Communication from the Commission to the European Parliament and the Council - Annual report to the Council and the European Parliament on the activities of the EURODAC Central Unit in 2007 /* COM/2009/0013 final */
[pic] | COMMISSION OF THE EUROPEAN COMMUNITIES | Brussels, 26.1.2009 COM(2009) 13 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Annual report to the Council and the European Parliament on the activities of the EURODAC Central Unit in 2007 COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Annual report to the Council and the European Parliament on the activities of the EURODAC Central Unit in 2007 1. INTRODUCTION 1.1. Scope Council Regulation EC/2725/2000 of 11 December 2000, concerning the establishment of ‘EURODAC’ for the comparison of fingerprints for the effective application of the Dublin Convention (hereinafter referred to as “EURODAC Regulation”),[1] stipulates that the Commission shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit .[2] The present fifth annual report includes information on the management and the performance of the system in 2007. It assesses the output and the cost-effectiveness of EURODAC, as well as the quality of its Central Unit’s service. 1.2. Legal and policy developments In June 2007, on the basis of the previous annual reports[3] and consultation of Member States, the Commission published its report on the evaluation of the Dublin system[4] (hereinafter: Evaluation Report) covering the first 3 years of the operation of EURODAC (2003-2005). It identified certain issues related to the efficiency of the current legislative provisions and announced measures to be taken in order to improve EURODAC's support to facilitate the application of the Dublin Regulation. In order to address these issues, the Commission put forward a proposal for amending the Eurodac Regulation on 3 December 2008.[5] In 2007, important changes in the geographical scope of the EURODAC Regulation took place: Bulgaria and Romania acceded to the European Union and (after notifying the Commission of their readiness to participate in the system in accordance with Article 27(2)a of the EURODAC Regulation) connected to EURODAC on 1st January 2007.[6] 2. THE EURODAC CENTRAL UNIT[7] 2.1. Management of the system Given the increasing amount of data to manage (some categories of transactions have to be stored for 10 years), the natural obsolescence of the technical platform (delivered in 2001) and the unpredictable trends of the EURODAC transaction volume due to the accession of new Member States,[8] an upgrading of the EURODAC system has to be carried out, which is planned to be finalised in the second half of 2009. However, the essential upgrades have already been implemented. In particular, the EURODAC Business Continuity System has been upgraded in order to be able to fully support the Member States in case of prolonged Central Unit unavailability. The Commission signed the "secure-Trans European Services for Telematics between Administrations (s-TESTA) network" contract in 2006. During 2007, the migration of Member States from the previously used TESTA II network to S-TESTA started with 18 Member States migrating to this new system providing a higher level of security and reliability. 2.2. Quality of service and cost-effectiveness The Commission has taken the utmost care to deliver a high quality service to the Member States, who are the final end-users of the EURODAC Central Unit.[9] There was no unscheduled system down-time in 2007, but at the end of April the system was isolated due to an outage of the TESTA II network which lasted 50 hours. The new sTESTA network (replacing TESTA II) provides a higher level of security and availability. In 2007, the EURODAC Central Unit was available 99.43% of the time. One "false hit", ie. wrong identification performed by the AFIS, was reported in 2007, being the first false hit reported from a tenprint search in EURODAC since the beginning of the activities of the system. Although Member States are required to verify all hits immediately, as described in Article 4(6) of the EURODAC Regulation 2725/2000/EC, they are currently not obliged to notify the Commission of false hits.[10] However, with one false hit reported out of more than 1.1 million searches and more than 200.000 hits the system can still be considered extremely accurate. After five years of operation, Community expenditure on all externalised activities specific to EURODAC totalled € 8,1 million. The expenditure for maintaining and operating the Central Unit in 2007 was € 820.791,05. The increase on this expenditure compared to the previous years is mainly due to increasing system maintenance costs and an essential upgrade of the capacity of the Business Continuity System. Savings for the EURODAC expenditure were made possible by the efficient use of existing resources and infrastructures managed by the Commission, such as the use of the TESTA network. The Community also provided (via the IDA Programme) the communication and security services for exchange of data between the Central and National Units. These costs, initially intended to be borne by each Member State in accordance with Article 21 (2) and (3) of the Regulation, were finally covered by the Community making use of common available infrastructures, thereby generating savings for national budgets. 