52010PC0555

[pic] | EUROPEAN COMMISSION |

Brussels, 11.10.2010

COM(2010) 555 final

2008/0242 (COD)

Amended proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on the establishment of 'EURODAC' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] (Recast version)

EXPLANATORY MEMORANDUM

1. CONTEXT OF THE PROPOSAL

EURODAC was established by Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention [1] . A recast proposal for the amendment of the EURODAC Regulation was adopted by the Commission in December 2008 [2] (hereafter the December 2008 proposal).

This proposal was designed to ensure a more efficient support to the application of the Dublin Regulation and to properly address data protection concerns. It also aligned the IT management framework to that of the SIS II and VIS Regulations by providing for the taking over of the tasks of the operational management for EURODAC by the future Agency for the operational management of large-scale IT systems in the area of freedom, security and justice[3] (hereinafter: IT Agency). The December 2008 proposal also proposed to repeal the Implementing Regulation and to include its content in the EURODAC Regulation. Finally, changes were introduced to take into account developments in the asylum acquis and technical progress which took place since the adoption of the Regulation in 2000.

The proposal was sent to European Parliament and the Council on 3 December 2008. The European Parliament referred the proposal to its Committee on Civil Liberties, Justice and Home Affairs (LIBE). At its sitting on 7 May 2009, the European Parliament adopted a legislative resolution[4] endorsing the Commission proposal subject to a number of amendments.

The Commission adopted an amended proposal in September 2009 in order to, on the one hand, take into account the resolution of the European Parliament and the results of negotiations in the Council, and, on the other hand, introduce the possibility for Member States' law enforcement authorities and Europol to access the EURODAC central database for the purposes of prevention, detection and investigation of terrorist offences and other serious criminal offences (the September 2009 proposal).[5]

In particular, that proposal introduced a bridging clause to allow access for law enforcement purposes as well as the necessary accompanying provisions and amends the December 2008 proposal. It was presented at the same time as the Proposal for a Council Decision on requesting comparisons with EURODAC data by Member States' law enforcement authorities and Europol for law enforcement purposes[6] (hereafter: the Council Decision), spelling out the exact modalities of such access.

The European Parliament did not issue a legislative resolution on the September 2009 proposals.

With the entry into force of the Treaty on the Functioning of the European Union (TFEU) and the abolition of the pillar system, the proposal for a Council Decision lapsed. According to the Communication on the consequences of the entry into force of the Treaty of Lisbon for ongoing interinstitutional decision-making procedures,[7] such proposal would be formally withdrawn and replaced with a new proposal to take account of the new framework of the TFEU.

However, with a view to progressing on the negotiations on the asylum package and facilitating the conclusion of an agreement on the EURODAC Regulation, the Commission considers it more appropriate at this stage to withdraw from the EURODAC Regulation those provisions referring to the access for law enforcement purposes.

The Commission considers that enabling thereby the swifter adoption of the new EURODAC Regulation will also facilitate the timely set up of the Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, since that Agency is planned to be also responsible for the management of EURODAC.

2. RESULTS OF CONSULTATIONS WITH THE INTERESTED PARTIES AND IMPACT ASSESSMENTS

While the present amended proposal introduces two technical provisions,[8] its main purpose is to amend the previous proposal (ie. from September 2009) by deleting from it the option of access for law enforcement purposes. Therefore, no new consultation and impact assessment were conducted specifically for the present proposal. However, the Impact Assessment of 2008[9] is still valid for its purposes.

3. LEGAL ELEMENTS OF THE PROPOSAL

This proposal amends the Amended proposal for a Commission Proposal for a Regulation of the European Parliament and of the Council concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] - COM(2009) 342.

The present amended proposal uses Article 78(2)(e) of the Treaty on the Functioning of the European Union (TFEU) as legal base, which is the TFEU Article corresponding to the legal base of the original proposal (Article 63(1)(a) of the Treaty establishing the European Community).

Title V of the TFEU is not applicable to the United Kingdom and Ireland, unless those two countries decide otherwise, in accordance with the provisions set out in the Protocol on the position of the United Kingdom and Ireland annexed to the Treaty on the European Union (TEU) and to the TFEU.

The United Kingdom and Ireland are bound by Council Regulation (EC) No 2725/2000 following their notice of their wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol. The position of these Member States with regard to the current Regulation does not affect their possible participation with regard to the amended Regulation.

Under the Protocol on the position of Denmark, annexed to the TEU and the TFEU, Denmark does not take part in the adoption by the Council of the measures pursuant to Title V of the TFEU (with the exception of "measures determining the third countries whose nationals must be in possession of a visa when crossing the external borders of the Member States, or measures relating to a uniform format for visas"). Therefore, Denmark does not take part in the adoption of this Regulation and is not bound by it nor subject to its application. However, given that Denmark applies the current Dublin Regulation, following an international agreement[10] that it concluded with the EC in 2006, it shall, in accordance with Article 3 of that agreement, notify the Commission of its decision whether or not to implement the content of the amended Regulation.

The amendments of the present proposal are the following.

Articles 2(1)c(iv), 5(f)-(j) and 21(2) are deleted, since they were introduced to accompany the bridging clause allowing access for law enforcement purposes.

In Article 18(4) second indent and in Article 24(1)(b), references to access for law enforcement purposes are deleted.

In Article 3, the bridging clause enabling access for law enforcement purposes is deleted.

In Article 18(4) the need for a check of the automated hit result by a fingerprint expert is clarified.

In Article 24(1) appropriate provisions are inserted in order to allow the committee under the Dublin Regulation to include information on EURODAC in the leaflet to be prepared under Article 4(3).

4. BUDGETARY IMPLICATION

The present proposal has important savings on the budgetary planning compared to the previous proposal [COM(2009) 344], which provided for the possibility to carry out comparisons for law enforcement purposes.

This proposal retains from the 2009 proposal the improvements of the system as regards new, asylum-focused functionalities regarding information on the status of the data subject (which were the outcome of negotiations in the Council) and, at the same time, deletes the functionality of law enforcement searches. The financial statement attached to this proposal reflects this change.

The cost estimate of 230.000 EUR consists of IT-related services, software and hardware and would cover the customisations required to the EURODAC central system.

5. IMPACT OF THE PROPOSAL ON NON-EU MEMBER STATES ASSOCIATED TO THE DUBLIN SYSTEM

In parallel to the association of several non-EU Member States to the Schengen acquis, the Community concluded, or is in the process of doing so, several agreements associating these countries also to the Dublin/EURODAC acquis:

- the agreement associating Iceland and Norway, concluded in 2001[11];

- the agreement associating Switzerland, concluded on 28 February 2008[12];

- the protocol associating Liechtenstein, signed on 28 February 2008[13].

In order to create rights and obligations between Denmark –which as explained above has been associated to the Dublin/EURODAC acquis via an international agreement – and the associated countries mentioned above, two other instruments have been concluded between the Community and the associated countries.[14]

In accordance with the three above-cited agreements, the associated countries shall accept the Dublin/EURODAC acquis and its development without exception. They do not take part in the adoption of any acts amending or building upon the Dublin acquis (including therefore this proposal) but have to notify to the Commission within a given time-frame of their decision whether or not to accept the content of that act, once approved by the Council and the European Parliament. In case Norway, Iceland, Switzerland or Liechtenstein do not accept an act amending or building upon the Dublin/EURODAC acquis, the "guillotine" clause is applied and the respective agreements will be terminated, unless the Joint/Mixed Committee established by the agreements decides otherwise by unanimity.

ê 2725/2000/EC (adapted)

2008/0242 (COD)

Amended proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

on concerning the establishment of 'EURODAC' for the comparison of fingerprints for the effective application of the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on the Functioning of the European Union establishing the European Community, and in particular Article 78 point (2)(e) 63 point (1)(a) thereof,

Having regard to the proposal from the Commission[15],

Having regard to the opinion of the European Parliament[16]

Ö Acting in accordance with the procedure laid down in Article 294 of the Treaty[17] Õ

Whereas

ò new

(1) A number of substantive changes are to be made to Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention[18] and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention[19]. In the interest of clarity, those Regulations should be recast.

ê 2725/2000/EC recital 1

(1) Member States have ratified the Geneva Convention of 28 July 1951, as amended by the New York Protocol of 31 January 1967, relating to the Status of Refugees.

ê 2725/2000/EC recital 2 (adapted)

(2) Member States have concluded the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed in Dublin on 15 June 1990 (hereinafter referred to as "the Dublin Convention").

ò new

(2) A common policy on asylum, including a Common European Asylum System, is a constituent part of the European Union's objective of progressively establishing an area of freedom, security and justice open to those who, forced by circumstances, legitimately seek international protection in the Union.

(3) The European Council of 4 November 2004 adopted The Hague Programme which sets the objectives to be implemented in the area of freedom, security and justice in the period 2005-2010. The European Pact on Immigration and Asylum endorsed by the European Council of 15-16 October 2008 called for the completion of the establishment of a Common European Asylum System by creating a single asylum procedure comprising common guarantees and a uniform status for refugees and the beneficiaries of subsidiary protection.

(4) The Hague Programme called for the improvement of access to existing data filing systems of the European Union.

ê 2725/2000/EC recital 3 (adapted)

ð new

(5) For the purposes of applying the Dublin Convention Ö Council Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person][20]Õ, it is necessary to establish the identity of applicants for asylum ð international protection ï and of persons apprehended in connection with the unlawful crossing of the external borders of the Community. It is also desirable, in order effectively to apply the Dublin Convention Ö Council Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ, and in particular points (c) and (e) (b) and (d) of Article 10(1)18(1) thereof, to allow each Member State to check whether an alien Ö third country national or stateless person Õ found illegally present on its territory has applied for asylum ð international protection ï in another Member State.

