REPORT on the proposal for a regulation of the European Parliament and of the Council amending Council Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States
15.12.2008 - (COM(2007)0619 – C6‑0359/2007 – 2007/0216(COD)) - ***I
Committee on Civil Liberties, Justice and Home Affairs
Rapporteur: Carlos Coelho
DRAFT EUROPEAN PARLIAMENT LEGISLATIVE RESOLUTION
on the proposal for a regulation of the European Parliament and of the Council amending Council Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States
(Codecision procedure: first reading)
The European Parliament,
– having regard to the Commission proposal to the European Parliament and the Council (COM(2007)0619),
– having regard to Article 251(2) and Article 62(2)(a) of the EC Treaty, pursuant to which the Commission submitted the proposal to Parliament (C6‑0359/2007),
– having regard to Rule 51 of its Rules of Procedure,
– having regard to the report of the Committee on Civil Liberties, Justice and Home Affairs (A6‑0500/2008),
1. Approves the Commission proposal as amended;
2. Approves the Joint Statements annexed hereto;
3. Calls on the Commission to refer the matter to Parliament again if it intends to amend the proposal substantially or replace it with another text;
4. Instructs its President to forward its position to the Council and the Commission.
AMENDMENTS BY PARLIAMENT*
to the Commission proposal for a
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
amending Council Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States
THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,
Having regard to the Treaty establishing the European Community, and in particular Article 62 (2) (a) thereof,
Having regard to the proposal from the Commission║,
Acting in accordance with the procedure laid down in Article 251 of the Treaty,
(1) The European Council of Thessaloniki confirmed that a coherent approach is needed in the EU on biometric identifiers or biometric data for documents for third-country nationals, EU citizen’s passports and information systems (VIS and SIS II).
(2) In this context, the Council has adopted Regulation (EC) No 2252/2004 of 13 December 2004 on standards for security features and biometrics in passports and travel documents issued by Member States as an important step towards the use of new elements, which render the travel document more secure and establish a more reliable link between the holder and the passport as an important contribution to ensuring that it is protected against fraudulent use.
(3) Regulation (EC) No 2252/2004 provides for a general obligation to give fingerprints which will be stored on a contactless chip in the passport. However, experience from tests showed that exceptions are needed. During pilot projects of some Member States it appeared that the fingerprints of children under the age of 6 seemed not to be of a sufficient quality for one-to-one verification of identity. Furthermore, they are subject to important changes which make it difficult to check them during the entire period of validity of the passport.
(4) The harmonisation of exceptions to the fingerprinting requirement is essential in order to maintain common security standards and in view of simplifying border controls. Both for legal and security reasons it should not be left to national legislation to define the exceptions from the obligation to provide fingerprints for passports and other travel documents issued by Member States.
(4a) Regulation (EC) No 2252/2004 requires biometric data to be collected and stored in the storage medium of passports and travel documents with a view to delivering such documents. This is without prejudice to any other use or storage of these data in accordance with national legislation of Member States. The Regulation does not provide a legal base for setting up or maintaining databases for storage of these data in Member States, which is strictly a matter of national law.
(5) Furthermore, as a supplementary security measure and in order to provide additional protection for children, the principle of "one person-one passport" should be introduced. It is also recommended by the International Civil Aviation Organisation (ICAO) and it ensures that the passport and the biometric features are only linked to the person holding the passport. It is more secure if every person has his/her own passport.
(5a) Taking into account that the Member States will be obliged to issue individual passports to minors and that there might be significant differences between the Member States' legislation regarding children crossing the external borders of the Member States, the Commission should examine the need for measures in order to ensure a common approach regarding the rules on the protection of children crossing the external borders of the Member States.
(6) Since the objectives of this Regulation cannot be sufficiently achieved by the Member States and can therefore be better achieved at Community level, the Community may adopt measures, in accordance with the principle of subsidiarity, as set out in Article 5 of the Treaty. In accordance with the principle of proportionality, as set out in that Article, this Regulation does not go beyond what is necessary in order to achieve those objectives.
(7) In accordance with Articles 1 and 2 of the Protocol on the position of Denmark annexed to the Treaty on European Union and to the Treaty establishing the European Community, Denmark does not take part in the adoption of this Regulation and is therefore not bound by it or subject to its application. ▌Given that this Regulation builds upon the Schengen acquis under the provisions of Title IV of Part Three of the Treaty establishing the European Community, Denmark should, in accordance with Article 5 of the said Protocol, decide within a period of six months after the adoption of this Regulation whether it will implement it in its national law.