2.3. Data protection and data security Although statistics show a clear decrease in the number of cases where the unique search function of "special searches" were run by Member States, the Commission is still concerned about its use and considers the number of such searches (195 in 2007, varying from zero to 88 (per Member State) still too high. As discussed in previous annual reports as well as in the Evaluation Report, this category of transactions is established by Article 18 paragraph 2 of the EURODAC Regulation. Reflecting the data protection rules to safeguard the rights of the data subject to access his/her own data, this provision provides for a possibility to conduct such "special searches" on the request of the person whose data are stored in the central database. To better monitor this phenomenon, the Commission has included in its proposal for amendment of the EURODAC Regulation a requirement for Member States to send a copy of the data subject's request for access to the competent national supervisory authority. In consultation with the European Data Protection Supervisor (EDPS), the Commission is committed to taking steps against Member States which persist in misusing this important data-protection related provision. In compliance with Article 20(2) of the Regulation, the EDPS drew up an in-depth IT security audit of the EURODAC Central Unit[11] in November 2007. The security policy and security concept will be redefined in line with the recommendations and the methodology used during this audit. 3. FIGURES AND FINDINGS The annex attached to the present annual report contains tables with factual data produced by the Central Unit for the period 01.01.2007 – 31.12.2007. The EURODAC statistics are based on records of fingerprints from all individuals aged 14 years or over who have made applications for asylum in the Member States, who were apprehended when crossing a Member State's external border irregularly, or who were found illegally present on the territory of a Member State (in case the competent authorities consider it necessary to check a potential prior asylum application). It should be noted that EURODAC data on asylum applications are not comparable with those produced by Eurostat, which are based on monthly statistical data provided by the Ministries of Justice and of the Interior. There are a number of methodological reasons for the differences. The Eurostat definitions include all asylum applicants (of whatever age), with a distinction between first and repeat applications. In practice, Member States differ in terms of whether the dependants of asylum applicants are included in their asylum data. There are also differences in how repeat applications are accounted for in the statistics. 3.1. Successful transactions A “successful transaction” is a transaction which has been correctly processed by the Central Unit, without rejection due to a data validation issue, fingerprint errors or insufficient quality.[12] In 2007, the Central Unit received a total of 300.018 successful transactions, which is an overall increase compared to 2006 (270.611). After a drop between 2005 and 2006, the 2007 EURODAC statistics reveal a 19% rise (197.284 compared to 165.958 in 2006) in the number of transactions of data of asylum seekers(" category 1 "[13]). Such an increase reflects the general rise in the number of asylum applications in the EU in 2007. The trend regarding the number of persons who were apprehended in connection with an irregular crossing of an external border (" category 2 "[14]) also changed in 2007. After a significant increase between 2004 (16.183) through 2005 (25.162) and 2006 (41.312), a drop of 8% was experienced in 2007 (38.173). One can note that Italy (15.053), Greece (11.376) and Spain (9.044) introduce the vast majority of the category 2 fingerprints, followed by Hungary (894), the United Kingdom (480) and Malta (384). However, the problem of Member States' reluctance to systematically send "category 2" transactions pointed out in the Evaluation Report still prevails. Contrary to the obligation in Article 8(1) of the EURODAC Regulation, 8 Member States (Cyprus, the Czech Republic, Denmark, Estonia, Iceland, Latvia, Luxemburg and Portugal) did not send any "category 2” transactions in 2007. No major changes in the use of the option of sending[15] “ category 3 ”[16] transactions (data of persons apprehended when illegally residing on the territory of a Member State) were noted in 2007. Only an increase of 2% can be observed: 64.561 compared to 63.341 in 2006. Ireland and Malta did not send any "category 3" transactions. 