52008PC0825

[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES |

Brussels, 3.12.2008

COM(2008) 825 final

2008/0242 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person]

(Recast version)

{SEC(2008) 2981}{SEC(2008) 2982}

EXPLANATORY MEMORANDUM

CONTEXT OF THE PROPOSAL

- Grounds for and objectives of the proposal

Council Regulation (EC) No 2725/2000/EC of 11 December 2000 for the establishment of ‘EURODAC’ (hereinafter: EURODAC Regulation)[1] came into force on 15 December 2000. EURODAC, a Community-wide information technology system, was created to facilitate the application of the Dublin Convention,[2] which aimed at establishing a clear and workable mechanism for determining responsibility for asylum applications lodged in one of the Member States of the EU. The Convention was replaced by a Community law instrument, Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national (ie. the Dublin Regulation).[3] EURODAC started operations on 15 January 2003.

The Commission published its report on the evaluation of the Dublin system[4] (hereinafter: Evaluation Report) in June 2007, covering the first 3 years of the operation of EURODAC (2003-2005). Whilst acknowledging that the Regulation is applied in a generally satisfactory way, it identified certain issues related to the efficiency of the current legislative provisions and announced the issues which have to be tackled in order to improve EURODAC's support to facilitate the application of the Dublin Regulation.

As announced in the Policy Plan on Asylum[5], this proposal is part of a first package of proposals which aim to ensure a higher degree of harmonisation and better standards of protection for the Common European Asylum System (CEAS). It is adopted at the same time of the recast of the Dublin Regulation[6] and the Reception Conditions Directive[7]. In 2009, the Commission will propose to amend the Qualification Directive[8] and the Asylum Procedures Directive.[9] In addition, in the first quarter of 2009 the Commission will propose the establishment of a European Asylum Support Office, which will aim to provide practical assistance to Member States in taking decisions on asylum claims. The Support Office will also provide assistance to Member States who are faced with particular pressures on their national asylum system, notably because of their geographical position, to comply with requirement of Community legislation, by providing specific expertise and practical support.

The Evaluation Report observed the continuing late transmission of fingerprints by a number of Member States. The EURODAC Regulation currently only provides a very vague deadline for the transmission of fingerprints, which can cause significant delays in practice. This is a crucial issue since a delay in transmission may lead to results contrary to the responsibility principles laid down in the Dublin Regulation.

The Evaluation Report underlined that lack of an efficient facility for Member States to inform each other of the status of the asylum seeker has lead to inefficient management of deletions of data . The Member States who entered data on a specific person are often unaware that another MS of origin deleted data and therefore don't realise they should delete their data relating to the same person. As a consequence, the respect of the principle that 'no data should be kept in a form which allows the identification of data subjects for longer than is necessary for the purposes for which data were collected' cannot therefore be sufficiently monitored.

According to the analysis of the Evaluation Report, unclear specification of national authorities having access to EURODAC hinders the monitoring role of the Commission and the European Data Protection Supervisor (EDPS).

The statistics of EURODAC reveal that some persons already granted asylum in a Member State nevertheless apply again in another, or in some cases even in the same Member State. According to the EURODAC Regulation in force however, this information is not available to Member States introducing the data of such a person upon re-application. As a result, persons already enjoying asylum in one of the Member States can apply again in a second Member State, which is against the principle of having only one Member State responsible.

Practical changes, the need for consistency with the evolution of the asylum acquis taken place since the adoption of Council Regulation (EC) No 2725/2000/EC, as well as the placement of the operational management of EURODAC under a new management structure require several technical amendments.

A thorough impact assessment examined several options to each of the problems identified by the Evaluation Report. Therefore the present proposal intends to recast Council Regulation (EC) No 2725/2000/EC and its implementing regulation, Council Regulation (EC) No 407/2002/EC [10] (hereinafter: Implementing Regulation) in order inter alia to improve the efficiency of the implementation of the EURODAC Regulation, to ensure consistency with the asylum acquis evolved since the adoption of the Regulation, to update some provisions taking account of factual developments since the adoption of the Regulation, to establish a new management framework and to better ensure the respect of personal data.

- General context

The Hague Programme called for the submission by the Commission of the second-phase instruments of the Common European Asylum System (CEAS) to the Council and the European Parliament with a view to their adoption before the end of 2010.

The Commission's intention to propose amendments to the EURODAC Regulation in the framework of the second phase of the Common European Asylum system was confirmed in its recently published Policy Plan on Asylum – an integrated approach to protection across the EU[11].

In order to ensure a level of consistency in the second phase of the construction of the Common European Asylum System, the present recast of the EURODAC Regulation and its implementing regulation is proposed in parallel to the proposal on the amendment of the Dublin Regulation.

Should no action on EU level be taken to address the problems described above, the identified problems would continue to persist, since the present wording of the Regulation will not be sufficient to ensure a high standard of efficiency in supporting the application of the Dublin Regulation. Member States could decide to follow certain interpretations of their own which might interfere with the correct and uniform application of the EURODAC Regulation, thus resulting in serious divergences creating legal uncertainty.

Existing provisions in the area of the proposal

The Dublin System consist of the Dublin [12] and EURODAC Regulations, and their two implementing regulations: Commission Regulation (EC) No 1560/2003 of 2 September 2003 laying down detailed rules for the application of Council Regulation (EC) No 343/2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national [13] and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention. [14]

CONSISTENCY WITH OTHER POLICIES

This proposal is fully in line with the Tampere European Council Conclusions of 1999, the Hague programme of 2004 and the Charter of Fundamental Rights of the European Union, in particular as regards the right to asylum and protection of personal data.

The SIS II[15] and VIS[16] Regulations stipulate the need to establish a 'Management Authority' for the purpose of operating their large-scale IT systems. In the joint statements accompanying these Regulations, the Council and the European Parliament agreed that the Management Authority should be an Agency.[17] The Impact Assessment prepared in view of the establishment of the Agency concluded that, in the long term, the housing of all large-scale IT systems in one location under one management and running on the same platform would serve to improve productivity and reduce operational costs. Therefore, it considered a new Regulatory Agency to be indeed the best option for carrying out the tasks of the "Management Authority" for SIS II, VIS and also for EURODAC.

Compliance with the Charter of Fundamental Rights

During the recast exercise, due attention was given to fundamental rights. The right to asylum and protection of personal data were considered in the Impact Assessment attached to the proposal.

As regards the right to asylum, amendments to the provisions of the Regulation on the information to be given to asylum seekers on the application of the Dublin system enables them to effectively exercise their right to asylum.

The new provision that requires Member States to indicate in EURODAC the fact that they apply the discretionary clauses of the Dublin Regulation, facilitates communication amongst Member States and therefore prevents uncertainty for the asylum seeker, by making clarity about which Member States handles his case.

As regards the protection of personal data, by allowing for efficient management of deletions of data , the proposal ensures that no data should be kept in a form which allows the identification of data subjects for longer than is necessary for the purposes for which data were collected. The same principle is underpinning the amendment aligning the storage period for data on third country nationals or stateless persons fingerprinted in connection with the irregular crossing of an external border with the period until which the Dublin Regulation allocates responsibility on the basis of that information.

Therefore, this proposal is fully in line with the Charter of Fundamental Rights of the European Union, in particular as regards the right to asylum (Article 18) and protection of personal data (Article 8) and has to be applied accordingly.

CONSULTATION OF INTERESTED PARTIES

The Commission published the Green Paper on the future Common European Asylum System[18] in June 2007, which proposed options concerning the future features of the Dublin and EURODAC Regulations. In the framework of the wide public consultation on the Green Paper, 89 contributions were received from a wide range of stakeholders.

The Commission services discussed the outcome of the Evaluation Report and the outline of the planned amendments to the Regulation with the Member States in the Committee on Immigration and Asylum (CIA) in March 2008 as well as in two informal expert meetings with Member States’ practitioners dedicated to the conclusions of the Evaluation Report in October 2007 and April 2008.

UNHCR, the European Council on Refugees and Exiles (ECRE) as well as the EDPS were also informally consulted in the preparation of the amendment of the Regulation.

Legal elements of the proposal

In order to improve the efficiency of the implementation of the EURODAC Regulation, clearer deadlines for data transmission will be set.

In order to better address data protection requirements, better management of deletions of data from the central database will be facilitated by ensuring that the Central System informs Member States of the need to delete data.

The EURODAC Regulation in force stipulates that five years after EURODAC starts operations, a decision would be taken as to whether the data on refugees (until now stored but not searchable) should be stored and searched or should be erased in advance once the data subject is recognised as a refugee. In order to inform Member States of the status of those applicants who have in fact been already granted international protection in a Member State, data on refugees will be deblocked (i.e. made available for searches).

In order to better facilitate the application of the Dublin Regulation, Member States will be required to indicate in EURODAC the fact that they apply the discretionary clauses provided for by that Regulation, ie. assume responsibility for the assessment of the claim of an applicant for whom they would not normally be responsible under the criteria of the Dublin Regulation.

In order to ensure consistency with the asylum acquis evolved since the adoption of the Regulation, the Commission proposes to extend its scope to cover subsidiary protection and align the terminology of the Regulation with that of the other asylum instruments on the definition of foreigners ("third country nationals and stateless persons"). Consistency with the Dublin Regulation (as well as data protection concerns, notably the principle of proportionality) will be ensured by aligning the storage period for data on third country nationals or stateless persons fingerprinted in connection with the irregular crossing of an external border with the period until which Article 14(1) of the Dublin Regulation allocates responsibility on the basis of that information (i.e. one year).

It is also important to update some provisions taking account of factual developments since the adoption of the Regulation. Hence, factual developments such as the change of the legal instrument the application of which the EURODAC Regulation facilitates (Dublin Convention to the Dublin Regulation), the taking over of the tasks of the Joint Supervisory Authority by the later established EDPS and the initially foreseen but now obsolete practice of transmitting data to the Central Unit by means other than digital transmission (eg. on DVD or on paper) are reflected in the proposal.

In order to address data protection concerns, better respect of personal data is facilitated by amending the provision on the designation of responsible national authorities (specification of the exact responsible unit as well as the connection between its work and the purpose of EURODAC is required). In the spirit of transparency, the list of these authorities will be published in the Official Journal of the European Union, thereby adhering to the data protection concerns of stakeholders.

The proposal includes updating of and clearer definitions for the different stages of management of the database (Commission, Management Authority, Central System). SIS II and VIS already share a technical platform and it is envisaged that the biometric matching functionality (BMS) will, in the future, be common to SIS II, VIS and EURODAC. Until a Management Authority for the management of the three systems is established, the Commission shall remain responsible for operating the Central Unit and ensuring the security of data transmission to/from EURODAC.