(8) This Regulation constitutes a development of provisions of the Schengen acquis in which the United Kingdom does not take part, in accordance with Council Decision 2000/365/EC of 29 May 2000 concerning the request of the United Kingdom of Great Britain and Northern Ireland to take part in some of the provisions of the Schengen acquis. The United Kingdom is therefore not taking part in its adoption and is not bound by it or subject to its application.
(9) This Regulation constitutes a development of provisions of the Schengen acquis in which Ireland does not take part, in accordance with Council Decision 2002/192/EC of 28 February 2002 concerning Ireland's request to take part in some of the provisions of the Schengen acquis. Ireland is therefore not taking part in its adoption and is not bound by it or subject to its application.
(10) As regards Iceland and Norway, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association ▌with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A, of Council Decision 1999/437/EC of 17 May 1999 on certain arrangements for the application of that Agreement.
(11) As regards Switzerland, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Agreement concluded between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decisions 2008/146/EC and 2008/149/JHA.
(11a) As regards Liechtenstein, this Regulation constitutes a development of provisions of the Schengen acquis within the meaning of the Protocol signed between the European Union, the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of the Principality of Liechtenstein to the Agreement between the European Union, the European Community and the Swiss Confederation on the Swiss Confederation's association with the implementation, application and development of the Schengen acquis, which fall within the area referred to in Article 1, point A, of Decision 1999/437/EC read in conjunction with Article 3 of Council Decision 2008/261/EC.
(12) Therefore, Regulation (EC) No 2252/2004 should be amended accordingly,
HAVE ADOPTED THIS REGULATION:
▌Regulation (EC) No 2252/2004 is amended as follows:
(1) Article 1(1) shall be replaced by the following:
"1. Passports and travel documents issued by Member States shall comply with the minimum security standards set out in the Annex.
They shall be issued as individual documents.
The Commission shall present a report on the requirements for children travelling alone or accompanied, crossing the external borders of the Member States not later than ...* and propose, if necessary, appropriate initiatives in order to ensure a common approach regarding the rules on the protection of children crossing the external borders of the Member States."
(1a) Article 1(2) shall be replaced by the following:
"2. Passports and travel documents shall include a highly secure storage medium which shall contain a facial image. Member States shall also include two fingerprints taken flat in interoperable formats. The data shall be secured and the storage medium shall have sufficient capacity and capability to guarantee the integrity, the authenticity and the confidentiality of the data."
(2) In Article 1, paragraph 2a shall be inserted ▌:
"2a. The following persons shall be exempt from the requirement to give fingerprints:
(a) Children under the age of 12 years.
The age limit of 12 years is provisional. The report referred to in Article 5a shall contain a review of the age limit, if necessary accompanied by a proposal to amend the age limit.
Without prejudice to the consequences of the application of Article 5a, Member States which in their national law, adopted before …**, provide for an age limit below 12 years may apply that limit during a transitional period until 4 years after …**. However, the age limit in the transitional period may not be below 6 years of age;
(b) persons, where fingerprinting is physically impossible."
(2a) In Article 1, paragraph 2b shall be inserted:
"2b. Where fingerprinting of the designated fingers is temporarily impossible, Member States shall allow the fingerprinting of the other fingers. Where it is also temporarily impossible to take fingerprints of any of the other fingers, they may deliver a temporary passport having a validity of 12 months or less."
(2b) Article 1a shall be inserted:
1. The biometric identifiers shall be taken by qualified and duly authorised staff of the national authorities responsible for issuing passports and travel documents.
2. The Member States shall collect biometric identifiers from the applicant respecting the rights laid down in the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the United Nations Convention on the Rights of the Child. Member States shall ensure that appropriate procedures guaranteeing the dignity of the person concerned are in place in the event of there being difficulties in enrolling."
(2c) Article 2 shall be replaced by the following:
"Additional technical specifications in accordance with international standards, including in particular the recommendations of the International Civil Aviation Organisation, for passports and travel documents relating to the following shall be established in accordance with the procedure referred to in Article 5(2):
(a) additional security features and requirements including enhanced anti-forgery, counterfeiting and falsification standards;
(b) technical specifications for the storage medium of the biometric features and their security, including prevention of unauthorised access;
(c) requirements for quality and common technical standards for the facial image and the fingerprints."
