REPORT on the proposal for a regulation of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1987/2006

10.11.2017 - (COM(2016)0882 – C8‑0533/2017 – 2016/0408(COD)) - ***I

Committee on Civil Liberties, Justice and Home Affairs
Rapporteur: Carlos Coelho


Procedure : 2016/0408(COD)
Document stages in plenary
Document selected :  
A8-0347/2017

DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION

on the proposal for a regulation of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1987/2006

(COM(2016)0882 – C8‑0533/2017 – 2016/0408(COD))

(Ordinary legislative procedure: first reading)

The European Parliament,

–  having regard to the Commission proposal to Parliament and the Council (COM(2016)0882),

–  having regard to Article 294(2) and Articles 77(2)(b) and (d) and 79(2)(c) of the Treaty on the Functioning of the European Union, pursuant to which the Commission submitted the proposal to Parliament (C8‑0533/2017),

–  having regard to Article 294(3) of the Treaty on the Functioning of the European Union,

–  having regard to Rule 59 of its Rules of Procedure,

–  having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs and the opinion of the Committee on Foreign Affairs (A8-0347/2017),

1.  Adopts its position at first reading hereinafter set out;

2.  Calls on the Commission to refer the matter to Parliament again if it replaces, substantially amends or intends to substantially amend its proposal;

3.  Instructs its President to forward its position to the Council, the Commission and the national parliaments.

Amendment    1

Proposal for a regulation

Recital 6

Text proposed by the Commission

Amendment

(6)  It is necessary to specify the objectives of SIS, its technical architecture and its financing, to lay down rules concerning its end-to-end operation and use and to define responsibilities, the categories of data to be entered into the system, the purposes for which the data are to be entered, the criteria for their entry, the authorities authorised to access the data, the use of biometric identifiers and further rules on data processing.

(6)  It is necessary to specify the objectives of SIS, its technical architecture and its financing, to lay down rules concerning its end-to-end operation and use and to define responsibilities, the categories of data to be entered into the system, the purposes for which the data are to be entered, the criteria for their entry, rules on the deletion of alerts, the authorities authorised to access the data, the use of biometric identifiers and further rules on data protection and data processing.

Justification

Rules on the deletion of redundant alerts and on data protection issues specific to SIS should also be laid down in this Regulation.

Amendment    2

Proposal for a regulation

Recital 6 a (new)

Text proposed by the Commission

Amendment

 

(6 a)  Competent authorities should be able to enter into SIS specific information relating to any specific, objective, physical characteristics of a person not subject to change. This information may relate to characteristics such as piercings, tattoos, marks, scars, etc. However, pursuant to Article 9 of Regulation (EU) 2016/679 of the European Parliament and of the Council1a1a, the data entered into SIS should not reveal sensitive information about a person such as ethnicity, religion, disability, gender or sexual orientation.

 

_______________

 

1a Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 20017 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1).

Amendment    3

Proposal for a regulation

Recital 7

Text proposed by the Commission

Amendment

(7)  SIS includes a central system (Central SIS) and national systems with a full or partial copy of the SIS database. Considering that SIS is the most important information exchange instrument in Europe, it is necessary to ensure its uninterrupted operation at central as well as at national level. Therefore each Member State should establish a partial or full copy of the SIS database and should set up its backup system.

(7)  SIS includes a central system (Central SIS) and national systems which may contain a full or partial copy of the SIS database. Considering that SIS is the most important information exchange instrument in Europe, it is necessary to ensure its uninterrupted operation at central as well as at national level. For this reason there should be a reliable common backup system of the Central SIS (an active-active solution) ensuring the continuous availability of SIS data to end-users in the event of a failure, upgrades or maintenance of the central system and a backup communication infrastructure. Considerable investments are needed to bolster and improve the central system, its backup systems and the communications infrastructure.

Amendment    4

Proposal for a regulation

Recital 8

Text proposed by the Commission

Amendment

(8)  It is necessary to maintain a manual setting out the detailed rules for the exchange of certain supplementary information concerning the action called for by alerts. National authorities in each Member State (the SIRENE Bureaux), should ensure the exchange of this information.

(8)  It is necessary to maintain a manual setting out the detailed rules for the exchange of certain supplementary information concerning the action called for by alerts (the SIRENE Manual). National authorities in each Member State (the SIRENE Bureaux), should ensure the exchange of this information in a fast and efficient manner. In the case of alerts on terrorism offences or on children the SIRENE Bureaux should act immediately.

Amendment    5

Proposal for a regulation

Recital 9

Text proposed by the Commission

Amendment

(9)  In order to maintain the efficient exchange of supplementary information concerning the action to be taken specified in the alerts, it is appropriate to reinforce the functioning of the SIRENE Bureaux by specifying the requirements concerning available resources, user training and the response time to the inquiries received from other SIRENE Bureaux.

(9)  In order to ensure the efficient exchange of supplementary information concerning the action to be taken specified in the alerts, it is appropriate to reinforce the functioning of the SIRENE Bureaux by specifying the requirements concerning available resources, user training and the response time to the inquiries received from other SIRENE Bureaux.

Amendment    6

Proposal for a regulation

Recital 9 a (new)

Text proposed by the Commission

Amendment

 

(9a)  In order to be able to fully exploit the functionalities of SIS, Member States should ensure that end-users and the staff of the SIRENE Bureaux regularly receive training, including on data security and protection. National standards for training end-users on data quality principles and practice should be established in cooperation with the national SIRENE Bureau. Member States should call upon the staff of the SIRENE Bureaux to help train all authorities entering alerts, with a focus on data quality and maximising the use of SIS II. The delivery of training should be in compliance with the Sirene Trainers’ Manual. To the extent possible, SIRENE Bureaux should also provide for staff exchanges with other SIRENE Bureaux at least once a year. Member States are encouraged to take appropriate measures to avoid the loss of skills and experience through staff turnover.

Amendment    7

Proposal for a regulation

Recital 11

Text proposed by the Commission

Amendment

(11)  Without prejudice to the responsibility of Member States for the accuracy of data entered into SIS, the Agency should become responsible for reinforcing data quality by introducing a central data quality monitoring tool, and for providing reports at regular intervals to the Member States.

(11)  Without prejudice to the responsibility of Member States for the accuracy of data entered into SIS, the Agency should become responsible for reinforcing data quality by introducing a central data quality monitoring tool, and for providing reports at regular intervals to the Member States. To further increase the quality of data in SIS, the Agency should also offer training on the use of SIS to national training bodies and, insofar as possible, to SIRENE staff and to end-users. Such training should focus in particular on measures to improve the quality of SIS data.

Amendment    8

Proposal for a regulation

Recital 12

Text proposed by the Commission

Amendment

(12)  In order to allow better monitoring of the use of SIS to analyse trends concerning migratory pressure and border management, the Agency should be able to develop a state-of-the-art capability for statistical reporting to the Member States, the Commission, Europol and the European Border and Cost Guard Agency without jeopardising data integrity. Therefore, a central statistical repository should be established. Any statistic produced should not contain personal data.

(12)  In order to allow better monitoring of the use of SIS to analyse trends concerning migratory pressure and border management, the Agency should be able to develop a state-of-the-art capability for statistical reporting to the Member States, European Parliament, the Council, the Commission, Europol and the European Border and Cost Guard Agency without jeopardising data integrity. Therefore, a central statistical repository should be established. Any statistic retained in the repository or produced by the repository should not contain personal data as defined in Regulation (EC) No 45/2001 of the European Parliament and of the Council1a.

 

________________

 

1a Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p. 1).

Amendment    9

Proposal for a regulation

Recital 13

Text proposed by the Commission

Amendment

(13)  SIS should contain further data categories to allow end-users to take informed decisions based upon an alert without losing time. Therefore alerts for the purpose of refusal of entry and stay should hold information concerning the decision on which the alert is based. Furthermore, in order to facilitate identification and detect multiple identities, the alert should include a reference to the personal identification document or number and a copy of such document, where available.

(13)  SIS should contain further data categories to allow end-users to take informed decisions based upon an alert without losing time. Therefore alerts for the purpose of refusal of entry and stay should hold information concerning the decision on which the alert is based. Furthermore, in order to facilitate identification and detect multiple identities, the alert should include a reference to the personal identification document or number and a colour copy of such document, where available.

Amendment    10

Proposal for a regulation

Recital 15

Text proposed by the Commission

Amendment

(15)  SIS should permit the processing of biometric data in order to assist in the reliable identification of the individuals concerned. In the same perspective, SIS should also allow for the processing of data concerning individuals whose identity has been misused (in order to avoid inconveniences caused by their misidentification), subject to suitable safeguards; in particular with the consent of the individual concerned and a strict limitation of the purposes for which such data can be lawfully processed.

(15)  SIS should permit the processing of biometric data in order to assist in the reliable identification of the individuals concerned. Any entry and use of photographs, facial images or dactyloscopic data may not exceed what is necessary for the objectives pursued, must be authorised by Union law, respect fundamental rights, including the best interests of the child, and be in accordance with relevant provisions on data protection laid down in the SIS legal instruments, Regulation (EU) 2016/679 and Directive (EU) 2016/680 of the European Parliament and of the Council1a. In the same perspective, SIS should also allow for the processing of data concerning individuals whose identity has been misused (in order to avoid inconveniences caused by their misidentification), subject to suitable safeguards; in particular with the consent of the individual concerned and a strict limitation of the purposes for which such personal data can be lawfully processed.

 

_______________

 

1a Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 20017 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, p. 89).

Amendment    11

Proposal for a regulation

Recital 16

Text proposed by the Commission

Amendment

(16)  Member States should make the necessary technical arrangement so that each time the end-users are entitled to carry out a search in a national police or immigration database they also search SIS in parallel in accordance with Article 4 of Directive (EU) 2016/680 of the European Parliament and of the Council44 . This should ensure that SIS functions as the main compensatory measure in the area without internal border controls and better address the cross-border dimension of criminality and the mobility of criminals.

(16)  Member States should make the necessary technical arrangement so that each time the end-users are entitled to carry out a search in a national police or immigration database they also search SIS in parallel in full respect of Article 4 of Directive (EU) 2016/680 of the European Parliament and of the Council44 and Article 5 of Regulation (EU) 2016/679. This should ensure that SIS functions as the main compensatory measure in the area without internal border controls and better address the cross-border dimension of criminality and the mobility of criminals.

__________________

__________________

44 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data and repealing Council Framework Decision 2008/977/JHA, OJ L 119, 4.5.2016 (OJ L 119, 4.5.2016, p. 89).

 

Amendment    12

Proposal for a regulation

Recital 17

Text proposed by the Commission

Amendment

(17)  This Regulation should set out the conditions for use of dactylographic data and facial images for identification purposes. The use of facial images for identification purposes in SIS should also help ensure consistency in border control procedures where identification and the verification of identity are required by the use of dactylographic data and facial images. Searching with dactylographic data should be mandatory if there is any doubt concerning the identity of a person. Facial images for identification purposes should only be used in the context of regular border controls in self-service kiosks and electronic gates.

(17)  This Regulation should set out the conditions for use of dactyloscopic data, photographs and facial images for identification purposes. The use of dactyloscopic data and facial images for identification purposes in SIS should also help ensure consistency in border control procedures where identification and the verification of identity are required by the use of fingerprints and facial images. Searching with dactyloscopic data should be mandatory if the identity of a person cannot be ascertained by any other means. To verify whether the person already appears in SIS under another identity or alert, it should be possible to carry out a fingerprint search before a new alert is entered. Facial images for identification purposes should only be used in the context of regular border controls in self-service kiosks and electronic gates.

Amendment    13

Proposal for a regulation

Recital 17 a (new)

Text proposed by the Commission

Amendment

 

(17a)  The introduction of an automated fingerprint identification service within SIS complements the existing Prüm mechanism on mutual cross-border online access to designated national DNA databases and automated fingerprint identification systems. The Prüm mechanism enables interconnectivity of national fingerprint identification systems whereby a Member State can launch a request to ascertain if the perpetrator of a crime whose fingerprints have been found, is known in any other Member State. The Prüm mechanism verifies if the owner of the fingerprints are known in one point in time. Therefore, if the perpetrator becomes known in any of the Member States later on he or she will not necessarily be captured. The SIS dactyloscopic data search allows an active search of the perpetrator.

Amendment    14

Proposal for a regulation

Recital 18

Text proposed by the Commission

Amendment

(18)  Fingerprints found at a crime scene should be allowed to be checked against the dactylographic data stored in SIS if it can be established to a high degree of probability that they belong to the perpetrator of the serious crime or terrorist offence. Serious crime should be the offences listed in Council Framework Decision 2002/584/JHA45 and ‘terrorist offence’ should be offences under national law referred to in Council Framework Decision 2002/475/JHA46.

(18)  Complete or incomplete sets of fingerprints or palm prints found at a crime scene should be allowed to be checked against the dactyloscopic data stored in SIS if it can be established to a very high degree of probability that they belong to the perpetrator of the serious crime or terrorist offence, provided that the competent authorities are unable to establish the identity of the person by using any other national, Union or international database.

__________________

__________________

45 Council Framework Decision (2002/584/JHA) of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (0J L 190, 18.07.2002, p. 1).

 

46 Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164, 22.6.2002, p. 3).

 

Amendment    15

Proposal for a regulation

Recital 20

Text proposed by the Commission

Amendment

(20)  A greater level of effectiveness, harmonisation and consistency can be achieved by making it mandatory to enter in SIS all entry bans issued by the competent authorities of the Member States in accordance with procedures respecting Directive 2008/115/EC47 , and by setting common rules for entering such alerts following the return of the illegally staying third country national. Member States should take all necessary measures to ensure that no time-gap exist between the moment in which the third-country national leaves the Schengen area and the activation of the alert in SIS. This should ensure the successful enforcement of entry bans at external border crossing points, effectively preventing re-entry into the Schengen area.

(20)  A greater level of effectiveness, harmonisation and consistency can be achieved by making it mandatory to enter in SIS all entry bans issued by the competent authorities of the Member States in accordance with procedures respecting Directive 2008/115/EC47 , and by setting common rules for entering such alerts following the return of the irregular staying third country national. Member States should take all necessary measures to ensure that no time-gap exist between the moment in which the third-country national leaves the Schengen area and the activation of the alert in SIS. This should ensure the enforcement of entry bans at external border crossing points, effectively preventing re-entry into the Schengen area.

_________________

_________________

47 Directive 2008/115/EC of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals (OJ L 348, 24.12.2008, p. 98).

47 Directive 2008/115/EC of the European Parliament and of the Council of 16 December 2008 on common standards and procedures in Member States for returning illegally staying third-country nationals (OJ L 348, 24.12.2008, p. 98).

Justification

Language amended for technical purposes.

Amendment    16

Proposal for a regulation

Recital 21

Text proposed by the Commission

Amendment

(21)  This Regulation should set mandatory rules for the consultation of national authorities in case a third country national holds or may obtain a valid residence permit or other authorisation or right to stay granted in one Member State, and another Member State intends to issue or already entered an alert for refusal of entry and stay to the third country national concerned. Such situations create serious uncertainties for border guards, police and immigration authorities. Therefore, it is appropriate to provide for a mandatory timeframe for rapid consultation with a definite result in order to avoid that persons representing a threat may enter to the Schengen area.

(21)  This Regulation should set mandatory rules for the consultation of national authorities in case a third country national holds or may obtain a valid residence permit or other authorisation or right to stay granted in one Member State, and another Member State intends to issue or already entered an alert for refusal of entry and stay to the third country national concerned. Such situations create serious uncertainties for border guards, police and immigration authorities. Therefore, it is appropriate to provide for clear guidelines and a mandatory timeframe for rapid consultation with a definite result in order to avoid that those entitled to reside lawfully in the Union are entitled to enter the Union without difficulty and that those who are not entitled to enter the Union are prevented from doing so.

Justification

The Recital should remain neutral as to the outcome of discussions between Member States. In some cases, an individual will be granted a residence permit. In other cases, an entry ban maybe maintained against an individual.

Amendment    17

Proposal for a regulation

Recital 23

Text proposed by the Commission

Amendment

(23)  Alerts should not be kept in SIS longer than the time required to fulfil the purposes for which they were issued. In order reduce the administrative burden on the authorities involved in processing data on individuals for different purposes, it is appropriate to align the maximum retention period of refusal of entry and stay alerts with the possible maximum length of entry bans issued in accordance with procedures respecting Directive 2008/115/EC. Therefore, the retention period for alerts on persons should be a maximum of five years. As a general principle, alerts on persons should be automatically deleted from SIS after a period of five years. Decisions to keep alerts on persons should be based on a comprehensive individual assessment. Member States should review alerts on persons within the defined period and keep statistics about the number of alerts on persons for which the retention period has been extended.

(23)  Alerts should not be kept in SIS longer than the time required to fulfil the specific purposes for which they were issued. Therefore, the review period for alerts on persons should be a maximum of three years. As a general principle, alerts on persons should be deleted from SIS after a period of three years. Decisions to keep alerts on persons should be based on a comprehensive individual assessment. Member States should review alerts on persons within the defined period and keep statistics about the number of alerts on persons for which the retention period has been extended.

Amendment    18

Proposal for a regulation

Recital 24

Text proposed by the Commission

Amendment

(24)  Entering and extending the expiry date of a SIS alert should be subject to the necessary proportionality requirement, examining whether a concrete case is adequate, relevant and important enough to insert an alert in SIS. In cases of offences pursuant Articles 1, 2, 3 and 4 of Council Framework Decision 2002/475/JHA on combating terrorism49 an alert should always be created on third country nationals for the purposes of refusal of entry and stay taking into account the high level of threat and overall negative impact such activity may result in.

(24)  Entering and extending the expiry date of a SIS alert should be subject to the necessary proportionality requirement, examining whether a concrete case is adequate, relevant and important enough to insert an alert in SIS. In cases of offences pursuant to Directive (EU) 2017/541 an alert should where certain conditions are fulfilled be created on third country nationals for the purposes of refusal of entry and stay taking into account the high level of threat and overall negative impact such activity may result in. This should be done taking into account possible threats to public policy or national security, and in compliance with international law obligations, in particular the European Convention for the Protection of Human Rights and Fundamental Freedoms and the Convention Relating to the Status of Refugees.

__________________

 

49 Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164, 22.6.2002, p. 3).

 

Amendment    19

Proposal for a regulation

Recital 25

Text proposed by the Commission

Amendment

(25)  The integrity of SIS data is of primary importance. Therefore, appropriate safeguards should be provided to process SIS data at central as well as at national level to ensure the end-to-end security of data. The authorities involved in the data processing should be bound by the security requirements of this Regulation and be subject to a uniform incident reporting procedure.

(25)  The integrity of SIS data is of primary importance. Therefore, appropriate safeguards should be provided to process SIS data at central as well as at national level to ensure the end-to-end security of data. The authorities involved in the data processing should be bound by the security requirements of this Regulation, be appropriately trained for that purpose, be subject to a uniform incident reporting procedure and be informed of any offences and criminal penalties in this respect.

Amendment    20

Proposal for a regulation

Recital 26

Text proposed by the Commission

Amendment

(26)  Data processed in SIS in application of this Regulation should not be transferred or made available to third countries or to international organisations.

(26)  Data processed in SIS and the related supplementary information exchanged pursuant to this Regulation should not be transferred or made available to third countries or to international organisations.

Amendment    21

Proposal for a regulation

Recital 27

Text proposed by the Commission

Amendment

(27)  To enhance the efficiency of the work of the immigration authorities when deciding about the right of third country nationals to enter and stay in the territories of the Member States, as well as about the return of illegally staying third country nationals, it is appropriate to grant them access to SIS under this Regulation.

(27)  To enhance the efficiency of the work of the immigration authorities when deciding about the right of third country nationals to enter and stay in the territories of the Member States, as well as about the return of irregularly staying third country nationals, it is appropriate to grant them access to SIS under this Regulation.

Amendment    22

Proposal for a regulation

Recital 28

Text proposed by the Commission

Amendment

(28)  Regulation (EU) 2016/67950 should apply to the processing of personal data under this Regulation by Member States authorities when Directive (EU) 2016/68051 does not apply. Regulation (EC) No 45/2001 of the European Parliament and of the Council52 should apply to the processing of personal data by the institutions and bodies of the Union when carrying out their responsibilities under this Regulation. The provisions of Directive (EU) 2016/680, Regulation (EU) 2016/679 and Regulation (EC) No 45/2001 should be further specified in this Regulation where necessary. With regard to processing of personal data by Europol, Regulation (EU) 2016/794 on the European Union Agency for Law Enforcement cooperation53 (Europol Regulation) applies.