At the time of the adoption of the EURODAC Regulation, it was decided that some provisions would be adopted in an implementing regulation, for which the Council reserved to itself the power of adoption. The Commission considers the nature of the provisions in the two instruments as similar. Furthermore, the procedure for their adoption is the same (ie. codecision). Therefore, the proposal envisages to repeal the Implementing Regulation and to include its content in the EURODAC Regulation .

The only provision[19] for which a comitology procedure was foreseen proved to be of insignificant nature, therefore during the more than five years of operation of the system, the Commission has not called for a meeting of this committee. Hence it is proposed to abolish the committee provided for by the Regulation.

Legal basis

This proposal amends Council Regulation (EC) No 2725/2000/EC and uses the same legal base as that act, namely Articles 63(1)(a) of the Treaty establishing the European Community.

Title IV of the Treaty is not applicable to the United Kingdom and Ireland, unless those two countries decide otherwise, in accordance with the provisions set out in the Protocol on the position of the United Kingdom and Ireland attached to the Treaties.

The United Kingdom and Ireland are bound by Council Regulation (EC) No 343/2003/EC following their notice of their wish to take part in the adoption and application of that Regulation based on the above-mentioned Protocol. The position of these Member States with regard to the current Regulation does not affect their possible participation with regard to the amended Regulation.

In accordance with Articles 1 and 2 of the Protocol on the position of Denmark attached to the Treaties, Denmark does not take part in the adoption of this Regulation and is not bound by it nor subject to its application. However, given that Denmark applies the current Dublin Regulation, following an international agreement[20] that it concluded with the EC in 2006, it shall, in accordance with Article 3 of that agreement, notify the Commission of its decision whether or not to implement the content of the amended Regulation.

IMPACT OF THE PROPOSAL ON NON EU MEMBER STATES ASSOCIATED TO THE DUBLIN SYSTEM

In parallel to the association of several non-EU Member States to the Schengen acquis, the Community concluded, or is in the process of doing so, several agreements associating these countries also to the Dublin/EURODAC acquis:

-the agreement associating Iceland and Norway, concluded in 2001[21];

-the agreement associating Switzerland, concluded on 28 February 2008[22];

-the protocol associating Liechtenstein, signed on 28 February 2008[23].

In order to create rights and obligations between Denmark –which as explained above has been associated to the Dublin/EURODAC acquis via an international agreement – and the associated countries mentioned above, two other instruments have been concluded between the Community and the associated countries[24].

In accordance with the three above-cited agreements, the associated countries shall accept the Dublin/EURODAC acquis and its development without exception. They do not take part in the adoption of any acts amending or building upon the Dublin acquis (including therefore this proposal) but have to notify to the Commission within a given time-frame of their decision whether or not to accept the content of that act, once approved by the Council and the European Parliament. In case Norway, Iceland, Switzerland or Liechtenstein do not accept an act amending or building upon the Dublin/EURODAC acquis, the "guillotine" clause is applied and the respective agreements will be terminated, unless the Joint/Mixed Committee established by the agreements decides otherwise by unanimity.

SUBSIDIARITY PRINCIPLE

Due to the transnational nature of the problems related to asylum and refugee protection, the EU is well placed to propose solutions in the framework of the Common European Asylum System (CEAS) to the issues described above as problems regarding the EURODAC Regulation. Although an important level of harmonization was reached in the Regulation adopted in 2000, there is still room for developing the support that EURODAC provides to the implementation of the Dublin Regulation. The need for EU action regarding the management of an EU database which was created for assisting in the implementation of a Regulation dealing with transnational movements of asylum seekers seems clear.

Proportionality principle

The impact assessment on the amendment of the EURODAC Regulation assessed each suboption regarding the problems identified so as to represent an ideal proportion between practical value and efforts needed. It concluded that opting for EU action does not go beyond what is necessary to achieve the objective of solving those problems.

ê 2725/2000/EC (adapted)

2008/0242 (COD)

Proposal for a

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

concerning the establishment of 'EURODAC' for the comparison of fingerprints for the effective application of the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ

THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 63 point (1)(a) thereof,

Having regard to the proposal from the Commission[25],

Acting in accordance with the procedure laid down in Article 251 of the Treaty[26],

Whereas

ò new

(1) A number of substantive changes are to be made to Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention[27] and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention[28]. In the interest of clarity, those Regulations should be recast.

ê 2725/2000/EC recital 1

(1) Member States have ratified the Geneva Convention of 28 July 1951, as amended by the New York Protocol of 31 January 1967, relating to the Status of Refugees.

ê 2725/2000/EC recital 2 (adapted)

(2) Member States have concluded the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed in Dublin on 15 June 1990 (hereinafter referred to as "the Dublin Convention").

ò new

(2) A common policy on asylum, including a Common European Asylum System, is a constituent part of the European Union's objective of progressively establishing an area of freedom, security and justice open to those who, forced by circumstances, legitimately seek protection in the Community.

(3) The first phase in the creation of a Common European Asylum System that should lead, in the longer term, to a common procedure and a uniform status, valid throughout the Union, for those granted asylum, has now been achieved. The European Council of 4 November 2004 adopted The Hague Programme which sets the objectives to be implemented in the area of freedom, security and justice in the period 2005-2010. In this respect The Hague Programme invited the European Commission to conclude the evaluation of the first phase legal instruments and to submit the second-phase instruments and measures to the Council and the European Parliament with a view to their adoption before 2010.

ê 2725/2000/EC recital 3 (adapted)

ð new

(4) For the purposes of applying the Dublin Convention Ö Council Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person][29]Õ, it is necessary to establish the identity of applicants for asylum ð international protection ï and of persons apprehended in connection with the unlawful crossing of the external borders of the Community. It is also desirable, in order effectively to apply the Dublin Convention Ö Council Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ, and in particular points (c) and (e) (b) and (d) of Article 10(1)18(1) thereof, to allow each Member State to check whether an alien Ö third country national or stateless person Õ found illegally present on its territory has applied for asylum ð international protection ï in another Member State.

ê 2725/2000/EC recital 4

(5) Fingerprints constitute an important element in establishing the exact identity of such persons. It is necessary to set up a system for the comparison of their fingerprint data.

ê 2725/2000/EC recital 5

ð new

(6) To this end, it is necessary to set up a system known as ""EurodacEURODAC", consisting of a Central Unit ð System ï, to be established within the Commission and which will operate a computerised central database of fingerprint data, as well as of the electronic means of transmission between the Member States and the central database ð Central System ï.

ò new

(7) In view of ensuring equal treatment for all applicants and beneficiaries of international protection, as well as in order to ensure consistency with current EU asylum acquis, in particular with Council Directive 2004/83/EC of 29 April 2004 on minimum standards for the qualification and status of third country nationals or stateless persons as refugees or as persons who otherwise need international protection and the content of the protection granted and Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person], it is appropriate to extent the scope of this Regulation to order to include applicants for subsidiary protection and persons enjoying subsidiary protection.

ê 2725/2000/EC recital 6 (adapted)

ð new

(8) It is also necessary to require the Member States promptly to take ð and transmit ï fingerprints ð data ï of every applicant for asylum ð international protection ï and of every alien Ö third country national or stateless person Õ who is apprehended in connection with the irregular crossing of an external border of a Member State, if they are at least 14 years of age.

ê 2725/2000/EC recital 7 (adapted)

ð new

(9) It is necessary to lay down precise rules on the transmission of such fingerprint data to the Central Unit ð System ï , the recording of such fingerprint data and other relevant data in the Central Unit ð System ï , their storage, their comparison with other fingerprint data, the transmission of the results of such comparison and the blocking and erasure of the recorded data. Such rules may be different for, and should be specifically adapted to, the situation of different categories of aliens Ö third country national or stateless persons Õ.

ê 2725/2000/EC recital 8 (adapted)

ð new

(10) Aliens Ö Third country nationals or stateless persons Õ who have requested asylum ð international protection ï in one Member State may have the option of requesting asylum ð international protection ï in another Member State for many years to come. Therefore, the maximum period during which fingerprint data should be kept by the Central Unit ð System ï should be of considerable length. Given that most aliens Ö third country nationals or stateless persons Õ who have stayed in the Community for several years will have obtained a settled status or even citizenship of a Member State after that period, a period of ten years should be considered a reasonable period for the conservation of fingerprint data.

ê 2725/2000/EC recital 9 (adapted)

(11) The conservation period should be shorter in certain special situations where there is no need to keep fingerprint data for that length of time. Fingerprint data should be erased immediately once aliens Ö third country nationals or stateless persons Õ obtain citizenship of a Member State.

ò new

(12) It is appropriate to store data relating to those data subjects whose fingerprints were initially recorded in EURODAC upon lodging their applications for international protection and who have been granted international protection in a Member State in order to allow data recorded upon lodging an application for international protection to be compare against them.

(13) For a transitional period the Commission should remain responsible for the management of the Central System and for the Communication Infrastructure. In the long term, and following an impact assessment, containing a substantive analysis of alternatives from financial, operational and organisational perspective, a Management Authority with responsibility for these tasks should be established.

ê 2725/2000/EC recital 13 (adapted)

(13) Since the Member States alone are responsible for identifying and classifying the results of comparisons transmitted by the Central Unit as well as for the blocking of data relating to persons admitted and recognised as refugees and since this responsibility concerns the particularly sensitive area of the processing of personal data and could affect the exercise of individual freedoms, there are specific grounds for the Council reserving for itself the exercise of certain implementing powers, relating in particular to the adoption of measures ensuring the safety and reliability of such data.

ê 2725/2000/EC recital 14 (adapted)

(14) The measures necessary for the implementation of other measures of this Regulation should be adopted in accordance with Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission.

ê 2725/2000/EC recital 10 (adapted)

ð new

(14) It is necessary to lay down clearly the respective responsibilities of the Commission ð and the Management Authority ï , in respect of the Central Unit ð System ï ð and the Communication Infrastructure ï, and of the Member States, as regards data use, data security, access to, and correction of, recorded data.

ê 2725/2000/EC recital 11

(15) While the non-contractual liability of the Community in connection with the operation of the EurodacEURODAC system will be governed by the relevant provisions of the Treaty, it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

ê 2725/2000/EC recital 12

(16) In accordance with the principle of subsidiarity as set out in Article 5 of the Treaty, the objective of the proposed measures, namely the creation within the Commission of a system for the comparison of fingerprint data to assist the implementation of the Community's asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Community. In accordance with the principle of proportionality as set out in the said Article, this Regulation does not go beyond what is necessary to achieve that objective.

ê 2725/2000/EC recital 15 (adapted)

(17) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data[30] applies to the processing of personal data by the Member States Ö carried out in application of this Regulation Õ. within the framework of the Eurodac system.