(2d) Article 4(3) shall be replaced by the following:
"3. Biometric data shall be collected and stored in the storage medium of passports and travel documents with a view to delivering such documents. For the purpose of this Regulation the biometric features in passports and travel documents shall only be used for verifying:
(a) the authenticity of the document;
(b) the identity of the holder by means of directly available comparable features when the passport or other travel documents are required to be produced by law.
The checking of the additional security features shall be carried out without prejudice to Article 7(2) of Regulation (EC) No 562/2006 (Schengen Borders Code). The failure of the matching in itself shall not affect the validity of the passport for the purpose of the crossing of external borders."
(2e) Article 5a shall be inserted:
The Commission shall not later than ...* submit to the European Parliament and the Council a report based on a large scale and in-depth study carried out by an independent authority and supervised by the Commission, which shall examine the reliability and technical feasibility, including through an evaluation of the accuracy of the systems in operation, of using the fingerprints of children under the age of 12 for identification and verification purposes, including a comparison of the false rejection rates occurring in each Member State and - based on the results of that study - an analysis of the need for common rules regarding the matching process. If necessary, the report shall be accompanied by proposals to adapt this Regulation."
(2f) In Article 6, the second subparagraph shall be replaced by the following:
"Member States shall apply this Regulation:
(a) as regards the facial image: at the latest 18 months
(b) as regards fingerprints: at the latest 36 months
following the adoption of the measures referred to in Article 2. However, the validity of passports and travel documents already issued shall not be affected.
As regards the second sentence of Article 1(1), it shall be implemented at the latest on…*. However, the initial validity for its holder shall not be affected."
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community.
Done at Brussels,
For the European Parliament For the Council
The President The President
Joint Statement by the European Parliament and the Council concerning the need to increase the security of passports and travel documents by using secure breeder documents
Without prejudice to the competence of the Member States to issue passports and other travel documents, the European Parliament and the Council underline that the objective of enhancing the security of passports may be undermined if passports are issued on the basis of unreliable "breeder documents".
The passport in itself is only one link of a security chain starting from the presentation of the breeder documents, to the enrolment of biometric data and ending with the matching at the border check points. This chain will only be as secure as its weakest link.
The European Parliament and the Council note that there is a great diversity of situations and procedures in the Member States regarding which "breeder documents" should be produced in order to request the issuing of a passport and that normally these documents have less security features than the passport in itself, and are more likely to be subjected to forgery and counterfeiting.
The Council shall therefore prepare a questionnaire for the Member States in order to be able to compare the procedures and which documents are required in each Member State in order to issue a passport or travel document. This analysis should assess the possible need for the creation of common principles or guidelines on best practice in this area.
Joint Statement by the European Parliament and the Council concerning the study referred to in Article 5a
The European Parliament and the Council note that the Commission will carry out one single study for the purpose of Article 5a of this Regulation and Article 2 of the [draft] Regulation amending the Common Consular Instructions.
-  * Political amendments: new or replacement text is marked in bold and italics and deletions are indicated by the symbol ▌Technical corrections and adaptations by the services: new or replacement text is marked in italics and deletions are indicated by the symbol ║.
-  OJ C , , p. .
-  OJ L 385, 29.12.2004, p. 1.
-  OJ L 131, 1.6.2000, p. 43.
-  OJ L 64, 7.3.2002, p. 20.
-  OJ L 176, 10.7.1999, p. 36.
-  OJ L 176, 10.7.1999, p. 31.
-  OJ L 53, 27.2.2008, p. 1.
-  OJ L 53, 27.2.2008, p. 50.
-  Council Document 16462/06 accessible on http://register.consilium.europa.eu
-  OJ L 83, 26.3.2008, p.3.
-  * Three years after the date of entry into force of this Regulation.
-  ** Date of entry into force of this Regulation.
-  * Three years after the date of entry into force of this Regulation.
The Council adopted Regulation (EC) No 2252/2004 on standards for security features and biometrics in passports and travel documents issued by Member States on 13 December 2004.
