2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (Recast version) - Main contents

Please note

This page contains a limited version of this dossier in the EU Monitor.

dossier	COM(2012)254 - Establishment of 'EURODAC' for the comparison of fingerprints for the effective application of Regulation (EU) No […/…] ...
document	COM(2012)254
date	May 30, 2012

ò new

(1) A number of substantive changes are to be made to Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention[26] and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention[27]. In the interest of clarity, those Regulations should be recast.

ê 2725/2000/EC recital 1

(1) Member States have ratified the Geneva Convention of 28 July 1951, as amended by the New York Protocol of 31 January 1967, relating to the Status of Refugees.

ê 2725/2000/EC recital 2 (adapted)

(2) Member States have concluded the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed in Dublin on 15 June 1990 (hereinafter referred to as 'the Dublin Convention').

ò new

(2) A common policy on asylum, including a Common European Asylum System, is a constituent part of the European Union's objective of progressively establishing an area of freedom, security and justice open to those who, forced by circumstances, legitimately seek international protection in the Union.

(3) The European Council of 4 November 2004 adopted The Hague Programme which sets the objectives to be implemented in the area of freedom, security and justice in the period 2005-2010. The European Pact on Immigration and Asylum endorsed by the European Council of 15-16 October 2008 called for the completion of the establishment of a Common European Asylum System by creating a single asylum procedure comprising common guarantees and a uniform status for refugees and the beneficiaries of subsidiary protection.

ê 2725/2000/EC recital 3 (adapted)

ð new

(4) For the purposes of applying the Dublin Convention Ö Council Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person][28]Õ, it is necessary to establish the identity of applicants for asylum ð international protection ï and of persons apprehended in connection with the unlawful crossing of the external borders of the Community. It is also desirable, in order effectively to apply the Dublin Convention Ö Council Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ, and in particular points (c) and (e) (b) and (d) of Article 10(1)18(1) thereof, to allow each Member State to check whether an alien Ö third country national or stateless person Õ found illegally present Ö staying Õ on its territory has applied for asylum ð international protection ï in another Member State.

ê 2725/2000/EC recital 4

(5) Fingerprints constitute an important element in establishing the exact identity of such persons. It is necessary to set up a system for the comparison of their fingerprint data.

ê 2725/2000/EC recital 5

ð new

(6) To this end, it is necessary to set up a system known as 'EurodacEURODAC', consisting of a Central Unit ð System ï, to be established within the Commission and which will operate a computerised central database of fingerprint data, as well as of the electronic means of transmission between the Member States and the central database ð Central System, hereinafter the 'Communication Infrastructure'. ï

ò new

(7) The Hague Programme called for the improvement of access to existing data filing systems in the European Union. In addition, The Stockholm Programme called for well targeted data collection and a development of information exchange and its tools that is driven by law enforcement needs.

(8) It is essential in the fight against terrorist offences and other serious criminal offences for the law enforcement authorities to have the fullest and most up-to-date information if they are to perform their tasks. The information contained in EURODAC is necessary for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences. Therefore, the data in EURODAC should be available, subject to the conditions set out in this Regulation, for comparison by the designated authorities of Member States and Europol.

(9) The Commission outlined in its Communication to the Council and the European Parliament on improved effectiveness, enhanced interoperability and synergies among European data bases in the area of Justice and Home Affairs[29] of 24 November 2005 that authorities responsible for internal security could have access to EURODAC in well defined cases, when there would be a substantiated suspicion that the perpetrator of a terrorist or other serious criminal offence has applied for asylum. In this Communication the Commission also found that the proportionality principle requires that EURODAC be queried for these purposes only once there is an overriding public security concern, that is, if the act committed by the criminal or terrorist to be identified is so reprehensible that it justifies querying a database that registers persons with a clean criminal record and it concluded that the threshold for authorities responsible for internal security to query EURODAC must therefore always be significantly higher than the threshold for querying criminal databases.

(10) Moreover, Europol has a key role with respect to cooperation between Member States' authorities in the field of cross-border crime investigation in supporting Union-wide crime prevention, analyses and investigation. Consequently, Europol should also have access to EURODAC data within the framework of its tasks and in accordance with the Decision establishing the European Police Office (Europol) No (2009/371/JHA).[30]

(11) Since EURODAC has been established to facilitate the application of Council Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], access to EURODAC for the purposes of preventing, detecting or investigating terrorist offences and other serious criminal offences constitutes a change of the original purpose of EURODAC, which interferes with the right to respect the private life of individuals whose personal data are processed in EURODAC. Any such interference must be in accordance with the law, which must be formulated with sufficient precision to allow individuals to adjust their conduct and it must protect individuals against arbitrariness and indicate with sufficient clarity the scope of discretion conferred on the competent authorities and the manner of its exercise. Any interference must be necessary in a democratic society to attain a legitimate and proportionate interest and proportionate to the legitimate objective it aims to achieve.