ê 2725/2000/EC recital 16

(16) By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to Community institutions and bodies. Since the Central Unit will be established within the Commission, that Directive will apply to the processing of personal data by that Unit.

ê 2725/2000/EC recital 17

(18) The principles set out in Directive 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to privacy, with regard to the processing of personal data should be supplemented or clarified, in particular as far as certain sectors are concerned.

ò new

(19) Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data[31] should apply. However, certain point should be clarified in respect of the responsibility for the processing of data and of supervision of data protection.

ò new

(20) It is appropriate that national supervisory authorities monitor the lawfulness of the processing of personal data by the Member States, whilst the European Data Protection Supervisor, appointed pursuant to Decision 2004/55/EC of the European Parliament and of the Council of 22 December 2003 appointing the independent supervisory body provided for in Article 286 of the EC Treaty[32], should monitor the activities of the Community institutions and bodies in relation to the processing of personal data in view of the limited tasks of the Community institutions and bodies with regard to the data themselves.

ê 2725/2000/EC recital 18

ð new

(21) It is appropriate to monitor and evaluate the performance of EurodacEURODAC ð at regular intervals ï.

ê 2725/2000/EC recital 19

ð new

(22) Member States should provide for a system of penalties to sanction the use of data recorded in the central database ð Central System ï contrary to the purpose of EurodacEURODAC.

ê 2725/2000/EC recital 23 (adapted)

(23) This Regulation should serve as legal basis for the implementing rules which, with a view to its rapid application, are required for the establishment of the necessary technical arrangements by the Member States and the Commission. The Commission should be charged with verifying that those conditions are fulfilled.

ò new

(23) It is necessary that Member States are informed of the status of particular asylum procedures, with a view to facilitating the adequate application of Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person].

(24) This Regulation respects and has to be applied in accordance with the fundamental rights and observes the principles recognised in particular by the Charter of Fundamental Rights of the European Union. In particular, this Regulation seeks to ensure full respect for the protection of personal data and the right to asylum and to promote the application of Articles 8 and 18 of the Charter.

ê 2725/2000/EC recital 22 (adapted)

(25) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ .

ê 2725/2000/EC (adapted)

ð new

HAVE ADOPTED THIS REGULATION:

CHAPTER I

GENERAL PROVISIONS

Article 1

Purpose of "EurodacEURODAC"

1. A system known as "EurodacEURODAC" is hereby established, the purpose of which shall be to assist in determining which Member State is to be responsible pursuant to the Dublin Convention Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ for examining an application for asylum ð international protection ï lodged in a Member State ð by a third country national or stateless person ï, and otherwise to facilitate the application of the Dublin Convention Ö Regulation Õ under the conditions set out in this Regulation.

2. Eurodac shall consist of:

(a) the Central Unit referred to in Article 3;

(b) a computerised central database in which the data referred to in Article 5(1), Article 8(2) and Article 11(2) are processed for the purpose of comparing the fingerprint data of applicants for asylum and of the categories of aliens referred to in Article 8(1) and Article 11(1);

(c) means of data transmission between the Member States and the central database.The rules governing Eurodac shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit until use is made of the results of the comparison.

3.2. Without prejudice to the use of data intended for EurodacEURODAC by the Member State of origin in databases set up under the latter's national law, fingerprint data and other personal data may be processed in EurodacEURODAC only for the purposes set out in Article 15(1)32(1) of the Dublin Convention Ö Regulation Õ.

Article 2

Definitions

1. For the purposes of this Regulation:

(a) "the Dublin Convention Ö Regulation Õ" means the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990 Ö Regulation (EC) No […/…] [establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person] Õ;

(b) an "applicant for asylum ð international protection ï" means an alien Ö third-country national or a stateless person Õ who has made an application for asylum or on whose behalf such an application has been made ð international protectionin respect of which a final decision has not yet been taken ï;

(c) "Member State of origin" means:

(i) in relation to an applicant for asylum Ö person covered by Article 6 Õ , the Member State which transmits the personal data to the Central Unit ð System ï and receives the results of the comparison;

(ii) in relation to a person covered by Article 8 10 , the Member State which transmits the personal data to the Central Unit ð System ï ;

(iii) in relation to a person covered by Article 11 13 , the Member State which transmits such data to the Central Unit ð System ï and receives the results of the comparison;

(d) "refugee" ð "person granted international protection" ï means a Ö third country national or a stateless Õ person who has been recognised as a refugee in accordance with the Geneva Convention on Refugees of 28 July 1951, as amended by the New York Protocol of 31 January 1967 ð in need of international protection as defined in Article 2(a) of Council Directive 2004/83/EC ï;

(e) "hit" shall mean the existence of a match or matches established by the Central Unit ð System ï by comparison between fingerprint data recorded in the databank Ö database Õ and those transmitted by a Member State with regard to a person, without prejudice to the requirement that Member States shall immediately check the results of the comparison pursuant to Article 4(6) 17(4).

2. The terms defined in Article 2 of Directive 95/46/EC shall have the same meaning in this Regulation.

3. Unless stated otherwise, the terms defined in Article 1 2 of the Dublin Convention Ö Regulation Õ shall have the same meaning in this Regulation.

Article 3

Central Unit Ö System architecture and basic principles Õ

1. A Central Unit shall be established within the Commission which shall be responsible for operating the central database referred to in Article 1(2)(b) on behalf of the Member States. The Central Unit shall be equipped with a computerised fingerprint recognition system.

ò new

1. EURODAC shall consist of:

(a) a computerised central fingerprint database (Central System) composed of

- a Central Unit,

- a Business Continuity System.

(b) a communication infrastructure between the central system and Member States that provides an encrypted virtual network dedicated to EURODAC data (Communication Infrastructure).

2. Each Member State shall have a single designated national data system (National Access Point) which communicates with the Central System.

ê 2725/2000/EC (adapted)

ð new

2.3. Data on applicants for asylum, persons covered by Article 8 and persons covered by Article 11 6, 10 and 13 which are processed in the Central Unit ð System ï shall be processed on behalf of the Member State of origin under the conditions set out in this Regulation Ö and separated by appropriate technical means Õ.

ê 407/2002/EC Article 5(1)

1. The Central Unit shall separate the data on asylum applicants and the data on persons referred to in Article 8 of the Eurodac Regulation which are stored in the database, by appropriate technical means.

ê 2725/2000/EC Article 1(2) third subparagraph

ð new

4. The rules governing EurodacEURODAC shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit ð System ï until use is made of the results of the comparison.

ê 2725/2000/EC Article 4(1) second sentence

ð new

5. The procedure for taking fingerprints shall be determined ð and applied ï in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in ð the Charter of Fundamental Rights of the European Union, in the Convention for the Protection of Human Rights and Fundamental Freedoms and ï the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child.

ò new

Article 4

Operational management by the Management Authority

1. After a transitional period, a Management Authority, funded from the general budget of the European Union, shall be responsible for the operational management of EURODAC . The Management Authority shall ensure, in cooperation with the Member States, that at all times the best available technology, subject to a cost-benefit analysis, is used for the Central System.

2. The Management Authority shall also be responsible for the following tasks relating to the Communication Infrastructure:

(a) supervision;

(b) security;

(c) the coordination of relations between the Member States and the provider.

3. The Commission shall be responsible for all other tasks relating to the Communication Infrastructure, in particular:

(a) tasks relating to implementation of the budget;

(b) acquisition and renewal;

(c) contractual matters.

4. During a transitional period before the Management Authority takes up its responsibilities, the Commission shall be responsible for the operational management of EURODAC.

5. Operational management of EURODAC shall consist of all the tasks necessary to keep EURODAC functioning 24 hours a day, 7 days a week in accordance with this Regulation, in particular the maintenance work and technical developments necessary to ensure that the system functions at a satisfactory level of operational quality, in particular as regards the time required for interrogation of the Central System.

6. Without prejudice to Article 17 of the Staff Regulations of Officials of the European Communities, the Management Authority shall apply appropriate rules of professional secrecy or other equivalent duties of confidentiality to all its staff required to work with EURODAC data. This obligation shall also apply after such staff leave office or employment or after the termination of their activities.

7. The Management Authority referred to in this Regulation shall be the Management Authority competent for SIS II and VIS.

ê 2725/2000/EC (adapted)

ð new

Article 5 3

Ö Statistics Õ Central Unit

3. The Central Unit Ö Management Authority Õ shall draw up statistics on its Ö the Õ work Ö of the Central System Õ every quarter ð month ï, indicating ð in particular ï :

(a) the number of data sets transmitted on applicants for asylum ð international protection ï and the persons referred to in Articles 8(1) and 11(1) 10(1) and 13(1) ;

(b) the number of hits for applicants for asylum ð international protection ï who have lodged an application for asylum ð international protection ï in another Member State;

(c) the number of hits for persons referred to in Article 8(1) 10(1) who have subsequently lodged an application for asylum ð international protection ï;

(d) the number of hits for persons referred to in Article 11(1) 13(1) who had previously lodged an application for asylum ð international protection ï in another Member State;

(e) the number of fingerprint data which the Central Unit ð System ï had to ð repeatedly ï request a second time from the Member States of origin because the fingerprint data originally transmitted did not lend themselves to comparison using the computerised fingerprint recognition system;.

ò new

(f) the number of data sets marked in accordance with Article 14(1);

(g) the number of hits for persons referred to in Article 14(1).

ê 2725/2000/EC

ð new

At the end of each year, statistical data shall be established in the form of a compilation of the ð monthly ï quarterly statistics drawn up since the beginning of Eurodac's activities ð for that year ï, including an indication of the number of persons for whom hits have been recorded under (b), (c) and (d).

The statistics shall contain a breakdown of data for each Member State.

4. Pursuant to the procedure laid down in Article 23(2), the Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data processed at the Central Unit.

ê 2725/2000/EC (adapted)

ð new

CHAPTER II

APPLICANTS FOR ASYLUM Ö INTERNATIONAL PROTECTION Õ

Article 6 4

Collection, transmission and comparison of fingerprints

1. Each Member State shall promptly ð after the lodging of an application as defined by Article 20(2) of the Dublin Regulation ï take the fingerprints of all fingers of every applicant for asylum ð international protection ï of at least 14 years of age and shall promptly ð no later than within 48 hours after the lodging of that application ï transmit Ö them together with Õ the data referred to in points (a) (b) to (f) (g) of Article 5(1) 7 to the Central Unit ð System ï.

(2) The data referred to in Article 5(1) shall be immediately recorded in the central database by the Central Unit, or, provided that the technical conditions for such purposes are met, directly by the Member State of origin.