ê 2725/2000/EC recital 4

(6) Fingerprints constitute an important element in establishing the exact identity of such persons. It is necessary to set up a system for the comparison of their fingerprint data.

ê 2725/2000/EC recital 5

ð new

(7) To this end, it is necessary to set up a system known as ""EurodacEURODAC", consisting of a Central Unit ð System ï, to be established within the Commission and which will operate a computerised central database of fingerprint data, as well as of the electronic means of transmission between the Member States and the central database ð Central System ï.

ò new

(8) In view of ensuring equal treatment for all applicants and beneficiaries of international protection, as well as in order to ensure consistency with current EU asylum acquis, in particular with Council Directive 2004/83/EC of 29 April 2004 on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted and Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], it is appropriate to extent the scope of this Regulation to order to include applicants for subsidiary protection and persons enjoying subsidiary protection.

ê 2725/2000/EC recital 6 (adapted)

ð new

(9) It is also necessary to require the Member States promptly to take ð and transmit ï fingerprints ð data ï of every applicant for asylum ð international protection ï and of every alien Ö third country national or stateless person Õ who is apprehended in connection with the irregular crossing of an external border of a Member State, if they are at least 14 years of age.

ê 2725/2000/EC recital 7 (adapted)

ð new

(10) It is necessary to lay down precise rules on the transmission of such fingerprint data to the Central Unit ð System ï, the recording of such fingerprint data and other relevant data in the Central Unit ð System ï, their storage, their comparison with other fingerprint data, the transmission of the results of such comparison and the blocking ð marking ï and erasure of the recorded data. Such rules may be different for, and should be specifically adapted to, the situation of different categories of aliens Ö third country nationals or stateless persons Õ.

ò new

(11) Hits obtained from EURODAC should be verified by a fingerprint expert in order to ensure the accurate determination of responsibility under Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].

ê 2725/2000/EC recital 8 (adapted)

ð new

(12) Aliens Ö Third country nationals or stateless persons Õ who have requested asylum ð international protection ï in one Member State may have the option of requesting asylum ð international protection ï in another Member State for many years to come. Therefore, the maximum period during which fingerprint data should be kept by the Central Unit ð System ï should be of considerable length. Given that most aliens Ö third country nationals or stateless persons Õ who have stayed in the Community Ö European Union Õ for several years will have obtained a settled status or even citizenship of a Member State after that period, a period of ten years should be considered a reasonable period for the conservation of fingerprint data.

ê 2725/2000/EC recital 9 (adapted)

(13) The conservation period should be shorter in certain special situations where there is no need to keep fingerprint data for that length of time. Fingerprint data should be erased immediately once aliens Ö third country nationals or stateless persons Õ obtain citizenship of a Member State.

ò new

(14) It is appropriate to store data relating to those data subjects whose fingerprints were initially recorded in EURODAC upon lodging their applications for international protection and who have been granted international protection in a Member State in order to allow data recorded upon lodging an application for international protection to be compared against them.

(15) Following an impact assessment, containing a substantive analysis of alternatives from financial, operational and organisational perspective, the establishment of a Management Authority responsible for the operational management of EURODAC should be foreseen. Until then, the Commission should remain responsible for the management of the Central System and for the Communication Infrastructure.

ê 2725/2000/EC recital 10 (adapted)

ð new

(16) It is necessary to lay down clearly the respective responsibilities of the Commission ð and the Management Authority ï , in respect of the Central Unit ð System ï ð and the Communication Infrastructure ï, and of the Member States, as regards data use processing, data security, access to, and correction of, recorded data.

ê 2725/2000/EC recital 11

(17) While the non-contractual liability of the Community in connection with the operation of the EurodacEURODAC system will be governed by the relevant provisions of the Treaty, it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

ê 2725/2000/EC recital 12

(18) In accordance with the principle of subsidiarity as set out in Article 5 of the Treaty, the objective of the proposed measures, namely the creation within the Commission of a system for the comparison of fingerprint data to assist the implementation of the Community's asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Community. In accordance with the principle of proportionality as set out in the said Article, this Regulation does not go beyond what is necessary to achieve that objective.

ê 2725/2000/EC recital 15 (adapted)

(19) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[21] applies to the processing of personal data by the Member States Ö carried out in application of this Regulation Õ within the framework of the Eurodac system.

ê 2725/2000/EC recital 16

(16) By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to Community institutions and bodies. Since the Central Unit will be established within the Commission, that Directive will apply to the processing of personal data by that Unit.

ê 2725/2000/EC recital 17

(20) The principles set out in Directive 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to privacy, with regard to the processing of personal data should be supplemented or clarified, in particular as far as certain sectors are concerned.

ò new

(21) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[22] applies to the processing of personal data by Union institutions, bodies, offices and agencies carried out in application of this Regulation. However, certain points should be clarified in respect of the responsibility for the processing of data and of the supervision of data protection.

(22) It is appropriate that national supervisory authorities monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor, as referred to in Article 41 of Regulation (EC) No 45/2001, should monitor the activities of the Union institutions, bodies, offices and agencies in relation to the processing of personal data carried out in application of this Regulation.

ê 2725/2000/EC recital 18

ð new

(23) It is appropriate to monitor and evaluate the performance of EurodacEURODAC ð at regular intervals ï.

ê 2725/2000/EC recital 19 (adapted)

ð new

(24) Member States should provide for a system of Öeffective, proportionate and dissuasiveÕ penalties to sanction the processing use of data ÖenteredÕ in the central database ð Central System ï contrary to the purpose of EurodacEURODAC.

ò new

(25) It is necessary that Member States are informed of the status of particular asylum procedures, with a view to facilitating the adequate application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].

(26) This Regulation respects and has to be applied in accordance with fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation fully respects the individual’s right to protection of his or her personal data and the right to asylum.

ê 2725/2000/EC recital 22 (adapted)

(27) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ .

ê 2725/2000/EC (adapted)

ð new

HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Purpose of " EurodacEURODAC"

1. A system known as "EurodacEURODAC" is hereby established, the purpose of which shall be to assist in determining which Member State is to be responsible pursuant to the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ for examining an application for asylum ð international protection ï lodged in a Member State ð by a third country national or a stateless person ï, and otherwise to facilitate the application of the Dublin Convention Ö Regulation Õ under the conditions set out in this Regulation.

2. Eurodac shall consist of:

(a) the Central Unit referred to in Article 3;

(b) a computerised central database in which the data referred to in Article 5(1), Article 8(2) and Article 11(2) are processed for the purpose of comparing the fingerprint data of applicants for asylum and of the categories of aliens referred to in Article 8(1) and Article 11(1);

(c) means of data transmission between the Member States and the central database.

3.2. Without prejudice to the processing use of data intended for EurodacEURODAC by the Member State of origin in databases set up under the latter's national law, fingerprint data and other personal data may be processed in EurodacEURODAC only for the purposes set out in Article 15(1)32(1) of the Dublin Convention Ö Regulation Õ .

Article 2

Definitions

1. For the purposes of this Regulation:

(a) "the Dublin Convention Ö Regulation Õ " means the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990 Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ;

(b) an "applicant for asylum ð international protection ï" means an alien Ö third-country national or a stateless person Õ who has made an application for asylum or on whose behalf such an application has been made ð international protection as defined in Article 2(g) of Council Directive 2004/83/EC in respect of which a final decision has not yet been taken ï;

(c) "Member State of origin" means:

(i) in relation to an applicant for asylum Ö person covered by Article 6 Õ , the Member State which transmits the personal data to the Central Unit ð System ï and receives the results of the comparison;

(ii) in relation to a person covered by Article 8 11 , the Member State which transmits the personal data to the Central Unit ð System ï ;

(iii) in relation to a person covered by Article 11 14 , the Member State which transmits such data to the Central Unit ð System ï and receives the results of the comparison;

ê 2725/2000/EC (adapted)

ð new

(d) "refugee" ð "person granted international protection" ï means a Ö third country national or a stateless Õ person who has been recognised as a refugee in accordance with the Geneva Convention on Refugees of 28 July 1951, as amended by the New York Protocol of 31 January 1967 ð entitled to international protection as defined in Article 2(a) of Council Directive 2004/83/EC ï;

(e) "hit" shall mean the existence of a match or matches established by the Central Unit ð System ï by comparison between fingerprint data recorded in the databank Ö central database Õ and those transmitted by a Member State with regard to a person, without prejudice to the requirement that Member States shall immediately check the results of the comparison pursuant to Article 4(6) 18(4).

ê 2725/2000/EC (adapted)

2. The terms defined in Article 2 of Directive 95/46/EC shall have the same meaning in this Regulation.

3. Unless stated otherwise, the terms defined in Article 1 2 of the Dublin Convention Ö Regulation Õ shall have the same meaning in this Regulation.

ê 2725/2000/EC (adapted)

Article 3

Central Unit Ö System architecture and basic principles Õ

1. A Central Unit shall be established within the Commission which shall be responsible for operating the central database referred to in Article 1(2)(b) on behalf of the Member States. The Central Unit shall be equipped with a computerised fingerprint recognition system.

ò new

1. EURODAC shall consist of:

(a) a computerised central fingerprint database (Central System) composed of

- a Central Unit,

- a Business Continuity System.

(b) a communication infrastructure between the Central System and Member States that provides an encrypted virtual network dedicated to EURODAC data (Communication Infrastructure).

2. Each Member State shall have a single National Access Point.

ê 2725/2000/EC (adapted)

ð new

2.3. Data on applicants for asylum, persons covered by Articles 8 and persons covered by Article 11 6, 11 and 14 which are processed in the Central Unit ð System ï shall be processed on behalf of the Member State of origin under the conditions set out in this Regulation Ö and separated by appropriate technical means Õ.