(28)  Regulation (EU) 2016/67950 should apply to the processing of personal data under this Regulation by Member States authorities, unless such processing is carried out by the competent authorities of the Member States for the purposes of the prevention, investigation, detection or prosecution of criminal offences, the execution of criminal penalties or safeguarding against threats to public security.

__________________

__________________

50 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation (OJ L 119, 4.5.2016, p. 1).

50 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation (OJ L 119, 4.5.2016, p. 1).

51 Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data (OJ L 119, 4.5.2016, p.89).

 

52 Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, 12.1.2001, p.1).

 

53 Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 25.5.2016, p. 53).

 

Amendment    23

Proposal for a regulation

Recital 28 a (new)

Text proposed by the Commission

Amendment

 

(28a)  National provisions transposing Directive (EU) 2016/680 should apply to the processing of personal data by the competent authorities of the Member States for the purposes of the prevention, detection, investigation or prosecution of criminal offences, the execution of criminal penalties or safeguarding against threats to public security. Only designated authorities which are responsible for the prevention, detection or investigation of terrorist offences or other serious criminal offences and which Member States can guarantee apply all provisions of this Regulation and those of Directive (EU) 2016/680 as transposed into national law in a manner subject to verification by the competent authorities, including the supervisory authority established in accordance with Article 41(1) of Directive (EU) 2016/680, and whose application of this Regulation is subject to evaluation through the mechanism established by Council Regulation (EU) No 1053/20131a should be entitled to consult the data stored in SIS.

 

__________________

 

1a Council Regulation (EU) No 1053/2013 of 7 October 2013 establishing an evaluation and monitoring mechanism to verify the application of the Schengen acquis and repealing the Decision of the Executive Committee of 16 September 1998 setting up a Standing Committee on the evaluation and implementation of Schengen (OJ L 259, 6.11.2013, p. 27).

Amendment    24

Proposal for a regulation

Recital 28 b (new)

Text proposed by the Commission

Amendment

 

(28b)  Regulation (EC) No 45/2001 should apply to the processing of personal data by the institutions and bodies of the Union when carrying out their responsibilities under this Regulation.

 

__________________

Amendment    25

Proposal for a regulation

Recital 28 c (new)

Text proposed by the Commission

Amendment

 

(28c)  Regulation (EU) 2016/794 of the European Parliament and of the Council 1a should apply to the processing of personal data by Europol under this Regulation.

 

__________________

 

1a Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA (OJ L 135, 25.5.2016, p. 53).

Amendment    26

Proposal for a regulation

Recital 28 d (new)

Text proposed by the Commission

Amendment

 

(28d)  The provisions of Directive (EU) 2016/680, Regulation (EU) 2016/679, Regulation (EU) 2016/794 and Regulation (EC) No 45/2001 should be further specified in this Regulation where necessary.

Amendment    27

Proposal for a regulation

Recital 31

Text proposed by the Commission

Amendment

(31)  The national independent supervisory authorities should monitor the lawfulness of the processing of personal data by the Member States in relation to this Regulation. The rights of data subjects for access, rectification and erasure of their personal data stored in SIS, and subsequent remedies before national courts as well as the mutual recognition of judgments should be set out. Therefore, it is appropriate to require annual statistics from Member States.

(31)  The national independent supervisory authorities established in accordance with Regulation (EU) 2016/679 and Directive (EU) 2016/680 (supervisory authorities) should monitor the lawfulness of the processing of personal data by the Member States in relation to this Regulation including the exchange of supplementary information, and should be granted sufficient resources to carry out this task. The rights of data subjects for access, rectification, restriction of processing and erasure of their personal data stored in SIS, and subsequent remedies before national courts as well as the mutual recognition of judgments should be set out. Therefore, it is appropriate to require annual statistics from Member States.

Amendment    28

Proposal for a regulation

Recital 32 a (new)

Text proposed by the Commission

Amendment

 

(32a)  The European Data Protection Supervisor should monitor the activities of the Union institutions and bodies in relation to the processing of personal data under this Regulation. The European Data Protection Supervisor and the supervisory authorities should cooperate with each other in the monitoring of SIS.

Amendment    29

Proposal for a regulation

Recital 33

Text proposed by the Commission

Amendment

(33)  Regulation (EU) 2016/794 (Europol Regulation) provides that Europol supports and strengthens actions carried out by the competent authorities of Member States and their cooperation in combating terrorism and serious crime and provides analysis and threat assessments. In order to facilitate Europol in carrying out its tasks, in particular within the European Migrant Smuggling Centre, it is appropriate to allow Europol access to the alert categories defined in this Regulation. Europol's European Migrant Smuggling Centre plays a major strategic role in countering the facilitation of irregular migration, it should obtain access to alerts on persons who are refused entry and stay within the territory of a Member State either on criminal grounds or because of non-compliance with entry and stay conditions.

(33)  Regulation (EU) 2016/794 (Europol Regulation) provides that Europol supports and strengthens actions carried out by the competent authorities of Member States and their cooperation in combating terrorism and serious crime and provides analysis and threat assessments. In order to facilitate Europol in carrying out its tasks, in particular within the European Migrant Smuggling Centre, it is appropriate to allow Europol access to the alert categories defined in this Regulation.

Justification

It is not clear on what basis the Commission assumes that those persons subject to an entry ban are linked to facilitating irregular migration. This form of profiling should not be supported.

Amendment    30

Proposal for a regulation

Recital 34

Text proposed by the Commission

Amendment

(34)  In order to bridge the gap in information sharing on terrorism, in particular on foreign terrorist fighters – where monitoring of their movement is crucial – Member States should share information on terrorism-related activity with Europol in parallel to introducing an alert in SIS, as well as hits and related information. This should allow Europol's European Counter Terrorism Centre to verify if there is any additional contextual information available in Europol's databases and to deliver high quality analysis contributing to disrupting terrorism networks and, where possible, preventing their attacks.

(34)  In order to bridge the gap in information sharing on terrorism, in particular on foreign terrorist fighters – where monitoring of their movement is crucial – Member States should share information on terrorism-related activity with Europol in parallel to introducing an alert in SIS, as well as hits, related information and information in case the action to be taken cannot be carried out. Such sharing of information should take place in accordance with the applicable data protection provisions laid down in Regulation (EU) 2016/679, Directive (EU) 2016/680 and Regulation (EU) 2016/794.

Amendment    31

Proposal for a regulation

Recital 35

Text proposed by the Commission

Amendment

(35)  It is also necessary to set out clear rules for Europol on the processing and downloading of SIS data to allow the most comprehensive use of SIS provided that data protection standards are respected as provided in this Regulation and Regulation (EU) 2016/794. In cases where searches carried out by Europol in SIS reveal the existence of an alert issued by a Member State, Europol cannot take the required action. Therefore it should inform the Member State concerned allowing it to follow up the case.

(35)  It is also necessary to set out clear rules for Europol on the processing and downloading of SIS data to allow the most comprehensive use of SIS provided that data protection standards are respected as provided in this Regulation and Regulation (EU) 2016/794. In cases where searches carried out by Europol in SIS reveal the existence of an alert issued by a Member State, Europol cannot take the required action. Therefore it should immediately inform the Member State concerned allowing it to follow up the case.

Amendment    32

Proposal for a regulation

Recital 36

Text proposed by the Commission

Amendment

(36)  Regulation (EU) 2016/1624 of the European Parliament and of the Council54 provides for the purpose of this Regulation, that the host Member State is to authorise the members of the European Border and Coast Guard teams or teams of staff involved in return-related tasks, deployed by the European Border and Coast Guard Agency, to consult European databases, where this consultation is necessary for fulfilling operational aims specified in the operational plan on border checks, border surveillance and return. Other relevant Union agencies, in particular the European Asylum Support Office and Europol, may also deploy experts as part of migration management support teams, who are not members of the staff of those Union agencies. The objective of the deployment of the European Border and Coast Guard teams, teams of staff involved in return-related tasks and the migration management support teams is to provide for technical and operational reinforcement to the requesting Member States, especially to those facing disproportionate migratory challenges. Fulfilling the tasks assigned to the European Border and Coast Guard teams, teams of staff involved in return-related tasks and to the migration management support teams, necessitates access to SIS via a technical interface of the European Border and Coast Guard Agency connecting to Central SIS. In cases where searches carried out by the team or the teams of staff in SIS reveal the existence of an alert issued by a Member State, the member of the team or the staff cannot take the required action unless authorised to do so by the host Member State. Therefore it should inform the Member States concerned allowing for follow up of the case.

(36)  Regulation (EU) 2016/1624 of the European Parliament and of the Council provides for the purpose of this Regulation, that the host Member State is to authorise the members of the teams as defined in Article 2(8) of Regulation (EU) 2016/1624, deployed by the European Border and Coast Guard Agency, to consult European databases, where this consultation is necessary for fulfilling operational aims specified in the operational plan on border checks, border surveillance and return. Other relevant Union agencies, in particular the European Asylum Support Office and Europol, may also deploy experts as part of migration management support teams, who are not members of the staff of those Union agencies. The objective of the deployment of the teams, as defined in Article 2(8) of Regulation (EU) 2016/1624, and the migration management support teams is to provide for technical and operational reinforcement to the requesting Member States, especially to those facing disproportionate migratory challenges. Fulfilling the tasks assigned to the teams, as defined in Article 2(8) of Regulation (EU) 2016/1624, and to the migration management support teams, necessitates access to SIS via a technical interface of the European Border and Coast Guard Agency connecting to Central SIS. In cases where searches carried out by the team or the teams of staff in SIS reveal the existence of an alert issued by a Member State, the member of the team or the staff cannot take the required action unless authorised to do so by the host Member State. Therefore it should inform the Member States concerned allowing for follow up of the case.

_________________

_________________

54 Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC (OJ L 251 of 16.9.2016, p. 1).

54 Regulation (EU) 2016/1624 of the European Parliament and of the Council of 14 September 2016 on the European Border and Coast Guard and amending Regulation (EU) 2016/399 of the European Parliament and of the Council and repealing Regulation (EC) No 863/2007 of the European Parliament and of the Council, Council Regulation (EC) No 2007/2004 and Council Decision 2005/267/EC (OJ L 251 of 16.9.2016, p. 1).

Amendment    33

Proposal for a regulation

Recital 37

Text proposed by the Commission

Amendment

(37)  In accordance with Regulation (EU) 2016/1624 the European Border and Coast Guard Agency shall prepare risk analyses. These risk analyses shall cover all aspects relevant to European integrated border management, notably threats that may affect the functioning or security of the external borders. Alerts introduced in the SIS in accordance with this Regulation, notably the alerts on refusal of entry and stay are relevant information for assessing possible threats that may affect the external borders and should thus be available in view of the risk analysis which must be prepared by the European Border and Coast Guard Agency. Fulfilling the tasks assigned to the European Border and Coast Guard Agency in relation to risk analysis, necessitates access to SIS. Furthermore, in accordance with Commission proposal for a Regulation of the European Parliament and of the Council establishing a European Travel Information and Authorisation System (ETIAS)55 the ETIAS Central Unit of the European Border and Coast Guard Agency will perform verifications in SIS via ETIAS in order to perform the assessment of the applications for travel authorisation which require, inter alia, to ascertain if the third country national applying for a travel authorisation is subject of a SIS alert. To this end the ETIAS Central Unit within European Border and Coast Guard Agency should also have access to SIS to the extent necessary to carry out its mandate, namely to all alert categories on third country nationals in respect of whom an alert has been issued for the purposes of entry and stay, and those who are subject to restrictive measure intended to prevent entry or transit through Member States.

[(37)  In accordance with [Regulation .../... of the European Parliament and of the Council establishing a European Travel Information and Authorisation System (ETIAS)] the ETIAS Central Unit established within the European Border and Coast Guard Agency will perform verifications in SIS via ETIAS in order to perform the assessment of the applications for travel authorisation which require, inter alia, to ascertain if the third country national applying for a travel authorisation is subject of a SIS alert. To this end the ETIAS Central Unit within European Border and Coast Guard Agency should have access to SIS to the extent which is strictly necessary to carry out its mandate, namely to all alert categories on third country nationals in respect of whom an alert has been issued for the purposes of entry and stay, and those who are subject to restrictive measure intended to prevent entry or transit through Member States.]

__________________

 

55 COM (2016)731 final.

 

Amendment    34

Proposal for a regulation

Recital 38

Text proposed by the Commission

Amendment

(38)  Owing to their technical nature, level of detail and need for regular updating, certain aspects of SIS cannot be covered exhaustively by the provisions of this Regulation. These include, for example, technical rules on entering data, updating, deleting and searching data, data quality and search rules related to biometric identifiers, rules on compatibility and priority of alerts, the adding of flags, links between alerts, setting the expiry date of alerts within the maximum time limit and the exchange of supplementary information. Implementing powers in respect of those aspects should therefore be conferred to the Commission. Technical rules on searching alerts should take into account the smooth operation of national applications.

(38)  Owing to their technical nature, level of detail and need for regular updating, certain aspects of SIS cannot be covered exhaustively by the provisions of this Regulation. These include, for example, technical rules on entering data, updating, deleting and searching data, data quality, the adding of flags and links between alerts. Implementing powers in respect of those aspects should therefore be conferred to the Commission. Technical rules on searching alerts should take into account the smooth operation of national applications.

Justification

Tabled for consistency with later amendments.

Amendment    35

Proposal for a regulation

Recital 38 a (new)

Text proposed by the Commission

Amendment

 

(38a)  The correct application of this Regulation is in the interest of all Member States and necessary to maintain the Schengen area as an area without internal border controls. In order to ensure the correct application of this Regulation by Member States, evaluations conducted through the mechanism established by Regulation (EU) No 1053/2013 are of particular importance. Member States should therefore swiftly address any recommendations made to them. The Commission should, where recommendations are not followed, make use of its powers under the Treaties.

Amendment    36

Proposal for a regulation

Recital 40

Text proposed by the Commission

Amendment

(40)  In order to ensure transparency, a report on the technical functioning of Central SIS and the communication infrastructure, including its security, and on the exchange of supplementary information should be produced every two years by the Agency. An overall evaluation should be issued by the Commission every four years.

(40)  In order to ensure transparency, a report on the technical functioning of Central SIS and the communication infrastructure, including its security, and on the exchange of supplementary information should be produced one year after SIS is brought into operation by the Agency. An overall evaluation should be issued by the Commission every two years.

Amendment    37

Proposal for a regulation

Recital 40 a (new)

Text proposed by the Commission

Amendment

 

(40a)  In order to ensure the smooth functioning of SIS, the power to adopt acts in accordance with Article 290 of the Treaty on the Functioning of the European Union should be delegated to the Commission in respect of:

 

- the adoption of a manual containing detailed rules on the exchange of supplementary information (the SIRENE Manual);

 

- the requirements to be fulfilled for the entering of biometric identifiers into the SIS;

 

- the adoption of the procedure for designating the Member State responsible for entering an alert on third-country nationals subject to restrictive measures;

 

- the use of photographs and facial images for the purpose of identifying persons; and

 

- amendments to the date of application of this Regulation.

 

It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level, and that those consultations be conducted in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making1a. In particular, to ensure equal participation in the preparation of delegated acts, the European Parliament and the Council receive all documents at the same time as Member States' experts, and their experts systematically have access to meetings of Commission expert groups dealing with the preparation of delegated acts.

 

____________________

 

1a OJ L 123, 12.5.2016, p. 1.

Amendment    38

Proposal for a regulation

Recital 42

Text proposed by the Commission

Amendment

(42)  This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation seeks to ensure a safe environment for all persons residing on the territory of the European Union and a protection of irregular migrants from exploitation and trafficking by allowing their identification while fully respecting the protection of personal data.

(42)  This Regulation respects the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation should fully respect the protection of personal data in accordance with Article 8 of the Charter of Fundamental Rights of the European Union while seeking to ensure a safe environment for all persons residing on the territory of the European Union and protection of irregular migrants from exploitation and trafficking. In cases concerning children, the best interests of the child should be a primary consideration.

Justification

Linguistic revision designed to reiterate the need to protect personal data, as this is a fundamental right. The last part of the last sentence is confusing and misleading.

Amendment    39

Proposal for a regulation

Recital 42a (new)

Text proposed by the Commission

Amendment

 

(42a)  All measures taken in relation to the SIS should comply with the Charter of Fundamental Rights of the European Union. Member States should apply guidelines, to be established and monitored jointly by the European Union Agency for Asylum and the European Union Agency for Fundamental Rights, for a common practice with regard to taking fingerprints and facial images of irregular third-country nationals, building upon the checklist prepared by the European Union Agency for Fundamental Rights. At all times Member States should respect the dignity and physical integrity of minors during the fingerprinting procedure and when capturing a facial image. Member States should not use coercion to compel the taking of fingerprints of minors.

Justification

In accordance with the UN Convention on the rights of the Child, children shall be treated with humanity and respect, in a manner which takes into account the needs of their age. Therefore, particular attention shall be paid to the specific situation of minors. The best interest of the child shall always be a primary consideration.

Amendment    40

Proposal for a regulation

Recital 49

Text proposed by the Commission

Amendment

(49)  As regards Bulgaria and Romania, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession and should be read in conjunction with Council Decision 2010/365/EU on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania66 .

(49)  As regards Bulgaria and Romania, this Regulation constitutes an act building upon, or otherwise relating to, the Schengen acquis within the meaning of Article 4(2) of the 2005 Act of Accession and should result in the amendment of Council Decision 2010/365/EU on the application of the provisions of the Schengen acquis relating to the Schengen Information System in the Republic of Bulgaria and Romania66 to enable those two Member States to apply and implement the provisions of this Regulation in full.

_________________

_________________

66 ОJ L 166, 1.7.2010, p. 17.

66 ОJ L 166, 1.7.2010, p. 17.

Amendment    41

Proposal for a regulation

Recital 53

Text proposed by the Commission

Amendment

(53)  The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on …,

(53)  The European Data Protection Supervisor was consulted in accordance with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion on 3 May 2017.

Amendment    42

Proposal for a regulation

Recital 53 a (new)

Text proposed by the Commission

Amendment

 

(53a)  No amendment or new provision in this Regulation should create unnecessary obstacles for Member States who will join or are in the process of joining the Schengen area,

Amendment    43

Proposal for a regulation

Article 2 – title

Text proposed by the Commission

Amendment

Scope

Subject matter

Amendment    44

Proposal for a regulation

Article 2 – paragraph 2

Text proposed by the Commission

Amendment

2.  This Regulation also lays down provisions on the technical architecture of SIS, the responsibilities of the Member States and of the European Agency on the operational management of large-scale IT systems in the area of freedom, security and justice, general data processing, the rights of the persons concerned and liability.

2.  This Regulation also lays down provisions on the technical architecture of SIS, the responsibilities of the Member States and of the European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, general data processing, the rights of the persons concerned and liability.

Justification

Corrects a mistake.

Amendment    45

Proposal for a regulation

Article 3 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  ‘alert’ means a set of data, including biometric identifiers as referred to in Article 22, entered in SIS allowing the competent authorities to identify a person with a view to taking specific action;

(a)  ‘alert’ means a set of data entered in SIS allowing the competent authorities to identify a person with a view to taking specific action;

Justification

There is no need to indicate in the definition of “alert” one type of data which could be entered for an alert. The matter which data is to be inserted in an alert is dealt with in Article 20 on the categories of data.

Amendment    46

Proposal for a regulation

Article 3 – paragraph 1 – point b – introductory part

Text proposed by the Commission

Amendment

(b)  ‘supplementary information’ means information not forming part of the alert data stored in SIS, but connected to SIS alerts, which is to be exchanged:

(b)  ‘supplementary information’ means information not forming part of the alert data stored in SIS, but connected to SIS alerts, which is to be exchanged by the SIRENE Bureaux:

Amendment    47

Proposal for a regulation

Article 3 – paragraph 1 – point e

Text proposed by the Commission

Amendment

(e)  ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’);

(e)  ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); for the purposes of this definition an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Amendment    48

Proposal for a regulation

Article 3 – paragraph 1 – point e a (new)

Text proposed by the Commission

Amendment

 

(ea)  ‘alias’ means an assumed identity used by a person known under other identities;

Amendment    49

Proposal for a regulation

Article 3 – paragraph 1 – point f

Text proposed by the Commission

Amendment

(f)  ‘an identifiable natural person’ is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

deleted

Amendment    50

Proposal for a regulation

Article 3 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g)  ‘processing of personal data’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, logging, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

(g)  ‘processing of personal data’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, logging, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Justification

The Commission proposal replaces ‘recording’ from the current SIS II Council Decision with the word ‘logging’. While it is appropriate to add ‘logging’ to the list of actions which constitute processing, ‘recording’ should also be maintained in that list.