ò new

2. By way of derogation from paragraph 1, when an applicant for international protection arrives in the responsible Member State following a transfer pursuant to the Dublin Regulation, the responsible Member State shall only transmit a transaction indicating the fact of the successful transfer regarding the relevant data recorded in the Central System pursuant to Article 6, in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This information shall be stored in accordance with Article 8 for the purpose of transmission under Article 6(5).

ê 2725/2000/EC (adapted)

ð new

3. Fingerprint data within the meaning of point (b) (a) of Article 5(1) 7, transmitted by any Member State, shall be compared ð automatically ï with the fingerprint data transmitted by other Member States and already stored in the Ccentral database ð System ï.

4. The Central Unit ð System ï shall ensure, on the request of a Member State, that the comparison referred to in paragraph 3 covers the fingerprint data previously transmitted by that Member State, in addition to the data from other Member States.

5. The Central Unit ð System ï shall forthwith ð automatically ï transmit the hit or the negative result of the comparison to the Member State of origin. Where there is a hit, it shall transmit for all data sets corresponding to the hit, the data referred to in Article 5(1) 7(a) to (f), although in the case of the data referred to in Article 5(1)(b), only insofar as they were the basis for the hit ð along with, where appropriate, the mark referred to in Article 14(1) ï.

Direct transmission to the Member State of origin of the result of the comparison shall be permissible where the technical conditions for such purpose are met.

7. The implementing rules setting out the procedures necessary for the application of paragraphs 1 to 6 shall be adopted in accordance with the procedure laid down in Article 22(1).

Article 75

Recording of data

1. Only the following data shall be recorded in the cCentral database ð System ï :

(ab) fingerprint data;

(ba) Member State of origin, place and date of the application for asylum ð international protection ï;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit ð System ï;

(g) date on which the data were entered in the central database ;

ò new

(g) operator user ID.

ê 2725/2000/EC

ð new

(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.

Article 8 6

Data storage

Each set of data, as referred to in Article 5(1) 7, shall be stored in the Ccentral ð System ï database for ten years from the date on which the fingerprints were taken.

Upon expiry of this period, the Central Unit ð System ï shall automatically erase the data from the Ccentral database ð System ï.

Article 9 7

Advance data erasure

1. Data relating to a person who has acquired citizenship of any Member State before expiry of the period referred to in Article 6 8 shall be erased from the Central Unit ð System ï, in accordance with Article 15(3) 20(3) as soon as the Member State of origin becomes aware that the person has acquired such citizenship.

ò new

2. The Central System shall inform all Member States of origin about the deletion of data by another Member State of origin having produced a hit with data it transmitted relating to persons referred to in Article 6 or Article 10.

ê 2725/2000/EC (adapted)

ð new

CHAPTER III

ALIENS Ö THIRD COUNTRY NATIONALS OR STATELESS PERSONS Õ APPREHENDED IN CONNECTION WITH THE IRREGULAR CROSSING OF AN EXTERNAL BORDER

Article 10 8

Collection and transmission of fingerprint data

1. Each Member State shall, in accordance with the safeguards laid down in the European Convention on Human Rights and in the United Nations Convention on the Rights of the Child promptly take the fingerprints of all fingers of every alien Ö third country national or stateless person Õ of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back.

2. The Member State concerned shall promptly ð no later than 48 hours from the date of apprehension ï transmit to the Central Unit ð System ï the following data in relation to any alien Ö third country national or stateless person Õ, as referred to in paragraph 1, who is not turned back:

(ab) fingerprint data;

(ba) Member State of origin, place and date of the apprehension ;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit ð System ï;

ò new

(g) operator user ID.

ê 2725/2000/EC (adapted)

ð new

Article 11 9

Recording of data

1. The data referred to in Article 5(1)(g) and in Article 8(2) 10(2) shall be recorded in the central database ð Central System ï.

Without prejudice to Article 3(3)5, data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 10(2) shall be recorded for the sole purpose of comparison with data on applicants for asylum ð international protection ï transmitted subsequently to the Central Unit ð System ï.

The Central Unit ð System ï shall not compare data transmitted to it pursuant to Article 8(2) 10(2) with any data previously recorded in the central database ð Central System ï, nor with data subsequently transmitted to the Central Unit ð System ï pursuant to Article 8(2) 10(2).

2. The procedures provided for in Article 4(1), second sentence, Article 4(2) and Article 5(2) as well as the provisions laid down pursuant to Article 4(7) shall apply. As regards the comparison of data on applicants for asylum ð international protection ï subsequently transmitted to the Central Unit ð System ï with the data referred to in paragraph 1, the procedures provided for in Article 4(3), (5) and (6) 6(3) and (5) shall apply.

Article 12 10

Storage of data

1. Each set of data relating to an alien Ö third country national or stateless person Õ as referred to in Article 8(1) 10(1) shall be stored in the central database ð Central System ï for ð one year ï two years from the date on which the fingerprints of the alien Ö third country national or stateless person Õ were taken. Upon expiry of this period, the Central Unit ð System ï shall automatically erase the data from the central database ð Central System ï.

2. The data relating to an alien Ö third country national or stateless person Õ as referred to in Article 8(1) 10(1) shall be erased from the central database ð Central System ï in accordance with Article 15(3) 21(3) immediately, if the Member State of origin becomes aware of one of the following circumstances before the two ð one ï-year period mentioned in paragraph 1 has expired:

(a) the alien Ö third country national or stateless person Õ has been issued with a residence permit;

(b) the alien Ö third country national or stateless person Õ has left the territory of the Member States;

(c) the alien Ö third country national or stateless person Õ has acquired the citizenship of any Member State.

ò new

3. The Central System shall inform all Member States of origin about the deletion of data for the reason specified in paragraph 2(a) and (b) by another Member State of origin having produced a hit with data it transmitted relating to persons referred to in Article 10.

4. The Central System shall inform all Member States of origin about the deletion of data for the reason specified in paragraph 2(c) by another Member State of origin having produced a hit with data it transmitted relating to persons referred to in Article 6 or Article 10.

ê 2725/2000/EC (adapted)

ð new

CHAPTER IV

ALIENS Ö THIRD COUNTRY NATIONALS OR STATELESS PERSONS Õ FOUND ILLEGALLY PRESENT IN A MEMBER STATE

Article 13 11

Comparison of fingerprint data

1. With a view to checking whether an alien Ö third country national or a stateless person Õ found illegally present within its territory has previously lodged an application for asylum ð international protection ï in another Member State, each Member State may transmit to the Central Unit ð System ï any fingerprint data relating to fingerprints which it may have taken of any such alien Ö third country national or stateless person Õ of at least 14 years of age together with the reference number used by that Member State.

As a general rule there are grounds for checking whether the alien Ö third country national or stateless person Õ has previously lodged an application for ð asylum ï ð international protection ï in another Member State where:

(a) the alien Ö third country national or stateless person Õ declares that he/she has lodged an application for asylum ð international protection ï but without indicating the Member State in which he/she made the application;

(b) the alien Ö third country national or stateless person Õ does not request asylum ð international protection ï but objects to being returned to his/her country of origin by claiming that he/she would be in danger, or

(c) the alien Ö third country national or stateless person Õ otherwise seeks to prevent his/her removal by refusing to cooperate in establishing his/her identity, in particular by showing no, or false, identity papers.

2. Where Member States take part in the procedure referred to in paragraph 1, they shall transmit to the Central Unit ð System ï the fingerprint data relating to all or at least the index fingers, and, if those are missing, the prints of all other fingers, of aliens Ö third country nationals or stateless persons Õ referred to in paragraph 1.

3. The fingerprint data of an alien Ö third country national or a stateless person Õ as referred to in paragraph 1 shall be transmitted to the Central Unit ð System ï solely for the purpose of comparison with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States and already recorded in the central database ð Central System ï.

The fingerprint data of such an alien Ö third country national or a stateless person Õ shall not be recorded in the central database ð Central System ï, nor shall they be compared with the data transmitted to the Central Unit ð System ï pursuant to Article 8(2) 10(2).

4. As regards the comparison of fingerprint data transmitted under this Article with the fingerprint data of applicants for asylum ð international protection ï transmitted by other Member States which have already been stored in the Central Unit ð System ï, the procedures provided for in Article 4(3) (5) and (6) 6(3) and (5) as well as the provisions laid down pursuant to Article 4(7) shall apply.

5. Once the results of the comparison have been transmitted to the Member State of origin, the Central Unit shall forthwith:

(a) erase the fingerprint data and other data transmitted to it under paragraph 1; and

(b) destroy the media used by the Member State of origin for transmitting the data to the Central Unit, unless the Member State of origin has requested their return.

CHAPTER V

RECOGNISED REFUGEESÖ PERSONS GRANTED INTERNATIONAL PROTECTION Õ

Article 12

Blocking of data

1. Data relating to an applicant for asylum which have been recorded pursuant to Article 4(2) shall be blocked in the central database if that person is recognised and admitted as a refugee in a Member State. Such blocking shall be carried out by the Central Unit on the instructions of the Member State of origin.

As long as a decision pursuant to paragraph 2 has not been adopted, hits concerning persons who have been recognised and admitted as refugees in a Member State shall not be transmitted. The Central Unit shall return a negative result to the requesting Member State.

2. Five years after Eurodac starts operations, and on the basis of reliable statistics compiled by the Central Unit on persons who have lodged an application for asylum in a Member State after having been recognised and admitted as refugees in another Member State, a decision shall be taken in accordance with the relevant provisions of the Treaty, as to whether the data relating to persons who have been recognised and admitted as refugees in a Member State should:

(a) be stored in accordance with Article 6 for the purpose of the comparison provided for in Article 4(3); or

(b) be erased in advance once a person has been recognised and admitted as a refugee.

3. In the case referred to in paragraph 2(a), the data blocked pursuant to paragraph 1 shall be unblocked and the procedure referred to in paragraph 1 shall no longer apply.

4. In the case referred to in paragraph 2(b):

(a) data which have been blocked in accordance with paragraph 1 shall be erased immediately by the Central Unit; and

(b) data relating to persons who are subsequently recognised and admitted as refugees shall be erased in accordance with Article 15(3), as soon as the Member State of origin becomes aware that the person has been recognised and admitted as a refugee in a Member State.

5. The implementing rules concerning the procedure for the blocking of data referred to in paragraph 1 and the compilation of statistics referred to in paragraph 2 shall be adopted in accordance with the procedure laid down in Article 22(1).

ò new

Article 14

Marking of data

1. The Member State of origin which granted international protection to an applicant for international protection whose data were previously recorded pursuant to Article 6 in the Central System shall mark the relevant data in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This mark shall be stored in the Central System in accordance with Article 8 for the purpose of transmission under Article 6(5).

2. The Member State of origin shall unmark data concerning a third country national or stateless person whose data were previously marked in accordance with paragraph 1 if his or her status is revoked or ended or renewal of his status is refused under Article 14 or 19 of Council Directive 2004/83/EC.

