specify the objectives of the RTP and its technical architecture, to lay down rules concerning its operation and use and to define responsibilities for the system, the categories of data to be entered into the system, the purposes for which the data are to be entered, the criteria for their entry, the authorities authorised to access the data and further rules on data processing and the protection of personal data.

(10) The Agency for the operational management of large-scale information systems in the area of freedom, security and justice established by Regulation EU No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice[21] (hereinafter the Agency) should be responsible for the development and operational management of a centralised system consisting of a Central Repository, a Backup Central Repository, the Uniform interfaces in each Member States, the Network Entry Points and the communication infrastructure between the Central Repository and the Network Entry Points. Furthermore, the Agency should be responsible for the definition of technical specifications for a token to guarantee interoperability of the RTP across the Union. Member States should be responsible for the development and operational management of their own national systems.

(11) The Central Repository should be connected to the national systems of the Member States, in order to enable competent Member States' authorities to process data related to RTP applications.

(12) In order to ensure reliable verification of a registered traveller, it is necessary to store the unique identifier (application number), biometric data (fingerprints) and alphanumeric data taken from the application in a Central Repository and the unique identifier in a token and verify biometrics at the external borders. The alphanumeric data and fingerprints should be stored in separate sections in a Central Repository and they should not be linked. The link between the alphanumeric data and fingerprints should be established only by the unique identifier.

(13) Third-country nationals wishing to particiapte in the RTP should prove the need or justify the intention to travel frequently or regularly, in particular due to their occupational or family status, such as business person, civil servant engaged in regular official contacts with Member States and the Union institutions, representative of civil society organisations travelling for the purpose of educational training, seminars and conferences, researcher, participating in economic activities, family member of a citizen of the Union, family member of a third-country national legally residing in a Member State.

(14) Third-country nationals holding a multiple-entry visa or D-visa valid for at least one year or holders of a residence permit issued by a Member State should, as a general rule, be granted access to the RTP, if they so request.

(15) Where a third-country national applies for a multiple-entry visa and for access to the RTP, the competent authorities may decide to examine and decide on both applications at the same time, on the basis of the same interview and the same supporting documents.

(16) Family members of citizens of the Union should, as a general rule, be granted access to the RTP. Family members of citizens of the Union should also able to benefit from the RTP even if they are not residing within the Union territory but travel frequently to a Member State in order to accompany or to join the Union citizen concerned. Checks on family members of citizens of the Union crossing the external borders should be carried out in accordance with Directive 2004/38/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States[22].

(17) The criteria used for the examination of applications lodged by family members of citizens of the Union should be the same as those used for the examination of visa applications lodged by family members of citizens of the Union. This would be in line with the existing border management policy.

(18) It is necessary to define the competent Member States’ authorities, the duly authorised staff of which have access to enter, amend, delete, consult or search data for the specific purposes of the RTP in accordance with this Regulation to the extent necessary for the performance of their tasks.

(19) Any processing of RTP data stored in the Central Repository should be proportionate to the objectives pursued and necessary for the performance of tasks of the competent authorities. When using the RTP, the competent authorities should ensure that the human dignity and integrity of the persons whose data are requested are respected and should not discriminate against persons on grounds of sex, racial or ethnic origin, religion or belief, disability, age or sexual orientation.

(20) Contingency plans should be in place and those plans should be made clear to travellers, airlines/carriers and all authorities working at the border crossing point. If a registered traveller, for example, is unable, for any reason, to use the Automated Border Control system, and is redirected towards a manual border check, due attention should be made that the ensuing procedures are in full compliance with fundamental rights.

(21) The personal data stored in the Central Repository (biometrics and alphanumeric) should be kept for no longer than is necessary for the purposes of the RTP. It is appropriate to keep the data for a maximum period of five years, in order to enable alphanumeric data on previous applications to be taken into account for the assessment of subsequent RTP applications and also taking into account the re-use of fingerprints stored in the repository (59 months). A shorter period would not be sufficient for those purposes. The data should be deleted after the period of five years, unless there are grounds to delete it earlier. The maximum period of validity for access to the RTP should be five years.

(22) In order to facilitate the procedure for any subsequent application, it should be possible to copy fingerprints from the first entry into the Central Repository within a period of 59 months. Once this period of time has elapsed, the fingerprints should be collected again.

(23) In order to facilitate the application procedure, it should be possible for an applicant to lodge an application for access to the RTP at the consulate of any Member State or at any external border crossing point. Any Member State should be able to examine and decide on the application based on the common application form and common eligibility rules and criteria. As a general rule, an interview should be conducted.