Amendment    51

Proposal for a regulation

Article 3 – paragraph 1 – point h – point 2

Text proposed by the Commission

Amendment

(2)  the search reveals an alert in entered by another Member State in SIS,

(2)  the search reveals that an alert is entered by a Member State in SIS,

Justification

A “hit” can also occur if the alert was inserted by the Member State of the user.

Amendment    52

Proposal for a regulation

Article 3 – paragraph 1 – point k a (new)

Text proposed by the Commission

Amendment

 

(ka)  'biometric identifiers' means personal data resulting from specific technical processing relating to the physical or physiological characteristics of a natural person, which allow or confirm the unique identification of that natural person (facial images, dactyloscopic data);

Amendment    53

Proposal for a regulation

Article 3 – paragraph 1 – point n

Text proposed by the Commission

Amendment

(n)  ‘dactylographic data’ means data on fingerprints and palm prints which due to their unique character of uniqueness and the reference points contained therein enable accurate and conclusive comparisons on a person's identity;

(n)  ‘dactyloscopic data’ means data on fingerprints and palm prints which due to their unique character and the reference points contained therein enable accurate and conclusive comparisons on a person's identity;

 

(Horizontal amendment to be applied throughout the text.)

Amendment    54

Proposal for a regulation

Article 3 – paragraph 1 – point n a (new)

Text proposed by the Commission

Amendment

 

(na)  'facial image' means digital images of the face with a sufficient image resolution and quality to be used in biometric matching;

Amendment    55

Proposal for a regulation

Article 3 – paragraph 1 – point o

Text proposed by the Commission

Amendment

(o)  ‘serious crime’ means offences listed in Article 2(1) and (2) of Framework Decision 2002/584/JHA of 13 June 200268;

deleted

_________________

 

68 Council Framework Decision (2002/584/JHA) of 13 June 2002 on the European arrest warrant and the surrender procedures between Member States (0J L 190, 18.07.2002, p. 1).

 

Amendment    56

Proposal for a regulation

Article 3 – paragraph 1 – point p

Text proposed by the Commission

Amendment

(p)  ‘terrorist offences’ means offences under national law referred to in Articles, 1-4 of Framework Decision 2002/475/JHA of 13 June 200269.

(p)  ‘terrorist offences’ means offences under national law referred to in Articles 3 to 12 and 14 of Directive (EU) 2017/541.

__________________

 

69 Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164, 22.6.2002, p. 3).

 

Amendment    57

Proposal for a regulation

Article 4 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  a national system (N.SIS) in each of the Member States, consisting of the national data systems which communicate with Central SIS. An N.SIS shall contain a data file (a ‘national copy’), containing a complete or partial copy of the SIS database as well as a backup N.SIS. The N.SIS and its backup may be used simultaneously to ensure uninterrupted availability to end-users;

(b)  a national system (N.SIS) in each of the Member States, consisting of the national data systems which communicate with Central SIS. An N.SIS may contain a data file (a ‘national copy’), containing a complete or partial copy of the SIS database as well as a backup N.SIS. The N.SIS and its backup may be used simultaneously to ensure uninterrupted availability to end-users;

Justification

Member States should not be obligated to have a national copy for the purpose of ensuring the availability of the system given the risk to data security this might imply. To achieve full availability, other solutions at central level should be favoured.

Amendment    58

Proposal for a regulation

Article 4 – paragraph 1 – subparagraph 1 a (new)

Text proposed by the Commission

Amendment

 

A backup communication infrastructure shall be developed to further ensure the uninterrupted availability of SIS. Detailed rules for this backup communication infrastructure shall be adopted by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

Justification

To further ensure the uninterrupted availability of the SIS a second communication infrastructure should be available and be used in case of problems with the main communication infrastructure.

Amendment    59

Proposal for a regulation

Article 4 – paragraph 2

Text proposed by the Commission

Amendment

2.  SIS data shall be entered, updated, deleted and searched via the various N.SIS. A partial or a full national copy shall be available for the purpose of carrying out automated searches in the territory of each of the Member States using such a copy. The partial national copy shall contain at least the data listed in Article 20(2) (a)-(v) of this Regulation It shall not be possible to search the data files of other Member States' N.SIS.

2.  SIS data shall be entered, updated, deleted and searched via the various N.SIS.

Justification

Member States should not be obligated to have a national copy for the purpose of ensuring the availability of the system given the risk to data security this might imply. To achieve full availability, other solutions at central level should be favoured.

Amendment    60

Proposal for a regulation

Article 4 – paragraph 3

Text proposed by the Commission

Amendment

3.  CS-SIS shall perform technical supervision and administration functions and have a backup CS-SIS, capable of ensuring all functionalities of the principal CS-SIS in the event of failure of this system. CS-SIS and the backup CS-SIS shall be located in the two technical sites of the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice established by Regulation (EU) No 1077/201170 (‘the Agency’). CS-SIS or backup CS-SIS may contain an additional copy of the SIS database and may be used simultaneously in active operation provided that each of them is capable to process all transactions related to SIS alerts.

3.  CS-SIS shall perform technical supervision and administration functions and have a backup CS-SIS, capable of ensuring all functionalities of the principal CS-SIS in the event of failure of this system. CS-SIS and the backup CS-SIS shall be located in the technical sites of the European Agency for the operational management of large-scale information systems in the area of freedom, security and justice established by Regulation (EU) No 1077/201170 (‘the Agency’). CS-SIS or backup CS-SIS shall contain an additional copy of the SIS database and shall be used simultaneously in active operation provided that each of them is capable to process all transactions related to SIS alerts.

__________________

__________________

70 Established by Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 286, 1.11.2011, p.1).

70 Established by Regulation (EU) No 1077/2011 of the European Parliament and of the Council of 25 October 2011 establishing a European Agency for the operational management of large-scale IT systems in the area of freedom, security and justice (OJ L 286, 1.11.2011, p.1).

Justification

To ensure the uninterrupted availability of the SIS also in the future with more data and more users, solutions at central level should be pursued. In addition to an additional copy, an active solution should be implemented. The Agency should not be limited to the current two technical sites in case a solution requires the use of another site.

Amendment    61

Proposal for a regulation

Article 4 – paragraph 4 – introductory part

Text proposed by the Commission

Amendment

4.  CS-SIS shall provide the services necessary for the entry and processing of SIS data, including searches in the SIS database. CS-SIS shall:

4.  CS-SIS shall provide the services necessary for the entry and processing of SIS data, including searches in the SIS database. For the Member States which use a national copy, CS-SIS shall:

Amendment    62

Proposal for a regulation

Article 6 – paragraph 2

Text proposed by the Commission

Amendment

Each Member State shall be responsible for ensuring the continuous operation of the N.SIS, its connection to NI-SIS and the uninterrupted availability of SIS data to the end-users.

Each Member State shall be responsible for ensuring the continuous operation of the N.SIS and its connection to NI-SIS.

Amendment    63

Proposal for a regulation

Article 6 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

Each Member State shall be responsible for ensuring the uninterrupted availability of SIS data to end-users, in particular by establishing a duplicate connection with NI-SIS.

Amendment    64

Proposal for a regulation

Article 7 – paragraph 1 – subparagraph 3

Text proposed by the Commission

Amendment

Each Member State shall transmit its alerts via its N.SIS Office.

Each Member State shall enter alerts on the basis of all available information falling under the scope of this Regulation, and shall transmit its alerts via its N.SIS Office.

Amendment    65

Proposal for a regulation

Article 7 – paragraph 2 – subparagraph l

Text proposed by the Commission

Amendment

Each Member State shall designate the authority which shall ensure the exchange and availability of all supplementary information (the SIRENE Bureau) in accordance with the provisions of the SIRENE Manual, as referred to in Article 8.

Each Member State shall designate a national authority which is operational 24 hours a day, 7 days a week and shall ensure the exchange and availability of all supplementary information (the SIRENE Bureau) in accordance with the provisions of the SIRENE Manual, as referred to in Article 8. The SIRENE Bureau shall serve as single contact point for Member States to exchange supplementary information regarding alerts and to enable appropriate measures to be taken when alerts on persons or objects have been entered in SIS and those persons or objects are found following a hit.

Justification

Details of the structure and tasks of the SIRENE Bureaux are already set out in the Commission Implementing Decision of 26 February 2013 on the SIRENE Manual and other implementing measures for the second-generation Schengen Information System (SIS II)

Amendment    66

Proposal for a regulation

Article 8 – paragraph 1

Text proposed by the Commission

Amendment

1.  Supplementary information shall be exchanged in accordance with the provisions of the SIRENE Manual and using the Communication Infrastructure. Member States shall provide the necessary technical and personal resources to ensure the continuous availability and exchange of supplementary information. In the event that the the Communication Infrastructure is unavailable, Member States may use other adequately secured technical means to exchange supplementary information.

1.  Supplementary information shall be exchanged in accordance with the provisions of the SIRENE Manual and using the Communication Infrastructure. Member States shall provide the necessary technical and human resources to ensure the continuous availability and timely and effective exchange of supplementary information. In the event that the Communication Infrastructure is unavailable, Member States shall use the backup communication infrastructure referred to in Article 4(1)(c). As a last resort other adequately secured technical means to exchange supplementary information, such as SIENA, may be used.

Amendment    67

Proposal for a regulation

Article 8 – paragraph 3

Text proposed by the Commission

Amendment

3.  The SIRENE Bureaux shall carry out their task in a quick and efficient manner, in particular by replying to a request as soon as possible but not later than 12 hours after the receipt of the request.

3.  The SIRENE Bureaux shall carry out their task in a quick and efficient manner, in particular by substantially replying to a request for supplementary information as soon as possible but not later than six hours after the receipt of the request. In case of alerts for terrorist offences and in cases of alerts concerning children referred to in Article 32(1)(c) of Regulation [Police Cooperation] the SIRENE Bureaux shall act immediately.

Amendment    68

Proposal for a regulation

Article 8 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a.  SIRENE forms to be dealt with by the requested SIRENE Bureau with highest priority may be marked ‘URGENT’, in the SIRENE forms, and the reason for urgency specified.

Justification

Provision set out in the SIRENE Manual.

Amendment    69

Proposal for a regulation

Article 8 – paragraph 4

Text proposed by the Commission

Amendment

4.  Detailed rules for the exchange of supplementary information shall be adopted by means of implementing measures in accordance with the examination procedure referred to in Article 55(2) in the form of a manual called the ‘SIRENE Manual’.

4.  The Commission shall be empowered to adopt a delegated act in accordance with Article 54a concerning the adoption of a manual containing detailed rules for the exchange of supplementary information (SIRENE Manual).

Justification

Judging from the current Manual and SIS II legal framework the Sirene Manual should be adopted in as a delegated act as in parts it rather supplements the basic acts than implements them. The requirement of the Manual that hits are to be reported "immediately" in case of possible "serious threats to security" while the Regulation requires this to happen "as soon as possible" can be mentioned as example. Recital 6 of the Manual (OJ L44, 18.2.2015) even states: "It is indispensable to lay down a new accelerated procedure for information exchange on alerts on discreet and specific checks [...]"

Amendment    70

Proposal for a regulation

Article 9 – paragraph 2

Text proposed by the Commission

Amendment

2.  Member States shall ensure, by means of the services provided by CS-SIS, that data stored in the national copy are, by means of automatic updates referred to in Article 4(4), identical to and consistent with the SIS database, and that a search in its national copy produces a result equivalent to that of a search in the SIS database. End-users shall receive the data required to perform their tasks, in particular all data required for the identification of the data subject and to take the required action.

2.  Member States shall ensure, by means of the services provided by CS-SIS, that data stored in the national copy established voluntarily by a Member State, are by means of automatic updates referred to in Article 4(4), identical to and consistent with the SIS database, and that a search in its voluntary national copy produces a result equivalent to that of a search in the SIS database. In so far as this is possible, end-users shall receive the data required, to perform their tasks, in particular and where necessary, all the available data allowing for the identification of the data subject and the required action to be taken.

Justification

Not all information on all persons subject to an alert will be available to Member States. Imposing an open-ended obligation to provide the end-user with information that might not be available makes it burdensome and illogical. It is also unclear on whom this obligation falls.

Amendment    71

Proposal for a regulation

Article 9 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  Regular tests shall be undertaken as part of the mechanism established by Regulation (EU) No 1053/2013 to verify the technical and functional compliance of national copies and, in particular, whether searches in the national copy produce results equivalent to those of a search in the SIS database.

Amendment    72

Proposal for a regulation

Article 10 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  deny unauthorised persons access to data-processing facilities used for processing personal data (facilities access control);

(b)  deny unauthorised persons access to data-processing equipment and facilities used for processing personal data (equipment, access control and facilities entry control);

Amendment    73

Proposal for a regulation

Article 10 – paragraph 1 – point e a (new)

Text proposed by the Commission

Amendment

 

(ea)  prevent the unauthorised processing of data in SIS and any unauthorised modification or erasure of data processed in SIS (control of data entry);

Justification

Provision foreseen in Article 34 of the Eurodac Regulation.

Amendment    74

Proposal for a regulation

Article 10 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g)  ensure that all authorities with a right of access to SIS or to the data processing facilities create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the national supervisory authorities referred to in Article 50(1) without delay upon their request (personnel profiles);

(g)  ensure that all authorities with a right of access to SIS or to the data processing facilities create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the national supervisory authorities referred to in Article 50(1) immediately upon their request (personnel profiles);

Amendment    75

Proposal for a regulation

Article 10 – paragraph 1 – point k a (new)

Text proposed by the Commission

Amendment

 

(ka)  ensure that the installed system may, in case of interruption, be restored (recovery);

Justification

Provision foreseen in the Eurodac proposal.

Amendment    76

Proposal for a regulation

Article 10 – paragraph 1 – point k b (new)

Text proposed by the Commission

Amendment

 

(kb)  ensure that SIS performs its functions correctly, that faults are reported (reliability) and that personal data stored in SIS cannot be corrupted by means of the system malfunctioning (integrity);

Justification

Provision foreseen in the Eurodac proposal.

Amendment    77

Proposal for a regulation

Article 11 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

Where a Member State cooperates with external contractors in any SIS-related tasks, that Member State shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Regulation, including in particular security, confidentiality and data protection.

Justification

In 2012 SIS data was compromised following a hack via an external contractor in Denmark. Member States should reinforce their monitoring of such companies.

Amendment    78

Proposal for a regulation

Article 12 – paragraph 2

Text proposed by the Commission

Amendment

2.  The logs shall show, in particular, the history of the alert, the date and time of the data processing activity, the type of data used to perform a search, a reference to the of type data transmitted and the name of both the competent authority and the person responsible for processing the data.

2.  The logs shall show, in particular, the history of the alert, the date and time of the data processing activity, the type of data used to perform a search, the data processed and both the name of the competent authority and the person performing a search and processing the data.

Justification

Paragraph 3 created an exceptional regime of log for searches using dactyloscopic data or facial image.

Amendment    79

Proposal for a regulation

Article 12 – paragraph 3

Text proposed by the Commission

Amendment

3.  If the search is carried out with dactylographic data or facial image in accordance with Article 22 the logs shall show, in particular, the type of data used to perform a search, a reference to the type data transmitted and the name of both the competent authority and the person responsible for processing the data.

3.  By way of derogation from paragraph 2, if the search is carried out with dactyloscopic data or facial image in accordance with Article 22 the logs shall show the type of data processed instead of the actual data.

Amendment    80

Proposal for a regulation

Article 12 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a.  Rules and formats for logs shall be laid down by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

Amendment    81

Proposal for a regulation

Article 12 – paragraph 4

Text proposed by the Commission

Amendment

4.  The logs may be used only for the purpose referred to in paragraph 1 and shall be deleted at the earliest one year, and at the latest three years, after their creation.

4.  The logs may be used only for the purpose referred to in paragraph 1 and shall be deleted two years after their creation.

Justification

Wording amended in line with the recommendations of the European Data Protection Supervisor. For the purposes of legal certainty, the retention period for logs should be specified precisely.

Amendment    82

Proposal for a regulation

Article 13 – paragraph 1

Text proposed by the Commission

Amendment

Member States shall ensure that each authority entitled to access SIS data takes the measures necessary to comply with this Regulation and cooperates, where necessary, with the national supervisory authority.

Member States shall ensure that each authority entitled to access SIS data takes the measures necessary to comply with this Regulation and cooperates with the national supervisory authority.

Justification

The national authorities with access to SIS should be required to cooperate with the national supervisory authority. Such a requirement is an obligation by the Member State and therefore, they should not have the right to choose when to cooperate and when not to.

Amendment    83

Proposal for a regulation

Article 14

Text proposed by the Commission

Amendment

Before being authorised to process data stored in SIS and periodically after access to SIS data has been granted, the staff of the authorities having a right to access SIS shall receive appropriate training about data-security, data-protection rules and the procedures on data processing as set out in the SIRENE Manual. The staff shall be informed of any relevant criminal offences and penalties.

1.  Before being authorised to process data stored in SIS and periodically after access to SIS data has been granted, the staff of the authorities having a right to access SIS shall receive appropriate training about data-security, fundamental rights including data-protection rules and the procedures on data processing as set out in the SIRENE Manual. The staff shall be informed of any relevant criminal offences and penalties laid down in accordance with Article 53a of this Regulation.

 

2.  Member States shall have a national SIS training programme. This training programme shall include training for end-users as well as the staff of the SIRENE Bureaux.

 

3.  Common training courses shall be organised at least once a year to enhance cooperation between SIRENE Bureaux by allowing staff to meet colleagues from other SIRENE Bureaux, share information on national working methods and create a consistent and equivalent level of knowledge.

Amendment    84

Proposal for a regulation

Article 15 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Agency shall be responsible for the operational management of Central SIS. The Agency shall ensure, in cooperation with the Member States, ensure that at all times the best available technology, using a cost-benefit analysis, is used for Central SIS.

1.  The Agency shall be responsible for the operational management of Central SIS. The Agency shall ensure, in cooperation with the Member States, that at all times the best available technology, using a cost-benefit analysis, is used for Central SIS.

Justification

Corrects a mistake.

Amendment    85

Proposal for a regulation

Article 15 – paragraph 2 – point c a (new)

Text proposed by the Commission

Amendment

 

(ca)  tasks relating to implementation of the budget;

Justification

The Agency should be responsible for all tasks relating to the Communication Infrastructure. It would not be logic to maintain a division of tasks between the Agency and the Commission.

Amendment    86

Proposal for a regulation

Article 15 – paragraph 2 – point c b (new)

Text proposed by the Commission

Amendment

 

(cb)  acquisition and renewal;

Justification

The Agency should be responsible for all tasks relating to the Communication Infrastructure. It would not be logic to maintain a division of tasks between the Agency and the Commission.

Amendment    87

Proposal for a regulation

Article 15 – paragraph 2 – point c c (new)

Text proposed by the Commission

Amendment

 

(cc)  contractual matters.

Justification

The Agency should be responsible for all tasks relating to the Communication Infrastructure. It would not be logic to maintain a division of tasks between the Agency and the Commission.

Amendment    88

Proposal for a regulation

Article 15 – paragraph 3

Text proposed by the Commission

Amendment

3.  The Commission shall be responsible for all other tasks relating to the Communication Infrastructure, in particular:

deleted

(a)  tasks relating to implementation of the budget;

 

(b)  acquisition and renewal;

 

(c)  contractual matters.

 

Justification

The Agency should be responsible for all tasks relating to the Communication Infrastructure. It would not be logic to maintain a division of tasks between the Agency and the Commission.

Amendment    89

Proposal for a regulation

Article 15 – paragraph 5

Text proposed by the Commission

Amendment

5.  The Agency shall develop and maintain a mechanism and procedures for carrying out quality checks on the data in CS-SIS and shall provide regular reports to the Member States. The Agency shall provide a regular report to the Commission covering the issues encountered and the Member States concerned. This mechanism, procedures and interpretation of data quality compliance shall be laid down and developed by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

5.  The Agency shall develop and maintain a mechanism and procedures for carrying out quality checks on the data in CS-SIS and shall provide regular reports to the Member States. The Agency shall provide a regular report to the European Parliament, the Council and the Commission covering the issues encountered and the Member States concerned. This mechanism, procedures and interpretation of data quality compliance shall be laid down and developed by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

Amendment    90

Proposal for a regulation

Article 15 – paragraph 5 a (new)

Text proposed by the Commission

Amendment

 

5a.  The Agency shall also perform tasks related to providing training on the technical use of SIS and on measures to improve the quality of SIS data.