At the time, Parliament delivered its opinion (containing various amendments, most of which were not taken up) supporting the idea of harmonising these security standards and at the same time introducing biometric identification features (facial image and fingerprints). This harmonisation was designed to enable passports to be made more secure and establish a more reliable link between the document and the genuine holder, thereby making it possible to combat the falsification of documents and make the fight against crime, terrorism and clandestine immigration more effective.
However, it also warned that the use of these new technologies had not yet been tried or tested and argued that, before biometric passports were issued, the corresponding technical specifications should be operational and the Member States should fulfil various requirements relating to the protection of citizens’ rights.
Your rapporteur welcomes the Article 29 Committee’s recognition that, in general, the implementation of the Regulation fully respected the relevant rules and complied with the technical specifications subsequently adopted by the Commission.
Nevertheless, during pilot projects carried out in some Member States it was found that the fingerprints of children under the age of six were not of sufficient quality for one-to-one verification of identity.
The Commission therefore decided to submit this fresh proposal aimed at amending Regulation (EC) No 2252/2004 and introducing:
- two derogations from the obligation to provide fingerprints, exempting children under the age of six and all persons who for various reasons are physically unable to give fingerprints;
- the principle of one person - one passport.
The rapporteur considers that, on the whole, the measures proposed by the Commission are positive and necessary but wishes to take this opportunity to introduce further improvements.
1. Using children’s passports as a means of combating child abduction and trafficking
The rapporteur considers that there was a gap in the Regulation in that it made no reference to the specific case of children and there was no age limit for obtaining children’s fingerprints. The same applied in the case of people who are physically unable to provide fingerprints and who require special treatment in the form of alternative procedures.
The Regulation left it to the discretion of national legislators to decide whether or not to define possible exemptions from the obligation to provide fingerprints for passports and other travel documents issued by the Member States.
Harmonisation is vital in this area, and bearing in mind that in the rapporteur’s country - Portugal - all children starting primary school from the age of six must be in possession of an identity card that includes fingerprints, the rapporteur does not have any great difficulty in accepting this age limit in principle.
It should also be stressed that the issuing of passports for children is not compulsory in the same way as the issuing of identity cards. A passport is a travel document that is only required when people intend to travel outside the territory of the Schengen area. Consequently it does not appear to pose an excessive burden on parents, who would certainly wish the most appropriate mechanisms to be put in place to protect their children.
Parliament’s position has been to accept the minimum age of 12 years for children to provide fingerprints, for purposes of identification (stored in a European database), this age limit being subject to a three-year revision clause.
The European Data Protection Supervisor pointed out in his opinion that if these biometric data are used exclusively for verification purposes (one-to-one comparison), the risk of error is far smaller and the age limit can be lower.
The rapporteur thus considers the six-year minimum age limit for the exclusive purposes of verification to be acceptable and has proposed a number of amendments aimed at safeguarding this objective unequivocally. He is also proposing further particular measures such as the introduction of a specific field in the passport with the name(s) of the person or persons who have parental responsibility for the child.
Since little experience has yet been gained in the use of these new technologies, the rapporteur considers it important to have specific, reliable data so that we can take the right decisions. He is therefore proposing the introduction of a three-year revision clause so that we can await the results of a large-scale and in-depth study (already requested in the CCI-biometrics report and suggested by the Article 29 Committee and the European Data Protection Supervisor) to determine the reliability and usefulness of fingerprints taken from children and the elderly. Given that at present we have only the results of certain pilot projects carried out in some of the Member States (which confirm that it is possible to use children's fingerprints for verification purposes from the age of six), we can only take a provisional decision until this independent study has been completed, providing us with the necessary data to take a decision on a firmer basis.
2. Introducing the principle ‘One person - one passport’
The rapporteur supports this proposal by the Commission aimed at implementing the recommendation made by the ICAO (International Civil Aviation Organisation), which the majority of Member States already apply, making it possible to put an end to the remaining situations where a passport may be issued that includes the holder’s children, indicating their names but containing biometric data only for the parent and holder of the passport. Such situations may make the trafficking of children easier, since it is difficult to carry out reliable checks on the child’s identity. Each person should have their own passport containing their biometric data.
According to a recent study by Childfocus, the greatest risk of trafficking and abduction is faced by children travelling alone. Under IATA rules, children are allowed to travel alone only from the age of six. The fact that children from this age would have their own travel document with the corresponding biometric data doubtless provides additional protection in the fight against child trafficking (as is also acknowledged by the European Data Supervisor in his opinion).