ê 2725/2000/EC Article 1(2) third subparagraph

ð new

4. The rules governing EurodacEURODAC shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit ð System ï until use is made of the results of the comparison.

ê 2725/2000/EC Article 4(1) second sentence

ð new

5. The procedure for taking fingerprints shall be determined ð and applied ï in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in ð the Charter of Fundamental Rights of the European Union, in the Convention for the Protection of Human Rights and Fundamental Freedoms and ï the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child.

ò new

Article 4

Operational management by the Management Authority

1. A Management Authority, funded from the general budget of the European Union, shall be responsible for the operational management of EURODAC . The Management Authority shall ensure, in cooperation with the Member States, that at all times the best available technology, subject to a cost-benefit analysis, is used for the Central System.

2. The Management Authority shall also be responsible for the following tasks relating to the Communication Infrastructure:

(a) supervision;

(b) security;

(c) the coordination of relations between the Member States and the provider.

3. The Commission shall be responsible for all other tasks relating to the Communication Infrastructure, in particular:

(a) tasks relating to implementation of the budget;

(b) acquisition and renewal;

(c) contractual matters.

4. Before the Management Authority takes up its responsibilities, the Commission shall be responsible for all tasks attributed to the Management Authority by this Regulation.

5. Operational management of EURODAC shall consist of all the tasks necessary to keep EURODAC functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central System.

6. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Communities, the Management Authority shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all its staff required to work with EURODAC data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

7. The Management Authority referred to in this Regulation shall be the Management Authority competent for SIS II under Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II) and for VIS under Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas.

ê 2725/2000/EC (adapted)

ð new

Article 53

Ö Statistics Õ

3. The Central Unit Ö Management Authority Õ shall draw up statistics on its Ö the Õ work Ö of the Central System Õ every quarter ð month ï, indicating ð in particular ï :

(a) the number of data sets transmitted on persons referred to in Articles 6(1), 8(1) and 11(1) 11(1) and 14(1) ;

(b) the number of hits for applicants for asylum ð international protection ï who have lodged an application for asylum ð international protection ï in another Member State;

(c) the number of hits for persons referred to in Article 8(1) 11(1) who have subsequently lodged an application for asylum ð international protection ï;

(d) the number of hits for persons referred to in Article 11(1) 14(1) who had previously lodged an application for asylum ð international protection ï in another Member State;

(e) the number of fingerprint data which the Central Unit ð System ï had to ð repeatedly ï request a second time from the Member States of origin because the fingerprint data originally transmitted did not lend themselves to comparison using the computerised fingerprint recognition system;.

ê 2725/2000/EC

ð new

At the end of each year, statistical data shall be established in the form of a compilation of the ð monthly ï quarterly statistics drawn up since the beginning of Eurodac's activities ð for that year ï, including an indication of the number of persons for whom hits have been recorded under (b), (c), and and (d).

The statistics shall contain a breakdown of data for each Member State.

4. Pursuant to the procedure laid down in Article 23(2), the Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data processed at the Central Unit.

ê 2725/2000/EC (adapted)

ð new

CHAPTER II

APPLICANTS FOR ASYLUM Ö INTERNATIONAL PROTECTION Õ

Article 6 4

Collection, transmission and comparison of fingerprints

1. Each Member State shall promptly take the fingerprints of all fingers of every applicant for asylum ð international protection ï of at least 14 years of age and shall promptly ð as soon as possible and no later than 72 hours after the lodging of that application for international protection as defined by Article 20(2) of the Dublin Regulation ï transmit Ö them together with Õ the data referred to in points (a) (b) to (f) (g) of Article 5(1) 8 to the Central Unit ð System ï.

ò new

ð Non compliance with the 72 hours time limit does not relieve Member States of the obligation to take and transmit the fingerprints to the Central System. Where the condition of the fingertips does not allow to take the fingerprints in a quality ensuring appropriate comparison under Article 18 of this Regulation, the Member State of origin shall retake the fingerprints of the applicant and resend them as soon as possible and no later than 48 hours after they have been successfully taken. ï

ê 2725/2000/EC

(2) The data referred to in Article 5(1) shall be immediately recorded in the central database by the Central Unit, or, provided that the technical conditions for such purposes are met, directly by the Member State of origin.

ò new

2. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of an applicant on account of measures taken to ensure the health of the applicant or the protection of public health, Member States shall take and send the fingerprints of the applicant as soon as possible and no later than 48 hours after these grounds no longer prevail.

ê 2725/2000/EC (adapted)

ð new

3. Fingerprint data within the meaning of point (b) (a) of Article 5(1) 8, transmitted by any Member State, Ö with exception to those transmitted in accordance with Article 7 point (b) Õ shall be compared ð automatically ï with the fingerprint data transmitted by other Member States and already stored in the Ccentral database ð System ï.

4. The Central Unit ð System ï shall ensure, on the request of a Member State, that the comparison referred to in paragraph 3 covers the fingerprint data previously transmitted by that Member State, in addition to the data from other Member States.

5. The Central Unit ð System ï shall forthwith ð automatically ï transmit the hit or the negative result of the comparison to the Member State of origin. Where there is a hit, it shall transmit for all data sets corresponding to the hit, the data referred to in Article 5(1) 8(a) to (ð g ï), although in the case of the data referred to in Article 5(1)(b), only insofar as they were the basis for the hit ð along with, where appropriate, the mark referred to in Article 15(1) ï.

Direct transmission to the Member State of origin of the result of the comparison shall be permissible where the technical conditions for such purpose are met.

7. The implementing rules setting out the procedures necessary for the application of paragraphs 1 to 6 shall be adopted in accordance with the procedure laid down in Article 22(1).

ò new

Article 7

Information on the status of the data subject

The following information shall be sent to the Central System in order to be stored in accordance with Article 9 for the purpose of transmission under Article 6(5):

(a) When an applicant for international protection or another person as referred to in Article 18(1)(d) of the Dublin Regulation arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take him/her back as referred to in Article 24 of the Dublin Regulation, the responsible Member State shall update its dataset recorded in conformity with Article 8 relating to the person concerned by adding his/her date of arrival .

(b) When an applicant for international protection arrives in the responsible Member State following a transfer pursuant to a decision acceding to a request to take charge of him/her as referred to in Article 22 of the Dublin Regulation, the responsible Member State shall send a dataset in conformity with Article 8 relating to the person concerned and include his/her date of arrival.

(c) As soon as the Member State of origin can establish that the person concerned whose data was recorded in EURODAC in accordance with Article 8 has left the territory of the Member States, it shall update its dataset recorded in conformity with Article 8 relating to the person concerned by adding the date when the person left the territory, in order to facilitate the application of Articles 19(2) and 20(5) of the Dublin Regulation.

(d) As soon as the Member State of origin ensures that the person concerned whose data was recorded in EURODAC in accordance with Article 8 has left the territory of the Member States in compliance with a return decision or removal order it issued following the withdrawal or rejection of the application as provided for in Article 19 (3) of the Dublin Regulation, it shall update its dataset recorded in conformity with Article 8 relating to the person concerned by adding the date of his/her removal or when the person left the territory.

(e) The Member State which assumes responsibility in accordance with Article 17(1) of the Dublin Regulation shall update its dataset recorded in conformity with Article 8 relating to that applicant by adding the date when the decision to examine the application was taken.

ê 2725/2000/EC

ð new

Article 85

Recording of data

1. Only the following data shall be recorded in the cCentral database ð System ï :

(ab) fingerprint data;

(ba) Member State of origin, place and date of the application for asylum ð international protection; in the cases referred to in Article 7 point (b), the date of application shall be the one entered by the Member State who transferred the applicant ï;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit ð System ï;

(g) date on which the data were entered in the central database ;

ò new

(g) operator user ID.

ê 2725/2000/EC

ð new

(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

(h) where applicable in accordance with Article 7 point (a) or point (b), the date of the arrival of the person concerned after a successful transfer;

(i) where applicable in accordance with Article 7 point (c), the date when the person concerned left the territory of the Member States;

(j) where applicable in accordance with Article 7 point (d), the date when the person concerned left or was removed from the territory of the Member States;

(k) where applicable in accordance with Article 7 point (e), the date when the decision to examine the application was taken.

2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.

Article 9 6

Data storage

Each set of data, as referred to in Article 5(1) 8, shall be stored in the Ccentral ð System ï database for ten years from the date on which the fingerprints were taken.

Upon expiry of this period, the Central Unit ð System ï shall automatically erase the data from the Ccentral database ð System ï.

Article 10 7

Advance data erasure

1. Data relating to a person who has acquired citizenship of any Member State before expiry of the period referred to in Article 6 9 shall be erased from the Central Unit ð System ï, in accordance with Article 15(3) 21(4) as soon as the Member State of origin becomes aware that the person has acquired such citizenship.

ò new

2. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in paragraph 1 by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 6(1) or Article 11(1).

ê 2725/2000/EC (adapted)

ð new

CHAPTER III

ALIENS Ö THIRD COUNTRY NATIONALS OR STATELESS PERSONS Õ APPREHENDED IN CONNECTION WITH THE IRREGULAR CROSSING OF AN EXTERNAL BORDER

Article 11 8

Collection and transmission of fingerprint data

1. Each Member State shall, in accordance with the safeguards laid down in the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child promptly take the fingerprints of all fingers of every alien Ö third country national or stateless person Õ of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back ð or who remains physically on the territory of the Member States and who is not kept in custody, confinement or detention during the entirety of the period between apprehension and removal on the basis of the decision to turn them back ï ..

2. The Member State concerned shall promptly ðas soon as possible and no later than 72 hours from the date of apprehension ï transmit to the Central Unit ð System ï the following data in relation to any alien Ö third country national or stateless person Õ, as referred to in paragraph 1, who is not turned back:

(ab) fingerprint data;

(ba) Member State of origin, place and date of the apprehension;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit ð System ï;

ò new

(g) operator user ID.