3.2. “Hits” 3.2.1. “Category 1 against category 1” hits Table 3 of the Annex shows for each Member State the number of asylum applications which corresponded to asylum applications previously registered in another ("foreign hits") or in the same Member State ("local hits"[17]). It also gives an indication of the secondary movements of asylum seekers in the EU. Apart from the 'logical' routes between neighbouring Member States, one can note that a high number (1.116[18]) of asylum applicants in France previously lodged their application in Poland, or that the highest amount of foreign hits in Greece (177) and in Italy (287) were found against data of asylum applicants recorded in the United Kingdom. In the latter case, the flows are symmetric and most of the hits on "category 1" transactions introduced by the United Kingdom occur on data submitted by Italy (370). It is striking that 44,37% of the subsequent applications were lodged in the same Member State as the previous one. In Cyprus (87%), Poland (82%), Hungary (75%) and the Czech Republic (61%), well over half of the subsequent applications were lodged in the same Member State. 3.2.2. Multiple asylum applications From a total of 197.284 asylum applications recorded in EURODAC in 2007, 31.910 applications were 'multiple asylum applications', which means that in 31.910 cases, the fingerprints of the same person had already been recorded as a "category 1" transaction (in the same or in another Member State). The first reading of the statistics of the system would therefore suggest that 16% of the asylum applications in 2007 were subsequent (i.e. second or more) asylum applications, representing a drop of 1% compared to the previous year. The transmission of a "category 1" transaction does not however mean in each and every case that the person in question made a new asylum application. In fact, the practice of some Member States to fingerprint upon take back under the Dublin Regulation results in a distortion of the statistics on multiple applications: taking and transmitting again the fingerprints of the applicant upon arrival after a transfer under the Dublin Regulation falsely indicates that the applicant applied again for asylum. The Commission intends to solve this problem and, in its proposal for the amendment of the EURODAC Regulation, has introduced the requirement that transfers should not be registered as new asylum applications. 3.2.3. “Category 1 against category 2” hits These hits give an indication of routes taken by persons who irregularly entered the territory of the European Union, before applying for asylum. As in the previous year, most hits occur against data sent by Greece and Italy and to a much lesser extent, Spain and Slovakia. Most of these hits are 'local' (which means that persons irregularly entering their territory subsequently apply for asylum in the same country[19]). Taking all Member States into consideration, more than half (63,2%) of the persons apprehended in connection with an irregular border-crossing and who decide to lodge an asylum claim, do so in the same Member State they entered irregularly. The majority of those who entered the EU illegally via Greece and then travel further, head mainly to Italy, Sweden and the United Kingdom. Those entering via Italy proceed mainly to the United Kingdom and Sweden and those who entered via Spain most often leave for Italy and Austria. Those who entered via Slovakia travel on mainly to Austria and France. 3.2.4. “Category 3 against category 1” hits These hits give indications as to where illegal migrants first applied for asylum before travelling to another Member State. It has to be borne in mind, however, that the category 3 transaction is not mandatory and that not all Member States use the possibility for this check systematically. However, on the basis of the data available, one can note that, for example, persons apprehended when illegally residing in Germany often had previously claimed asylum in Austria or in Sweden, and that those apprehended when illegally residing in France often had previously claimed asylum in the United Kingdom or in Italy. It is worth noting that on average around 18% of the persons found illegally on the territory had previously applied for asylum in a Member State. 