Your rapporteur does not wish to call the current legislation into question, in particular the Borders Code provisions designed to protect minors, which oblige border guards to pay particular attention to minors, whether travelling accompanied or unaccompanied, and states that minors must be subject to the same checks as adults when crossing external borders. Consequently, if one of the checks carried out on adults is based on their passport, the same should apply with regard to children, who should also have their own passport. In the case of accompanied minors, given that the border guard must check that the persons accompanying minors have parental care over them, it would be a great help to the task of the border guard if minors had a passport containing their personal data and an indication of the name of the person or persons, normally the parents, who have parental responsibility for them.
3. Need for a high level of confidence in the process of collecting biometric data
If passports and travel documents are to be secure, it is vital that there should be a high level of confidence in the process of collecting the biometric data that are to be inserted in those documents, and it would be desirable to have common minimum standards for collecting these data so as to guarantee their security and reliability.
The processing of biometric data involves genuine risks for the people whose data are being collected since, in the event of incorrect collection, their data could be mislaid or used for purposes other than those for which they were collected.
Consequently, amendments have been proposed aimed at harmonising the procedures for collecting data and creating fallback procedures where difficulties arise in the process of taking fingerprints.
4. Involvement of data protection authorities
In response to a letter sent by Mr Cavada to the Article 29 Committee on the action taken to implement the Regulation in each of the Member States, we received an answer on 10 December 2007 pointing out that (contrary to the recommendation made by Parliament at the time) the national data protection authorities had not always been involved in the implementation process.
Your rapporteur also expresses support for the European Data Protection Supervisor, who regrets that the Commission did not comply with the legal obligation to consult him in accordance with Article 28(2) of Regulation (EC) 45/2001 when drawing up this legislative proposal.
Your rapporteur is therefore submitting a number of proposals aimed at strengthening the involvement of data protection authorities in this process.
5. Possibility of introducing a European system for the process of matching fingerprints
The way in which the matching of fingerprints is carried out (on-site matching - checking the passport holder's biometric identifiers by comparing them with the data stored in the passport chip on the spot) differs from one Member State to another, which may give rise to errors in the verification of identity. It would be important to analyse the possible shortcomings in identification systems and the error rates recorded in the various Member States so as to assess whether there are significant disparities between the Member States and weigh up the need to introduce a European matching system. Whatever system is used, it is vital that it should be secure and have a very low false rejection rate, since such situations may have serious consequences for the legitimate holders of documents.
It is therefore proposed that a three-year revision clause be introduced so that we can await the results of a study comparing the error rates recorded in each of the Member States in order to analyse the need for common rules regarding this matching process.
6. Possibility of creating common rules on the documents to be presented for passports to be issued – the so-called 'breeder documents'
There are also wide disparities between the Member States as regards the documents that must be submitted (such as birth certificates, driving licences, personal record cards, parental authorisation, etc.) and the way in which these documents are issued. Given that, as a rule, the level of security used for such documents is lower than that used for issuing passports containing biometric data protected by more rigorous systems (PKI systems), there is a risk that they could more easily be subject to forgery and counterfeiting.
It is therefore proposed that, in the context of the report to be submitted by the Commission within three years, an analysis should also be made of the need for common rules and, if there is such a need, that the necessary legislative proposals be submitted to Parliament.
In conclusion, it should be pointed out that the security of passports does not rest on the passport alone. The whole sequence is equally important, starting with the submission of the documents necessary to obtain a passport, followed by the collection of biometric data and ending with verification and matching at border checkpoints. There is little point in heightening the level of security in relation to passports without addressing weak links in the rest of the chain.
Security features and biometrics in passports and travel documents
Date submitted to Parliament
Date announced in plenary
Discussed in committee
Result of final vote
Members present for the final vote
Alexander Alvaro, Maddalena Calia, Jean-Marie Cavada, Carlos Coelho, Bárbara Dührkop Dührkop, Armando França, Jeanine Hennis-Plasschaert, Ewa Klamt, Claude Moraes, Rareş-Lucian Niculescu, Inger Segelström
Substitute(s) present for the final vote
Edit Bauer, Simon Busuttil, Elisabetta Gardini, Genowefa Grabowska, Sylvia-Yvonne Kaufmann, Antonio Masip Hidalgo, Bill Newton Dunn, Eva-Britt Svensson