3. By way of derogation from paragraph 2, as regards persons apprehended in the manner described in paragraph 1 who remain physically on the territory of the Member States but are kept in custody, confinement or detention upon their apprehension for a period exceeding 72 hours, the transmission of the data specified in paragraph 2 relating to those persons shall take place before their release from custody, confinement or detention.

4. Non compliance with the 72 hours time limit referred to in paragraph 2 does not relieve Member States of the obligation to take and transmit the fingerprints to the Central System. Where the condition of the fingertips does not allow to take the fingerprints in a quality ensuring appropriate comparison under Article 18 of this Regulation, the Member State of origin shall retake the fingerprints of such person and resend them as soon as possible and no later than 48 hours after they have been successfully taken.

5. By way of derogation from paragraph 1, where it is not possible to take the fingerprints of such person on account of measures taken to ensure the health of the person or the protection of public health, the Member State concerned shall take and send the fingerprints of the person, in accordance with the deadline set out in paragraph 2, once these grounds no longer prevail.

ê 2725/2000/EC (adapted)

ð new

Article 12 9

Recording of data

1. The data referred to in Article 5(1)(g) and in Article 8(2) 11(2) shall be recorded in the central database ð Central System ï.

Without prejudice to Article 3(3)5, data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 11(2) shall be recorded for the sole purpose of comparison with data on applicants for asylum ð international protection ï transmitted subsequently to the Central Unit ð System ï.

The Central Unit ð System ï shall not compare data transmitted to it pursuant to Article 8(2) 11(2) with any data previously recorded in the central database ð Central System ï, nor with data subsequently transmitted to the Central Unit ð System ï pursuant to Article 8(2) 11(2).

2. The procedures provided for in Article 4(1), second sentence, Article 4(2) and Article 5(2) as well as the provisions laid down pursuant to Article 4(7) shall apply. As regards the comparison of data on applicants for asylum ð international protection ï subsequently transmitted to the Central Unit ð System ï with the data referred to in paragraph 1, the procedures provided for in Article 4(3), (5) and (6) 6(3) and (5) and in Article 18(4) shall apply.

Article 13 10

Storage of data

1. Each set of data relating to an alien Ö third country national or stateless person Õ as referred to in Article 8(1) 11(1) shall be stored in the central database ð Central System ï for ð one year ï two years from the date on which the fingerprints of the alien Ö third country national or stateless person Õ were taken. Upon expiry of this period, the Central Unit ð System ï shall automatically erase the data from the central database ð Central System ï.

2. The data relating to an alien Ö third country national or stateless person Õ as referred to in Article 8(1) 11(1) shall be erased from the central database ð Central System ï in accordance with Article 15(3) 21(3)Ö as soon as Õ the Member State of origin becomes aware of one of the following circumstances before the two ð one ï-year period mentioned in paragraph 1 has expired:

(a) the alien Ö third country national or stateless person Õ has been issued with a residence permit;

(b) the alien Ö third country national or stateless person Õ has left the territory of the Member States;

(c) the alien Ö third country national or stateless person Õ has acquired the citizenship of any Member State.

ò new

3. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in paragraph 2(a) or (b) by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 11(1).

4. The Central System shall inform all Member States of origin about the erasure of data for the reason specified in paragraph 2(c) by another Member State of origin having produced a hit with data which they transmitted relating to persons referred to in Article 6(1) or Article 11(1).

ê 2725/2000/EC (adapted)

ð new

CHAPTER IV

ALIENS Ö THIRD COUNTRY NATIONALS OR STATELESS PERSONS Õ FOUND ILLEGALLY PRESENT IN A MEMBER STATE

Article 14 11

Comparison of fingerprint data

1. With a view to checking whether an alien Ö third country national or a stateless person Õ found illegally present within its territory has previously lodged an application for asylum ð international protection ï in another Member State, each Member State may transmit to the Central Unit ð System ï any fingerprint data relating to fingerprints which it may have taken of any such alien Ö third country national or stateless person Õ of at least 14 years of age together with the reference number used by that Member State.

As a general rule there are grounds for checking whether the alien Ö third country national or stateless person Õ has previously lodged an application for asylum ð international protection ï in another Member State where:

(a) the alien Ö third country national or stateless person Õ declares that he/she has lodged an application for asylum ð international protection ï but without indicating the Member State in which he/she made the application;

(b) the alien Ö third country national or stateless person Õ does not request asylum ð international protection ï but objects to being returned to his/her country of origin by claiming that he/she would be in danger, or

(c) the alien Ö third country national or stateless person Õ otherwise seeks to prevent his/her removal by refusing to cooperate in establishing his/her identity, in particular by showing no, or false, identity papers.

2. Where Member States take part in the procedure referred to in paragraph 1, they shall transmit to the Central Unit ð System ï the fingerprint data relating to all or at least the index fingers, and, if those are missing, the prints of all other fingers, of aliens Ö third country nationals or stateless persons Õ referred to in paragraph 1.

3. The fingerprint data of an alien Ö third country national or a stateless person Õ as referred to in paragraph 1 shall be transmitted to the Central Unit ð System ï solely for the purpose of comparison with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States and already recorded in the central database ð Central System ï.

The fingerprint data of such an alien Ö third country national or a stateless person Õ shall not be recorded in the central database ð Central System ï, nor shall they be compared with the data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 11(2).

4. As regards the comparison of fingerprint data transmitted under this Article with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States which have already been stored in the Central Unit ð System ï, the procedures provided for in Article 4(3) (5) and (6) 6(3) and (5) as well as the provisions laid down pursuant to Article 4(7) shall apply.

5. Once the results of the comparison have been transmitted to the Member State of origin, the Central Unit shall forthwith:

(a) erase the fingerprint data and other data transmitted to it under paragraph 1; and

(b) destroy the media used by the Member State of origin for transmitting the data to the Central Unit, unless the Member State of origin has requested their return.

CHAPTER V

RECOGNISED REFUGEESÖ PERSONS GRANTED INTERNATIONAL PROTECTION Õ

Article 12

Blocking of data

1. Data relating to an applicant for asylum which have been recorded pursuant to Article 4(2) shall be blocked in the central database if that person is recognised and admitted as a refugee in a Member State. Such blocking shall be carried out by the Central Unit on the instructions of the Member State of origin.

As long as a decision pursuant to paragraph 2 has not been adopted, hits concerning persons who have been recognised and admitted as refugees in a Member State shall not be transmitted. The Central Unit shall return a negative result to the requesting Member State.

2. Five years after Eurodac starts operations, and on the basis of reliable statistics compiled by the Central Unit on persons who have lodged an application for asylum in a Member State after having been recognised and admitted as refugees in another Member State, a decision shall be taken in accordance with the relevant provisions of the Treaty, as to whether the data relating to persons who have been recognised and admitted as refugees in a Member State should:

(a) be stored in accordance with Article 6 for the purpose of the comparison provided for in Article 4(3); or

(b) be erased in advance once a person has been recognised and admitted as a refugee.

3. In the case referred to in paragraph 2(a), the data blocked pursuant to paragraph 1 shall be unblocked and the procedure referred to in paragraph 1 shall no longer apply.

4. In the case referred to in paragraph 2(b):

(a) data which have been blocked in accordance with paragraph 1 shall be erased immediately by the Central Unit; and

(b) data relating to persons who are subsequently recognised and admitted as refugees shall be erased in accordance with Article 15(3), as soon as the Member State of origin becomes aware that the person has been recognised and admitted as a refugee in a Member State.

5. The implementing rules concerning the procedure for the blocking of data referred to in paragraph 1 and the compilation of statistics referred to in paragraph 2 shall be adopted in accordance with the procedure laid down in Article 22(1).

ò new

Article 1 5

Marking of data

1. The Member State of origin which granted international protection to an applicant for international protection whose data were previously recorded pursuant to Article 8 in the Central System shall mark the relevant data in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This mark shall be stored in the Central System in accordance with Article 9 for the purpose of transmission under Article 6(5).

2. The Member State of origin shall unmark data concerning a third country national or stateless person whose data were previously marked in accordance with paragraph 1 if his or her status is revoked or ended or renewal of his status is refused under Article 14 or 19 of Council Directive 2004/83/EC.

ê 2725/2000/EC (adapted)

ð new

CHAPTER VI

DATA PROCESSING USE, DATA PROTECTION AND LIABILITY

Article 16 13

Responsibility for data processing use

1. The Member State of origin shall be responsible for ensuring that:

(a) fingerprints are taken lawfully;

(b) fingerprint data and the other data referred to in Article 5(1) 8, Article 8(2) 11(2) and Article 11(2) 14(2) are lawfully transmitted to the Central Unit ð System ï;

(c) data are accurate and up-to-date when they are transmitted to the Central Unit ð System ï;

(d) without prejudice to the responsibilities of the Commission ð Management Authority ï , data in the central database ð Central System ï are lawfully recorded, stored, corrected and erased;

(e) the results of fingerprint data comparisons transmitted by the Central Unit ð System ï are lawfully processed used.

2. In accordance with Article 1411, the Member State of origin shall ensure the security of the data referred to in paragraph 1 before and during transmission to the Central Unit ð System ï as well as the security of the data it receives from the Central Unit ð System ï.

3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6) 18(4).