ê 2725/2000/EC (adapted)

ð new

CHAPTER VI

DATA USE, DATA PROTECTION AND LIABILITY

Article 15 13

Responsibility for data use

1. The Member State of origin shall be responsible for ensuring that:

(a) fingerprints are taken lawfully;

(b) fingerprint data and the other data referred to in Article 5(1) 7, Article 8(2) 10(2) and Article 11(2) 13(2) are lawfully transmitted to the Central Unit ð System ï;

(c) data are accurate and up-to-date when they are transmitted to the Central Unit ð System ï;

(d) without prejudice to the responsibilities of the Commission, data in the central database ð Central System ï are lawfully recorded, stored, corrected and erased;

(e) the results of fingerprint data comparisons transmitted by the Central Unit ð System ï are lawfully used.

2. In accordance with Article 1419, the Member State of origin shall ensure the security of the data referred to in paragraph 1 before and during transmission to the Central Unit ð System ï as well as the security of the data it receives from the Central Unit ð System ï.

3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6) 17(4).

4. The Commission shall ensure that the Central Unit ð System ï is operated in accordance with the provisions of this Regulation and its implementing rules. In particular, the Commission shall:

(a) adopt measures ensuring that persons working ð with ï in the Central Unit ð System ï use the data recorded Ö therein Õ in the central database only in accordance with the purpose of EurodacEURODAC as laid down in Article 1(1);

(b) ensure that persons working in the Central System comply with all requests from Member States made pursuant to this Regulation in relation to recording, comparison, correction and erasure of data for which they are responsible;

(b) (c) take the necessary measures to ensure the security of the Central Unit ð System ï in accordance with Article 14 19;

(c) (d) ensure that only persons authorised to work ð with ï in the Central Unit ð System ï have access Ö thereto Õ to data recorded in the central database, without prejudice to Article 20 and the powers of the independent supervisory body which will be established under Article 286(2) of the Treaty Ö the competences of the European Data Protection Supervisor Õ.

The Commission shall inform the European Parliament and the Council of the measures it takes pursuant to the first subparagraph.

ê 407/2002/EC Article 2 (adapted)

ð new

Article 162

Transmission

1. Fingerprints shall be digitally processed and transmitted in the data format referred to in Annex I. As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical requirements for transmission of the data format by Member States to the Central Unit ð System ï and vice versa. The Central Unit Ö Management Authority Õ shall ensure that the fingerprint data transmitted by the Member States can be compared by the computerised fingerprint recognition system.

2. Member States should transmit the data referred to in Article 5(1) 7, Article 10(2) and Article 13(2) of the Eurodac Regulation electronically. ð The data referred to in Article 7 and Article 10(2) shall be automatically recorded in the Central System. ï As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical requirements to ensure that data can be properly electronically transmitted from the Member States to the Central Unit ð System ï and vice versa. Transmission of data in paper form using the form set out in Annex II or by other means of data support (diskettes, CD-ROM or other means of data support which may be developed and generally used in future) should be limited to situations in which there are continuous technical problems.

3. The reference number referred to in Article 5(1)(d) 7(d) and Article 10(2)(d) of the Eurodac Regulation shall make it possible to relate data unambiguously to one particular person and to the Member State which is transmitting the data. In addition, it shall make it possible to tell whether such data relate to an asylum seeker or a person referred to in Article 8 or Article 11 of the Eurodac Regulation6, Article 10 or Article 13.

4. The reference number shall begin with the identification letter or letters by which, in accordance with the norm referred to in Annex I, the Member State transmitting the data is identified. The identification letter or letters shall be followed by the identification of the category of person. "1" refers to data relating to asylum seekers Ö persons referred to in Article 6 Õ, "2" to persons referred to in Article 8 10 of the Eurodac Regulation and "3" to persons referred to in Article 11 13 of the Eurodac Regulation.

5. The Central Unit Ö Management Authority Õ shall establish the technical procedures necessary for Member States to ensure receipt of unambiguous data by the Central Unit ð System ï.

4.6. The Central Unit ð System ï shall confirm receipt of the transmitted data as soon as possible. To this end the Central Unit Ö Management Authority Õ shall establish the necessary technical requirements to ensure that Member States receive the confirmation receipt if requested.

ê 407/2002/EC Article 3

ð new

Article 173

Carrying out comparisons and transmitting results

1. Member States shall ensure the transmission of fingerprint data in an appropriate quality for the purpose of comparison by means of the computerised fingerprint recognition system. As far as it is necessary to ensure that the results of the comparison by the Central Unit ð System ï reach a very high level of accuracy, the Central Unit ð Management Authority ï shall define the appropriate quality of transmitted fingerprint data. The Central Unit ð System ï shall, as soon as possible, check the quality of the fingerprint data transmitted. If fingerprint data do not lend themselves to comparison using the computerised fingerprint recognition system, the Central Unit ð System ï shall, as soon as possible, request the Member State to transmit fingerprint data of the appropriate quality.

2. The Central Unit ð System ï shall carry out comparisons in the order of arrival of requests. Each request must be dealt with within 24 hours. In the case of data which are transmitted electronically, a Member State may for reasons connected with national law require particularly urgent comparisons to be carried out within one hour. Where these times cannot be respected owing to circumstances which are outside the Central Unit ð Management Authority's ï responsibility, the Central Unit ð System ï shall process the request as a matter of priority as soon as those circumstances no longer prevail. In such cases, as far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Management Authority ï shall establish criteria to ensure the priority handling of requests.

3. As far as it is necessary for the efficient operation of the Central Unit ð System ï , the Central Unit ð Management Authority ï shall establish the operational procedures for the processing of the data received and for transmitting the result of the comparison.

ê 2725/2000/EC Article 4(6) (adapted)

ð new

4. The results of the comparison shall be immediately checked in the Member State of origin. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 1532 of the Dublin Convention Ö Regulation Õ.

Information received from the Central Unit ð System ï relating to other data found to be unreliable shall be erased or destroyed as soon as the unreliability of the data is established.

ò new

5. Where final identification in accordance with paragraph 4 reveal that the result of the comparison received from the Central System is inaccurate, Member States shall communicate this fact to the Commission and to the Management Authority.

6. The Member State which assumes responsibility in accordance with Article 17 of the Dublin Regulation shall transmit a transaction indicating this fact regarding the relevant data recorded in the Central System pursuant to Article 6 of this Regulation, in conformity with the requirements for electronic communication with the Central System established by the Management Authority. This information shall be stored in accordance with Article 8 for the purpose of transmission under Article 6(5).

ê 407/2002/EC (adapted)

ð new

Article 184

Communication between Member States and the Central Unit ð System ï

Data transmitted from the Member States to the Central Unit ð System ï and vice versa shall use IDA generic services referred to in Decision No 1719/1999/EC of the European Parliament and of the Council of 12 July 1999 on a series of guidelines, including the identification of projects of common interest, for trans-European networks for the electronic interchange of data between administrations (IDA) ð the Communication Infrastructure to be provided by the Management Authority ï. As far as it is necessary for the efficient operation of the Central Unit ð System ï, the Central Unit Ö Management Authority Õ shall establish the technical procedures necessary for the use of IDA generic services ð the Communication Infrastructure ï.

ê 2725/2000/EC

Article 19

Joint supervisory authority

1. An independent joint supervisory authority shall be set up, consisting of a maximum of two representatives from the supervisory authorities of each Member State. Each delegation shall have one vote.

2. The joint supervisory authority shall have the task of monitoring the activities of the Central Unit to ensure that the rights of data subjects are not violated by the processing or use of the data held by the Central Unit. In addition, it shall monitor the lawfulness of the transmission of personal data to the Member States by the Central Unit.

3. The joint supervisory authority shall be responsible for the examination of implementation problems in connection with the operation of Eurodac, for the examination of possible difficulties during checks by the national supervisory authorities and for drawing up recommendations for common solutions to existing problems.

4. In the performance of its duties, the joint supervisory authority shall, if necessary, be actively supported by the national supervisory authorities.

5. The joint supervisory authority shall have access to advice from persons with sufficient knowledge of fingerprint data.

6. The Commission shall assist the joint supervisory authority in the performance of its tasks. In particular, it shall supply information requested by the joint supervisory body, give it access to all documents and paper files as well as access to the data stored in the system and allow it access to all its premises, at all times.

7. The joint supervisory authority shall unanimously adopt its rules of procedure. It shall be assisted by a secretariat, the tasks of which shall be defined in the rules of procedure.

8. Reports drawn up by the joint supervisory authority shall be made public and shall be forwarded to the bodies to which the national supervisory authorities submit their reports, as well as to the European Parliament, the Council and the Commission for information. In addition, the joint supervisory authority may submit comments or proposals for improvement regarding its remit to the European Parliament, the Council and the Commission at any time.

9. In the performance of their duties, the members of the joint supervisory authority shall not receive instructions from any government or body.

10. The joint supervisory authority shall be consulted on that part of the draft operating budget of the Eurodac Central Unit which concerns it. Its opinion shall be annexed to the draft budget in question.

11. The joint supervisory authority shall be disbanded upon the establishment of the independent supervisory body referred to in Article 286(2) of the Treaty. The independent supervisory body shall replace the joint supervisory authority and shall exercise all the powers conferred on it by virtue of the act under which that body is established.

Article 14

Security

1. The Member State of origin shall take the necessary measures to:

(a) prevent any unauthorised person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac (checks at the entrance to the installation);

(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorised persons (control of data media);

(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac, when and by whom (control of data recording);

(d) prevent the unauthorised recording of data in Eurodac and any unauthorised modification or erasure of data recorded in Eurodac (control of data entry);

(e) guarantee that, in using Eurodac, authorised persons have access only to data which are within their competence (control of access);

(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment (control of transmission);

(g) prevent the unauthorised reading, copying, modification or erasure of data during both the direct transmission of data to or from the central database and the transport of data media to or from the Central Unit (control of transport).

2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the measures mentioned under paragraph 1.

ò new

Article 19

Data security

1. The Member State responsible shall ensure the security of the data before and during transmission to the Central System. Each Member State shall ensure the security of the data which it receives from the Central System.

