REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning the establishment of ’Eurodac’ for the comparison of fingerprints for the effective application of Regulation

COUNCIL OF THE EUROPEAN UNION

Brussels, 14 April 2009

1. At its meeting on 3 March 2009 the Working Party completed the second reading of the proposal.

2. On the basis of the above discussion, the Presidency is submitting compromise suggestions, with regard to Articles 3(5), 4(4)(bis), 6(1)-(3) 6(bis), 7(1)(b),10, 17, 23, 28(8), 31(2) which will be examined at the meeting of the Working Party on 23 April.

N.B. New text is indicated in bold and by underlining the insertion and including it within Council tags: Ü Û;

Deleted text is indicated within underlined square brackets as follows: Ü […] Û.

ANNEX

2725/2000/EC (adapted)

Ü Council

2008/0242 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

concerning the establishment of ’EURODAC’ for the comparison of fingerprints for the effective application of the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ Article 3

Central Unit Ö System architecture and basic principles Õ

………

5. The procedure for taking fingerprints shall be determined ð and applied ï in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in ð the Charter of Fundamental Rights of the European Union, in the Convention for the Protection of Human Rights and Fundamental Freedoms and ï the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child.

Article 4

Operational management by the Management Authority 1. After a transitional period, a Management Authority, funded from the general budget of the European Union, shall be responsible for the operational management of EURODAC. The Management Authority shall ensure, in cooperation with the Member States, that at all times the best available technology, subject to a cost-benefit analysis, is used for the Central System.

2. The Management Authority shall also be responsible for the following tasks relating to the Communication Infrastructure:

(a) supervision;

(b) security;

(c) the coordination of relations between the Member States and the provider.

3. The Commission shall be responsible for all other tasks relating to the Communication Infrastructure, in particular:

(a) tasks relating to implementation of the budget;

(b) acquisition and renewal;

(c) contractual matters.

4. During a transitional period before the Management Authority takes up its responsibilities, the Commission shall be responsible for the operational management of EURODAC.

Ü 4bis. Where the Commission delegates part of its responsibilities regarding the management and development both of the system and the communication infrastructure to another body or bodies, it shall ensure that the European Data Protection Supervisor has the right and is able to fully exercise his tasks, including carrying out on-the-spot checks and to exercise any other powers conferred on him by Article 47 of Regulation (EC) No 45/2001. Û

5. Operational management of EURODAC shall consist of all the tasks necessary to keep EURODAC functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central System.

6. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Communities, the Management Authority shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all its staff required to work with EURODAC data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

7. The Management Authority referred to in this Regulation shall be the Management Authority competent for SIS II  under Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II)  and for  VIS  under Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas. 

Article 6 4

Collection, transmission and comparison of fingerprints 1. Each Member State shall, Ü as soon as possible and no later than 48 hours Û  after the lodging of an application Ü for international protection Û as defined by Article 20(2) of the Dublin Regulation,  take the fingerprints of all fingers of every applicant for asylum  international protection  of at least 14 years of age and shall, promptly  no later than Ü within 24 Û hours after the Ütaking Û of Ü the fingerprints Û,  transmit  them, together with  the data referred to in points (a) (b) to (f) (g) of Article 5(1) 7, to the Central Unit  System .

Ü Where the fingertips are so seriously damaged that the quality of the fingerprints does not allow appropriate comparison under Article 17 of this Regulation, the Member State of origin shall retake and resend the fingerprints of the applicant as soon as they have been successfully taken. Û 2. By way of derogation from paragraph 1, when an applicant for international protection arrives in the responsible Member State following a transfer pursuant to the Dublin Regulation, the responsible Member State shall only transmit a transaction indicating the fact of the successful transfer regarding the relevant data recorded in the Central System pursuant to Article 6, in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This information shall be stored in accordance with Article 8 for the purpose of transmission under Article 6(5).

Ü 2. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of an applicant for protection on account of measures taken to ensure the health of the applicant or the protection of public health, Member States should take and send the fingerprints of the applicant as soon as possible and no later than 48 hours after these grounds no longer prevail. Û 3. Fingerprint data within the meaning of point (b) (a) of Article 5(1) 7, transmitted by any Member State, Ü with exception to those transmitted in accordance with Article 6bis(b), Û shall be compared  automatically  with the fingerprint data transmitted by other Member States and already stored in the Ccentral database  System .

(…) 5. The Central Unit ð System ï shall forthwith ð automatically ï transmit the hit or the negative result of the comparison to the Member State of origin. Where there is a hit, it shall transmit for all data sets corresponding to the hit, the data referred to in Article 5(1) 7(a) to Ü […] Û Ü (k) Û , although in the case of the data referred to in Article 5(1)(b), only insofar as they were the basis for the hit ð along with, where appropriate, the mark referred to in Article 14(1) ï.