4. The Commission ð Management Authority ï shall ensure that the Central Unit ð System ï is operated in accordance with the provisions of this Regulation and its implementing rules. In particular, the Commission ð Management Authority ï shall:

(a) adopt measures ensuring that persons working ð with ï in the Central Unit ð System ï process use the data recorded Ö therein Õ in the central database only in accordance with the purpose of EurodacEURODAC as laid down in Article 1(1);

(b) ensure that persons working in the Central System comply with all requests from Member States made pursuant to this Regulation in relation to recording, comparison, correction and erasure of data for which they are responsible;

(b) (c) take the necessary measures to ensure the security of the Central Unit ð System ï in accordance with Article 14 11;

(c) (d) ensure that only persons authorised to work ð with ï in the Central Unit ð System ï have access Ö thereto Õ to data recorded in the central database, without prejudice to Article 20 and the powers of the independent supervisory body which will be established under Article 286(2) of the Treaty Ö the competences of the European Data Protection Supervisor Õ.

The Commission ð Management Authority ï shall inform the European Parliament and the Council ð as well as the European Data Protection Supervisor ï of the measures it takes pursuant to the first subparagraph.

ê 407/2002/EC Article 2 (adapted)

ð new

Article 172

Transmission

1. Fingerprints shall be digitally processed and transmitted in the data format referred to in Annex I. As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical requirements for transmission of the data format by Member States to the Central Unit ð System ï and vice versa. The Central Unit Ö Management Authority Õ shall ensure that the fingerprint data transmitted by the Member States can be compared by the computerised fingerprint recognition system.

2. Member States should Ö shall Õ transmit the data referred to in Article 5(1) 8(1), Article 11(2) and Article 14(2) of the Eurodac Regulation electronically. ð The data referred to in Article 8(1) and Article 11(2) shall be automatically recorded in the Central System. ï As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical requirements to ensure that data can be properly electronically transmitted from the Member States to the Central Unit ð System ï and vice versa. Transmission of data in paper form using the form set out in Annex II or by other means of data support (diskettes, CD-ROM or other means of data support which may be developed and generally used in future) should be limited to situations in which there are continuous technical problems.

3. The reference number referred to in Article 5(1)(d) 8(d) and Article 11(2)(d) and 14(1) of the Eurodac Regulation shall make it possible to relate data unambiguously to one particular person and to the Member State which is transmitting the data. In addition, it shall make it possible to tell whether such data relate to an asylum seeker or a person referred to in Article 8 or Article 11 of the Eurodac Regulation6, Article 11 or Article 14.

4. The reference number shall begin with the identification letter or letters by which, in accordance with the norm referred to in Annex I, the Member State transmitting the data is identified. The identification letter or letters shall be followed by the identification of the category of person. "1" refers to data relating to asylum seekers Ö persons referred to in Article 6(1) Õ, "2" to persons referred to in Article 8 11(1) of the Eurodac Regulation and "3" to persons referred to in Article 11 14 of the Eurodac Regulation.

5. The Central Unit Ö Management Authority Õ shall establish the technical procedures necessary for Member States to ensure receipt of unambiguous data by the Central Unit ð System ï.

64. The Central Unit ð System ï shall confirm receipt of the transmitted data as soon as possible. To this end the Central Unit Ö Management Authority Õ shall establish the necessary technical requirements to ensure that Member States receive the confirmation receipt if requested.

Article 183

Carrying out comparisons and transmitting results

1. Member States shall ensure the transmission of fingerprint data in an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system. As far as it is necessary to ensure that the results of the comparison by the Central Unit ð System ï reach a very high level of accuracy, the Central Unit ð Management Authority ï shall define the appropriate quality of transmitted fingerprint data. The Central Unit ð System ï shall, as soon as possible, check the quality of the fingerprint data transmitted. If fingerprint data do not lend themselves to comparison using the computerised fingerprint recognition system, the Central Unit ð System ï shall, as soon as possible, ð inform ï the Member State. ð The Member State concerned shall ï transmit fingerprint data of the appropriate quality ð using the same reference number of the previous set of fingerprint data ï..

2. The Central Unit ð System ï shall carry out comparisons in the order of arrival of requests. Each request must be dealt with within 24 hours. In the case of data which are transmitted electronically, a A Member State may for reasons connected with national law require particularly urgent comparisons to be carried out within one hour. Where these times cannot be respected owing to circumstances which are outside the Central Unit ð Management Authority's ï responsibility, the Central Unit ð System ï shall process the request as a matter of priority as soon as those circumstances no longer prevail. In such cases, as far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Management Authority ï shall establish criteria to ensure the priority handling of requests.

3. As far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Management Authority ï shall establish the operational procedures for the processing of the data received and for transmitting the result of the comparison.

ê 2725/2000/EC Article 4(6) (adapted)

ð new

4. The results of the comparison shall be immediately checked in the Member State of origin ð by a fingerprint expert ï. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 1532 of the Dublin Convention Ö Regulation Õ.

Information received from the Central Unit ð System ï relating to other data found to be unreliable shall be erased or destroyed as soon as the unreliability of the data is established.

ò new

5. Where final identification in accordance with paragraph 4 reveal that the result of the comparison received from the Central System is inaccurate, Member States shall communicate this fact to the Commission and to the Management Authority.

ê 407/2002/EC (adapted)

ð new

Article 194

Communication between Member States and the Central Unit ð System ï

Data transmitted from the Member States to the Central Unit ð System ï and vice versa shall use IDA generic services referred to in Decision No 1719/1999/EC of the European Parliament and of the Council of 12 July 1999 on a series of guidelines, including the identification of projects of common interest, for trans-European networks for the electronic interchange of data between administrations (IDA) ð the EURODAC Communication Infrastructure ï. As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical procedures necessary for the use of IDA generic services ð the Communication Infrastructure ï.

ê 2725/2000/EC

Article 14

Security

1. The Member State of origin shall take the necessary measures to:

(a) prevent any unauthorised person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac (checks at the entrance to the installation);

(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorised persons (control of data media);

(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac, when and by whom (control of data recording);

(d) prevent the unauthorised recording of data in Eurodac and any unauthorised modification or erasure of data recorded in Eurodac (control of data entry);

(e) guarantee that, in using Eurodac, authorised persons have access only to data which are within their competence (control of access);

(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment (control of transmission);

(g) prevent the unauthorised reading, copying, modification or erasure of data during both the direct transmission of data to or from the central database and the transport of data media to or from the Central Unit (control of transport).

2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the measures mentioned under paragraph 1.

ò new

Article 20

Data security

1. The Member State of origin shall ensure the security of the data before and during transmission to the Central System. Each Member State shall ensure the security of the data which it receives from the Central System.

2. Each Member State shall, in relation to its national system, adopt the necessary measures, including a security plan, in order to:

(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purpose of EURODAC (checks at entrance to the installation);

(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(d) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(e) prevent the unauthorised processing of data in EURODAC and any unauthorised modification or deletion of data processed in EURODAC (control of data entry);

(f) ensure that persons authorised to access EURODAC have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);

(g) ensure that all authorities with a right of access to EURODAC create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the National Supervisory Authorities referred to in Article 25 without delay at their request (personnel profiles);

(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);

(i) ensure that it is possible to verify and establish what data have been processed in EURODAC, when, by whom and for what purpose (control of data recording);

(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from EURODAC or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);

(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).

3. The Management Authority shall take the necessary measures in order to achieve the objectives set out in paragraph 2 as regards the operation of EURODAC, including the adoption of a security plan.

ê 2725/2000/EC

ð new

Article 21 15

Access to, and correction or erasure of, data recorded in EurodacEURODAC

1. The Member State of origin shall have access to data which it has transmitted and which are recorded in the central database ð Central System ï in accordance with the provisions of this Regulation.

No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5) 6(5).

ê 2725/2000/EC (adapted)

ð new

2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database ð Central System ï shall be those designated by each Member State ð for the purpose of Article 1(1). This designation shall specify the exact unit responsible for carrying out tasks related to the application of this Regulation. ï Each Member State shall without delay communicate to the Commission ð and the Management Authority ï a list of those authorities ð and any amendments thereto. The Management Authority shall publish the consolidated list in the Official Journal of the European Union. Where there are amendments thereto, the Management Authority shall publish once a year an updated consolidated list. ï

3. Only the Member State of origin shall have the right to amend the data which it has transmitted to the Central Unit ð System ï by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in pursuance of Article 6, Article 10(1) or Article 12(4)(a) 9 or Article 13(1).

Where the Member State of origin records data directly in the central database, it may amend or erase the data directly.

Where the Member State of origin does not record data directly in the central database, the Central Unit shall amend or erase the data at the request of that Member State.

4. If a Member State or the Central Unit ð Management Authority ï has evidence to suggest that data recorded in the central database ð Central System ï are factually inaccurate, it shall advise the Member State of origin as soon as possible.

If a Member State has evidence to suggest that data were recorded in the central database ð Central System ï contrary to this Regulation, it shall similarly advise ð the Management Authority, the Commission and ï the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase them without delay.

5. The Central Unit ð Management Authority ï shall not transfer or make available to the authorities of any third country data recorded in the central database ð Central System ï, unless it is specifically authorised to do so in the framework of a Community agreement on the criteria and mechanisms for determining the State responsible for examining an application for asylum ð international protection ï.

Article 21

Implementing rules

1. The Council shall adopt, acting by the majority laid down in Article 205(2) of the Treaty, the implementing provisions necessary for

- laying down the procedure referred to in Article 4(7),

- laying down the procedure for the blocking of the data referred to in Article 12(1),

- drawing up the statistics referred to in Article 12(2).

In cases where these implementing provisions have implications for the operational expenses to be borne by the Member States, the Council shall act unanimously.

2. The measures referred to in Article 3(4) shall be adopted in accordance with the procedure referred to in Article 23(2).