2. Each Member State shall, in relation to its national system, adopt the necessary measures, including a security plan, in order to:

(a) physically protect data, including by making contingency plans for the protection of critical infrastructure;

(b) deny unauthorised persons access to national installations in which the Member State carries out operations in accordance with the purpose of EURODAC (checks at entrance to the installation);

(c) prevent the unauthorised reading, copying, modification or removal of data media (data media control);

(d) prevent the unauthorised input of data and the unauthorised inspection, modification or deletion of stored personal data (storage control);

(e) prevent the unauthorised processing of data in EURODAC and any unauthorised modification or deletion of data processed in EURODAC (control of data entry);

(f) ensure that persons authorised to access EURODAC have access only to the data covered by their access authorisation, by means of individual and unique user identities and confidential access modes only (data access control);

(g) ensure that all authorities with a right of access to EURODAC create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and search the data and make these profiles available to the National Supervisory Authorities referred to in Article 24 without delay at their request (personnel profiles);

(h) ensure that it is possible to verify and establish to which bodies personal data may be transmitted using data communication equipment (communication control);

(i) ensure that it is possible to verify and establish what data have been processed in EURODAC, when, by whom and for what purpose (control of data recording);

(j) prevent the unauthorised reading, copying, modification or deletion of personal data during the transmission of personal data to or from EURODAC or during the transport of data media, in particular by means of appropriate encryption techniques (transport control);

(k) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this Regulation (self-auditing).

3. The Management Authority shall take the necessary measures in order to achieve the objectives set out in paragraph 2 as regards the operation of EURODAC, including the adoption of a security plan.

ê 2725/2000/EC (adapted)

ð new

Article 20 15

Access to, and correction or erasure of, data recorded in EurodacEURODAC

1. The Member State of origin shall have access to data which it has transmitted and which are recorded in the central database ð Central System ï in accordance with the provisions of this Regulation.

No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5) 6(5).

2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database ð Central System ï shall be those designated by each Member State ð for the purpose of Article 1(1). This designation shall specify the exact unit responsible for carrying out tasks related to the application of this Regulation. ï Each Member State shall without delay communicate to the Commission ð and the Management Authority ï a list of those authorities ð and any amendments thereto. The Management Authority shall publish the consolidated list in the Official Journal of the European Union. Where there are amendments thereto, the Management Authority shall publish once a year an updated consolidated list. ï

3. Only the Member State of origin shall have the right to amend the data which it has transmitted to the Central Unit ð System ï by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in pursuance of Article 6, Article 10(1) or Article 12(4)(a) 8 or Article 12(1).

Where the Member State of origin records data directly in the central database, it may amend or erase the data directly.

Where the Member State of origin does not record data directly in the central database, the Central Unit shall amend or erase the data at the request of that Member State.

4. If a Member State or the Central Unit ð Management Authority ï has evidence to suggest that data recorded in the central database ð Central System ï are factually inaccurate, it shall advise the Member State of origin as soon as possible.

If a Member State has evidence to suggest that data were recorded in the central database ð Central System ï contrary to this Regulation, it shall similarly advise Ö the Commission and Õ the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase them without delay.

5. The Central Unit ð Management Authority ï shall not transfer or make available to the authorities of any third country data recorded in the central database ð Central System ï, unless it is specifically authorised to do so in the framework of a Community agreement on the criteria and mechanisms for determining the State responsible for examining an application for asylum ð international protection ï.

Article 21

Implementing rules

1. The Council shall adopt, acting by the majority laid down in Article 205(2) of the Treaty, the implementing provisions necessary for

- laying down the procedure referred to in Article 4(7),

- laying down the procedure for the blocking of the data referred to in Article 12(1),

- drawing up the statistics referred to in Article 12(2).

In cases where these implementing provisions have implications for the operational expenses to be borne by the Member States, the Council shall act unanimously.

2. The measures referred to in Article 3(4) shall be adopted in accordance with the procedure referred to in Article 23(2).

Article 21 16

Keeping of records by the Central Unit

1. The Central Unit ð Management Authority ï shall keep records of all data processing operations within the Central Unit ð System ï. These records shall show the purpose of access, the date and time, the data transmitted, the data used for interrogation and the name of both the unit putting Ö entering Õ in or retrieving the data and the persons responsible.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security pursuant to Article 14 19. The records must be protected by appropriate measures against unauthorised access and erased after a period of one year ð after the retention period referred to in Article 8 and in Article 12(1) has expired ï, if they are not required for monitoring procedures which have already begun.

ò new

3. Each Member State shall take the necessary measures in order to achieve the objectives set out in paragraph 1 and 2 in relation to its national system. In addition, each Member State shall keep records of the staff duly authorised to enter or retrieve the data.

ê 2725/2000/EC (adapted)

ð new

Article 22

Committee

1. The Commission shall be assisted by a committee.

2. In the cases where reference is made to this paragraph, Articles 5 and 7 of Decision 1999/468/EC shall apply.

The period laid down in Article 5(6) of Decision 1999/468/EC shall be set at three months.

3. The committee shall adopt its rules of procedure.

Article 22 17

Liability

1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with the provisions laid down in this Regulation shall be entitled to receive compensation from the Member State responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the central database ð Central System ï, that Member State shall be held liable for such damage, unless and insofar as the Commission Ö Management Authority or another Member State Õ failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 23 18

Rights of the data subject

1. A person covered by this Regulation shall be informed by the Member State of origin ð in writing, and where appropriate, orally, in a language which he or she is reasonably supposed to understand ï of the following:

(a) the identity of the controller and of his representative, if any;

(b) regarding the purpose for which the Ö his or her Õ data will be processed within EurodacEURODAC ð including a description of the aims of the Dublin Regulation, in accordance with Article 4 of that Regulation ï;

(c) the recipients of the data;

(d) in relation to a person covered by Article 4 6 or Article 8 10, the obligation to have his/her fingerprints taken;

(e) the existence of the right of access to, and the right to rectify, the data concerning him/herÖ relating to them, and the right to request that inaccurate data relating to them be corrected Õ ð or that unlawfully processed data relating to them be deleted, including the right to receive information on the procedures for exercising those rights and the contact details of the National Supervisory Authorities referred to in Article 25(1), which shall hear claims concerning the protection of personal data ï.

In relation to a person covered by Article 4 6 or Article 8 10, the information referred to in the first subparagraph shall be provided when his/her fingerprints are taken.

In relation to a person covered by Article 11 13, the information referred to in the first subparagraph shall be provided no later than the time when the data relating to the person are transmitted to the Central Unit ð System ï. This obligation shall not apply where the provision of such information proves impossible or would involve a disproportionate effort.

ò new

Where the applicant for international protection is a minor, Member States shall provide the information in an age-appropriate manner.

ê 2725/2000/EC

ð new

2. In each Member State any data subject may, in accordance with the laws, regulations and procedures of that State, exercise the rights provided for in Article 12 of Directive 95/46/EC.

Without prejudice to the obligation to provide other information in accordance with point (a) of Article 12 of Directive 95/46/EC, the data subject shall have the right to obtain communication of the data relating to him/her recorded in the central database ð Central System ï and of the Member State which transmitted them to the Central Unit ð System ï. Such access to data may be granted only by a Member State.

3. In each Member State, any person may request that data which are factually inaccurate be corrected or that data recorded unlawfully be erased. The correction and erasure shall be carried out without excessive delay by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.

4. If the rights of correction and erasure are exercised in a Member State, other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State, or States, in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database ð Central System ï.

5. If it emerges that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 15(3) 20(3). That Member State shall confirm in writing to the data subject without excessive delay that it has taken action to correct or erase data relating to him/her.

6. If the Member State which transmitted the data does not agree that data recorded in the central database ð Central System ï are factually inaccurate or have been recorded unlawfully, it shall explain in writing to the data subject without excessive delay why it is not prepared to correct or erase the data.

That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information on how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to permit the exercise of the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.

8. The competent authorities of the Member States shall cooperate actively to enforce promptly the rights laid down in paragraphs 3, 4 and 5.

ò new

9. Whenever a person requests data relating to him or her in accordance with paragraph 1, the competent authority shall keep a record in the form a written document that such a request was made, and shall make this document available to the National Supervisory Authorities referred to in Article 25 without delay, upon their request.

ê 2725/2000/EC (adapted)

ð new

9. 10. In each Member State, the national supervisory authority shall assist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.

10. 11. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the data subject is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both national supervisory authorities shall cooperate to this end. Requests for such assistance may be made to the national supervisory authority of the Member State in which the data subject is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up by Article 20.

11. 12. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.

12. 13. Any person may, in accordance with the laws, regulations and procedures of the Member State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database ð Central System ï, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the data subject, in accordance with paragraph 10 11 , shall subsist throughout the proceedings.

Article 24 19

Ö Supervision by the Õ National Ssupervisory Aauthority

1. Each Member State shall provide that the national supervisory authority or authorities designated pursuant to Article 28(1) of Directive 95/46/EC shall monitor independently, in accordance with its respective national law, the lawfulness of the processing, in accordance with this Regulation, of personal data by the Member State in question, including their transmission to the Central Unit ð System ï.

2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.

ò new

Article 25

Supervision by the European Data Protection Supervisor

1. The European Data Protection Supervisor shall check that the personal data processing activities of the Management Authority are carried out in accordance with this Regulation. The duties and powers referred to in Articles 46 and 47 of Regulation (EC) No 45/2001 shall apply accordingly.

2. The European Data Protection Supervisor shall ensure that an audit of the Management Authority's personal data processing activities is carried out in accordance with international auditing standards at least every four years. A report of such audit shall be sent to the European Parliament, the Council, the Management Authority, the Commission and the National Supervisory Authorities. The Management Authority shall be given an opportunity to make comments before the report is adopted.

Article 26

Cooperation between National Supervisory Authorities and the European Data Protection Supervisor

1. The National Supervisory Authorities and the European Data Protection Supervisor, each acting within the scope of its respective competences, shall cooperate actively in the framework of their responsibilities and shall ensure coordinated supervision of EURODAC.

2. They shall, each acting within the scope of its respective competences, exchange relevant information, assist each other in carrying out audits and inspections, examine difficulties of interpretation or application of this Regulation, study problems with the exercise of independent supervision or in the exercise of the rights of data subjects, draw up harmonised proposals for joint solutions to any problems and promote awareness of data protection rights, as necessary.

3. The National Supervisory Authorities and the European Data Protection Supervisor shall meet for that purpose at least twice a year. The costs and servicing of these meetings shall be for the account of the European Data Protection Supervisor. Rules of procedure shall be adopted at the first meeting. Further working methods shall be developed jointly as necessary. A joint report of activities shall be sent to the European Parliament, the Council, the Commission and the Management Authority every two years.

ê 2725/2000/EC (adapted)

ð new

CHAPTER VII

FINAL PROVISIONS

Article 27 21

Costs

1. The costs incurred in connection with the establishment and operation of the Central Unit ð Central System and the Communication Infrastructure ï shall be borne by the general budget of the European Union.

2. The costs incurred by national units and the costs for their connection to the central database ð Central System ï shall be borne by each Member State.