Amendment    91

Proposal for a regulation

Article 16 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  deny unauthorised persons access to data-processing facilities used for processing personal data (facilities access control);

(b)  deny unauthorised persons access to data-processing equipment and facilities used for processing personal data (equipment, access control and facilities entry control);

Amendment    92

Proposal for a regulation

Article 16 – paragraph 1 – point e a (new)

Text proposed by the Commission

Amendment

 

(ea)  prevent the unauthorised processing of data in SIS and any unauthorised modification or erasure of data processed in SIS (control of data entry);

Amendment    93

Proposal for a regulation

Article 16 – paragraph 1 – point g

Text proposed by the Commission

Amendment

(g)  create profiles describing the functions and responsibilities for persons who are authorised to access the data or the data processing facilities and make these profiles available to the European Data Protection Supervisor referred to in Article 51 without delay upon its request (personnel profiles);

(g)  create profiles describing the functions and responsibilities for persons who are authorised to access the data or the data processing facilities and make these profiles available to the European Data Protection Supervisor referred to in Article 51 immediately upon its request (personnel profiles);

Amendment    94

Proposal for a regulation

Article 16 – paragraph 1 – point k a (new)

Text proposed by the Commission

Amendment

 

(ka)  ensure that the system installed may, in case of interruption, be restored (recovery);

Amendment    95

Proposal for a regulation

Article 16 – paragraph 1 – point k b (new)

Text proposed by the Commission

Amendment

 

(kb)  ensure that SIS performs its functions correctly, that faults are reported (reliability) and that personal data stored in SIS cannot be corrupted by means of the system malfunctioning (integrity);

Amendment    96

Proposal for a regulation

Article 16 – paragraph 1 – point k c (new)

Text proposed by the Commission

Amendment

 

(kc)  ensure the security of its technical sites.

Amendment    97

Proposal for a regulation

Article 17 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  Where the Agency cooperates with external contractors in any SIS-related tasks, it shall closely monitor the activities of the contractor to ensure compliance with all provisions of this Regulation, including in particular security, confidentiality and data protection.

Justification

In 2012 SIS data was compromised following a hack via an external contractor in Denmark. The Agency should reinforce its monitoring of such companies.

Amendment    98

Proposal for a regulation

Article 18 – paragraph 2

Text proposed by the Commission

Amendment

2.  The logs shall show, in particular, the history of the alerts, the date and time of the data transmitted, the type of data used to perform searches, the reference to the type of data transmitted and the name of the competent authority responsible for processing the data.

2.  The logs shall show, in particular, the history of each alert, the date and time of any data processing activity, the type of data used to perform a search, the data processed and both the name of the competent authority and the person performing the search and processing the data.

Amendment    99

Proposal for a regulation

Article 18 – paragraph 3

Text proposed by the Commission

Amendment

3.  If the search is carried out with dactylographic data or facial image in accordance with Article 22 and 28 the logs shall show, in particular, the type of data used to perform a search, a reference to the type data transmitted and the name of both the competent authority and the person responsible for processing the data.

3.  By way of derogation to paragraph 2, if the search is carried out with dactyloscopic data or facial image in accordance with Article 22 and 28 the logs shall show the type of data processed instead of the actual data.

Amendment    100

Proposal for a regulation

Article 18 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a.  Rules and formats for logs shall be laid down by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

Amendment    101

Proposal for a regulation

Article 18 – paragraph 4

Text proposed by the Commission

Amendment

4.  The logs may only be used for the purposes mentioned in paragraph 1 and shall be deleted at the earliest one year, and at the latest three years, after their creation. The logs which include the history of alerts shall be erased after one to three years after deletion of the alerts.

4.  The logs may only be used for the purposes mentioned in paragraph 1 and shall be deleted two years after their creation. The logs which include the history of alerts shall be erased after two years after deletion of the alerts.

Amendment    102

Proposal for a regulation

Article 19 – paragraph 1

Text proposed by the Commission

Amendment

The Commission, in cooperation with the national supervisory authorities and the European Data Protection Supervisor, shall regularly carry out campaigns informing the public about the objectives of SIS, the data stored, the authorities having access to SIS and the rights of data subjects. Member States shall, in cooperation with their national supervisory authorities, devise and implement the necessary policies to inform their citizens about SIS generally.

At the start of application of this Regulation, the Commission, in cooperation with the national supervisory authorities and the European Data Protection Supervisor, shall carry out a campaign informing Union citizens and third-country nationals about the objectives of SIS, the data stored, the authorities having access to SIS and the rights of data subjects. The Commission, in cooperation with the national supervisory authorities and the European Data Protection Supervisor, shall repeat such campaigns regularly at least once per year. Member States shall, in cooperation with their national supervisory authorities, devise and implement the necessary policies to inform their citizens and residents about SIS generally. Member States shall ensure that sufficient funding is made available for such information policies.

Amendment    103

Proposal for a regulation

Article 20 – paragraph 1

Text proposed by the Commission

Amendment

1.  Without prejudice to Article 8(1) or the provisions of this Regulation providing for the storage of additional data, SIS shall contain only those categories of data which are supplied by each of the Member States, as required for the purposes laid down in Article 24.

1.  Without prejudice to Article 8(1) or the provisions of this Regulation providing for the storage of additional data, SIS shall contain only those categories of data which are supplied by each Member State, as required for the purposes laid down in Articles 24 and 27.

Amendment    104

Proposal for a regulation

Article 20 – paragraph 2 – introductory part

Text proposed by the Commission

Amendment

2.  The information on persons in relation to whom an alert has been issued shall only contain the following data:

2.  The information on persons in relation to whom an alert has been issued for the purpose of refusing entry and stay shall only contain the following data:

Amendment    105

Proposal for a regulation

Article 20 – paragraph 2 – point e

Text proposed by the Commission

Amendment

(e)  any specific, objective, physical characteristics not subject to change;

(e)  any specific, objective, physical characteristics not subject to change, not linked to special categories of personal data defined in Article 9 of Regulation (EU) 2016/679, such as ethnicity, religion, disability, gender or sexual orientation;

Amendment    106

Proposal for a regulation

Article 20 – paragraph 2 – point h

Text proposed by the Commission

Amendment

(h)  sex;

(h)  gender;

Amendment    107

Proposal for a regulation

Article 20 – paragraph 2 – point j

Text proposed by the Commission

Amendment

(j)  whether the person concerned is armed, violent, has escaped or is involved in an activity as referred to in Articles 1, 2 , 3 and 4 of Council Framework Decision 2002/475/JHA on combating terrorism;

(j)  whether the person concerned is armed, violent, has escaped or is involved in an activity as referred to in Articles 3 to 12 and 14 of Directive (EU) 2017/541;

Amendment    108

Proposal for a regulation

Article 20 – paragraph 2 – point o

Text proposed by the Commission

Amendment

(o)  link(s) to other alerts issued in SIS pursuant to Article 38;

(o)  link(s) to other alerts issued in SIS pursuant to Article 43;

Amendment    109

Proposal for a regulation

Article 20 – paragraph 2 – point q – indent 1

Text proposed by the Commission

Amendment

–  a previous conviction as referred to in Article 24(2)(a);

–  a previous conviction as referred to in Article 24(1)(a)(i) and (2b);

Amendment    110

Proposal for a regulation

Article 20 – paragraph 2 – point q – indent 2

Text proposed by the Commission

Amendment

–  a serious security threat as referred to in Article 24(2)(b);

–  a serious security threat as referred to in Article 24(1)(a)(ii);

Amendment    111

Proposal for a regulation

Article 20 – paragraph 2 – point q – indent 3

Text proposed by the Commission

Amendment

-  an entry ban as referred to in Article 24(3); or

-  an entry ban issued in line with procedures which comply with Directive 2008/115/EC as referred to in Article 24(3); or

Amendment    112

Proposal for a regulation

Article 20 – paragraph 2 – point r

Text proposed by the Commission

Amendment

(r)  type of offence (for alerts issued pursuant to Article 24(2) of this Regulation);

(r)  type of offence (for alerts issued pursuant to Article 24(1) of this Regulation);

Amendment    113

Proposal for a regulation

Article 20 – paragraph 2 – point x

Text proposed by the Commission

Amendment

(x)  dactylographic data;

(x)  dactyloscopic data;

Amendment    114

Proposal for a regulation

Article 20 – paragraph 2 – point y a (new)

Text proposed by the Commission

Amendment

 

(ya)  data referred to in points (a) to (d), (f) to (g) and (i), from a valid identification document(s) carried by the person other than the document referred to in points (s) to (v), insofar as such data is not available in the latter document.

Amendment    115

Proposal for a regulation

Article 20 – paragraph 3 – subparagraph 1 a (new)

Text proposed by the Commission

Amendment

 

Technical rules shall be similar for searches in CS-SIS, in national copies and in technical copies, as referred to in Article 36. They shall be based upon common standards laid down and developed by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

Amendment    116

Proposal for a regulation

Article 20 – paragraph 4

Text proposed by the Commission

Amendment

4.  The technical rules necessary for searching the data referred to in paragraph 2 shall be laid down and developed in accordance with the examination procedure referred to in Article 55(2). These technical rules shall be similar for searches in CS-SIS, in national copies and in technical copies, as referred to in Article 36 and they shall be based upon common standards laid down and developed by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

deleted

Justification

The provision is covered in paragraph 3.

Amendment    117

Proposal for a regulation

Article 21 – paragraph 2

Text proposed by the Commission

Amendment

2.  In the application of Article 24(2) Member States shall, in all circumstances, create such an alert in relation to third country nationals if the offence falls under Articles 1 – 4 of Council Framework Decision 2002/475/JHA on combating terrorism71 .

deleted

__________________

 

71 Council Framework Decision 2002/475/JHA of 13 June 2002 on combating terrorism (OJ L 164, 22.6.2002, p. 3).

 

Amendment    118

Proposal for a regulation

Article 22 – title

Text proposed by the Commission

Amendment

Specific rules for entering photographs, facial images and dactylographic data

Specific rules for entering photographs, facial images and dactyloscopic data

Amendment    119

Proposal for a regulation

Article 22 – paragraph -1 (new)

Text proposed by the Commission

Amendment

 

-1.  The Commission shall be empowered to adopt delegated acts in accordance with Article 54a concerning the requirements to be fulfilled for the entering of biometric identifiers into SIS in accordance with this Regulation. Those requirements shall include the number of fingerprints to be inserted, the method of capturing them and the minimum quality standard to be fulfilled by all biometric identifiers.

Amendment    120

Proposal for a regulation

Article 23 – paragraph 1

Text proposed by the Commission

Amendment

1.  An alert may not be entered without the data referred to in Article 20(2)(a), (g),(k),(m),(n) and (q). Where an alert is based upon a decision taken under Article 24 (2) the data referred to in Article 20(2)(r) shall also be entered.

1.  An alert may not be entered without the data referred to in Article 20(2)(a), (b), (g), (h), (i), (k), (m), (n) and (q). Where an alert is based upon a decision taken under Article 24 (1) the data referred to in Article 20(2)(r) shall also be entered.

Amendment    121

Proposal for a regulation

Article 23 – paragraph 2

Text proposed by the Commission

Amendment

2.  Where available, all other data listed in Article 20(2) shall also be entered.

2.  Without prejudice to Article 22, where available, and provided that the conditions for entering the data have been met, the other data listed in Article 20(2) shall also be entered.

Amendment    122

Proposal for a regulation

Article 23 a (new)

Text proposed by the Commission

Amendment

 

Article 23 a

 

Compatibility of alerts

 

1.  Before entering a new alert, a Member State shall check whether the person is already the subject of an alert in SIS.

 

2.  Only one alert per person or per object per Member State may be entered in SIS II. However, where necessary, new alerts may be entered on the same person by other Member States, provided that they are compatible. The compatibility shall be ensured in accordance with paragraph 3.

 

3.  Rules on the compatibility of alerts shall be laid down in the SIRENE Manual referred to in Article 8(4). Where a person is already the subject of an alert in SIS, a Member State wishing to enter a new alert shall check that there is no incompatibility between the alerts. If there is no incompatibility, the Member State may enter the new alert. If the alerts are incompatible, the SIRENE Bureaux concerned shall consult with each other by exchanging supplementary information in order to reach an agreement in line with the order of priority referred to in the SIRENE Manual. Departures from that order of priority may be made after consultation between the Member States if essential national interests are at stake.

Justification

The provisions set out in the current SIRENE Manual are too important not to feature in the Regulation.

Amendment    123

Proposal for a regulation

Article 24 – paragraph 1

Text proposed by the Commission

Amendment

1.  Data on third-country nationals in respect of whom an alert has been issued for the purposes of refusing entry and stay shall be entered in SIS on the basis of a national alert resulting from a decision taken by the competent administrative or judicial authorities in accordance with the rules of procedure laid down by national law taken on the basis of an individual assessment. Appeals against those decisions shall be made in accordance with national law.

1.  Member States, following a national decision, shall issue an alert for the purpose of refusing entry and stay only if the following conditions are fulfilled sequentially:

 

(a)  the alert shall be issued only if at least one of the following apply:

 

(i)  a third-country national has been convicted in a Member State of an offence carrying a penalty involving the deprivation of liberty of at least three years;

 

(ii)  there are serious grounds for believing that a third-country national has committed a serious crime or terrorist offence or there is evidence that a third-country national intends to commit such an offence in the territory of a Member State.

 

(b)  the Member State shall then:

 

(i)  make an individual assessment of whether the presence of the third-country national concerned in the territory of a Member State poses a threat to public policy or public security or to national security;

 

(ii)  where the Member State concludes that the third-country national poses such a threat, take an administrative or judicial decision.

 

The Member State shall only subsequently issue the alert for the purpose of refusing entry and stay.

Amendment    124

Proposal for a regulation

Article 24 – paragraph 2

Text proposed by the Commission

Amendment

2.  An alert shall be entered where the decision referred to in paragraph 1 is based on a threat to public policy or public security or to national security which the presence of the third-country national in question in the territory of a Member State may pose. This situation shall arise in particular in the case of:

deleted

(a)  a third-country national who has been convicted in a Member State of an offence carrying a penalty involving the deprivation of liberty of at least one year;

 

(b)  a third-country national in respect of whom there are serious grounds for believing that he has committed a serious crime or in respect of whom there are clear indications of an intention to commit such an offence in the territory of a Member State.

 

Amendment    125

Proposal for a regulation

Article 24 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  Persons in respect of whom a decision is taken under paragraph 1(b)(ii) shall have the right to appeal. Appeals shall be conducted in accordance with national law. Such appeals shall include an effective remedy before a tribunal.

Amendment    126

Proposal for a regulation

Article 24 – paragraph 2 b (new)

Text proposed by the Commission

Amendment

 

2b.  If a third-country national has been convicted in a Member State of an offence referred to in Directive (EU) 2017/541 with a custodial sentence or detention order of at least five years, Member States shall not be required to conduct an assessment under paragraph 2 or under Article 21 before issuing an administrative or judicial decision concerning that individual. Member States shall issue a decision only where doing so does not create a threat to public policy or national security and in compliance with their obligations under international law.

Amendment    127

Proposal for a regulation

Article 24 – paragraph 3

Text proposed by the Commission

Amendment

3.  An alert shall be entered where the decision referred to in paragraph 1 is an entry ban issued in accordance with procedures respecting Directive 2008/115/EC. The issuing Member State shall ensure that the alert takes effect in SIS at the point of return of the third-country national concerned. The confirmation of return shall be communicated to the issuing Member State in accordance with Article 6 of Regulation (EU) 2018/xxx [Return Regulation].

3.  An alert shall be entered where the decision referred to in paragraph 1(b)(ii) of this Article is an entry ban issued in accordance with procedures respecting Directive 2008/115/EC. The issuing Member State shall ensure that the alert takes effect in SIS when the third-country national concerned leaves the territory of the Member States. The confirmation of return shall be communicated to the issuing Member State in accordance with Article 6 of Regulation (EU) 2018/xxx [Return Regulation].

Justification

Aims to clarify the text.

Amendment    128

Proposal for a regulation

Article 26 – paragraph 1

Text proposed by the Commission

Amendment

1.  Where a Member State considers granting a residence permit or other authorisation offering a right to stay to a third-country national who is the subject of an alert for refusal of entry and stay entered by another Member State, it shall first consult the issuing Member State through the exchange of supplementary information and shall take account of the interests of that Member State. The issuing Member State shall provide a definite reply within seven days. Where the Member State considering granting a permit or other authorisation offering a right to stay decides to grant it, the alert for refusal of entry and stay shall be deleted.

1.  Before a Member State formally decides to grant a residence permit or other authorisation offering a right to stay to a third-country national who is the subject of an alert for refusal of entry and stay entered by another Member State, it shall first consult the issuing Member State through the exchange of supplementary information and shall take account of the interests of that Member State. The issuing Member State shall provide a definite reply within seven days. The final decision whether to grant a residence permit or other authorisation offering a right to stay to a third-country national rests with the consulting Member State. If a residence permit or other authorisation offering a right to stay is granted, the alert for refusal of entry and stay shall be deleted immediately.

Amendment    129

Proposal for a regulation

Article 26 – paragraph 2

Text proposed by the Commission

Amendment

2.  a Member State considers entering an alert for refusal of entry and stay concerning a third-country national who is the holder of a valid residence permit or other authorisation offering a right to stay issued by another Member State, it shall first consult the Member State that issued the permit through the exchange of supplementary information and shall take account of the interests of that Member State. The Member State that issued the permit shall provide a definite reply within seven days. If the Member State that issued the permit decides to maintain it, the alert for refusal of entry and stay shall not be entered.

2.  Before a Member State decides to enter an alert for refusal of entry and stay concerning a third-country national who is the holder of a valid residence permit or other authorisation offering a right to stay issued by another Member State, it shall first consult the Member State that issued the permit through the exchange of supplementary information and shall take account of the opinion of that Member State. The Member State that issued the permit shall provide a definite reply within seven days. If the Member State that issued the permit decides to maintain it, the alert for refusal of entry and stay shall not be entered.

Amendment    130

Proposal for a regulation

Article 27 – paragraph 2

Text proposed by the Commission

Amendment

2.   The Member State responsible for entering, updating and deleting these alerts on behalf of all Member States shall be designated at the moment of the adoption of the relevant measure taken in accordance with Article 29 of the Treaty on European Union. The procedure for designating the Member State responsible shall be laid down and developed by means of implementing measures in accordance with the examination procedure referred to in Article 55(2).

2.   The Member State responsible for entering, updating and deleting these alerts on behalf of all Member States shall be designated at the moment of the adoption of the relevant measure taken in accordance with Article 29 of the Treaty on European Union.

Justification

As no element of the procedure is laid down in the basic act, a measure laying down the procedure is rather supplementing the act than ensuring uniform conditions for the implementation. Therefore a delegated act is required and not an implementing act.

Amendment    131

Proposal for a regulation

Article 27 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  The Commission is empowered to adopt a delegated act in accordance with Article 54a concerning the procedure for designating the Member State responsible under paragraph 2 of this Article.

Justification

As no element of the procedure is laid down in the basic act, a measure laying down the procedure is rather supplementing the act than ensuring uniform conditions for the implementation. Therefore a delegated act is required and not an implementing act.

Amendment    132

Proposal for a regulation

Article 27 a (new)

Text proposed by the Commission

Amendment

 

Article 27a

 

Action to be taken regarding alerts

 

1.  In the event of a hit concerning a third-country national on whom an alert has been issued in accordance with Articles 24 and 27, the competent authority shall:

 

(a)  without prejudice to Article 6(5) of Regulation (EU) 2016/399, refuse entry in accordance with Article 14 of Regulation (EU) 2016/399;

 

(b)  without prejudice to Article 22 of Regulation (EC) 810/2009, refuse a visa in accordance with Article 32 of Regulation (EC) 810/2009;

 

[(c)  without prejudice to Article 38 of Regulation [Regulation establishing ETIAS], refuse a travel authorisation in accordance Article 31 of that Regulation.

Amendment    133

Proposal for a regulation

Article 28 – title

Text proposed by the Commission

Amendment

Specific rules for verification or search with photographs, facial images and dactylographic data

Specific rules for verification or search with photographs, facial images and dactyloscopic data

Amendment    134

Proposal for a regulation

Article 28 – paragraph 1

Text proposed by the Commission

Amendment

1.  Photographs, facial images and dactylographic data shall be retrieved from SIS to verify the identity of a person who has been located as a result of an alphanumeric search made in SIS.