Article 22 16

Keeping of records by the Central Unit

1. The Central Unit ð Management Authority ï shall keep records of all data processing operations within the Central Unit ð System ï. These records shall show the purpose of access, the date and time, the data transmitted, the data used for interrogation and the name of both the unit putting Ö entering Õ in or retrieving the data and the persons responsible.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security pursuant to Article 14 11. The records must be protected by appropriate measures against unauthorised access and erased after a period of one year ð after the retention period referred to in Article 9 and in Article 13(1) has expired ï, if they are not required for monitoring procedures which have already begun.

ò new

3. Each Member State shall take the necessary measures in order to achieve the objectives set out in paragraph 1 and 2 in relation to its national system. In addition, each Member State shall keep records of the staff duly authorised to enter or retrieve the data.

ê 2725/2000/EC (adapted)

ð new

Article 22

Committee

1. The Commission shall be assisted by a committee.

2. In the cases where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC shall apply.

The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at three months.

3. The committee shall adopt its rules of procedure.

Article 23 17

Liability

1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with the provisions laid down in this Regulation shall be entitled to receive compensation from the Member State responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the central database ð Central System ï, that Member State shall be held liable for such damage, unless and insofar as the Commission ð Management Authority or another Member State ï failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 24 18

Rights of the data subject

1. A person covered by this Regulation shall be informed by the Member State of origin ð in writing, and where appropriate, orally, in a language which he or she understands or may reasonably be presumed to understand ï of the following:

(a) the identity of the controller and of his representative, if any;

(b) ÖregardingÕ the purpose for which the Ö his or her Õ data will be processed within EurodacEURODAC ð including a description of the aims of the Dublin Regulation, in accordance with Article 4 of that Regulation ï.

(c) the recipients of the data;

(d) in relation to a person covered by Article 4 6 or Article 8 11, the obligation to have his/her fingerprints taken;

(e) the existence of the right of access to, and the right to rectify, the data Örelating to him/herÕconcerning him/herÖ , and the right to request that inaccurate data relating to him/her be corrected Õ ð or that unlawfully processed data relating to them be erased, as well as the right to receive information on the procedures for exercising those rights including the contact details of the controller and the National Supervisory Authorities referred to in Article 25(1) ï.

In relation to a person covered by Article 4 6 or Article 8 11, the information referred to in the first subparagraph shall be provided when his/her fingerprints are taken.

In relation to a person covered by Article 11 14, the information referred to in the first subparagraph shall be provided no later than the time when the data relating to the person are transmitted to the Central Unit ð System ï. This obligation shall not apply where the provision of such information proves impossible or would involve a disproportionate effort.

ò new

A common leaflet, containing at least the information referred to in paragraph 1 of this Article and the information referred to in Article 4(1) of the Dublin Regulation shall be drawn up in accordance with the procedure referred to in Article 40(2) of the Dublin Regulation.

Where a person covered by this Regulation is a minor, Member States shall provide the information in an age-appropriate manner.

ê 2725/2000/EC

ð new

2. In each Member State any data subject may, in accordance with the laws, regulations and procedures of that State, exercise the rights provided for in Article 12 of Directive 95/46/EC.

Without prejudice to the obligation to provide other information in accordance with point (a) of Article 12 of Directive 95/46/EC, the data subject shall have the right to obtain communication of the data relating to him/her recorded in the central database ð Central System ï and of the Member State which transmitted them to the Central Unit ð System ï. Such access to data may be granted only by a Member State.

3. In each Member State, any person may request that data which are factually inaccurate be corrected or that data recorded unlawfully be erased. The correction and erasure shall be carried out without excessive delay by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.

4. If the rights of correction and erasure are exercised in a Member State, other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State, or States, in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database ð Central System ï.

5. If it emerges that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 15(3) 21(3). That Member State shall confirm in writing to the data subject without excessive delay that it has taken action to correct or erase data relating to him/her.

6. If the Member State which transmitted the data does not agree that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, it shall explain in writing to the data subject without excessive delay why it is not prepared to correct or erase the data.

That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information on how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to permit the exercise of the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.

8. The competent authorities of the Member States shall cooperate actively to enforce promptly the rights laid down in paragraphs 3, 4 and 5.

ò new

9. Whenever a person requests data relating to him or her in accordance with paragraph 2, the competent authority shall keep a record in the form of a written document that such a request was made, and shall make this document available to the National Supervisory Authorities referred to in Article 25(1) without delay, upon their request.

ê 2725/2000/EC (adapted)

ð new

9. 10. In each Member State, the national supervisory authority shall ð on the basis of his/her request , ïassist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.

10. 11. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the data subject is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both national supervisory authorities shall cooperate to this end. Requests for such assistance may be made to the national supervisory authority of the Member State in which the data subject is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up by Article 20.

11. 12. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.

12. 13. Any person may, in accordance with the laws, regulations and procedures of the Member State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database ð Central System ï, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the data subject, in accordance with paragraph 10 13 , shall subsist throughout the proceedings.

Article 25 19

Ö Supervision by the Õ National Ssupervisory Aauthority

1. Each Member State shall provide that the national supervisory authority or authorities designated pursuant to Article 28(1) of Directive 95/46/EC shall monitor independently, in accordance with its respective national law, the lawfulness of the processing, in accordance with this Regulation, of personal data by the Member State in question, including their transmission to the Central Unit ð System ï.

2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.

ò new

Article 2 6

Supervision by the European Data Protection Supervisor

1. The European Data Protection Supervisor shall ensure that the personal data processing activities concerning EURODAC, in particular by the Management Authority are carried out in accordance with Regulation (EC) No 45/2001 and this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2. The European Data Protection Supervisor shall ensure that an audit of the Management Authority's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities. The Management Authority shall be given an opportunity to make comments before the report is adopted.

Article 27

Cooperation between National Supervisory Authorities and the European Data Protection Supervisor

1. The National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision of EURODAC.

2. They shall, each acting within the scope of its respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Regulation, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3. The National Supervisory Authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs and servicing of these meetings shall be for the account of the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Management Authority every two years.

ê 2725/2000/EC (adapted)

ð new

CHAPTER VII

FINAL PROVISIONS

Article 28 21

Costs

1. The costs incurred in connection with the establishment and operation of the Central Unit ð Central System and the Communication Infrastructure ï shall be borne by the general budget of the European Union.

2. The costs incurred by national ð access points ï units and the costs for connection to the central database ð Central System ï shall be borne by each Member State.

3. The costs of transmission of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.

Article 29 24

Annual report:, mMonitoring and evaluation

1. The Commission ð Management Authority ï shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit ð System ï. The annual report shall include information on the management and performance of EurodacEURODAC against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. The Commission ð Management Authority ï shall ensure that Ö procedures Õ systems are in place to monitor the functioning of the Central Unit ð System ï against objectives Ö relating to Õ in terms of outputs, cost-effectiveness and quality of service.

3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively and with a view to providing guidelines for improving the efficiency of future operations.

4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.

ò new

3. For the purposes of technical maintenance, reporting and statistics, the Management Authority shall have access to the necessary information relating to the processing operations performed in the Central System.

4. Every two years, the Management Authority shall submit to the European Parliament, the Council, the Commission and the European Data Protection Supervisor a report on the technical functioning of the Central System, including the security thereof.

ê 2725/2000/EC

ð new

5. Three years after Eurodac starts operations ð the start of application of this Regulation as provided for in Article 34(2) ï and every six ð four ï years thereafter, the Commission shall produce an overall evaluation of EurodacEURODAC, examining results achieved against objectives and assessing the continuing validity of the underlying rationale, and any implications for future operations ð , as well as make any necessary recommendations ï . ð The Commission shall transmit the evaluation to the European Parliament and the Council. ï

ò new

6. Member States shall provide the Management Authority and the Commission with the information necessary to draft the reports referred to in paragraph 4 and 5.

7. The Management Authority shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 5.

8. Until the Management Authority provided for in Article 4 is established, the Commission will only produce reports in accordance with paragraph 1 and 5.

ê 2725/2000/EC (adapted)

ð new

Article 30 25

Penalties

Member States shall Ö take the necessary measures to Õ ensure that Ö any Õ processing use of data recorded Ö entered Õ in the central database ð Central System ï contrary to the purpose of EurodacEURODAC as laid down in Article 1(1) shall be subject to appropriate penalties Ö is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive Õ.

Article 31 26

Territorial scope

The provisions of this Regulation shall not be applicable to any territory to which theDublin Convention Ö Regulation Õ does not apply.

ò new

Article 32

Transitional provision

Data blocked in the Central System in accordance with Article 12 of Council Regulation (EC) No 2725/2000/EC shall be unblocked and marked in accordance with Article 15(1) of this Regulation on the date provided for in Article 34(2).

ê

Article 3 3

Repeal

Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention are repealed with effect from the date provided for in Article 34(2).

References to the repealed Regulations shall be read in accordance with the correlation table in Annex III.

ê 2725/2000/EC Article 27 (adapted)

ð new

Article 34 27

Entry into force and applicability

1. This Regulation shall enter into force on the Ö twentieth Õ day Ö following that Õ of its publication in the Official Journal of the European Communities Ö Union Õ.

2. This Regulation shall apply, and Eurodac shall start operations, from the date which the Commission shall publish in the Official Journal of the European Communities Ö Union Õ, when the following conditions are met:

(a) each Member State has notified the Commission that it has made the necessary technical arrangements to transmit data to the Central Unit ð System ï in accordance with Ö this Regulation Õ the implementing rules adopted under Article 4(7) and to comply with the implementing rules adopted under Article 12(5); and

(b) the Commission has made the necessary technical arrangements for the Central Unit ð System ï to begin operations in accordance with Ö this Regulation Õ the implementing rules adopted under Article 4(7) and Article 12(5).

ò new

3. Member States shall notify the Commission as soon as the arrangements referred to in paragraph 2(a) have been made, and in any event no later than 12 months from the date of the entry into force of this Regulation.