3. The costs of transmission of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.

Article 28 24

Annual report:, mMonitoring and evaluation

1. The Commission ð Management Authority ï shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit ð System ï. The annual report shall include information on the management and performance of EurodacEURODAC against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. The Commission ð Management Authority ï shall ensure that Ö procedures Õ systems are in place to monitor the functioning of the Central Unit ð System ï against objectives Ö relating to Õ in terms of outputs, cost-effectiveness and quality of service.

3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively and with a view to providing guidelines for improving the efficiency of future operations.

4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.

ò new

3. For the purposes of technical maintenance, reporting and statistics, the Management Authority shall have access to the necessary information relating to the processing operations performed in the Central System.

4. Every two years, the Management Authority shall submit to the European Parliament, the Council and the Commission a report on the technical functioning of the Central System, including the security thereof.

ê 2725/2000/EC

ð new

5. Three years after Eurodac starts operations ð the start of application of this Regulation as provided for in Article 33(2) ï and every six ð four ï years thereafter, the Commission shall produce an overall evaluation of EurodacEURODAC, examining results achieved against objectives and assessing the continuing validity of the underlying rationale, ð the application of this Regulation in respect of the Central System, the security of the Central System , ï and any implications for future operations. ð The Commission shall transmit the evaluation to the European Parliament and the Council. ï

ò new

6. Member States shall provide the Management Authority and the Commission with the information necessary to draft the reports referred to in paragraph 4 and 5.

7. The Management Authority shall provide the Commission with the information necessary to produce the overall evaluations referred to in paragraph 5.

ê 2725/2000/EC (adapted)

ð new

Article 29 25

Penalties

Member States shall Ö take the necessary measures to Õ ensure that Ö any Õ use of data recorded Ö entered Õ in the central database ð Central System ï contrary to the purpose of EurodacEURODAC as laid down in Article 1(1) shall be subject to appropriate penalties Ö is punishable by penalties, including administrative and/or criminal penalties in accordance with national law, that are effective, proportionate and dissuasive Õ.

Article 30 26

Territorial scope

The provisions of this Regulation shall not be applicable to any territory to which theDublin Convention Ö Regulation Õ does not apply.

ò new

Article 31

Transitional provision

Data blocked in the Central System in accordance with Article 12 of Council Regulation (EC) No 2725/2000/EC shall be unblocked and marked in accordance with Article 14(1) of this Regulation on the date provided for in Article 33(2).

ê

Article 32

Repeal

Council Regulation (EC) No 2725/2000 of 11 December 2000 concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of the Dublin Convention and Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention are repealed with effect from the date provided for in Article 33(2).

References to the repealed Regulations shall be read in accordance with the correlation table in Annex II.

ê 2725/2000/EC Article 27 (adapted)

ð new

Article 33 27

Entry into force and applicability

1. This Regulation shall enter into force on the Ö twentieth Õ day Ö following that Õ of its publication in the Official Journal of the European Communities Ö Union Õ.

2. This Regulation shall apply, and Eurodac shall start operations, from the date which the Commission shall publish in the Official Journal of the European Communities Ö Union Õ, when the following conditions are met:

(a) each Member State has notified the Commission that it has made the necessary technical arrangements to transmit data to the Central Unit ð System ï in accordance with Ö this Regulation Õ the implementing rules adopted under Article 4(7) and to comply with the implementing rules adopted under Article 12(5); and

(b) the Commission has made the necessary technical arrangements for the Central Unit ð System ï to begin operations in accordance with Ö this Regulation Õ the implementing rules adopted under Article 4(7) and Article 12(5).

ò new

3. Member States shall notify the Commission as soon as the arrangements referred to in paragraph 2(a) have been made, and in any event no later than 12 months from the date of the entry into force of this Regulation.

ê 2725/2000/EC

4. This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community.

Done at Brussels, […]

For the European Parliament For the Council

The President The President […] […]

ê 407/2002/EC

ð new

Annex I

Data format for the exchange of fingerprint data

The following format is prescribed for the exchange of fingerprint data:

ANSI/NIST - CSL 1 1993 ð ANSI/NIST-ITL 1a-1997, Ver.3, June 2001 (INT-1) ï and any future further developments of this standard.

Norm for Member State identification letters

The following ISO norm will apply: ISO 3166 - 2 letters code.

Annex II

[pic]

é

ANNEX II Repealed Regulations (referred to in Article 32)

Council Regulation (EC) No 2725/2000/EC Council Regulation (EC) No 407/2002/EC | (OJ L 316, 15.12.2000, p. 1.) (OJ L 062, 05.03.2002 p. 1.) |

ANNEX III Correlation table

Regulation 2725/2000/EC | This Regulation |

Article 1(1) | Article 1(1) |

Article 1(2), first subparagraph | Article 3(1) |

Article 1(2), second subparagraph | Article 3(4) |

Article 1(3) | Article 1(2) |

Article 3(1) | Article 3(3) |

Article 2 | Article 2 |

Article 3(2) | Article 3(3) |

Article 3(3) | Article 5 |

Article 3(4) | - |

Article 4(1) | Article 6(1) |

Article 4(2) | deleted |

Article 4(3) | Article 6(3) |

Article 4(4) | Article 6(4) |

Article 4(5) | Article 6(5) |

Article 4(6) | Article 17(4) |

Article 5 | Article 7 |

Article 6 | Article 8 |

Article 7 | Article 9 |

Article 8 | Article 10 |

Article 9 | Article 11 |

Article 10 | Article 12 |

Article 11(1)-(4) | Article 13(1)-(4) |

Article 11(5) | - |

Article 12 | - Article 14 |

Article 13 | Article 15 |

Article 14 | - Article 19 |

Article 15 | Article 20 |

Article 16 | Article 21 |

Article 17 | Article 22 |

Article 18 | Article 23 |

Article 19 | Article 24 |

Article 20 | Article 25 |

Article 21 | Article 27 |

Article 22 | - |

Article 24 | Article 27 |

Article 23 | - |

Article 24 | Article 28 |

Article 25 | Article 29 |

Article 26 | Article 30 |

Article 27 | Article 33 |

- | Annex II |

Regulation 407/2002/EC | This Regulation |

Article 2 | Article 16 |

Article 3 | Article 17 |

Article 4 | Article 18 |

Article 5(1) | Article 3(2) |

Annex I | Annex I |

Annex II | - |

ANNEX IV LEGISLATIVE FINANCIAL STATEMENT

1. NAME OF THE PROPOSAL:

Proposal for a Regulation of the European Parliament and the Council concerning the establishment of 'Eurodac' for the comparison of fingerprints for the effective application of Regulation (EC) No […/…].[33]

2. ABM / ABB FRAMEWORK

POLICY AREA: AREA OF FREEDOM, SECURITY AND JUSTICE (TITLE 18)

Activities:

Migration flows — Common immigration and asylum policies (chapter 18.03)

3. BUDGET LINES

3.1. BUDGET LINES (OPERATIONAL LINES AND RELATED TECHNICAL AND ADMINISTRATIVE ASSISTANCE LINES (EX- B.A LINES)) INCLUDING HEADINGS:

Financial framework 2007-2013: Heading 3A

Budget line: 18.03.11 - Eurodac

3.2. Duration of the action and of the financial impact:

It is envisaged that the Regulation will be adopted end of 2010.

3.3. Budgetary characteristics:

Budget line | Type of expenditure | New | EFTA contribution | Contributions from applicant countries | Heading in financial perspective |

18.03.11. | Non-comp | Diff[34] | NO | NO | NO | 3A |

4. SUMMARY OF RESOURCES

4.1. Financial Resources

4.1.1. Summary of commitment appropriations (CA) and payment appropriations (PA)

EUR million (to 3 decimal places)

Expenditure type | Section no. | Year 2010 | 2011 | 2012 | 2013 | n+4 | n + 5 and later | Total |

Operational expenditure[35] |

Commitment Appropriations (CA) | 8.1. | a | 0.000 | 0.115 | 0.000 | 0.000 | 0.115 |

Payment Appropriations (PA) | b | 0.000 | 0.115 | 0.000 | 0.000 | 0.115 |

Administrative expenditure within reference amount[36] |

Technical & administrative assistance (NDA) | 8.2.4. | c | 0.000 | 0.000 | 0.000 | 0.000 | 0.000 |

TOTAL REFERENCE AMOUNT |

Commitment Appropriations | a+c | 0.000 | 0.115 | 0.000 | 0.000 | 0.115 |

Payment Appropriations | b+c | 0.000 | 0.115 | 0.000 | 0.000 | 0.115 |

Administrative expenditure not included in reference amount[37] |

Human resources and associated expenditure (NDA) | 8.2.5. | d | 0.000 | 0.061 | 0.000 | 0.000 | 0.061 |

Administrative costs, other than human resources and associated costs, not included in reference amount (NDA) | 8.2.6. | e | 0.000 | 0.002 | 0.000 | 0.000 | 0.002 |

Total indicative financial cost of intervention |

TOTAL CA including cost of Human Resources | a+c+d+e | 0.000 | 0.178 | 0.000 | 0.000 | 0.178 |

TOTAL PA including cost of Human Resources | b+c+d+e | 0.000 | 0.178 | 0.000 | 0.000 | 0.178 |

Co-financing details

No co-financing is anticipated.

EUR million (to 3 decimal places)

Co-financing body | Year n | n + 1 | n + 2 | n + 3 | n + 4 | n + 5 and later | Total |

…………………… | f |

TOTAL CA including co-financing | a+c+d+e+f |

4.1.2. Compatibility with Financial Programming

X Proposal is compatible with existing financial programming.

( Proposal will entail reprogramming of the relevant heading in the financial perspective.

( Proposal may require application of the provisions of the Interinstitutional Agreement[38] (i.e. flexibility instrument or revision of the financial perspective).

4.1.3. Financial impact on Revenue

X Proposal has no financial implications on revenue

( Proposal has financial impact – the effect on revenue is as follows:

EUR million (to one decimal place)

Prior to action [Year n-1] | Situation following action |

Total number of human resources | 0 | 0.5 | 0 | 0 |

5. CHARACTERISTICS AND OBJECTIVES

5.1. Need to be met in the short or long term

In order to inform Member States of the status of those applicants who have in fact been already granted international protection in a Member State, data on refugees should be deblocked (i.e. made available for searches).

In order to better facilitate the application of the Dublin Regulation, Member States will be required to indicate in EURODAC the fact that they apply the discretionary clauses provided for by that Regulation, ie. assume responsibility for the assessment of the claim of an applicant for whom they would not normally be responsible under the criteria of the Dublin Regulation.

In order to ensure consistency with the asylum acquis, the scope of the Regulation is proposed to be extended to cover subsidiary protection.