(12) Even though the original purpose for the establishment of EURODAC did not require the facility of requesting comparisons of data with the database on the basis of a latent which is the dactyloscopic trace which may be found at a crime scene, such a facility is a fundamental one in the field of police cooperation. The possibility to compare a latent with the fingerprint data which is stored in EURODAC will provide the designated authorities of the Member States with a very valuable tool in preventing, detecting and investigating terrorist offences and other serious criminal offences, when for example the only evidence available at a crime scene are latents.

(13) This Regulation also lays down the conditions under which requests for comparison of fingerprint data with EURODAC data for the purposes of preventing, detecting or investigating terrorist offences and other serious criminal offences should be allowed and the necessary safeguards to ensure the protection of the fundamental right to respect for the private life of individuals whose personal data are processed in EURODAC.

(14) In view of ensuring equal treatment for all applicants and beneficiaries of international protection, as well as in order to ensure consistency with current Union asylum acquis, in particular with Council Directive 2004/83/EC of 29 April 2004 on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted[31] and Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], it is appropriate to extent the scope of this Regulation to order to include applicants for subsidiary protection and persons enjoying subsidiary protection.

ê 2725/2000/EC recital 6 (adapted)

ð new

(15) It is also necessary to require the Member States promptly to take ð and transmit ï fingerprints ð data ï of every applicant for asylum ð international protection ï and of every alien Ö third country national or stateless person Õ who is apprehended in connection with the irregular crossing of an external border of a Member State, if they are at least 14 years of age.

ê 2725/2000/EC recital 7 (adapted)

ð new

(16) It is necessary to lay down precise rules on the transmission of such fingerprint data to the Central Unit ð System ï, the recording of such fingerprint data and other relevant data in the Central Unit ð System ï, their storage, their comparison with other fingerprint data, the transmission of the results of such comparison and the blocking ð marking ï and erasure of the recorded data. Such rules may be different for, and should be specifically adapted to, the situation of different categories of aliens Ö third country nationals or stateless persons Õ.

ò new

(17) Hits obtained from EURODAC should be verified by a fingerprint expert in order to ensure the accurate determination of responsibility under Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].

ê 2725/2000/EC recital 8 (adapted)

ð new

(18) Aliens Ö Third country nationals or stateless persons Õ who have requested asylum ð international protection ï in one Member State may have the option of requesting asylum ð international protection ï in another Member State for many years to come. Therefore, the maximum period during which fingerprint data should be kept by the Central Unit ð System ï should be of considerable length. Given that most aliens Ö third country nationals or stateless persons Õ who have stayed in the Community Ö European Union Õ for several years will have obtained a settled status or even citizenship of a Member State after that period, a period of ten years should be considered a reasonable period for the conservation of fingerprint data.

ê 2725/2000/EC recital 9 (adapted)

(19) The conservation period should be shorter in certain special situations where there is no need to keep fingerprint data for that length of time. Fingerprint data should be erased immediately once aliens Ö third country nationals or stateless persons Õ obtain citizenship of a Member State.

ò new

(20) It is appropriate to store data relating to those data subjects whose fingerprints were initially recorded in EURODAC upon lodging their applications for international protection and who have been granted international protection in a Member State in order to allow data recorded upon lodging an application for international protection to be compared against them.

(21) The European Agency for the operational management of large-scale information systems in the area of freedom security and justice established by Regulation (EU) n° 1077/2011 of the European Parliament and of the Council of 25 October 2011[32] (the 'Agency') has been entrusted with the Commission's tasks relating to the operational management of EURODAC in accordance with this Regulation and with certain taks relating to the communication infrastructure as from the date on which the Agency takes up its responsibilities as of 1 December 2012. The Agency should take up the tasks entrusted to it under this Regulation and the relevant provisions of Regulation (EU) No 1077/2011 should be amended accordingly. In addition, Europol should have observer status at the meetings of the Management Board of the Agency, when a question in relation to the application of this Regulation concerning access for consultation of Eurodac by designated authorities of Member States and by Europol for the purposes of the prevention, detection and investigation of terrorist offences and of other serious criminal offences is on the agenda. Europol should be able to appoint a representative to the Eurodac Advisory Group of the Agency.

(22) The Staff Regulations of Officials of the European Union (Staff Regulations of Officials) and the Conditions of Employment of Other Servants of the European Union (Conditions of Employment), laid down in Regulation (EEC, Euratom, ECSC) No 259/68 (15) (together referred to as the ‘Staff Regulations’), should apply to all staff working in the Agency on matters pertaining to this Regulation.

ê 2725/2000/EC recital 10 (adapted)

ð new

(23) It is necessary to lay down clearly the respective responsibilities of the Commission ð and the Agency ï, in respect of the Central Unit ð System ï ð and the Communication Infrastructure ï, and of the Member States, as regards data use processing, data security, access to, and correction of, recorded data.