4. This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty on the Functioning of the European Union.

ê 2725/2000/EC

Done at Brussels,

For the European Parliament For the Council

The President The President

ê 407/2002/EC

ð new

Annex I

Data format for the exchange of fingerprint data

The following format is prescribed for the exchange of fingerprint data:

ANSI/NIST - CSL 1 1993 ð ANSI/NIST-ITL 1a-1997, Ver.3, June 2001 (INT-1) ï and any future further developments of this standard.

Norm for Member State identification letters

The following ISO norm will apply: ISO 3166 - 2 letters code.

Annex II

[pic]

é

ANNEX II Repealed Regulations (referred to in Article 33)

Council Regulation (EC) No 2725/2000/EC Council Regulation (EC) No 407/2002/EC | (OJ L 316, 15.12.2000, p. 1.) (OJ L 062, 05.03.2002 p. 1.) |

ANNEX IIICorrelation table

Regulation 2725/2000/EC | This Regulation |

Article 1(1) | Article 1(1) |

Article 1(2), first subparagraph | Article 4(1) |

Article 1(2), second subparagraph | Article 4(4) |

Article 1(2), third subparagraph | Article 3(4) |

Article 1(3) | Article 1(2) |

Article 3(1) | deleted |

Article 2 | Article 2 |

Article 3(2) | Article 5(3) |

Article 3(3) | Article 5 |

Article 3(4) | deleted |

Article 4(1) | Article 6(1), 3(5) |

Article 4(2) | Deleted |

Article 4(3) | Article 6(3) |

Article 4(4) | Article 6(4) |

Article 4(5) | Article 6(5) |

Article 4(6) | Article 19(4) |

Article 5 | Article 8 |

Article 6 | Article 9 |

Article 7 | Article 10 |

Article 8 | Article 11 |

Article 9 | Article 12 |

Article 10 | Article 13 |

Article 11(1)-(4) | Article 14(1)-(4) |

Article 11(5) | deleted |

Article 12 | - Article 15 |

Article 13 | Article 16 |

Article 14 | - Article 20 |

Article 15 | Article 21 |

Article 16 | Article 22 |

Article 17 | Article 23 |

Article 18 | Article 24 |

Article 19 | Article 25 |

Article 20 | -- |

Article 21 | Article 28 |

Article 22 | deleted |

Article 23 | deleted |

Article 24 | Article 29 |

Article 25 | Article 30 |

Article 26 | Article 31 |

Article 27 | Article 34 |

- | Annex II |

Regulation 407/2002/EC | This Regulation |

Article 2 | Article 17 |

Article 3 | Article 18 |

Article 4 | Article 19 |

Article 5(1) | Article 3(2) |

Annex I | Annex I |

Annex II | - |

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

1. FRAMEWORK OF THE PROPOSAL/INITIATIVE

1.1. Title of the proposal/initiative

Amended proposal for a Regulation of the European Parliament and the Council on the establishment of "EURODAC" for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national or a stateless person.

1.2. Policy area(s) concerned in the ABM/ABB structure

Area of Freedom, Security and Justice (title 18)

Migration flows — Common immigration and asylum policies (chapter 18.03)

1.3. Nature of the proposal/initiative

The proposal relates to the extension of an existing action, ie. the amendment of the Regulation establishing the EURODAC database.

1.4. Objective(s)

This proposal retains from the previous proposal [COM (2009) 342 final] the improvements of the system as regards new, asylum-focused functionalities and, at the same time, deletes the functionality of law enforcement searches proposed in that same proposal.

The cost estimate of 230.000 EUR in this financial statement replaces the 2.415.000€ asked for in the 2009 proposal mentioned above.

The present legislative financial statement only deals with the costs foreseen to occur with respect to the changes introduced by the present amendment; hence it does not deal with the costs of regular management of EURODAC.

1.5. Grounds for the proposal/initiative

This proposal will provide a solution to the issues flagged for improvement during the five years of operation of the already existing database. It was drafted in full coherence with the recast proposal on the Dublin Regulation.[23]

1.6. Duration and financial impact

It is envisaged that the Regulation will be adopted by the end of 2011 for an undetermined duration.

Financial impact from 2011 to 2012.

1.7. Management method(s) envisaged

Centralised direct management by the Commission. After an interim period, the operational management of EURODAC is expected to be transferred to an Agency responsible for SIS II, VIS and other IT systems in the area of freedom, security and justice. Regarding the setting up of this Agency, a separate proposal was presented by the Commission, assessing the relevant costs.

2. MANAGEMENT MEASURES

2.1. Monitoring and reporting rules

Monitoring of the efficiency of the changes introduced by the present proposal is to be performed in the framework of the annual reports on the activities of the EURODAC Central Unit.

Monitoring of data protection issues will be performed by the European Data Protection Supervisor.

2.2. Management and control system

The operational management of EURODAC (currently under centralised direct management by the Commission) is expected to be transferred to an Agency responsible for SIS II, VIS and other IT systems in the area of freedom, security and justice. Regarding the setting up of this Agency, a separate proposal was presented by the Commission, assessing the relevant costs.[24]

2.3. Measures to prevent fraud and irregularities

In order to combat fraud, corruption and other unlawful activities, the provisions of Regulation (EC) No 1037/1999 shall apply without restriction to the Agency responsible for the management of EURODAC (once established on the basis of the Amended proposal for a Regulation (EU) No …/… of the European Parliament and of the Council on establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, COM(2010)93).

3. ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

3.1. Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

Financial framework 2007-2013: Heading 3A

Budget line: 18.03.11 - Eurodac

3.2. Estimated impact on expenditure

3.2.1. Summary of estimated impact on expenditure

Total impact on expenditure: 293.000 EUR.

3.2.2. Estimated impact on operational appropriations

The total impact on operational appropriations is 230.000 EUR.

3.2.3. Estimated impact on appropriations of an administrative nature

The total impact on appropriations of an administrative nature is 63.000 EUR.

3.2.4. Compatibility with the current multiannual financial framework

The proposal is compatible with the current multiannual financial framework.

3.2.5. Third-party participation in financing

The proposal does not provide for co-financing by third parties.

3.3. Estimated impact on revenue

An impact on revenue of 29.000 EUR is expected from NO, IS and CH contributions.

LEGISLATIVE FINANCIAL STATEMENT FOR PROPOSALS

FRAMEWORK OF THE PROPOSAL/INITIATIVE

Title of the proposal/initiative

Amended proposal for a Regulation of the European Parliament and the Council on the establishment of "EURODAC" for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national or a stateless person.[25]

Policy area(s) concerned in the ABM/ABB structure[26]

Policy Area: Area of Freedom, Security and Justice (title 18)

Migration flows — Common immigration and asylum policies (chapter 18.03)

Nature of the proposal/initiative

( The proposal/initiative relates to a new action

( The proposal/initiative relates to a new action following a pilot project/preparatory action[27]

( The proposal/initiative relates to the extension of an existing action

( The proposal/initiative relates to an action redirected towards a new action

Objectives

The Commission's multiannual strategic objective(s) targeted by the proposal/initiative

Non applicable.

Specific objective(s) and ABM/ABB activity(ies) concerned

Specific objective No ..

Contribute to the completion of the Common European Asylum System by adopting higher common standards of protection, supporting practical cooperation and increasing solidarity within the EU and between the EU and third countries with the support of the European Refugee Fund.

ABM/ABB activity(ies) concerned

18 03 : Migration flows — Common immigration and asylum policies.

Expected result(s) and impact

Specify the effects which the proposal/initiative should have on the beneficiaries/groups targeted.

This proposal retains from the previous proposal [COM (2009) 342 final] the improvements of the system as regards new, asylum-focused functionalities and, at the same time, deletes the functionality of law enforcement searches proposed in that same proposal. The cost estimate of 230.000 EUR replaces the 2.415.000€ asked for in the 2009 proposal.

The proposal will better manage and protect the data of data subjects while it will also facilitate Member States' procedures to determine the Member State responsible for the assessment of an asylum claim.

Indicators of results and impact

Specify the indicators for monitoring implementation of the proposal/initiative.

The main objectives of the proposal are to improve the efficiency of EURODAC and to better address data protection concerns. The indicators would be the statistics on the operation of EURODAC, eg. those on missed hits and wrong hits, transmission delays, etc.

Grounds for the proposal/initiative

Requirement(s) to be met in the short or long term

In order to inform Member States of the status of those applicants who have in fact been already granted international protection in a Member State, data on refugees should be deblocked (i.e. made available for searches).

In order to better facilitate the application of the Dublin Regulation, Member States will be required to indicate in EURODAC the fact that they apply the sovereignty or the humanitarian clauses provided for by that Regulation, ie. assume responsibility for the assessment of the claim of an applicant for whom they would not normally be responsible under the criteria of the Dublin Regulation.

In order to ensure consistency with the asylum acquis, the scope of the Regulation is proposed to be extended to cover subsidiary protection.

In order to ensure consistency with the asylum acquis, the storage period for data on third country nationals or stateless persons fingerprinted in connection with the irregular crossing of an external border is proposed to be aligned with the period until which Article 10(1) of the Dublin Regulation allocates responsibility on the basis of that information (i.e. one year).

Based on the outcome of negotiations in the Council, a new Article was introduced in order to provide information to Member States on the status of the data subject (asylum seekers or irregular entrant). This article foresees that Member States are also informed if a given person, whose data is stored in the database, was transferred following a Dublin take charge procedure, or if he or she left the territory of the Member States, either voluntarily or as the result of a return decision or removal order.

Added value of EU involvement

This proposal will provide a solution to the issues flagged for improvement during the five years of operation of the already existing database.

Lessons learned from similar experiences in the past

Non applicable.