Direct transmission to the Member State of origin of the result of the comparison shall be permissible where the technical conditions for such purpose are met.

(…) Ü Article 6bis

Information on the status of the data subject

The Member State of origin shall send the following information to the Central System to be stored in accordance with Article 8 for the purpose of transmission under Article 6(5):

When an applicant for international protection or another person as referred to in Article 18(1)(d) of the Dublin Regulation arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take him/her back as referred to in Article 24 of the Dublin Regulation, the responsible Member State shall update its dataset recorded in conformity with Article 7 relating to the person concerned by adding his/her date of arrival .

When an applicant for international protection arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take charge of him/her as referred to in Article 22 of the Dublin Regulation, the responsible Member State shall send a dataset in conformity with Article 7 relating to the person concerned and include his/her date of arrival.

As soon as the Member State of origin becomes aware that the person concerned whose data was recorded in EURODAC in accordance with Article 7 has left the territory of the Member States as provided for in Articles 19(2) and 20(5) of the Dublin Regulation, it shall update its dataset recorded in conformity with Article 7 relating to the person concerned by adding the date when the person left the territory.

As soon as the Member State of origin ensures that the person concerned whose data was recorded in EURODAC in accordance with Article 7 has left the territory of the Member States in compliance with a return decision or removal order it issued following the withdrawal or rejection of the application as provided for in Article 19 (3) of the Dublin Regulation, it shall update its dataset recorded in conformity with Article 7 relating to the person concerned by adding the date of his/her removal or when the person left the territory.

The Member State which assumes responsibility in accordance with Article 17(1) of the Dublin Regulation shall update its dataset recorded in conformity with Article 7 relating to that applicant by adding the date of assumption of responsibility. Û

Article 75

Recording of data 1. Only the following data shall be recorded in the cCentral database  System  :

(ab) fingerprint data;

(ba) Member State of origin, place and date of the application for asylum  international protection ; Ü in the cases referred to in article 6bis (b), the date of application shall be the one entered by the Member State who transferred the applicant; Û (c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit  System ;

(g) date on which the data were entered in the central database ;

 new

(g) operator user ID.

 2725/2000/EC

 new

(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

Þ Council

Ü Council

Ü(h) where applicable in accordance with Article 6bis(a) or 6bis(b), the date of the arrival of the person concerned after a successful transfer, Û

Ü (i) where applicable in accordance with Article 6bis(c), the date when the person concerned left the territory of the Member States, Û

Ü (j) where applicable in accordance with Article 6bis(d), the date when the person concerned left or was removed from the territory of the Member States, Û

Ü (k) where applicable in accordance with Article 6bis(e), the date of assumption of responsibility for the applicant. Û

ALTERNATIVE 1

Article 10 8

Collection and transmission of fingerprint data Each Member State shall  […]  take the fingerprints of all fingers of every alien  third country national or stateless person  of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back.

The Member State concerned shall promptly  as soon as possible and no later than 72 hours from  […]  date of taking the fingerprints establishing that such person is not to be turned back   transmit to the Central Unit  System  the following data in relation to any alien  third country national or stateless person , as referred to in paragraph 1  […]  :

(ab) fingerprint data;

(ba) Member State of origin, place and date of the apprehension ;

 (bbis) the date when it was established that this the person is not to be turned back Ü or where applicable in accordance with paragraph 3 the date where the person concerned was released. Û

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit  System ;

 new

(g) operator user ID.

Þ Council

Ü Council

Ü 3. By the way of derogation from paragraph 1 Member State shall take the fingerprints of the person referred to in that paragraph whom it is being decided to turn back but who remains physically on the territory of Member States and is not kept in custody, confinement or detention or is released from it during the entirety of period between apprehension and removal. Û Ü In such case Member State concerned shall transmit the data referred to in paragraph 2 to the Central System as soon as possible but no later than 72 hours from the date when such person is released. Û

Ü 4 . Where the fingertips are so seriously damaged that the quality of fingerprints does not allow appropriate comparison under Article 17 of this Regulation, the Member State of origin shall retake and resend the fingerprints of such person as soon as they have been successfully taken. Û

Ü 5. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of such person on account of measures taken to ensure the health of the person or the protection of public health, the Member State concerned shall take and send the fingerprints of the person, in accordance with the deadline set out in paragraph 2, once these grounds no longer prevail. Û ALTERNATIVE 2

Article 10 8

Collection and transmission of fingerprint data 1. Each Member State shall, promptly take the fingerprints of all fingers of every alien  third country national or stateless person  of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back.