1.  Where photographs, facial images and dactyloscopic data are contained within an alert in SIS, such data shall be retrieved from SIS to confirm the identity of a person who has been found as a result of an alphanumeric search made in SIS.

Amendment    135

Proposal for a regulation

Article 28 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

1a.  To check whether the person already appears in SIS under another identity, a fingerprint search may be carried out before a new alert is issued.

Amendment    136

Proposal for a regulation

Article 28 – paragraph 2

Text proposed by the Commission

Amendment

2.  Dactylographic data may also be used to identify a person. Dactylographic data stored in SIS shall be used for identification purposes if the identity of the person cannot be ascertained by other means.

2.  Dactyloscopic data may also be used to identify a person. Dactyloscopic data stored in SIS shall be used for identification purposes only if the identity of the person cannot be ascertained by alphanumeric data. For this purpose the Central SIS shall contain an Automated Fingerprint Identification System (AFIS).

Amendment    137

Proposal for a regulation

Article 28 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  Member States shall make available to end-users an Automated Fingerprint Identification System at the latest two years after the entry into force of this Regulation They shall take all necessary measures to that end, including, where necessary, adjustments to their N.SIS.

Amendment    138

Proposal for a regulation

Article 28 – paragraph 3

Text proposed by the Commission

Amendment

3.  Dactylographic data stored in SIS in relation to alerts issued under Article 24 may also be searched with complete or incomplete sets of fingerprints or palm prints discovered at the scenes of crimes under investigation and where it can be established to a high degree of probability that they belong to the perpetrator of the offence provided that the competent authorities are unable to establish the identity of the person by using any other national, European or international database.

3.  Dactyloscopic data stored in SIS in relation to alerts issued under Articles 24 and 27 may also be searched with complete or incomplete sets of fingerprints or palm prints discovered at the scenes of terrorist offences or other serious crimes under investigation and where it can be established to a high degree of probability that they belong to the perpetrator of the terrorist offence or other serious crime provided that the competent authorities are unable to establish the identity of the person by using any other national, European or international database.

Amendment    139

Proposal for a regulation

Article 28 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a.  Where final identification in accordance with this Article reveals that the result of the comparison received from the Central System does not correspond to the dactyloscopic data sent for comparison, Member States shall immediately erase the result of the comparison and communicate this fact to the Agency as soon as possible and no later than within three working days.

Amendment    140

Proposal for a regulation

Article 28 – paragraph 4

Text proposed by the Commission

Amendment

4.  As soon as this becomes technically possible, and while ensuring a high degree of reliability of identification, photographs and facial images may be used to identify a person. Identification based on photographs or facial images shall only be used in the context of regular border crossing points where self-service systems and automated border control systems are in use.

4.  The Commission is empowered to adopt a delegated act in accordance with Article 54a determining the use of photographs and facial images for the purpose of identifying persons and the technical standards for doing so including the search, as well as the identification and confirmation of identity. The Commission shall adopt that delegated act as soon as this becomes technically possible with a high degree of reliability of identification, photographs and facial images may be used to identify a person. Identification based on photographs or facial images shall only be used in the context of regular border crossing points where self-service systems and automated border control systems are in use.

Amendment    141

Proposal for a regulation

Article 29 – paragraph 1 – point c

Text proposed by the Commission

Amendment

(c)  other law enforcement activities carried out for the prevention, detection and investigation of criminal offences within the Member State concerned;

(c)  the prevention, detection and investigation of terrorist offences or other serious criminal offences within the Member State concerned and to which Directive (EU) 2016/680 applies;

Amendment    142

Proposal for a regulation

Article 29 – paragraph 1 – point d a (new)

Text proposed by the Commission

Amendment

 

(da)  security checks in the context of procedures related to applications for international protection, insofar as those authorities do not constitute "determining authorities" as defined in Article 2(f) of Directive 2013/32/EU of the European Parliament and of the Council1a, and where relevant providing advice in accordance with Council Regulation(EU) 377/20041b;

 

____________

 

1a Directive 2013/32/EU of the European Parliament and of the Council of 26 June 2013 on common procedures for granting and withdrawing international protection (OJ L 180, 29.6.2013, p. 60).

 

1b Council Regulation (EC) No 377/2004 of 19 February 2004 on the creation of an immigration liaison officers network (OJ L 64, 2.3.2004, p. 1).

Amendment    143

Proposal for a regulation

Article 29 – paragraph 2

Text proposed by the Commission

Amendment

2.  For the purposes of Article 24(2) and (3) and Article 27 the right to access data entered in SIS and the right to search such data directly may also be exercised by national judicial authorities, including those responsible for the initiation of public prosecutions in criminal proceedings and for judicial inquiries prior to charge, in the performance of their tasks, as provided for in national legislation, and by their coordinating authorities.

2.  For the purposes of Article 24(1) and (3) and Article 27 the right to access data entered in SIS and the right to search such data directly may also be exercised by national judicial authorities, including those responsible for the initiation of public prosecutions in criminal proceedings and for judicial inquiries prior to charge, in the performance of their tasks, as provided for in national legislation, and by their coordinating authorities.

Amendment    144

Proposal for a regulation

Article 29 – paragraph 3

Text proposed by the Commission

Amendment

3.  The right to access data concerning documents relating to persons entered in accordance with Article 38(2)(j) and (k) of Regulation (EU) 2018/xxx [police cooperation and judicial cooperation in criminal matters] and the right to search such data may also be exercised by the authorities referred to in paragraph 1(d). Access to data by these authorities shall be governed by the law of each Member State.

3.  The right to access data concerning documents relating to persons entered in accordance with Article 38(2)(j) and (k) of Regulation (EU) 2018/xxx [police cooperation and judicial cooperation in criminal matters] and the right to search such data may also be exercised by the authorities referred to in paragraph 1(d). Access to data by these authorities shall in accordance with this Regulation and with Union law on data protection.

Amendment    145

Proposal for a regulation

Article 30 – paragraph 1

Text proposed by the Commission

Amendment

1.  The European Union Agency for Law Enforcement Cooperation (Europol) shall have within its mandate, have the right to access and search data entered into SIS.

1.  The European Union Agency for Law Enforcement Cooperation (Europol) shall, where necessary to fulfil its mandate, have the right to access and search data entered into SIS.

Amendment    146

Proposal for a regulation

Article 30 – paragraph 2

Text proposed by the Commission

Amendment

2.  Where a search by Europol reveals the existence of an alert in SIS, Europol shall inform the issuing Member State via the channels defined by Regulation (EU) 2016/794.

2.  Where a search by Europol reveals the existence of an alert in SIS, Europol shall immediately inform the issuing Member State through the exchange of supplementary information by means of the communication infrastructure and in accordance with the provisions set out in the SIRENE Manual. Until Europol is able to use the functionalities intended for the exchange of supplementary information, it shall inform issuing Member States via the channels defined by Regulation (EU) 2016/794.

Amendment    147

Proposal for a regulation

Article 30 – paragraph 3

Text proposed by the Commission

Amendment

3.  The use of information obtained from a search in the SIS is subject to the consent of the Member State concerned. If the Member State allows the use of such information, the handling thereof by Europol shall be governed by Regulation (EU) 2016/794. Europol may only communicate such information to third countries and third bodies with the consent of the Member State concerned.

3.  The use of information obtained from a search in the SIS is subject to the consent of the issuing Member State concerned. If the Member State allows the use of such information, the handling thereof by Europol shall be governed by Regulation (EU) 2016/794. Europol may only communicate such information to third countries and third bodies with the consent of the issuing Member State and in full respect of Union law on data protection.

Amendment    148

Proposal for a regulation

Article 30 – paragraph 4

Text proposed by the Commission

Amendment

4.  Europol may request further information from the Member State concerned in accordance with the provisions of Regulation (EU) 2016/794.

4.  Europol may request further information from the issuing Member State in accordance with the provisions of Regulation (EU) 2016/794.

Amendment    149

Proposal for a regulation

Article 30 – paragraph 5 – point b

Text proposed by the Commission

Amendment

(b)  limit access to data entered in SIS to specifically authorised staff of Europol;

(b)  limit access to data entered in SIS to specifically authorised staff of Europol requiring access for the performance of their tasks;

Amendment    150

Proposal for a regulation

Article 30 – paragraph 5 – point c

Text proposed by the Commission

Amendment

(c)  adopt and apply measures provided for in Articles 10 and 11;

(c)  adopt and apply measures provided for in Articles 10, 11, 13 and 14;

Amendment    151

Proposal for a regulation

Article 30 – paragraph 7

Text proposed by the Commission

Amendment

7.  Any copies, as referred to in paragraph 6, which lead to off-line databases may be retained for a period not exceeding 48 hours. That period may be extended in an emergency until the emergency comes to an end. Europol shall report any such extensions to the European Data Protection Supervisor.

7.  Any copies, as referred to in paragraph 6, which lead to offline databases may be retained for a period not exceeding 48 hours. Where Europol creates an offline database with SIS data, it shall report the existence of such a database to the European Data Protection Supervisor

Justification

The Commission text provides an unjustified right for Europol to retain an off-line database of SIS data for as long as it claims a situation of emergency exists. However, as Europol has access to SIS, there is absolutely no need for Europol to retain the data in an off-line database for any longer than the initial period of 48 hours, creating unnecessary risk. Europol should therefore be required to inform the EDPS whenever it creates such an off-line database.

Amendment    152

Proposal for a regulation

Article 30 – paragraph 8

Text proposed by the Commission

Amendment

8.  Europol may receive and process supplementary information on corresponding SIS alerts provided that the data processing rules referred to in paragraphs (2)-(7) are applied as appropriate.

8.  Europol may receive and process supplementary information on corresponding SIS alerts provided that the data processing rules referred to in paragraphs 2 to 7 are applied as appropriate.

Amendment    153

Proposal for a regulation

Article 30 – paragraph 9

Text proposed by the Commission

Amendment

9.  For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data security and integrity Europol should keep logs of every access to and search in SIS. Such logs and documentation shall not be considered to be the unlawful downloading or copying of any part of SIS.

9.  For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data security and integrity Europol shall keep logs of every access to and search in SIS. Such logs shall show, in particular, the date and time of the data processing activity, the type of data processed and the name of the person responsible for processing the data. Such logs and documentation shall not be considered to be the unlawful downloading or copying of any part of SIS. The content, retention period and rules and formats for the logs shall be defined in accordance with Article 12.

Justification

The provision should be aligned to the logging responsibilities of Member States as laid down in Article 12.

Amendment    154

Proposal for a regulation

Article 30 – paragraph 9 a (new)

Text proposed by the Commission

Amendment

 

9a.  Europol shall be immediately informed by Member States of any alerts created under Article 24 and hits concerning those alerts where a person is sought by a Member State in relation to an offence referred to in Directive (EU) 2017/541.

Justification

The provision should be aligned to the logging responsibilities of Member States as laid down in Article 12.

Amendment    155

Proposal for a regulation

Article 31 – paragraph 1

Text proposed by the Commission

Amendment

1.  In accordance with Article 40(8) of Regulation (EU) 2016/1624, the members of the European Border and Coast Guard teams or teams of staff involved in return-related tasks as well as the members of the migration management support teams shall, within their mandate, have the right to access and search data entered in SIS within their mandate.

1.  In accordance with Article 40(8) of Regulation (EU) 2016/1624, the members of the teams as defined in Article 2(8) of Regulation (EU) 2016/1624 as well as the members of the migration management support teams shall, within their mandate, have the right to access and search data entered in SIS in accordance with this Regulation. They shall have this right only insofar as it is necessary for the performance of their tasks and insofar as required by the operational plan for a specific operation.

Amendment    156

Proposal for a regulation

Article 31 – paragraph 2

Text proposed by the Commission

Amendment

2.  Members of the European Border and Coast Guard teams or teams of staff involved in return-related tasks as well as the members of the migration management support teams shall access and search data entered in SIS in accordance with paragraph 1 via the technical interface set up and maintained by the European Border and Coast Guard Agency as referred to in Article 32(2).

2.  Members of the teams as defined in Article 2(8) of Regulation (EU) 2016/1624 as well as the members of the migration management support teams shall access and search data entered in SIS in accordance with paragraph 1 via the technical interface set up and maintained by the European Border and Coast Guard Agency as referred to in Article 32(2).

Amendment    157

Proposal for a regulation

Article 31 – paragraph 3

Text proposed by the Commission

Amendment

3.  Where a search by a member of the European Border and Coast Guard teams or teams of staff involved in return-related tasks or by a member of the migration management support teams reveals the existence of an alert in SIS, the issuing Member State shall be informed thereof. In accordance with Article 40 of Regulation (EU) 2016/1624, members of the teams may only act in response to an alert in SIS under instructions from and, as a general rule, in the presence of border guards or staff involved in return-related tasks of the host Member State in which they are operating. The host Member State may authorise members of the teams to act on its behalf.

3.  Where a search by a member of teams as defined in Article 2(8) of Regulation (EU) 2016/1624 or by a member of the migration management support teams reveals the existence of an alert in SIS, the issuing Member State shall be informed thereof immediately. In accordance with Article 40 of Regulation (EU) 2016/1624, members of the teams may only act in response to an alert in SIS under instructions from and, as a general rule, in the presence of border guards or staff involved in return-related tasks of the host Member State in which they are operating. The host Member State may authorise members of the teams to act on its behalf.

Amendment    158

Proposal for a regulation

Article 31 – paragraph 4

Text proposed by the Commission

Amendment

4.  Every instance of access and every search made by a member of the European Border and Coast Guard teams or teams of staff involved in return-related tasks or by a member of the migration management support teams shall be logged in accordance with the provisions of Article 12 and every use made by them of data accessed by them shall be registered.

4.  For the purpose of verifying the lawfulness of data processing, self-monitoring and ensuring proper data security and integrity the European Border and Coast Guard Agency shall keep logs of every access to and search in SIS made by a member of the teams as defined in Article 2(8) of Regulation (EU) 2016/1624 or by a member of the migration management support teams. Such logs shall show, in particular, the date and time of the data processing activity, the type of data used to perform a search, a reference to the type of data processed and the name of the person responsible for processing the data. Such logs and documentation shall not be considered to be the unlawful downloading or copying of any part of SIS. The content, retention period and rules and formats for the logs shall be defined in accordance with Article 12.

Justification

The relevant provisions should be the same as in case of Europol.

Amendment    159

Proposal for a regulation

Article 31 – paragraph 5

Text proposed by the Commission

Amendment

5.  Access to data entered in SIS shall be limited to a member of the European Border and Coast Guard teams or teams of staff involved in return-related tasks or by a member of the migration management support teams and shall not be extended to any other team member.

5.  Access to data entered in SIS shall be limited to a member of the teams as defined in Article 2(8) of Regulation (EU) 2016/1624 or by a member of the migration management support teams provided that they have received the required training. The access shall not be extended to any other team member.

Amendment    160

Proposal for a regulation

Article 31 – paragraph 6

Text proposed by the Commission

Amendment

6.  Measures to ensure security and confidentiality as provided for in Articles 10 and 11 shall be adopted and applied.

6.  Measures to ensure security and confidentiality as provided for in Articles 10, 11, 13 and 14 shall be adopted and applied.

Amendment    161

Proposal for a regulation

Article 32 – paragraph 1

Text proposed by the Commission

Amendment

1.  The European Border and Coast Guard Agency shall, for the purpose of analysing the threats that may affect the functioning or security of the external borders, have the right to access and search data entered in SIS, in accordance with Articles 24 and 27.

1.  Duly authorised staff of the European Border and Coast Guard Agency shall have access to the statistical data contained in the central repository referred to in Article 54(6) for the purpose of carrying out risk analyses and vulnerabilities assessments as referred to in Articles 11 and 13 of Regulation (EU) 2016/1624.

Justification

Besides its involvement in operations for which access to the system is provided in Article 31 Frontex does not require access to personal data in SIS alerts. The aggregated statistical data would be completely sufficient for Frontex to fulfil its mandate.

Amendment    162

Proposal for a regulation

Article 32 – paragraph 2

Text proposed by the Commission

Amendment

2.  For the purposes of Article 31(2) and paragraphs 1 of this Article the European Border and Coast Guard Agency shall set up and maintain a technical interface which allows a direct connection to Central SIS.

2.  For the purposes of Article 31(2) the European Border and Coast Guard Agency shall set up and maintain a technical interface which allows a direct connection to Central SIS.

Amendment    163

Proposal for a regulation

Article 32 – paragraph 3

Text proposed by the Commission

Amendment

3.  Where a search by the European Border and Coast Guard Agency reveals the existence of an alert in SIS, it shall inform the issuing Member State.

deleted

Amendment    164

Proposal for a regulation

Article 32 – paragraph 4

Text proposed by the Commission

Amendment

4.  The European Border and Coast Guard Agency shall, for the purpose of performing its tasks conferred on it by the Regulation establishing a European Travel Information and Authorisation System (ETIAS), have the right to access and verify data entered in SIS, in accordance with Articles 24 and 27.

[4.  Duly authorised staff of the ETIAS Central Unit established within the European Border and Coast Guard Agency shall, insofar as it is necessary for the purpose of performing any tasks conferred on it by the Regulation establishing a European Travel Information and Authorisation System (ETIAS), have the right to access and verify data entered in SIS, in accordance with Articles 24 and 27.]

Justification

It should be specified that the ETIAS related SIS access is not for the Agency as a whole but for the ETIAS Central Unit.

Amendment    165

Proposal for a regulation

Article 32 – paragraph 5

Text proposed by the Commission

Amendment

5.  Where a verification by the European Border and Coast Guard Agency for the purposes of paragraph 2 reveals the existence of an alert in SIS the procedure set out in Article 22 of Regulation establishing a European Travel Information and Authorisation System (ETIAS) applies.

deleted

Amendment    166

Proposal for a regulation

Article 32 – paragraph 7

Text proposed by the Commission

Amendment

7.  Every instance of access and every search made by the European Border and Coast Guard Agency shall be logged in accordance with the provisions of Article 12 and every use made of data accessed by the European Border and Coast Guard Agency shall be registered.

deleted

Amendment    167

Proposal for a regulation

Article 32 – paragraph 8

Text proposed by the Commission

Amendment

8.  Except where necessary to perform the tasks for the purposes of the Regulation establishing a European Travel Information and Authorisation System (ETIAS) no parts of SIS shall be connected to any computer system for data collection and processing operated by or at the European Border and Coast Guard Agency nor shall the data contained in SIS to which the European Border and Coast Guard Agency has access be transferred to such a system. No part of SIS shall be downloaded. The logging of access and searches shall not be construed to be the downloading or copying of SIS data.

8.  No parts of SIS shall be connected to any computer system for data collection and processing operated by or at the European Border and Coast Guard Agency nor shall the data contained in SIS to which the European Border and Coast Guard Agency has access be transferred to such a system. No part of SIS shall be downloaded. The logging of access and searches shall not be construed to be the downloading or copying of SIS data.

Amendment    168

Proposal for a regulation

Article 32 – paragraph 9

Text proposed by the Commission

Amendment

9.  Measures to ensure security and confidentiality as provided for in Articles 10 and 11 shall be adopted and applied.

9.  Measures to ensure security and confidentiality as provided for in Articles 10, 11, 13 and 14 shall be adopted and applied by the European Border and Coast Guard Agency.

Amendment    169

Proposal for a regulation

Article 34 – title

Text proposed by the Commission

Amendment

Retention period of alerts

Review period of alerts

Amendment    170

Proposal for a regulation

Article 34 – paragraph 1

Text proposed by the Commission

Amendment

1.  Alerts entered in SIS pursuant to this Regulation shall be kept only for the time required to achieve the purposes for which they were entered.

1.  Alerts entered in SIS pursuant to this Regulation shall not be kept longer than for the time required to achieve the purposes for which they were entered.

Amendment    171

Proposal for a regulation

Article 34 – paragraph 2

Text proposed by the Commission

Amendment

2.  A Member State issuing an alert shall, within five years of its entry into SIS, review the need to retain it.

2.  A Member State issuing an alert shall, within three years of its entry into SIS, review the need to retain it.

Amendment    172

Proposal for a regulation

Article 34 – paragraph 4

Text proposed by the Commission

Amendment

4.  In cases where it becomes clear to staff in the SIRENE Bureau, who are responsible for coordinating and verifying of data quality, that an alert on a person has achieved its purpose and should be deleted from SIS, the staff shall notify the authority which created the alert to bring this issue to the attention of the authority. The authority shall have 30 calendar days from the receipt of this notification to indicate that the alert has been or shall be deleted or shall state reasons for the retention of the alert. If the 30-day period expires without such a reply the alert shall be deleted by the staff of the SIRENE Bureau. SIRENE Bureaux shall report any recurring issues in this area to their national supervisory authority.