Coherence and possible synergy with other relevant instruments

The present proposal was drafted in full coherence with the recast proposal on the Dublin Regulation.[28]

Duration and financial impact

( Proposal/initiative of limited duration

- ( Proposal/initiative in effect from [DD/MM]YYYY to [DD/MM]YYYY

- ( Financial impact from YYYY to YYYY

( Proposal/initiative of unlimited duration

- Implementation with a start-up period from 2011 to 2012,

- followed by full-scale operation.

Management mode(s) envisaged[29]

( Centralised direct management by the Commission

( Centralised indirect management with the delegation of implementation tasks to:

- ( executive agencies

- ( bodies set up by the Communities[30]

- ( national public-sector bodies/bodies with public-service mission

- ( persons entrusted with the implementation of specific actions pursuant to Title V of the Treaty on European Union and identified in the relevant basic act within the meaning of Article 49 of the Financial Regulation

( Shared management with the Member States

( Decentralised management with third countries

( Joint management with international organisations

Comments

The operational management of EURODAC is expected to be transferred to an Agency responsible for SIS II, VIS and other IT systems in the area of freedom, security and justice. Regarding the setting up of this Agency, a separate proposal was presented by the Commission, assessing the relevant costs.[31]

MANAGEMENT MEASURES

Monitoring and reporting rules

Specify frequency and conditions.

Monitoring of the efficiency of the changes introduced by the present proposal is to be performed in the framework of the annual reports on the activities of the EURODAC Central Unit. Monitoring of data protection issues will be performed by the European Data Protection Supervisor.

Management and control system

Risk(s) identified

Failing to make important amendments to the Regulation in force, the efficiency of EURODAC could be undermined, as well as its supporting role to the implementation of the Dublin Regulation. Not being able to keep up with the changes of the asylum and data protection acquis would be also an important risk.

Control method(s) envisaged

The indicators will be the statistics on the operation of EURODAC, eg. those on missed hits and wrong hits, transmission delays, etc.

Measures to prevent fraud and irregularities

In order to combat fraud, corruption and other unlawful activities, the provisions of Regulation (EC) No 1037/1999 shall apply without restriction to the Agency responsible for the management of EURODAC (once established on the basis of the Amended proposal for a Regulation (EU) No …/… of the European Parliament and of the Council on establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, COM(2010)93).

ESTIMATED FINANCIAL IMPACT OF THE PROPOSAL/INITIATIVE

Heading(s) of the multiannual financial framework and expenditure budget line(s) affected

- Existing expenditure budget lines

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework | Budget line | Type of expenditure | Contribution |

Number [Description………………………...……….] | DA/NDA ([32]) | from EFTA[33] countries | from candidate countries[34] | from third countries | within the meaning of Article 18(1)(aa) of the Financial Regulation |

3A | 18.03.11 Eurodac | DA | NO | NO | YES | NO |

- New budget lines requested

In order of multiannual financial framework headings and budget lines.

Heading of multiannual financial framework | Budget line | Type of expenditure | Contribution |

Number [Heading……………………………………..] | Diff./non-diff. | from EFTA countries | from candidate countries | from third countries | within the meaning of Article 18(1)(aa) of the Financial Regulation |

[…] | [XX.YY.YY.YY] […] | […] | YES/NO | YES/NO | YES/NO | YES/NO |

Estimated impact on expenditure

Summary of estimated impact on expenditure

EUR million (to 3 decimal places)

Heading of multiannual financial framework: | Number | [Heading 3A……………...……………………………………………………………….] |

EUR million (to 3 decimal places)

-

Estimated requirements of human resources

- ( The proposal/initiative does not require the use of human resources

- ( The proposal/initiative requires the use of human resources, as explained below:

Estimate to be expressed in full amounts (or at most to one decimal place)

Year N | Year N+1 | Year N+2 | Year N+3 | … enter as many years as necessary to show the duration of the impact (see point 1.6) |

( Establishment plan posts (officials and temporary agents) |

External personnel |

Compatibility with the current multiannual financial framework

- ( Proposal/initiative is compatible the current multiannual financial framework.

- ( Proposal/initiative will entail reprogramming of the relevant heading in the multiannual financial framework.

Explain what reprogramming is required, specifying the budget lines concerned and the corresponding amounts.

[…]

- ( Proposal/initiative requires application of the flexibility instrument or revision of the multiannual financial framework[45].

Explain what is required, specifying the headings and budget lines concerned and the corresponding amounts.

[…]

Third-party contributions

- The proposal/initiative does not provide for co-financing by third parties

- The proposal/initiative provides for the co-financing estimated below:

Appropriations in EUR million (to 3 decimal places)

Year N | Year N+1 | Year N+2 | Year N+3 | … enter as many years as necessary to show the duration of the impact (see point 1.6) | Total |

Year N | Year N+1 | Year N+2 | Year N+3 | … insert as many columns as necessary in order to reflect the duration of the impact (see point 1.6) |

Article 6312 | | 0.000 |0.006 |0.023 |0.000 | | | | |For miscellaneous assigned revenue, specify the budget expenditure line(s) affected.

[Revenue line 6312]

Specify the method for calculating the impact on revenue.

[NO, IS and CH contribute for a total of 12.381% in the payments made over a given year]

[1] OJ L 062, 05.03.2002, p. 1.

[2] Proposal for a Regulation of the European Parliament and of the Council concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], COM(2008)825 final.

[3] The Proposal for a Regulation of the European Parliament and of the Council establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice [COM(2009) 293 final] was adopted on 24 June 2009. An amended proposal was adopted on 19 March 2010: Amended proposal for a Regulation (EU) No …/… of the European Parliament and of the Council on establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, COM(2010)93.

[4] Establishment of 'Eurodac' for the comparison of fingerprints (recast), P6_TA(2009)0378.

[5] Such a proposal was called for by Council Conclusions on access to Eurodac by Member States’ police and law enforcement authorities as well as Europol of 12 and 13 June 2007.

[6] COM(2009) 344.

[7] COM(2009) 665 final/2.

[8] One to ensure consistency with the Dublin Regulation and one to clarify the need for having the system's automated hit replies verified by a fingerprints expert.

[9] SEC(2008) 2981.

[10] Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and “Eurodac” for the comparison of fingerprints for the effective application of the Dublin Convention (OJ L 66, 8.3.2006).

[11] Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway (OJ L 93, 3.4.2001, p. 40).

[12] Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (OJ L 53, 27.2.2008, p. 5).

[13] Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of Liechtenstein to the Agreement between the European Community and Switzerland concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a the Member State or in Switzerland - COM(2006) 754, conclusion pending.

[14] Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (2006/0257 CNS, concluded on 24.10.2008, publication in OJ pending) and Protocol to the Agreement between the Community, Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State, Iceland and Norway (OJ L 93, 3.4.2001).

[15] COM(2010) XXX.

[16] OJ C 189, 7.7.2000, p. 105 and p. 227 and opinion delivered on 21 September 2000 (not yet published in the Official Journal).

[17] OJ C […], […], p. […].

[18] OJ L 316, 15.12.2000, p. 1.

[19] OJ L 62, 5.3.2002, p. 1.

[20] COM(2008)XXX.

[21] OJ L 281, 23.11.1995, p. 31.

[22] OJ L 8, 12.1.2001, p. 1.

[23] Proposal for a Regulation of the European Parliament and of the Council establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person, COM(2008) 820.

[24] The Proposal for a Regulation of the European Parliament and of the Council establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice [COM(2009) 293 final] was adopted on 24 June 2009. An amended proposal was adopted on 19 March 2010: Amended proposal for a Regulation (EU) No …/… of the European Parliament and of the Council on establishing an Agency for the operational management of large-scale IT systems in the area of freedom, security and justice, COM(2010)93.

[25] The present legislative financial statement only deals with the costs foreseen to occur with respect to the changes introduced by the present amendment, hence it does not deal with the costs of regular management of EURODAC.

[26] ABM: Activity-Based Management – ABB: Activity-Based Budgeting.

[27] As referred to in Article 49(6)(a) or (b) of the Financial Regulation.

[28] Proposal for a Regulation of the European Parliament and of the Council establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person, COM(2008) 820.

[29] Details of management modes and references to the Financial Regulation may be found on the BudgWeb site: http://www.cc.cec/budg/man/budgmanag/budgmanag_en.html

[30] As referred to in Article 185 of the Financial Regulation.

[31] COM(2010)93.

[32] DA= Differentiated appropriations / DNA= Non-Differentiated Appropriations

[33] EFTA: European Free Trade Association.

[34] Candidate countries and, where applicable, potential candidate countries from the Western Balkans.

[35] Year N is the year in which implementation of the proposal/initiative starts.

[36] Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[37] Year N is the year in which implementation of the proposal/initiative starts.

[38] Outputs are products and services to be supplied (e.g.: number of student exchanges financed, number of km of roads built, etc.).

[39] As described in Section 1.4.2. "Specific objective(s)…"

[40] Year N is the year in which implementation of the proposal/initiative starts.

[41] Technical and/or administrative assistance and expenditure in support of the implementation of EU programmes and/or actions (former "BA" lines), indirect research, direct research.

[42] CA= Contract Agent; INT= agency staff (" Intérimaire") ; JED= " Jeune Expert en Délégation" (Young Experts in Delegations); LA= Local Agent; SNE= Seconded National Expert;

[43] Under the ceiling for external personnel from operational appropriations (former "BA" lines).

[44] Essentially for Structural Funds, European Agricultural Fund for Rural Development (EAFRD) and European Fisheries Fund (EFF).

[45] See points 19 and 24 of the Interinstitutional Agreement.

[46] As regards traditional own resources (customs duties, sugar levies), the amounts indicated must be net amounts, i.e. gross amounts after deduction of 25% for collection costs.