Ü 1 bis. By way of derogation from paragraph 1, Member States shall take the fingerprints of persons referred to in that paragraph whom it has been decided to turn back, but who remain physically on the territory of the Member States pending the enforcement of the removal on the basis of the decision to turn them back, and who are not kept in custody, confinement or detention during the entirety of the period between apprehension and removal. Û

2. The Member State concerned shall promptly  as soon as possible and no later than 72 hours from the  […]  date of taking the fingerprints in accordance with paragraph 1 or 1 bis   transmit to the Central Unit  System  the following data in relation to any alien  third country national or stateless person , as referred to in paragraph 1  […]  :

(ab) fingerprint data;

(ba) Member State of origin, place and date of the apprehension ;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit  System ;

 new

(g) operator user ID.

Þ Council

Ü Council

Ü 3. Where the fingertips are so seriously damaged that the quality of fingerprints does not allow appropriate comparison under Article 17 of this Regulation, the Member State of origin shall retake and resend the fingerprints of such person as soon as they have been successfully taken. Û

Ü 4. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of such person on account of measures taken to ensure the health of the person or the protection of public health, the Member State concerned shall take and send the fingerprints of the person, in accordance with the deadline set out in paragraph 2, once these grounds no longer prevail. Û

Article 23 18

Rights of the data subject 1. A person covered by this Regulation shall be informed by the Member State of origin  in writing, and where appropriate, orally, in a language which he or she is reasonably supposed to understand  of the following:

(a) the identity of the controller and of his representative, if any;

(b) regarding the purpose for which the  his or her  data will be processed within EurodacEURODAC  including a description of the aims of the Dublin Regulation, in accordance with Article 4 of that Regulation ;

(c) the recipients of the data;

(d) in relation to a person covered by Article 4 6 or Article 8 10, the obligation to have his/her fingerprints taken;

(e) the right of access to, and the right to rectify, the data concerning him/her relating to Ü him/her Û , and the right to request that inaccurate data relating to Ü him/her Û be corrected   or that unlawfully processed data relating to him/her be deleted, Ü as well as Û on the procedures for exercising those rights Ü including Û the contact details of the National Supervisory Authorities referred to in Article 25(1) .

(…)

9. 10. In each Member State, the national supervisory authority shall, Ü on the basis of his/her request, Û assist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.

Article 173

Carrying out comparisons and transmitting results (…)

6. The Member State which assumes responsibility in accordance with Article 17 of the Dublin Regulation shall transmit a transaction indicating this fact regarding the relevant data recorded in the Central System pursuant to Article  […]   7  of this Regulation, in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This information shall be stored in accordance with Article 8 for the purpose of transmission under Article 6(5).

Article 28 24

Annual report:, mMonitoring and evaluation 1. The Commission  Management Authority  shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit  System . The annual report shall include information on the management and performance of EurodacEURODAC against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. The Commission  Management Authority  shall ensure that  procedures  systems are in place to monitor the functioning of the Central Unit  System  against objectives  relating to  in terms of outputs, cost-effectiveness and quality of service.

3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively and with a view to providing guidelines for improving the efficiency of future operations.

4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.

 new

3. For the purposes of technical maintenance, reporting and statistics, the Management Authority shall have access to the necessary information relating to the processing operations performed in the Central System.

4. Every two years, the Management Authority shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of the Central System, including the security thereof.

 2725/2000/EC

 new

5. Three years after Eurodac starts operations  the start of application of this Regulation as provided for in Article 33(2)  and every six  four  years thereafter, the Commission shall produce an overall evaluation of EurodacEURODAC, examining results achieved against objectives and assessing the continuing validity of the underlying rationale,  the application of this Regulation in respect of the Central System, the security of the Central System,  and any implications for future operations.  The Commission shall transmit the evaluation to the European Parliament and the Council. 

 new

6. Member States shall provide the Management Authority and the Commission with the information necessary to draft the reports referred to in paragraph 4 and 5.

7. The Management Authority shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 5.

Þ Council

Ü Council

Ü 8. Until the Management Authority provided for in Article 4 is established, the Commission will only produce reports in accordance with paragraph 1 and 5. Û

Article 31

Transitional provisions

1. Data blocked in the Central System in accordance with Article 12 of Council Regulation (EC) No 2725/2000/EC shall be unblocked and marked in accordance with Article 14(1) of this Regulation on the date provided for in Article 33(2).

Þ Council

Ü 2. Data stored in accordance with Article 10(1) of Council Regulation (EC) No 2725/2000/EC on the date provided for in Article 33(2) for more than one year shall be automatically erased from the central database. Û

Ý