4.  As soon as it becomes clear to staff in the SIRENE Bureau, who are responsible for coordinating and verifying of data quality, that an alert on a person has achieved its purpose and should be deleted from SIS, the staff shall immediately notify the authority which created the alert to bring this issue to the attention of the authority. The authority shall have seven calendar days from the receipt of that notification to indicate that the alert has been or shall be deleted or shall state reasons for the retention of the alert. If the seven-day period expires without such a reply the alert shall be deleted by the staff of the SIRENE Bureau. SIRENE Bureaux shall report any recurring issues in this area to their national supervisory authority.

Justification

As one of the aims of the revision is to remove redundant alerts from SIS, the SIRENE Bureaux should act as soon as they become aware that an alert should be deleted. The relevant authority should not need one month to decide whether an alert can be deleted, in particular since the SIRENE Bureau has already made such an assessment. A period of seven days is more than enough time for a decision on whether to retain the alert.

Amendment    173

Proposal for a regulation

Article 34 – paragraph 5

Text proposed by the Commission

Amendment

5.  Within the review period, the Member State issuing the alert may, following a comprehensive individual assessment, which shall be recorded, decide to keep the alert longer, should this prove necessary for the purposes for which the alert was issued. In such a case, paragraph 2 shall apply also to the extension. Any extension of an alert shall be communicated to CS-SIS.

5.  Within the review period, the Member State issuing the alert may, following a comprehensive individual assessment, which shall be recorded, decide to keep the alert longer, should this prove necessary and proportionate for the purposes for which the alert was issued. In such a case, paragraph 2 shall apply also to the extension. Any extension of an alert shall be communicated to CS-SIS.

Amendment    174

Proposal for a regulation

Article 34 – paragraph 7

Text proposed by the Commission

Amendment

7.  Member States shall keep statistics about the number of alerts or which the retention period has been extended in accordance with paragraph 5.

7.  Member States shall keep statistics about the number of alerts for which the retention period has been extended in accordance with paragraph 5 and transmit them to the supervisory authorities referred to in Article 50.

Amendment    175

Proposal for a regulation

Article 35 – paragraph 1

Text proposed by the Commission

Amendment

1.  Alerts on refusal of entry and stay pursuant to Article 24 shall be deleted when the decision on which the alert was entered has been withdrawn by the competent authority, where applicable following the consultation procedure referred to in Article 26.

1.  Alerts on refusal of entry and stay pursuant to Article 24 shall be deleted as soon as the decision on which the alert was entered has been withdrawn by the competent authority, where applicable following the consultation procedure referred to in Article 26 or upon the expiry of the alert in accordance with Article 34.

Justification

As for the police and judicial cooperation file, there is a provision on retention periods for alerts which foresees an automatic expiry of an alert if a Member State decides not to extend the alert. Clearly the expiry of an alert should lead to that alert being deleted.

Amendment    176

Proposal for a regulation

Article 35 – paragraph 2

Text proposed by the Commission

Amendment

2.  Alerts relating to third-country nationals who are the subject of a restrictive measure as referred to in Article 27 shall be deleted when the measure implementing the travel ban has been terminated, suspended or annulled.

2.  Alerts relating to third-country nationals who are the subject of a restrictive measure as referred to in Article 27 shall be deleted as soon as the measure implementing the travel ban has been terminated, suspended or annulled or upon the expiry of the alert in accordance with Article 34.

Justification

As for the police and judicial cooperation file, there is a provision on retention periods for alerts which foresees an automatic expiry of an alert if a Member State decides not to extend the alert. Clearly the expiry of an alert should lead to that alert being deleted.

Amendment    177

Proposal for a regulation

Article 35 – paragraph 3 a (new)

Text proposed by the Commission

Amendment

 

3a.  In addition to paragraphs 1 to 3 of this Article, alerts shall also be deleted where necessary following the compatibility check provided for in Article 23a.

Amendment    178

Proposal for a regulation

Article 36 – paragraph 1

Text proposed by the Commission

Amendment

1.  The Member States may process the data referred to in Article 20 for the purposes of refusing entry into and stay in their territories.

1.  The Member States may process the data referred to in Article 20 only for the purposes of refusing entry into and stay in their territories.

Amendment    179

Proposal for a regulation

Article 36 – paragraph 3 – subparagraph 1

Text proposed by the Commission

Amendment

Technical copies, as referred to in paragraph 2, which lead to off-line databases may be retained for a period not exceeding 48 hours. That period may be extended in the event of an emergency until the emergency comes to an end.

Technical copies, as referred to in paragraph 2, which lead to off-line databases may be retained for a period not exceeding 48 hours.

Justification

In line with other amendments tabled, the creation of off-line databases creates a clear additional security risk regarding SIS data. There is no justification for allowing such databases to exist indefinitely on the basis of a claimed emergency.

Amendment    180

Proposal for a regulation

Article 36 – paragraph 3 – subparagraph 3

Text proposed by the Commission

Amendment

Member States shall keep an up-to-date inventory of those copies, make that inventory available to their national supervisory authority, and ensure that the provisions of this Regulation, in particular those of Article 10, are applied in respect of those copies.

Member States shall keep an up-to-date inventory of those copies, make that inventory available to their national supervisory authority as well as the European Data Protection Supervisor, and ensure that the provisions of this Regulation, in particular those of Article 10, are applied in respect of those copies.

Amendment    181

Proposal for a regulation

Article 36 – paragraph 7

Text proposed by the Commission

Amendment

7.  Any use of data which does not comply with paragraphs 1 to 6 shall be considered as misuse under the national law of each Member State.

7.  Any use of data which does not comply with paragraphs 1 to 6 shall be considered as misuse under the national law of each Member State and subject to penalties in accordance with Article 53a of this Regulation.

Amendment    182

Proposal for a regulation

Article 36 – paragraph 8

Text proposed by the Commission

Amendment

8.  Each Member State shall send to the Agency a list of its competent authorities which are authorised to search directly the data contained in SIS pursuant to this Regulation, as well as any changes to the list. The list shall specify, for each authority, which data it may search and for what purposes. The Agency shall ensure the annual publication of the list in the Official Journal of the European Union.

8.  Each Member State shall send to the Agency a list of its competent authorities which are authorised to search directly the data contained in SIS pursuant to this Regulation, as well as any changes to the list. The list shall specify, for each authority, which data it may search and for what purposes. The Agency shall ensure the annual publication of the list in the Official Journal of the European Union. The Commission shall maintain a public website containing this information. It shall ensure that the website is always up to date.

Amendment    183

Proposal for a regulation

Article 38 – title

Text proposed by the Commission

Amendment

Information in case of non-execution of alert

Procedure in case of non-execution of alert

Amendment    184

Proposal for a regulation

Article 38 – paragraph 1

Text proposed by the Commission

Amendment

If a requested action cannot be performed, the requested Member State shall immediately inform the Member State issuing the alert.

If a requested action cannot be performed, the following procedure applies:

 

(a)  the requested Member State shall immediately inform the issuing Member State via its SIRENE Bureau stating why not, in accordance with the SIRENE Manual;

 

(b)  the Member States concerned may agree on the action to be taken in line with the SIS II legal instruments and their own national laws;

 

(c)  if a requested action cannot be carried out with regard to persons involved in an activity referred to in Directive (EU) 2017/541, the requested Member State shall immediately inform Europol.

Amendment    185

Proposal for a regulation

Article 39 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

1a.  Where an issuing Member State has relevant additional or modified data as listed in Article 20(2), the Member State shall complete or correct the alert immediately.

Amendment    186

Proposal for a regulation

Article 39 – paragraph 1 b (new)

Text proposed by the Commission

Amendment

 

1b.  Where another Member State has relevant additional or modified alphanumeric data as listed in Article 20(2), that Member State shall transmit it immediately to the issuing Member State to enable the latter to complete the alert.

Amendment    187

Proposal for a regulation

Article 39 – paragraph 3

Text proposed by the Commission

Amendment

3.  Where a Member State other than that which issued an alert has evidence suggesting that an item of data is factually incorrect or has been unlawfully stored, it shall, through the exchange of supplementary information, inform the issuing Member State at the earliest opportunity and not later than 10 days after the said evidence has come to its attention. The issuing Member State shall check the communication and, if necessary, correct or delete the item in question without delay.

3.  Where a Member State other than that which issued an alert has evidence suggesting that an item of data is factually incorrect or has been unlawfully stored, it shall, through the exchange of supplementary information, inform the issuing Member State at the earliest opportunity and not later than two working days after the said evidence has come to its attention. The issuing Member State shall check the communication and, if necessary, correct or delete the item in question within seven working days from the notification

Justification

Correcting errors in the SIS should be a priority for all. If a Member State becomes aware of an error in an alert entered by another Member State, it should not wait 10 days before in forming the issuing Member State of that error. This should be done immediately and, at the latest within 48 hours. In the same spirit, once informed of the possible error, the issuing Member State should have seven days to rectify the error or explain why there is no error. This is in line with the amendment proposed to Article 34(4) on actions to delete alerts once informed by the Sirene Bureaux that they are redundant.

Amendment    188

Proposal for a regulation

Article 39 – paragraph 4

Text proposed by the Commission

Amendment

4.  Where the Member States are unable to reach agreement within two months of the time when the evidence first came to light, as described in paragraph 3, the Member State which did not issue the alert shall submit the matter to the national supervisory authorities concerned for a decision.

4.  Where the Member States are unable to reach agreement within two months of the time when the evidence first came to light, as described in paragraph 3, the Member State which did not issue the alert shall submit the matter to the national supervisory authorities concerned and to the European Data Protection Supervisor for a decision, by means of cooperation in accordance with Article 52.

Amendment    189

Proposal for a regulation

Article 39 – paragraph 5

Text proposed by the Commission

Amendment

5.  The Member States shall exchange supplementary information where a person complains that he or she is not the person wanted by an alert. Where the outcome of the check shows that there are in fact two different persons the complainant shall be informed of the measures laid down in Article 42.

5.  The Member States shall exchange supplementary information where a person complains that he or she is not the person wanted by an alert. Where the outcome of the check shows that there are in fact two different persons the complainant shall be informed of the measures laid down in Article 42 and of his or her right to redress in accordance with Article 49(1)

Justification

Where a person is misidentified in SIS, he or she should have a right to redress in accordance with Article 49(1). He or she should be advised of this once it becomes clear that there has been a misidentification.

Amendment    190

Proposal for a regulation

Article 39 – paragraph 6

Text proposed by the Commission

Amendment

6.  Where a person is already the subject of an alert in SIS, a Member State which enters a further alert shall reach agreement on the entry of the alert with the Member State which entered the first alert. The agreement shall be reached on the basis of the exchange of supplementary information.

deleted

Justification

Provision already set out and better explained in Article 23b on ‘the compatibility of alerts’

Amendment    191

Proposal for a regulation

Article 40 – paragraph 1

Text proposed by the Commission

Amendment

1.  Any event that has or may have an impact on the security of SIS and may cause damage or loss to SIS data shall be considered to be a security incident, especially where access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.

1.  Any event that has or may have an impact on the security of SIS and may cause damage or loss to SIS data shall be considered to be a security incident, especially where unauthorised access to data may have occurred or where the availability, integrity and confidentiality of data has or may have been compromised.

Amendment    192

Proposal for a regulation

Article 40 – paragraph 3

Text proposed by the Commission

Amendment

3.  Member States shall notify the Commission, the Agency and the European Data Protection Supervisor of security incidents. The Agency shall notify the Commission and the European data Protection Supervisor of security incidents.

3.  Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) No 2016/679 or to Article 30 of Directive (EU) No 2016/680, Member States shall notify the Commission, the Agency, the national supervisory authority and the European Data Protection Supervisor immediately of security incidents. In the event of a security incident on the Central SIS, the Agency shall notify the Commission and the European Data Protection Supervisor immediately of those security incidents.

Amendment    193

Proposal for a regulation

Article 40 – paragraph 4

Text proposed by the Commission

Amendment

4.  Information regarding a security incident that has or may have an impact on the operation of SIS in a Member State or within the Agency or on the availability, integrity and confidentiality of the data entered or sent by other Member States, shall be provided to the Member States and reported in compliance with the incident management plan provided by the Agency.

4.  Information regarding a security incident that has or may have an impact on the operation of SIS in a Member State or within the Agency or on the availability, integrity and confidentiality of the data entered or sent by other Member States, shall be provided to the Member States immediately and reported in compliance with the incident management plan provided by the Agency.

Amendment    194

Proposal for a regulation

Article 40 – paragraph 4 a (new)

Text proposed by the Commission

Amendment

 

4a.  The Member States and eu-LISA shall collaborate in the event of a security incident.

Amendment    195

Proposal for a regulation

Article 40 – paragraph 4 b (new)

Text proposed by the Commission

Amendment

 

4b.  In case of a data breach data subjects shall be informed in accordance with Article 34 of Regulation (EU) 2016/679 or Article 31 of Directive (EU) 2016/680.

Amendment    196

Proposal for a regulation

Article 40 – paragraph 4 c (new)

Text proposed by the Commission

Amendment

 

4c.  The Commission shall report serious incidents immediately to the European Parliament and the Council.

Amendment    197

Proposal for a regulation

Article 40 – paragraph 4 d (new)

Text proposed by the Commission

Amendment

 

4d.  Where a security incident is caused by the misuse of data, Member States, Europol, Eurojust and the European Border and Coast Guard Agency shall ensure that penalties or disciplinary measures are imposed in accordance with Article 53a.

Justification

Where a security incident is caused by someone with access to SIS misusing the data, sanctions should follow against that person.

Amendment    198

Proposal for a regulation

Article 41 – paragraph 1 – point a

Text proposed by the Commission

Amendment

(a)  the SIRENE Bureau shall contact the requesting authority to clarify whether or not the alert is on the same person;

(a)  the SIRENE Bureau shall immediately contact the requesting authority to clarify whether or not the alert is on the same person;

Amendment    199

Proposal for a regulation

Article 41 – paragraph 1 – point b

Text proposed by the Commission

Amendment

(b)  where the cross-check reveals that the subject of the new alert and the person already in SIS are indeed one and the same, the SIRENE Bureau shall apply the procedure for entering multiple alerts as referred to in Article 39(6). Where the outcome of the check is that there are in fact two different persons, the SIRENE Bureau shall approve the request for entering the second alert by adding the necessary elements to avoid any misidentifications.

(b)  where the cross-check reveals that the subject of the new alert and the person already in SIS are indeed one and the same, the SIRENE Bureau shall apply the procedure for entering multiple alerts as referred to in Article 23a. Where the outcome of the check is that there are in fact two different persons, the SIRENE Bureau shall approve the request for entering the second alert by adding the necessary elements to avoid any misidentifications.

Amendment    200

Proposal for a regulation

Article 42 – paragraph 1

Text proposed by the Commission

Amendment

1.  Where confusion may arise between the person actually intended as the subject of an alert and a person whose identity has been misused, the issuing Member State shall, subject to that person's explicit consent, add data relating to the latter to the alert in order to avoid the negative consequences of misidentification.

1.  Where confusion may arise between the person actually intended as the subject of an alert and a person whose identity has been misused, the issuing Member State shall, subject to that person's explicit consent, add data relating to the latter to the alert in order to avoid the negative consequences of misidentification. Any person whose identity has been misused has the right to withdraw his or her consent to the information being processed.

Amendment    201

Proposal for a regulation

Article 42 – paragraph 3 – introductory part

Text proposed by the Commission

Amendment

3.  For the purpose of this Article, only the following personal data may be entered and further processed in SIS:

3.  For the purpose of this Article, and subject to the explicit consent of the person whose identity was misused for each data category, only the following personal data may be entered and further processed in SIS:

Justification

It is important to reiterate that the personal data referred to can be entered into SIS only following the explicit consent of the person whose identity has been misused.

Amendment    202

Proposal for a regulation

Article 42 – paragraph 3 – point h

Text proposed by the Commission

Amendment

(h)  sex;

(h)  gender;

Amendment    203

Proposal for a regulation

Article 42 – paragraph 5

Text proposed by the Commission

Amendment

5.  The data referred to in paragraph 3 shall be deleted at the same time as the corresponding alert or earlier where the person so requests.

5.  The data referred to in paragraph 3 shall be deleted as soon as this is requested by the person whose identity was misused or at the same time as the corresponding alert is deleted.

Justification

The Commission text is slightly misleading. It is clearer to start with the right of the person whose identity was misused to request deletion of the data as soon as he or she wants. Thereafter, if there no such request, then that data is deleted naturally when the corresponding alert is deleted.

Amendment    204

Proposal for a regulation

Article 46 – paragraph 1

Text proposed by the Commission

Amendment

1.  Regulation (EC) No 45/2001 shall apply to the processing of personal data by the Agency under this Regulation.

1.  Regulation (EC) No 45/2001 shall apply to the processing of personal data by the Agency and the European Border and Coast Guard Agency under this Regulation.

Amendment    205

Proposal for a regulation

Article 46 – paragraph 2

Text proposed by the Commission

Amendment

2.  Regulation 2016/679 shall apply to the processing of personal data by the authorities referred to in Article 29 of this Regulation provided that national provisions transposing Directive (EU) 2016/680 do not apply.

2.  Regulation 2016/679 shall apply to the processing of personal data under this Regulation unless such processing is carried out by the competent authorities of the Member States for the purposes of the prevention, detection, investigation or prosecution of criminal offences, the execution of criminal penalties or safeguarding against threats to public security.

Amendment    206

Proposal for a regulation

Article 46 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  National provisions transposing Directive (EU) 2016/680 shall apply to the processing of personal data under this Regulation by competent national authorities for the purposes of the prevention, detection, investigation or prosecution of criminal offences, the execution of criminal penalties or safeguarding against threats to public security.

Amendment    207

Proposal for a regulation

Article 46 – paragraph 2 b (new)

Text proposed by the Commission

Amendment

 

2b.  Regulation (EU) 2016/794 shall apply to the processing of personal data by Europol pursuant to Article 30 of this Regulation.

Amendment    208

Proposal for a regulation

Article 46 – paragraph 3

Text proposed by the Commission

Amendment

3.  For processing of data by competent national authorities for the purposes of the prevention, investigation, detection, or prosecution of criminal offences of the execution of criminal penalties including the safeguarding against the prevention of threat to public security national provisions transposing Directive (EU) 2016/680 shall apply.

deleted

Amendment    209

Proposal for a regulation

Article 47 – title

Text proposed by the Commission

Amendment

Right of access, rectification of inaccurate data and erasure of unlawfully stored data

Right of access, rectification and restriction of inaccurate data and erasure of unlawfully stored data

Amendment    210

Proposal for a regulation

Article 47 – paragraph 1

Text proposed by the Commission

Amendment

1.  The right of data subjects to have access to data relating to them entered in SIS and to have such data rectified or erased shall be exercised in accordance with the law of the Member State before which they invoke that right.

1.  Without prejudice to Articles 15, 16, 17 and 18 of Regulation (EU) 2016/679 any third-country national shall have the right to access and obtain the data relating to him or her recorded in SIS and that data relating to him or her which are inaccurate be rectified or completed and that data recorded unlawfully be erased and that data processing be restricted.

Amendment    211

Proposal for a regulation

Article 47 – paragraph 1 – subparagraph 1 a (new)

Text proposed by the Commission

Amendment

 

Where appropriate, Articles 14 to 18 of Directive (EU) 2016/680 shall apply.

Amendment    212

Proposal for a regulation

Article 47 – paragraph 4 – subparagraph 1 a (new)

Text proposed by the Commission

Amendment

 

In such cases, Member States shall provide for the controller to inform the data subject in writing, without undue delay, of any refusal or restriction of access and of the reasons for the refusal or restriction. Such information may be omitted where its provision would undermine a purpose under this paragraph. Member States shall provide for the controller to inform the data subject of the possibility of lodging a complaint with a supervisory authority or of seeking a judicial remedy.

Amendment    213

Proposal for a regulation

Article 47 – paragraph 4 – subparagraph 1 b (new)

Text proposed by the Commission

Amendment

 

Member States shall provide for the controller to document the factual or legal reasons on which the decision is based. That information shall be made available to the supervisory authorities.

Amendment    214

Proposal for a regulation

Article 47 – paragraph 4 – subparagraph 1 c (new)

Text proposed by the Commission

Amendment

 

For such cases, Member States shall adopt measures providing that the rights of the data subject may also be exercised through the competent supervisory authorities.