ò new

(24) It is necessary to designate the competent Member States' authorities as well as the National Central Access Point through which the requests for comparison with EURODAC data are done and to keep a list of the operating units within the designated authorities that are authorised to request such comparison for the specific purposes of the prevention, detection and investigation of terrorist offences as referred to in the Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism[33] and of other serious criminal offences as referred to in the Council Framework Decision 2002/584/JHA of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States[34].

(25) Requests for comparison with data stored in the EURODAC central database shall be made by the operating units within the designated authorities to the National Access Point, through the verifying authority and shall be reasoned. The operating units within the designated authorities that are authorised to request comparisons with EURODAC data shall not act as a verifying authority. The verifying authorities should be responsible for ensuring strict compliance with the conditions for access as established in this Regulation.The verifying authorities should then forward the request for comparison through the National Access Point to the EURODAC Central System following verification of whether all conditions for access are fulfilled. In the exceptional case of urgency where early access is necessary to respond to a specific and actual threat related to terrorist offences or serious crime, the verifying authority should process the request immediately and only do the verification afterwards.

(26) For the purposes of protection of personal data, and to exclude systematic comparisons which should be forbidden, the processing of EURODAC data should only take place on a case-by-case basis and when it is necessary for the purposes of preventing, detecting and investigating terrorist offences and other serious criminal offences. In addition access should only be allowed when comparisons with the national databases of the Member State and with the Automated Fingerprint Databases of other Member States under the Council Decision 2008/615/JHA of 23 June 2008 on the stepping up of cross-border cooperation, particularly in combating terrorism and cross-border crime[35] have returned negative results. This condition requires prior implementation of the Council Decision as it shall not be permitted to conduct a EURODAC check for law enforcement purposes where these above steps have not been first undertaken. A specific case exists in particular when the request for comparison is connected to a specific and concrete situation or to a specific and concrete danger associated with a terrorist or other serious criminal offence, or to specific persons in respect of whom there are serious grounds for believing that the persons will commit or have committed terrorist offences or other serious criminal offences. A specific case also exists when the request for comparison is connected to a person who is a victim of a terrorist or other serious criminal offence. The designated authorities and Europol should thus only request a comparison with EURODAC when they have reasonable grounds to believe that such a comparison will provide information that will substantially assist them in preventing, detecting or investigating a terrorist or other serious criminal offence.

(27) In case the requesting Member State establishes that EURODAC data pertains to a minor, these data may only be used for law enforcement purposes by the requesting Member State in accordance with that State’s laws for minors and in accordance with the obligation to give primary consideration to the child's best interest.

ê 2725/2000/EC recital 11

(28) While the non-contractual liability of the Community in connection with the operation of the EurodacEURODAC system will be governed by the relevant provisions of the Treaty, it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

ê 2725/2000/EC recital 12

(29) In accordance with the principle of subsidiarity as set out in Article 5 of the Treaty, the objective of the proposed measures, namely the creation within the Commission of a system for the comparison of fingerprint data to assist the implementation of the Community's asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Community. In accordance with the principle of proportionality as set out in the said Article, this Regulation does not go beyond what is necessary to achieve that those objectives.

ê 2725/2000/EC recital 15 (adapted)

ð new

(30) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[36] applies to the processing of personal data by the Member States Ö carried out in application of this Regulation Õ within the framework of the Eurodac system ð unless such processing takes place by Member States' designated authorities for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences ï.

ò new

(31) Council Framework Decision 2008/977/JHA of 27 November 2008 on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters[37] applies to all processing of personal data by Member States' designated authorities for the purposes of the prevention, detection and investigation of terrorist offences and other serious criminal offences pursuant to this Regulation.

ê 2725/2000/EC recital 16

(16) By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to Community institutions and bodies. Since the Central Unit will be established within the Commission, that Directive will apply to the processing of personal data by that Unit.

ê 2725/2000/EC recital 17

(32) The principles set out in Directive 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to privacy, with regard to the processing of personal data should be supplemented or clarified, in particular as far as certain sectors are concerned.

ò new

(33) Transfers of data obtained pursuant to this Decision to third countries or international organisations or private entities should be prohibited, in order to ensure the right to asylum and to safeguard applicants for international protection from having their data disclosed to any third country. This prohibition shall be without prejudice to the right of Member States to transfer such data to third countries to which Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] applies, in order to ensure that Member States have the possibility of cooperating with such third countries for the purposes of this Regulation.

(34) National competent authorities for the supervision of the processing of personal data should monitor the lawfulness of the processing of personal data by the Member States, and the supervisory authority set up by the Europol Decision should monitor the lawfulness of data processing activities performed by Europol.