In order to ensure consistency with the asylum acquis, the storage period for data on third country nationals or stateless persons fingerprinted in connection with the irregular crossing of an external border is proposed to be aligned with the period until which Article 14(1) of the Dublin Regulation allocates responsibility on the basis of that information (i.e. one year).

5.2. Value-added of Community involvement and coherence of the proposal with other financial instruments and possible synergy

This proposal will provide a solution to the issues flagged for improvement during the five years of operation of the already existing Community database.

5.3. Objectives, expected results and related indicators of the proposal in the context of the ABM framework

The main objectives of the proposal is to improve the efficiency of EURODAC and to better address data protection concerns.

The indicators would be the statistics on the operation of EURODAC, eg. those on missed hits and wrong hits, transmission delays, etc.

5.4. Method of Implementation (indicative)

( Centralised Management

( directly by the Commission

( indirectly by delegation to:

( executive Agencies

( bodies set up by the Communities as referred to in art. 185 of the Financial Regulation

( national public-sector bodies/bodies with public-service mission

( Shared or decentralised management

( with Member states

( with Third countries

( Joint management with international organisations (please specify)

In the future, the operational management of EURODAC could transferred to a Agency responsible for SIS II, VIS and other IT systems in the area of Freedom, Security and Justice. Regarding the setting up of this Agency, a separate proposal will be presented by the Commission, assessing the relevant costs.

6. MONITORING AND EVALUATION

6.1. Monitoring system

Monitoring of the efficiency of the changes introduced by the present proposal is to be performed in the framework of the annual reports on the activities of the EURODAC Central Unit.

Monitoring of data protection issues will be performed by the European Data Protection Supervisor.

6.2. Evaluation

6.2.1. Ex-ante evaluation

The ex-ante evaluation has been included in the impact assessment.

6.2.2. Measures taken following an intermediate/ex-post evaluation (lessons learned from similar experiences in the past)

The Commission published its report on the evaluation of the Dublin system in June 2007, covering the first 3 years of the operation of EURODAC (2003-2005). Whilst acknowledging that the Regulation is applied in a generally satisfactory way, it identified certain issues related to the efficiency of the current legislative provisions and announced the issues which have to be tackled in order to improve EURODAC's support to facilitate the application of the Dublin Regulation.

6.2.3. Terms and frequency of future evaluation

Regular evaluation is proposed to be ensured by the Commission and, after its set-up, also the Management Authority.

7. ANTI-FRAUD MEASURES

In order to combat fraud, corruption and other unlawful activities, the provisions of Regulation (EC) No 1037/1999 shall apply without restriction.

8. DETAILS OF RESOURCES

8.1. Objectives of the proposal in terms of their financial cost

Commitment appropriations in EUR million (to 3 decimal places)

Year 2010 | Year 2011 | Year 2012 | Year 2013 | Year n+4 | Year n+5 |

Officials or temporary staff[41] (XX 01 01) | A*/AD | 0 | 0 | 0.0 | 0.0 |

B*, C*/AST | 0 | 0.5 | 0.0 | 0.0 |

Staff financed[42] by art. XX 01 02 |

Other staff[43] financed by art. XX 01 04/05 |

TOTAL | 0 | 0.5 | 0 | 0 |

8.2.2. Description of tasks deriving from the action

Deal with administrative and financial issues related to the contract with the system provider.

Follow-up the implementation of the changes on the EURODAC IT system.

Follow-up the tests by the Member States.

8.2.3. Sources of human resources (statutory)

( Posts currently allocated to the management of the programme to be replaced or extended

( Posts pre-allocated within the APS/PDB exercise for year n

( Posts to be requested in the next APS/PDB procedure

( Posts to be redeployed using existing resources within the managing service (internal redeployment)

( Posts required for year n although not foreseen in the APS/PDB exercise of the year in question

8.2.4. Other Administrative expenditure included in reference amount (XX 01 04/05 – Expenditure on administrative management)

EUR million (to 3 decimal places)

Budget line (number and heading) | Year n | Year n+1 | Year n+2 | Year n+3 | Year n+4 | Year n+5 and later | TOTAL |

Other technical and administrative assistance |

- intra muros |

- extra muros |

Total Technical and administrative assistance |

8.2.5. Financial cost of human resources and associated costs not included in the reference amount

EUR million (to 3 decimal places)

Type of human resources | Year 2010 | Year 2011 | Year 2012 | Year 2013 | Year n+4 | Year n+5 and later |

Officials and temporary staff (18 01 01) | 0.000 | 0.061 | 0.000 | 0.000 |

Staff financed by Art XX 01 02 (auxiliary, END, contract staff, etc.) (specify budget line) |

Total cost of Human Resources and associated costs (NOT in reference amount) | 0.000 | 0.061 | 0.000 | 0.000 |

Calculation– Officials and Temporary agents financed under art. 18 01 01 01 AD/AST – 122.000 EUR per year x 0.5 persons = 61.000 EUR (2010 -2011) |

8.2.6. Other administrative expenditure not included in reference amount

EUR million (to 3 decimal places)

Year 2010 | Year 2011 | Year 2012 | Year 2013 | Year n+5 | Year n+5 and later | TOTAL |

18 01 02 11 01 – Missions | 0.000 | 0.002 | 0.000 | 0.000 | 0.002 |

XX 01 02 11 02 – Meetings & Conferences |

XX 01 02 11 03 – Committees[45] |

XX 01 02 11 04 – Studies & consultations |

XX 01 02 11 05 - Information systems |

2 Total Other Management Expenditure (XX 01 02 11) |

3 Other expenditure of an administrative nature (specify including reference to budget line) |

Total Administrative expenditure, other than human resources and associated costs (NOT included in reference amount) | 0.000 | 0.002 | 0.000 | 0.000 | 0.002 |

[1] OJ L 316, 15.12.2000, p. 1.

[2] OJ C 254, 19.8.1997, p.1.

[3] OJ L 050, 25.02.2003, p. 1.

[4] Report from the Commission to the European Parliament and the Council on the evaluation of the Dublin system, COM (2007) 299 final {SEC(2007) 742}.

[5] Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of Regions on the 'Policy Plan on Asylum an Integrated Approach to Protection Across the EU' of 17 June 2008, COM (2008) 360.

[6] Proposal for a Regulation of the European Parliament and of the Council establishing the criteria and mechanisms for determining the Member State responsible for examining an application for international protection lodged in one of the Member States by a third-country national or a stateless person COM (2008) 820.

[7] Proposal for a Directive of the European Parliament and of the Council laying down minimum standards for the reception of asylum seekers, COM(2008) 815.

[8] Council Directive 2004/83/EC on minimum standards for the qualification and status of third-country nationals and stateless persons as refugees or as persons who otherwise need international protection, OJ L 304, 30.9.2004, p.12

[9] Council Directive 2005/85/EC on minimum standards on procedures in Member States for granting and withdrawing refugee status, OJ L 326, 13.12.2005, p.13

[10] Council Regulation (EC) No 407/2002 of 28 February 2002 laying down certain rules to implement Regulation (EC) No 2725/2000 concerning the establishment of "Eurodac" for the comparison of fingerprints for the effective application of the Dublin Convention, OJ L 062, 05.03.2002, p. 1 .

[11] COM(2008) 360, SEC(2008) 2029, SEC(2008) 2030.

[12] The Dublin Convention was replaced by Council Regulation (EC) No 343/2003 of 18 February 2003 establishing the criteria and mechanisms for determining the Member State responsible for examining an asylum application lodged in one of the Member States by a third-country national. OJ L 050, 25.02.2003, p. 1.

[13] OJ L 222, 05.09.2003, p. 3.

[14] OJ L 062, 05.03.2002, p. 1.

[15] Regulation (EC) No 1987/2006 of the European Parliament and of the Council of 20 December 2006 on the establishment, operation and use of the second generation Schengen Information System (SIS II), OJ L 381, 28.12.2006, p. 4.

[16] Regulation (EC) No 767/2008 of the European Parliament and of the Council of 9 July 2008 concerning the Visa Information System (VIS) and the exchange of data between Member States on short-stay visas (VIS Regulation), OJ L 218, 13.8.2008, p. 60.

[17] Joint statement by the Commission, the Council and the European Parliament on Article 15 relating to operational management of SIS II, Joint statement by the European Parliament, the Council and the Commission on Article 26 relating to operational management of VIS.

[18] COM(2007) 301.

[19] "[T]he Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data processed at the Central Unit." (Article 3(4) of the Eurodac Regulation).

[20] Agreement between the European Community and the Kingdom of Denmark on the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in Denmark or any other Member State of the European Union and “Eurodac” for the comparison of fingerprints for the effective application of the Dublin Convention, O.J. L66, 8.3.2006.

[21] Agreement between the European Community and the Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Iceland or Norway, OJ L 93, 3.4.2001, p.40.

[22] Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland, OJ L 53, 27.2.2008, p. 5.

[23] Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein on the accession of Liechtenstein to the Agreement between the European Community and Switzerland concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a the Member State or in Switzerland (COM (2006)754, conclusion pending).

[24] Protocol between the European Community, the Swiss Confederation and the Principality of Liechtenstein to the Agreement between the European Community and the Swiss Confederation concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State or in Switzerland (2006/0257 CNS, concluded on 24.10.2008, publication in OJ pending) and Protocol to the Agreement between the Community, Republic of Iceland and the Kingdom of Norway concerning the criteria and mechanisms for establishing the State responsible for examining a request for asylum lodged in a Member State, Iceland and Norway (OJ L 93, 3.4.2001).

[25] COM(2008)XXX.

[26] OJ C […], […], p. […].

[27] OJ L 316, 15.12.2000, p. 1.

[28] OJ L 62, 5.3.2002, p. 1.

[29] COM(2008)XXX.

[30] OJ L 281, 23.11.1995, p. 31.

[31] OJ L 8, 12.1.2001, p. 1.

[32] OJ L 12, 17.1.2004, p. 47.

[33] The present legislative financial statement only deals with the costs foreseen to occur with respect to the changes introduced by the present amendment, hence it does not deal with the costs of regular management of EURODAC.

[34] Differentiated appropriations

[35] Expenditure that does not fall under Chapter xx 01 of the Title xx concerned.

[36] Expenditure within article xx 01 04 of Title xx.

[37] Expenditure within chapter xx 01 other than articles xx 01 04 or xx 01 05.

[38] See points 19 and 24 of the Interinstitutional agreement.

[39] Additional columns should be added if necessary i.e. if the duration of the action exceeds 6 years

[40] As described under Section 5.3.

[41] Cost of which is NOT covered by the reference amount

[42] Cost of which is NOT covered by the reference amount

[43] Cost of which is included within the reference amount

[44] Reference should be made to the specific legislative financial statement for the Executive Agency(ies) concerned.

[45] Specify the type of committee and the group to which it belongs.