Amendment    215

Proposal for a regulation

Article 47 – paragraph 5

Text proposed by the Commission

Amendment

5.  The person concerned shall be informed as soon as possible and in any event not later than 60 days from the date on which he applies for access or sooner if national law so provides.

5.  The person concerned shall be informed as soon as possible and in any event not later than 30 days from the date on which he or she applies for access or sooner if national law so provides, regardless of whether the person is on Union territory or not.

Amendment    216

Proposal for a regulation

Article 47 – paragraph 6

Text proposed by the Commission

Amendment

6.  The person concerned shall be informed about the follow-up given to the exercise of his rights of rectification and erasure as soon as possible and in any event not later than three months from the date on which he applies for rectification or erasure or sooner if national law so provides.

6.  The person concerned shall be informed about the follow-up given to the exercise of his or her rights to rectification, erasure and to restriction of processing as soon as possible and in any event not later than 60 days from the date on which he or she applies for rectification, erasure or for a restriction of processing or sooner if national law so provides. The person shall be informed under this paragraph regardless of whether he or she is on Union territory or not.

Amendment    217

Proposal for a regulation

Article 48 – paragraph 1

Text proposed by the Commission

Amendment

1.  Third-country nationals who are the subject of an alert issued in accordance with this Regulation shall be informed in accordance with Articles 10 and 11 of Directive 95/46/EC. This information shall be provided in writing, together with a copy of or a reference to the national decision giving rise to the alert, as referred to in Article 24(1).

1.  Third-country nationals who are the subject of an alert issued in accordance with this Regulation shall be informed by the issuing Member State as soon as possible and in any event no later than 30 days after the creation of the alert concerning them in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 or Articles 12 and 13 of Directive (EU) 2016/680. This information shall be provided in writing, together with a copy of or a reference to the national decision giving rise to the alert, as referred to in Article 24(1).

Amendment    218

Proposal for a regulation

Article 48 – paragraph 2

Text proposed by the Commission

Amendment

2.  This information shall not be provided:

2.  This information shall not be provided where national law allows for the right of information to be restricted, in particular in order to safeguard national security, defence, public security, and the prevention, detection, investigation and prosecution of criminal offences.

(f)  where:

 

i)  the personal data have not been obtained from the third-country national in question;

 

and

 

ii)  the provision of the information proves impossible or would involve a disproportionate effort;

 

(g)  where the third country national in question already has the information;

 

(h)  where national law allows for the right of information to be restricted, in particular in order to safeguard national security, defence, public security and the prevention, investigation, detection and prosecution of criminal offences.

 

(The numbering of the points is incorrect in the EN version of the COM proposal)

Amendment    219

Proposal for a regulation

Article 49 – paragraph 1

Text proposed by the Commission

Amendment

1.  Any person may bring an action before the courts or the authority competent under the law of any Member State to access, rectify, delete or erase information or to obtain compensation in connection with an alert relating to him.

1.  Without prejudice to Articles 77 to 82 of Regulation (EU) 2016/679 and Articles 52 to 56 of Directive (EU) 2016/680 any person may bring an action before the courts or the authority competent under the law of any Member State to access, rectify, erase information or to obtain a restriction of processing and compensation in connection with an alert relating to him or her.

Amendment    220

Proposal for a regulation

Article 49 – paragraph 3 – subparagraph 1 – introductory part

Text proposed by the Commission

Amendment

In order to gain a consistent overview of the functioning of remedies the national supervisory authorities shall be invited to develop a standard statistical system for reporting annually on:

In order to gain a consistent overview of the functioning of remedies the national supervisory authorities shall develop a standard statistical system for reporting annually on:

Amendment    221

Proposal for a regulation

Article 49 – paragraph 3 – subparagraph 1 – point c

Text proposed by the Commission

Amendment

(c)  the number of requests for the rectification of inaccurate data and the erasure of unlawfully stored data to the data controller and the number of cases where the data were corrected or deleted;

(c)  the number of requests for the rectification of inaccurate data and the erasure or restriction of processing of unlawfully stored data to the data controller and the number of cases where the data were corrected or deleted;

Amendment    222

Proposal for a regulation

Article 49 – paragraph 3 – subparagraph 1 – point d

Text proposed by the Commission

Amendment

(d)  the number of requests for the rectification of inaccurate data and the erasure of unlawfully stored data submitted to the national supervisory authority;

(d)  the number of requests for the rectification of inaccurate data and the erasure or restriction of processing of unlawfully stored data submitted to the national supervisory authority;

Amendment    223

Proposal for a regulation

Article 49 – paragraph 3 – subparagraph 1 – point f

Text proposed by the Commission

Amendment

(f)  the number of cases where the court ruled in favour of the applicant in any aspect of the case;

(f)  the number of cases where the court ruled in favour of the applicant in any aspect of the case and the number of cases where compensation was obtained;

Amendment    224

Proposal for a regulation

Article 50 – paragraph 1

Text proposed by the Commission

Amendment

1.  Each Member State shall ensure that the independent national supervisory authorit(ies) designated in each Member State and endowed with the powers referred to in Chapter VI of Directive (EU)2016/680 or Chapter VI of Regulation (EU) 2016/679 monitor independently the lawfulness of the processing of SIS personal data on their territory and its transmission from their territory, and the exchange and further processing of supplementary information.

1.  Each Member State shall ensure that the independent national supervisory authorities designated in each Member State and endowed with the powers referred to in Chapter VI of Directive (EU)2016/680 or Chapter VI of Regulation (EU) 2016/679 monitor independently the lawfulness of the processing of SIS personal data on their territory and its transmission from their territory, and the exchange and further processing of supplementary information.

Amendment    225

Proposal for a regulation

Article 50 – paragraph 2

Text proposed by the Commission

Amendment

2.  The national supervisory authority shall ensure that an audit of the data processing operations in its N.SIS is carried out in accordance with international auditing standards at least every four years. The audit shall either be carried out by the national supervisory authority(ies), or the national supervisory authority(ies) shall directly order the audit from an independent data protection auditor. The national supervisory authority shall at all times retain control over and undertake the responsibilities of the independent auditor.

2.  The national supervisory authorities shall ensure that an audit of the data processing operations in its N.SIS is carried out in accordance with international auditing standards at least every four years. The audit shall either be carried out by the national supervisory authorities, or the national supervisory authorities shall directly order the audit from an independent data protection auditor. The national supervisory authorities shall at all times retain control over and undertake the responsibilities of the independent auditor.

Amendment    226

Proposal for a regulation

Article 50 – paragraph 3

Text proposed by the Commission

Amendment

3.  Member States shall ensure that their national supervisory authority has sufficient resources to fulfil the tasks entrusted to it under this Regulation.

3.  Member States shall ensure that their national supervisory authorities have sufficient resources to fulfil the tasks entrusted to them under this Regulation. They shall also ensure that their national supervisory authorities have access to assistance from persons with expertise on biometric data.

Amendment    227

Proposal for a regulation

Article 51 – title

Text proposed by the Commission

Amendment

Supervision of the Agency

Supervision of the Agencies

Amendment    228

Proposal for a regulation

Article 51 – paragraph 1

Text proposed by the Commission

Amendment

1.  The European Data Protection Supervisor shall ensure that the personal data processing activities of the Agency are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

1.  The European Data Protection Supervisor shall be responsible for monitoring the personal data processing activities of the Agency, the European Border and Coast Guard Agency and Europol and for ensuring that those activities are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

Amendment    229

Proposal for a regulation

Article 51 – paragraph 2

Text proposed by the Commission

Amendment

2.  The European Data Protection Supervisor shall ensure that an audit of the Agency's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report on that audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the National Supervisory Authorities. The Agency shall be given an opportunity to make comments before the report is adopted.

2.  The European Data Protection Supervisor shall ensure that an audit of the Agency's, the European Border and Coast Guard Agency's and Europol's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report on that audit shall be sent to the European Parliament, the Council, the Agency, the Commission and the National Supervisory Authorities. The Agency shall be given an opportunity to make comments before the report is adopted.

Amendment    230

Proposal for a regulation

Article 51 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  The European Data Protection Supervisor shall be granted sufficient resources to fulfil the tasks entrusted to it under this Regulation, including assistance from persons with expertise on biometric data.

Amendment    231

Proposal for a regulation

Article 52 – paragraph 1

Text proposed by the Commission

Amendment

1.  The national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall actively cooperate within the framework of their responsibilities and shall ensure coordinated supervision of SIS.

1.  The national supervisory authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall actively cooperate with each other within the framework of their responsibilities in accordance with Article [62] of [New Regulation on the protection of individuals with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data].

Amendment    232

Proposal for a regulation

Article 52 – paragraph 4

Text proposed by the Commission

Amendment

4.  A joint report of activities as regards coordinated supervision shall be sent by the Board established by Regulation (EU) 2016/679 to the European Parliament, the Council, and the Commission every two years.

4.  A joint report of activities as regards coordinated supervision shall be sent annually by the Board established by Regulation (EU) 2016/679 to the European Parliament, the Council, and the Commission.

Amendment    233

Proposal for a regulation

Chapter 10 – title

Text proposed by the Commission

Amendment

LIABILITY

LIABILITY AND PENALTIES

Amendment    234

Proposal for a regulation

Article 53 – paragraph 1

Text proposed by the Commission

Amendment

1.  Each Member State shall be liable for any damage caused to a person through the use of N.SIS. This shall also apply to damage caused by the issuing Member State, where the latter entered factually inaccurate data or stored data unlawfully.

1.  Each Member State and eu-LISA shall be liable for any material or immaterial damage caused to a person as a result of an unlawful processing operation, as a result of any act incompatible with this Regulation or through the use of N.SIS. This shall also apply to damage caused by the issuing Member State, where the latter entered factually inaccurate data or stored data unlawfully.

Amendment    235

Proposal for a regulation

Article 53 – paragraph 1 a (new)

Text proposed by the Commission

Amendment

 

1a.  Any person who, or Member State which, has suffered material or immaterial damage as a result of an unlawful processing operation or of any act incompatible with this Regulation shall be entitled to receive compensation from the Member State responsible for the damage suffered or from eu-LISA if it is responsible for the damage suffered. The Member State or eu-LISA shall be partially or fully relieved of that liability if it proves that the harmful event cannot be attributed to it. Claims for compensation brought against a Member State shall be governed by the provisions of national law of the defendant Member State, in accordance with Regulation (EU) 2016/679 and Directive (EU) 2016/680.

Amendment    236

Proposal for a regulation

Article 53 a (new)

Text proposed by the Commission

Amendment

 

Article 53a

 

Penalties

 

Member States shall ensure that any processing of data stored in SIS or any exchange of supplementary information contrary to this Regulation is punishable in accordance with national law. The penalties provided shall be effective, proportionate and dissuasive and shall include administrative and criminal penalties.

 

Europol and the European Border and Coast Guard Agency shall ensure that members of their staff or members of their teams accessing SIS under their authority who process SIS data in breach of this Regulation are subject to disciplinary measures by the Agency or, in the case of team members, by their home Member State.

Amendment    237

Proposal for a regulation

Article 54 – paragraph 3

Text proposed by the Commission

Amendment

3.  The Agency shall produce, daily, monthly and annual statistics showing the number of records per category of alert, the annual number of hits per category of alert, how many times SIS was searched and how many times SIS was accessed for the purpose of entering, updating or deleting an alert in total and for each Member State, including statistics on the consultation procedure referred to in Article 26. The statistics produced shall not contain any personal data. The annual statistical report shall be published.

3.  The Agency shall produce, daily, monthly and annual statistics showing the number of records per category of alert, the annual number of hits per category of alert, how many times SIS was searched and how many times SIS was accessed for the purpose of entering, completing, updating or deleting an alert in total and for each Member State, including statistics on the consultation procedure referred to in Article 26. The statistics produced shall not contain any personal data. The annual statistical report shall be published.

Amendment    238

Proposal for a regulation

Article 54 – paragraph 4

Text proposed by the Commission

Amendment

4.  Member States as well as Europol and the European Border and Coast Guard Agency shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 7 and 8.

4.  Member States as well as Europol and the European Border and Coast Guard Agency shall provide the Agency and the Commission with the information necessary to draft the reports referred to in paragraphs 3, 7 and 8.

Amendment    239

Proposal for a regulation

Article 54 – paragraph 5

Text proposed by the Commission

Amendment

5.  The Agency shall provide the Member States, the Commission, Europol and the European Border and Coast Guard Agency with any statistical reports that it produces. In order to monitor the implementation of legal acts of the Union, the Commission shall be able to request the Agency to provide additional specific statistical reports, either regular or ad-hoc, on the performance or use of SIS and SIRENE communication.

5.  The Agency shall provide the European Parliament, the Council, the Member States, the Commission, Europol and the European Border and Coast Guard Agency and the European Data Protection Supervisor with any statistical reports that it produces and any specific statistical reports requested. In order to monitor the implementation of legal acts of the Union, the Commission shall be able to request the Agency to provide additional specific statistical reports, either regular or ad-hoc, on the performance or use of SIS and SIRENE communication.

Amendment    240

Proposal for a regulation

Article 54 – paragraph 6 – subparagraph l

Text proposed by the Commission

Amendment

For the purpose of paragraphs 3 to 5 of this Article and Article 15(5), the Agency shall establish, implement and host a central repository in its technical sites containing the data referred to in paragraph 3 of this Article and in Article 15(5) which shall not allow for the identification of individuals and shall allow the Commission and the agencies referred to in paragraph 5 to obtain bespoke reports and statistics. The Agency shall grant access to Member States, the Commission, Europol and the European Border and Coast Guard Agency to the central repository by means of secured access through the Communication Infrastructure with control of access and specific user profiles solely for the purpose of reporting and statistics.

For the purpose of paragraphs 3, 4 and 5 of this Article and of Article 15(5), the Agency shall establish, implement and host a central repository in its technical sites containing the data referred to in paragraph 3 of this Article and in Article 15(5) which shall not allow for the identification of individuals and shall allow the Commission and the agencies referred to in paragraph 5 to obtain bespoke reports and statistics. Upon request, the Agency shall give access to Member States, the Commission, Europol, Eurojust and the European Border and Coast Guard Agency to the central repository, specific items and information by means of secured access through the Communication Infrastructure with control of access and specific user profiles solely for the purpose of reporting and statistics.

Amendment    241

Proposal for a regulation

Article 54 – paragraph 7

Text proposed by the Commission

Amendment

7.  Two years after SIS is brought into operation and every two years thereafter, the Agency shall submit to the European Parliament and the Council a report on the technical functioning of Central SIS and the Communication Infrastructure, including the security thereof, and the bilateral and multilateral exchange of supplementary information between Member States.

7.  One year after SIS is brought into operation and every two years thereafter, the Agency shall submit to the European Parliament and the Council a report on the technical functioning of Central SIS and the Communication Infrastructure, including the security thereof, on the introduction of the automated fingerprint identification system, and the bilateral and multilateral exchange of supplementary information between Member States.

Amendment    242

Proposal for a regulation

Article 54 – paragraph 8

Text proposed by the Commission

Amendment

8.  Three years after SIS is brought into operation and every four years thereafter, the Commission shall produce an overall evaluation of Central SIS and the bilateral and multilateral exchange of supplementary information between Member States. That overall evaluation shall include an examination of results achieved against objectives, and an assessment of the continuing validity of the underlying rationale, the application of this Regulation in respect of Central SIS, the security of Central SIS and any implications for future operations. The Commission shall transmit the evaluation to the European Parliament and the Council.

8.  One year after SIS is brought into operation and every two years thereafter, the Commission shall produce an overall evaluation of Central SIS and the bilateral and multilateral exchange of supplementary information between Member States. That overall evaluation shall take the opinion of the European Data Protection Supervisor into account, and shall include an examination of results achieved against objectives, and an assessment of the continuing validity of the underlying rationale, the application of this Regulation in respect of Central SIS, the security of Central SIS and any implications for future operations. The overall evaluation report shall also include the creation of an automated fingerprint file function and SIS information campaigns organised by the Commission in accordance with Article 19. The Commission shall transmit the evaluation to the European Parliament and the Council.

Amendment    243

Proposal for a regulation

Article 54 a (new)

Text proposed by the Commission

Amendment

 

Article 54a

 

Exercise of the delegation

 

1.  The power to adopt delegated acts is conferred on the Commission subject to the conditions laid down in this Article.

 

2.  The power to adopt delegated acts referred to in Article 8(4), Article 22 (-1), Article 27(2a), Article 28(4) and Article 58(2a) shall be conferred on the Commission for an indeterminate period of time from ... [the date of entry into force of this Regulation].

 

3.  The delegation of power referred to in Article 8(4), Article 22 (-1), Article 27(2a), Article 28(4) and Article 58(2a) may be revoked at any time by the European Parliament or by the Council. A decision to revoke shall put an end to the delegation of the power specified in that decision. It shall take effect the day following the publication of the decision in the Official Journal of the European Union or at a later date specified therein. It shall not affect the validity of any delegated acts already in force.

 

4.  Before adopting a delegated act, the Commission shall consult experts designated by each Member State in accordance with the principles laid down in the Interinstitutional Agreement of 13 April 2016 on Better Law-Making.

 

5.  As soon as it adopts a delegated act, the Commission shall notify it simultaneously to the European Parliament and to the Council.

 

6.  A delegated act adopted pursuant to Article 8(4), Article 22 (-1), Article 27(2a), Article 28(4) and Article 58(2a) shall enter into force only if no objection has been expressed either by the European Parliament or the Council within a period of two months of notification of that act to the European Parliament and the Council or if, before the expiry of that period, the European Parliament and the Council have both informed the Commission that they will not object. That period shall be extended by two months at the initiative of the European Parliament or of the Council.

Amendment    244

Proposal for a regulation

Article 58 – paragraph 2

Text proposed by the Commission

Amendment

2.  It shall apply from the date fixed by the Commission after:

2.  It shall apply from ... [one year after the date of entry into force] with the exception of Article 5, Article 8(4), Article 9(1), Article 15(5) and (6), Article 20(3) and (4), Article 22(-1) and (2), Article 27(2a), Article 28(4), Article 42(4), Article 54(6), Article 54a, Article 55 and Article 58(2a), which shall apply from the date of entry into force of this Regulation.

(a)  the necessary implementing measures have been adopted;

 

(b)  Member States have notified the Commission about that they have made the necessary technical and legal arrangements to process SIS data and exchange supplementary information pursuant to this Regulation;

 

(c)  The Agency has notified the Commission about the completion of all testing activities with regard CS-SIS and the interaction between CS-SIS and N.SIS.

 

Justification

A fixed date of application should be inserted which may, however, if necessary, be adjusted by a delegated act (see AM on paragraph 2a below). In the meantime, the provisions necessary for the implementing measures and delegated acts should be directly applicable so that work on these measures may begin directly with the entry into force.

Amendment    245

Proposal for a regulation

Article 58 – paragraph 2 a (new)

Text proposed by the Commission

Amendment

 

2a.  The Commission shall be empowered to adopt delegated acts in accordance with Article 54a concerning amendments to the date of application of this Regulation.

EXPLANATORY STATEMENT

Background

The current Schengen Information System II (‘SIS II’) legal framework although agreed by 2006/2007 only became applicable on 9 April 2013 when the SIS II system was ready.

Following these hugely deplorable delays, accompanied by an investment eight times bigger than anticipated, the SIS II has, however, developed into a European success story. As the evaluation report of the Commission and the SIS II statistics show, the number of alerts and hits have been constantly increasing.

However, there is still much room for improvement by Member States. The assessment accompanying the current proposals and the evaluations and recommendations on the Schengen Evaluation Mechanism sometimes point to serious issues regarding the non- or wrong implementation of the SIS II legal framework. These range from data quality problems, lack of training of end-users to insufficient information on alerts and delays of the SIRENE bureaux following-up a hit. This is particularly worrisome regarding terrorism.

SIS is regularly subject to evaluation and these new proposals, along with the amendments in this draft, are a reflection of this. However, the rapporteur calls on the Member States to swiftly implement all recommendations that have been addressed to them and to take all measures to fully exploit the functionalities offered by SIS II according to its legal framework without delay.

Position of the rapporteur on the new proposals

The rapporteur welcomes the Commission’s proposals, as they further strengthen the SIS, underlining its truly European nature, maintaining its main characteristics and addressing some of the shortcomings at national level.