(24) Due to the registration of biometric data in the Central Repository, the personal appearance of the applicant - at least for the first application - should be a basic requirement for the examination of requests for access to the RTP and decisions related thereto.

(25) During the automated border check procedure verification of identity at the external borders should be done against the biometrics stored in the Central Repository. Verification should only be possible by physically producing the token and fingerprints at the same time. During the automated and manual border check procedure verification of access granted should be done against the alphanumeric data stored in the Central Repository by physically producing the token at the borders. Verification of identity and access granted should produce only a hit/no hit result for border guards carrying out first line border checks.

(26) Appropriate measures for the monitoring and evaluation of this Regulation should be established. The effective monitoring of the application of this Regulation requires evaluation at regular intervals.

(27) Statistical data is an important means for monitoring border check procedures and can serve as an efficient management tool. Such data should therefore be compiled regularly in a common format.

(28) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[23] applies to the processing of personal data by the Member States in application of this Regulation. However, certain points should be set out in more detail in respect to the legitimacy of processing of personal data, the responsibility for the processing of data, safeguarding the rights of the data subjects and the supervision on data protection.

(29) Regulation (EC) No 45/2001 of 18 December 2000 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[24] applies to the activities of the Union institutions or bodies when carrying out their tasks as responsible for the operational management of the token-repository. However, certain points should be set out in more detail in respect to the legitimacy of processing of personal data, the responsibility for the processing of data and the supervision on data protection.

(30) The supervisory authorities established in accordance with Article 28 of Directive 95/46/EC should monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor as established by Regulation (EC) No 45/2001 should monitor the activities of the Union institutions and bodies in relation to the processing of personal data, taking into account the limited tasks of the Union institutions and bodies with regard to the data themselves.

(31) The European Data Protection Supervisor and the supervisory authorities should actively cooperate with each other to ensure coordinated supervision of the RTP.

(32) The Member States should lay down rules on penalties applicable to infringements of the provisions of this Regulation and ensure that they are implemented.

(33) In order to ensure uniform conditions for the implementation of this Regulation, implementing powers should be conferred to the Commission. Those powers should be exercised in accordance with Regulation (EU) No 182/2011 of the European Parliament and of the Council of 16 February 2011 laying down the rules and general principles concerning mechanisms for control by Member States of the Commission's exercise of implementing powers[25].

(34) In order to adopt technical amendments of the annexes, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of the adoption of technical amendments to the annexes in accordance with Article 58. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing-up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

(35) This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union, notably the protection of personal data (Article 8) and the right to an effective remedy (Article 51), and has to be applied in accordance with those rights and principles.

(36) Since the establishment of a common RTP and the creation of common obligations, conditions and procedures for the storage of data on registered travellers cannot be sufficiently achieved by the Member States alone and can therefore, by virtue of the scale and impact of the action, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 of the Treaty on European Union. In accordance with the principle of proportionality, as set out in that Article, the Regulation does not go beyond what is necessary in order to achieve this objective.

(37) In accordance with Articles 1 and 2 of the Protocol (No 22) on the position of Denmark, annexed to the Treaty on European Union and the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. Given that this Regulation builds upon the Schengen acquis, Denmark shall, in accordance with Article 4 of that Protocol, decide within a period of six months after the Council has decided on this Regulation whether it will implement it in its national law.

(38) This Regulation constitutes a development of the provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis[26], the United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.

(39) This Regulation constitutes a development of the provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland’s request to take part in some of the provisions of the Schengen acquis[27]; Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.

(40) As regards Iceland and Norway, this Regulation constitutes a development of the provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis[28], which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of that Agreement[29].

(41) As regards Switzerland, this Regulation constitutes a development of the provisions of the Schengen acquis withing the meaning of the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[30] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2008/146/EC[31].

(42) As regards Liechtenstein, this Regulation constitutes a development of the provisions of the Schengen acquis, as provided for by the Protocol between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis[32] which fall within the area referred to in Article 1, point A of Council Decision 1999/437/EC of 17 May 1999 read in conjunction with Article 3 of Council Decision 2011/350/EU[33].

(43) As regards Cyprus, this Regulation constitutes an act building upon, or otherwise related to, the Schengen acquis, within the meaning of Article 3(2) of the 2003 Act of Accession.

(44) This Regulation constitutes an act building upon, or otherwise related to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession.

(45) As the registered travellers have been subjected to all necessary controls and pre-screening by those Member States fully implementing the Schengen acquis and do not represent any risk for Bulgaria, Romania and Cyprus, the latter Member States may recognise unilaterally the RTP membership of the registered traveller to benefit from facilitation of border checks at their external borders.