(35) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[38] and in particular Articles 21 and 22 thereof concerning confidentiality and security of processing apply to the processing of personal data by Union institutions, bodies, offices and agencies carried out in application of this Regulation. However, certain points should be clarified in respect of the responsibility for the processing of data and of the supervision of data protection.

(36) It is appropriate that national supervisory authorities monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor, as referred to in Article 41 of Regulation (EC) No 45/2001, should monitor the activities of the Union institutions, bodies, offices and agencies in relation to the processing of personal data carried out in application of this Regulation.

ê 2725/2000/EC recital 18

ð new

(37) It is appropriate to monitor and evaluate the performance of EurodacEURODAC ð at regular intervals ï.

ê 2725/2000/EC recital 19 (adapted)

ð new

(38) Member States should provide for a system of Öeffective, proportionate and dissuasiveÕ penalties to sanction the processing use of data ÖenteredÕ in the central database ð Central System ï contrary to the purpose of EurodacEURODAC.

ò new

(39) It is necessary that Member States are informed of the status of particular asylum procedures, with a view to facilitating the adequate application of Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].

(40) This Regulation respects and has to be applied in accordance with fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation fully respects the individual’s right to protection of his or her personal data and the right to asylum.

(41) In accordance with Articles 1 and 2 of the Protocol on the position of Denmark annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, Denmark is not taking part in the adoption of this Regulation and is not bound by it or subject to its application. As regards Denmark, this Regulation, with the exception of the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, constitutes amendment to the EURODAC Regulation within the meaning of the Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and ‘Eurodac’ for the comparison of fingerprints for the effective application of the Dublin Convention[39]. Consequently, in accordance with Article 3 thereof, Denmark is to notify the Commission whether it will implement the contents of this Regulation and when it does so, this Regulation creates mutual obligations under international law between Denmark and the European Union. Once this Recast Regulation is adopted and subject to a Commission recommendation for a Council Decision authorising the opening of negotiations, Denmark will be consulted as to whether it wishes to enter into negotiations on complementary agreements also covering the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43.

(42) In accordance with Article 3 of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, the United Kingdom [is not taking part in the adoption of this Regulation and is not bound by it or subject to its application / has notified its wish to take part in the adoption and application of this Regulation].

(43) In accordance with Article 3 of the Protocol on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice, annexed to the Treaty on European Union and to the Treaty on the Functioning of the European Union, and without prejudice to Article 4 of that Protocol, Ireland [is not taking part in the adoption of this Regulation and is not bound by it or subject to its application / has notified its wish to take part in the adoption and application of this Regulation].

(44) As regards the Republic of Iceland and the Kingdom of Norway, this Regulation, with the exception of the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, constitutes a new measure related to EURODAC within the meaning of the Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway[40]. Consequently, subject to their decision to implement it in their internal legal order, this Regulation shall be applied between the Republic of Iceland and the Kingdom of Norway in their mutual relations and in there relations with the Member States of the European Union. Once this Recast Regulation is adopted and subject to a Commission recommendation for a Council Decision authorising the opening of negotiations, the Republic of Iceland and the Kingdom of Norway will be consulted as to whether they wish to enter into negotiations on complementary agreements also covering the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43.

(45) As regards the Swiss Confederation, this Regulation, with the exception of the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, constitutes a new measure related to EURODAC within the meaning of the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland[41]. Consequently, subject to its decision to implement it in its internal legal order, this Regulation shall be applied between the Swiss Confederation and the Member States of the European Union. Once this Recast Regulation is adopted and subject to a Commission recommendation for a Council Decision authorising the opening of negotiations, the Swiss Confederation will be consulted as to whether it wishes to enter into negotiations on complementary agreements also covering the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, subject to a separate agreement on the application of relevant provisions of Council Decision 2008/615/JHA on the stepping up of cross-border cooperation.

(46) As regards the Principality of Liechtenstein, this Regulation, with the exception of the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, constitutes a new measure related to EURODAC within the meaning of the Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland[42]. Consequently, subject to its decision to implement it in its internal legal order, this Regulation shall be applied between the Principality of Liechtenstein, the Swiss Confederation and the Member States of the European Union. Once this Recast Regulation is adopted and subject to a Commission recommendation for a Council Decision authorising the opening of negotiations, the Principality of Liechtenstein will be consulted as to whether it wishes to enter into negotiations on complementary agreements also covering the procedure for comparison and data transmission for law enforcement purposes laid down in Articles 5, 6, 19-22, 33, 36, 39(3), 40(8) and 43, subject to a separate agreement on their application of relevant provisions of Council Decision 2008/615/JHA on the stepping up of cross-border cooperation.

ê 2725/2000/EC recital 22 (adapted)

(47) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of the Dublin Convention Ö Regulation (EU) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ .

ê 2725/2000/EC (adapted)

ð new