Still, the rapporteur considers that further improvements can be made and presents in this draft report a series of amendments to this end. The amendments can be grouped under the following main headings:

Architecture

The rapporteur is fully aware of the fact that structurally the system has to be reinforced to enable it to cope with ever more data inserted, in particular biometric data, new search functionalities and more users. It is clear that as the key European law enforcement and borders large-scale IT system it has to be reliably available to end-users at any time. The rapporteur doubts, however, that the solution proposed by the Commission, that is to oblige all Member States to have a national copy, is the right way to go. Parliament has always been sceptical of national, and also of technical copies, mainly due to the inherent risks for data protection and security. Nonetheless, Parliament, as a compromise, accepted - and accepts still - that those Member States that do want to have national copies can have them. What it cannot accept is to impose that obligation to those that do not. Following the agreement on the SIS II legal framework much effort was made, and money spent, to have a properly functioning central system. The rapporteur firmly believes that further efforts should be made in order to ensure the uninterrupted availability of the system at this level. The rapporteur is proposing, therefore, a series of amendments which seek to further enhance the availability and capacity of the central system to end-users. In particular, CS-SIS should contain a further copy and a backup system should be in simultaneous active operation all the time. In the same spirit, consideration should be given to increase SIS reliability and security by duplicating all key elements of the architecture, including the communication infrastructure. Finally, eu-LISA should become the sole actor responsible for the communication infrastructure.

Access to the system

The Commission proposes to provide for enhanced access possibilities for a series of European agencies. While the rapporteur agrees with these proposals, he nevertheless has tabled a series of amendments which seek to define in a more precise way, with reference to the existing mandates of the respective agencies, the circumstances under which SIS data may be accessed. He also proposes to increase the safeguards in this respect, be it in terms of prior training, logging and oversight.

The rapporteur firmly believes in the added value of the system and recognises the need to address the new security challenges. Namely, ensuring access to all relevant national competent authorities. This access should, however, be conditional on all legal provisions on data protection being applicable to these authorities and on the possibility for the supervisory authorities to verify the correct application of the legal provisions, including through the Schengen evaluation mechanism.

Data Security

Given the nature of the data contained in the SIS, data security has to be a key objective. The rapporteur recognises that much effort is made by eu-LISA and Member States in this regard. Nevertheless, the case of the hacking into the SIS via an external service provider in Denmark should be a reminder to increase efforts in this regard. The rapporteur welcomes the new provisions on security incidents proposed by the Commission. He proposes some amendments on this provision especially regarding the cooperation between the different institutional actors and the Member States. He also suggests, having the Danish case in mind, that Member States and eu-LISA should closely monitor the activities of contractors. Finally, a few further requirements regarding data security are added in line with other large-scale IT systems.

Data Protection

Data protection for SIS is complex due to its dual nature as an immigration and law enforcement database. In addition, its different users at European level and national level are subject to a wide range of legal provisions. All efforts have to be made, however, to provide for appropriate safeguards which are also robust enough to stand the test of everyday use. Achieving this is as crucial for the integrity and legitimacy of the system as are its successes. A series of amendments are therefore proposed which mainly aim to clarify which the applicable rules are. In addition, a number of provisions are strengthened and brought further in line with EU Data Protection framework.

Alerts for the purpose of refusing entry

The rapporteur welcomes the proposal of the Commission regarding the consultation procedure which is to be used to avoid that the very same third country national is subject to a refusal of entry alert and at the same time holds a document of a Member State granting him or her a right to stay. The rapporteur supports all efforts to improve cooperation between Member States. Cooperation is the key to make the Schengen area work as an area without internal borders.

The rapporteur deplores, however, that the Commission has not made any effort in trying to harmonise the criteria which are to be applied for the insertion of an alert for the purpose of refusing entry to the Schengen area. Parliament has, in the past, called for greater harmonisation when the SIS II legal framework was negotiated. As a compromise the following review clause was inserted:

“The Commission shall review the application of this Article three years after the date referred to in Article 55(2). On the basis of that review, the Commission shall, using its right of initiative in accordance with the Treaty, make the necessary proposals to modify the provisions of this Article to achieve a greater level of harmonisation of the criteria for entering alerts.”

Unfortunately, the Commission’s sole proposal in in this regard was to propose to suppress this paragraph.

The rapporteur therefore proposes some amendments which aim for greater harmonisation. Finally, he also suggest that persons convicted of terrorism should be inserted for the purpose of refusing entry.

Entry into force of the new provisions

The Schengen area currently has been put in a difficult situation. Terrorism and migration have led to the prolonged internal border controls, posing new challenges that need to be addressed quickly. The rapporteur therefore considers that SIS is key for this purpose today and can deliver solutions. The proposals should therefore be adopted as swiftly as possible, as we are upgrading the biggest, best implemented and most used centralised European information system and thus delivering concrete and immediate solutions to problems affecting European citizens. The rapporteur therefore proposes that the new legal framework should become applicable one year after the entry into force. A fixed deadline should be inserted to avoid long delays was the case with the SIS II legal framework.

OPINION of the Committee on Foreign Affairs (26.7.2017)

for the Committee on Civil Liberties, Justice and Home Affairs

on the proposal for a regulation of the European Parliament and of the Council on the establishment, operation and use of the Schengen Information System (SIS) in the field of border checks, amending Regulation (EU) No 515/2014 and repealing Regulation (EC) No 1987/2006
(COM(2016)0882 – C8‑0533/2016 – 2016/0408(COD))

Rapporteur: Hilde Vautmans

AMENDMENTS

The Committee on Foreign Affairs calls on the Committee on Civil Liberties, Justice and Home Affairs, as the committee responsible, to take into account the following amendments:

Amendment    1

Proposal for a regulation

Recital 14 a (new)

Text proposed by the Commission

Amendment

 

(14a)  Highly sensitive biometric data will be collected. Given their sensitivity, their collection and use should be subject to a strict analysis before deciding to register them in the SIS. Biometric identifiers should be introduced and searched only under specific conditions meetingthe proportionality requirement of the data protection legal framework.

Amendment    2

Proposal for a regulation

Recital 21

Text proposed by the Commission

Amendment

(21)  This Regulation should set mandatory rules for the consultation of national authorities in case a third country national holds or may obtain a valid residence permit or other authorisation or right to stay granted in one Member State, and another Member State intends to issue or already entered an alert for refusal of entry and stay to the third country national concerned. Such situations create serious uncertainties for border guards, police and immigration authorities. Therefore, it is appropriate to provide for a mandatory timeframe for rapid consultation with a definite result in order to avoid that persons representing a threat may enter to the Schengen area.

(21)  This Regulation should set mandatory rules for the consultation of national authorities in case a third country national holds or may obtain a valid residence permit or other authorisation or right to stay granted in one Member State, and another Member State intends to issue or already entered an alert for refusal of entry and stay to the third country national concerned. Such situations create serious uncertainties for border guards, police and immigration authorities. Therefore, it is appropriate to provide for clear guidelines and a mandatory timeframe for rapid consultation with a definite result in order to avoid that persons representing a threat may enter to the Schengen area.

Amendment    3

Proposal for a regulation

Recital 26

Text proposed by the Commission

Amendment

(26)  Data processed in SIS in application of this Regulation should not be transferred or made available to third countries or to international organisations.

(26)  Data processed and stored in SIS in application of this Regulation, as well as SIS information already made available to authorised authorities, should not be transferred or made available to third countries or to international organisations.

Amendment    4

Proposal for a regulation

Recital 42 a (new)

 

Text proposed by the Commission

Amendment

(42a)  Specific safeguards governing the treatment of personal data of vulnerable third-country nationals, such as children, should be required.

Amendment    5

Proposal for a regulation

Recital 42 b (new)

 

Text proposed by the Commission

Amendment

(42b)  In cases concerning children, the best interests of the child should be a primary consideration when applying this Regulation. When data pertaining to a child are inserted in SIS, they should only be used for purposes relating to the prevention, detection and investigation of missing children cases and for the protection of the child’s best interests, in accordance with the UN Convention on the Rights of the Child.

Amendment    6

Proposal for a regulation

Recital 42 c (new)

Text proposed by the Commission

Amendment

 

(42c)  All measures taken in relation to the SIS should comply with the Charter of Fundamental Rights of the Union. Member States should apply guidelines, to be established and monitored jointly by the European Union Agency for Asylum and the European Union Agency for Fundamental Rights, for a common practice with regard to taking fingerprints and facial images of irregular third-country nationals, building upon the checklist prepared by the European Union Agency for Fundamental Rights. At all times Member States should respect the dignity and physical integrity of the minor during the fingerprinting procedure and when capturing a facial image. Member States should not use coercion to compel the taking of fingerprints of minors.

Justification

In accordance with the UN Convention on the rights of the Child, children shall be treated with humanity and respect, in a manner which takes into account the needs of their age. Therefore, particular attention shall be paid to the specific situation of minors. The best interest of the child shall always be a primary consideration.

Amendment    7

Proposal for a regulation

Recital 53 a (new)

Text proposed by the Commission

Amendment

 

(53a)  No amendment or new provision in this Regulation should create unnecessary obstacles for Member States who will join or are in the process of joining the Schengen area

Amendment    8

Proposal for a regulation

Article 19 – paragraph 1

 

Text proposed by the Commission

Amendment

The Commission, in cooperation with the national supervisory authorities and the European Data Protection Supervisor, shall regularly carry out campaigns informing the public about the objectives of SIS, the data stored, the authorities having access to SIS and the rights of data subjects. Member States shall, in cooperation with their national supervisory authorities, devise and implement the necessary policies to inform their citizens about SIS generally.

The Commission, in cooperation with the national supervisory authorities and the European Data Protection Supervisor, shall regularly carry out campaigns informing the public, including third-country nationals, about the objectives of SIS, the data stored, the authorities having access to SIS and the rights of data subjects. Member States shall, in cooperation with their national supervisory authorities, devise and implement the necessary policies to inform their citizens, including third-country nationals, about SIS generally.

Amendment    9

Proposal for a regulation

Article 20 – paragraph 2 – point s

Text proposed by the Commission

Amendment

(s)  the category of the person’s identification document;

(s)  the category of the person’s current or past identification documents or other documents used so far under his or her aliases;

Amendment    10

Proposal for a regulation

Article 20 – paragraph 2 – point u

Text proposed by the Commission

Amendment

(u)  the number(s) of the person’s identification document;

(u)  the number(s) of the person’s current or past identification documents or other documents used so far under his or her aliases;

Amendment    11

Proposal for a regulation

Article 24 – paragraph 1

Text proposed by the Commission

Amendment

1.  Data on third-country nationals in respect of whom an alert has been issued for the purposes of refusing entry and stay shall be entered in SIS on the basis of a national alert resulting from a decision taken by the competent administrative or judicial authorities in accordance with the rules of procedure laid down by national law taken on the basis of an individual assessment. Appeals against those decisions shall be made in accordance with national law.

1.  Data on third-country nationals in respect of whom an alert has been issued for the purposes of refusing entry and stay shall be entered in SIS on the basis of a national alert resulting from a decision, respecting the “ne bis in idem” principle, taken by the competent administrative or judicial authorities in accordance with the rules of procedure laid down by national law taken on the basis of an individual assessment. In full compliance with Regulation 2016/679, effective remedies and appeals against those decisions, as well as the right to access their personal data and to erase, complete or ratify them, shall be guaranteed, including for third country nationals not present on the Union territory

Amendment    12

Proposal for a regulation

Article 29 – paragraph 2

Text proposed by the Commission

Amendment

2.  For the purposes of Article 24(2) and (3) and Article 27 the right to access data entered in SIS and the right to search such data directly may also be exercised by national judicial authorities, including those responsible for the initiation of public prosecutions in criminal proceedings and for judicial inquiries prior to charge, in the performance of their tasks, as provided for in national legislation, and by their coordinating authorities.

2.  Only duly authorised staff of designated authorities shall have access to the SIS after following appropriate trainings on data security and data protection. For the purposes of Article 24(2) and (3) and Article 27 the right to access data entered in SIS and the right to search such data directly may also be exercised by national judicial authorities, including those responsible for the initiation of public prosecutions in criminal proceedings and for judicial inquiries prior to charge, in the performance of their tasks, as provided for in national legislation, and by their coordinating authorities.

Amendment    13

Proposal for a regulation

Article 47 – paragraph 1

Text proposed by the Commission

Amendment

1.  The right of data subjects to have access to data relating to them entered in SIS and to have such data rectified or erased shall be exercised in accordance with the law of the Member State before which they invoke that right.

1.  The right of data subjects to have access to data relating to them entered in SIS and to have such data rectified or erased shall be exercised in accordance with the law of the Member State before which they invoke that right, regardless of whether the data subject is on Union territory.

Amendment    14

Proposal for a regulation

Article 49 – paragraph 1

Text proposed by the Commission

Amendment

1.  Any person may bring an action before the courts or the authority competent under the law of any Member State to access, rectify, delete or erase information or to obtain compensation in connection with an alert relating to him.

1.  Any person may bring an action before the courts or the authority competent under the law of any Member State to access, rectify, delete or erase information or to obtain compensation in connection with an alert relating to him or her, regardless of whether he or she is present on the Union territory when taking such action

PROCEDURE – COMMITTEE ASKED FOR OPINION

Title

Establishment, operation and use of the Schengen Information System (SIS) in the field of border checks

References

COM(2016)0882 – C8-0533/2016 – 2016/0408(COD)

Committee responsible

       Date announced in plenary

LIBE

6.4.2017

 

 

 

Opinion by

       Date announced in plenary

AFET

6.4.2017

Rapporteur

       Date appointed

Hilde Vautmans

15.5.2017

Date adopted

11.7.2017

 

 

 

Result of final vote

+:

–:

0:

27

14

21

Members present for the final vote

Lars Adaktusson, Michèle Alliot-Marie, Francisco Assis, Petras Auštrevičius, Bas Belder, Mario Borghezio, Victor Boştinaru, Elmar Brok, Klaus Buchner, James Carver, Fabio Massimo Castaldo, Lorenzo Cesa, Aymeric Chauprade, Javier Couso Permuy, Andi Cristea, Arnaud Danjean, Knut Fleckenstein, Eugen Freund, Michael Gahler, Iveta Grigule, Sandra Kalniete, Tunne Kelam, Janusz Korwin-Mikke, Andrey Kovatchev, Eduard Kukan, Ryszard Antoni Legutko, Arne Lietz, Barbara Lochbihler, Sabine Lösing, Andrejs Mamikins, Alex Mayer, David McAllister, Tamás Meszerics, Francisco José Millán Mon, Javier Nart, Demetris Papadakis, Ioan Mircea Paşcu, Alojz Peterle, Tonino Picula, Julia Pitera, Cristian Dan Preda, Jozo Radoš, Sofia Sakorafa, Jordi Solé, Jaromír Štětina, Charles Tannock, László Tőkés, Miguel Urbán Crespo, Ivo Vajgl, Elena Valenciano, Hilde Vautmans, Boris Zala

Substitutes present for the final vote

Brando Benifei, Luis de Grandes Pascual, Javi López, Eleni Theocharous, Ernest Urtasun, Bodil Valero, Paavo Väyrynen, Marie-Christine Vergiat, Željana Zovko

Substitutes under Rule 200(2) present for the final vote

Frank Engel

FINAL VOTE BY ROLL CALL IN COMMITTEE ASKED FOR OPINION

27

+

ALDE

Petras Auštrevičius, Iveta Grigule, Javier Nart, Jozo Radoš, Ivo Vajgl, Hilde Vautmans, Paavo Väyrynen

ECR

Bas Belder, Ryszard Antoni Legutko, Charles Tannock, Eleni Theocharous

EFDD

Fabio Massimo Castaldo

S&D

Francisco Assis, Brando Benifei, Victor Boştinaru, Andi Cristea, Knut Fleckenstein, Eugen Freund, Arne Lietz, Javi López, Andrejs Mamikins, Alex Mayer, Demetris Papadakis, Ioan Mircea Paşcu, Tonino Picula, Elena Valenciano, Boris Zala

14

-

EFDD

James Carver

ENF

Mario Borghezio

GUE/NGL

Javier Couso Permuy, Sabine Lösing, Sofia Sakorafa, Miguel Urbán Crespo, Marie-Christine Vergiat

NI

Janusz Korwin-Mikke

Verts/ALE

Klaus Buchner, Barbara Lochbihler, Tamás Meszerics, Jordi Solé, Ernest Urtasun, Bodil Valero

21

0

NI

Aymeric Chauprade

PPE

Lars Adaktusson, Michèle Alliot-Marie, Elmar Brok, Lorenzo Cesa, Arnaud Danjean, Frank Engel, Michael Gahler, Sandra Kalniete, Tunne Kelam, Andrey Kovatchev, Eduard Kukan, David McAllister, Francisco José Millán Mon, Alojz Peterle, Julia Pitera, Cristian Dan Preda, Jaromír Štětina, László Tőkés, Željana Zovko, Luis de Grandes Pascual

Key to symbols:

+  :  in favour

-  :  against

0  :  abstention

PROCEDURE – COMMITTEE RESPONSIBLE

Title

Establishment, operation and use of the Schengen Information System (SIS) in the field of border checks

References

COM(2016)0882 – C8-0533/2016 – 2016/0408(COD)

Date submitted to Parliament

22.12.2016

 

 

 

Committee responsible

       Date announced in plenary

LIBE

6.4.2017

 

 

 

Committees asked for opinions

       Date announced in plenary

AFET

6.4.2017

BUDG

6.4.2017

 

 

Not delivering opinions

       Date of decision

BUDG

12.1.2017

 

 

 

Rapporteurs

       Date appointed

Carlos Coelho

9.3.2017

 

 

 

Discussed in committee

30.3.2017

10.7.2017

28.9.2017

6.11.2017

Date adopted

6.11.2017

 

 

 

Result of final vote

+:

–:

0:

45

3

5

Members present for the final vote

Asim Ahmedov Ademov, Gerard Batten, Monika Beňová, Malin Björk, Michał Boni, Daniel Dalton, Rachida Dati, Raymond Finch, Kinga Gál, Ana Gomes, Sylvie Guillaume, Monika Hohlmeier, Filiz Hyusmenova, Sophia in ‘t Veld, Dietmar Köster, Barbara Kudrycka, Cécile Kashetu Kyenge, Juan Fernando López Aguilar, Monica Macovei, Roberta Metsola, Claude Moraes, Péter Niedermüller, Judith Sargentini, Birgit Sippel, Csaba Sógor, Helga Stevens, Traian Ungureanu, Marie-Christine Vergiat, Udo Voigt, Josef Weidenholzer, Cecilia Wikström, Kristina Winberg, Auke Zijlstra

Substitutes present for the final vote

Carlos Coelho, Anna Maria Corazza Bildt, Pál Csáky, Miriam Dalli, Gérard Deprez, Marek Jurek, Jeroen Lenaers, Elly Schlein, Barbara Spinelli, Róża Gräfin von Thun und Hohenstein, Axel Voss

Substitutes under Rule 200(2) present for the final vote

Max Andersson, André Elissen, Karin Kadenbach, Peter Kouroumbashev, Julia Reda, Sofia Ribeiro, Bart Staes, Julie Ward, Wim van de Camp

Date tabled

10.11.2017

FINAL VOTE BY ROLL CALL IN COMMITTEE RESPONSIBLE

45

+

ALDE

Gérard Deprez, Filiz Hyusmenova, Sophia in 't Veld, Cecilia Wikström

ECR

Marek Jurek, Monica Macovei, Helga Stevens

EFDD

Kristina Winberg

NI

Udo Voigt

PPE

Asim Ahmedov Ademov, Michał Boni, Carlos Coelho, Anna Maria Corazza Bildt, Pál Csáky, Rachida Dati, Kinga Gál, Monika Hohlmeier, Barbara Kudrycka, Jeroen Lenaers, Roberta Metsola, Sofia Ribeiro, Csaba Sógor, Róża Gräfin von Thun und Hohenstein, Traian Ungureanu, Axel Voss, Wim van de Camp

S&D

Monika Beňová, Miriam Dalli, Ana Gomes, Sylvie Guillaume, Karin Kadenbach, Peter Kouroumbashev, Cécile Kashetu Kyenge, Dietmar Köster, Juan Fernando López Aguilar, Claude Moraes, Péter Niedermüller, Elly Schlein, Birgit Sippel, Julie Ward, Josef Weidenholzer

Verts/ALE

Max Andersson, Julia Reda, Judith Sargentini, Bart Staes

3

-

ENF

André Elissen, Auke Zijlstra

GUE/NGL

Malin Björk

5

0

ECR

Daniel Dalton

EFDD

Gerard Batten, Raymond Finch

GUE/NGL

Barbara Spinelli, Marie-Christine Vergiat

Key to symbols:

+  :  in favour

-  :  against

0  :  abstention