3.3. Transaction delay The EURODAC Regulation currently only provides a very vague deadline for the transmission of fingerprints, which can cause significant delays in practice. This is a crucial issue since a delay in transmission may lead to results contrary to the responsibility principles laid down in the Dublin Regulation. The issue of exaggerated delays between taking fingerprints and sending them to the EURODAC Central Unit was pointed out in the previous annual reports and highlighted as a problem of implementation in the Evaluation Report. Although this phenomenon is no longer generalised, some Member States (Spain, Bulgaria, Greece and Denmark) still produce important delays by sending fingerprints up to almost 12 days[20] later than they had been taken. The Commission services must reiterate that a delayed transmission can result in the incorrect designation of a Member State by way of two different scenarios outlined in the previous annual report 2006: "wrong hits"[21] and "missed hits"[22]. In 2007, the Central Unit detected 60 "missed hits", of which 57 "in favour" of the same Member State, and 233 "wrong hits", 183 of which were on the basis of the delays by the same Member State. Compared to the previous year, this represents a 28% rise in "missed hits", while the number of "wrong hits" tripled. Therefore, the Commission services again urge the Member States to make all necessary efforts to send their data in accordance with Articles 4 and 8 of the EURODAC Regulation. In its proposal for the amendment of the EURODAC Regulation, the Commission has proposed a deadline of 48 hours for transmitting data to the EURODAC Central Unit. 3.4. Quality of transactions The average rate in 2007 of rejected transactions for all Member States is 6,13%, which is almost the same as in 2006 (6,03%). Some experienced a much higher (18% in Finland) rejection rate than others (3,59% in Norway). Fourteen Member States have a rejection rate above the average, including three Member States with figures more than twice as high as the average (Finland, Latvia, Netherlands). It has to be highlighted that the rejection rate does not depend on technology or system weaknesses. The causes of this rejection rate are mainly the low quality of the fingerprints images submitted by Member States, human error or the wrong configuration of the sending Member State’s equipment. On the other hand, it has to be noted that in some cases these figures include several attempts to send the same fingerprints after they were rejected by the system for quality reasons. However, the Commission services reiterate the problem of generally high rejection rates already underlined by previous annual reports urging those Member States to provide specific training of national EURODAC operators, as well to correctly configure their equipment in order to reduce this rejection rate. 4. CONCLUSIONS In 2007, the EURODAC Central Unit continued to provide very satisfactory results in terms of speed, output, security and cost-effectiveness. As a logical consequence of the overall increase (following 5 years of a downward trend) in asylum applications in the EU in 2007, the amount of 'category 1 transactions' introduced in EURODAC has also increased. On the other hand, the number of 'category 2 transactions' dropped slightly, while no significant change was observed in the number of 'category 3 transactions'. It is also worth noting that the number of multiple applications decreased by 1% compared to the previous year. Concerns remain about the excessive delay in the transmission of data to the EURODAC Central Unit, as well as about the low quality of data and the high number of 'special searches" used by some Member States. Annex: Statistics Table 1: EURODAC Central Unit, Database content status the 31/12/2007 [pic] Table 2: Successful transactions to the EURODAC Central Unit, in 2007[23] category 1 | category 2 | category 3 | TOTAL | AT | 8.467 | 143 | 1.938 | 10.548 | BE | 10.243 | 8 | 686 | 10.937 | BG | 847 | 343 | 426 | 1.616 | CY | 4.090 | 0 | 151 | 4.241 | CZ | 1.807 | 0 | 2.466 | 4.273 | DE | 19.130 | 17 | 15.948 | 35.095 | DK | 1.449 | 0 | 532 | 1,981 | EE | 13 | 0 | 10 | 23 | ES | 4.622 | 9.044 | 2.418 | 16.084 | FI | 1.127 | 1 | 194 | 1.322 | FR | 24.100 | 9 | 9.067 | 33.176 | GR | 23.343 | 11.376 | 16 | 34.735 | HU | 3.087 | 894 | 60 | 4.041 | IC | 36 | 0 | 1 | 37 | IE | 3.284 | 1 | 0 | 3.285 | IT | 15.003 | 15.053 | 1.088 | 31.144 | LT | 67 | 7 | 49 | 123 | LU | 331 | 0 | 313 | 644 | LV | 33 | 0 | 13 | 46 | MT | 904 | 384 | 0 | 1.288 | NL | 7.159 | 4 | 12.156 | 19.319 | NO | 5.218 | 1 | 6.066 | 11.285 | PL | 5.608 | 8 | 320 | 5.936 | PT | 184 | 0 | 36 | 220 | RO | 588 | 207 | 328 | 1.123 | SE | 29.636 | 2 | 239 | 29.877 | SI | 347 | 6 | 622 | 975 | SK | 2.311 | 185 | 1.186 | 3682 | UK | 24.250 | 480 | 8.232 | 32.962 | TOTAL | 197.284[24] | 38.173[25] | 64.561[26] | 300.018[27] | Table 3: Hit repartition – Category 1 against Category 1, in 2007 [pic] Table 4: Hit repartition – Category 1 against Category 2, in 2007 [pic] Table 5: Hit repartition – Category 3 against Category 1, in 2007 [pic] Table 6: Rejected transactions, percentage in 2007 [pic] Table 7: Average time between the date of taking the fingerprints and their sending to the EURODAC Central Unit, in 2007 [pic] Table 8: Category 1 against Category 1 hit in wrong sense, in 2007 [pic] Table 9: Distribution of CAT1/CAT2 hits missed because a delay when sending the CAT2, in 2007 [pic] Table 10: Distribution of hits against blocked cases (art. 12 of the EC Regulation 2725/2000), in 2007 [pic] Table 11: Count of category 9[28] per Member State, in 2007 [pic] [1] OJ L 316, 15.12.2000, p.1. [2] Article 24(1) EURODAC Regulation. [3] The previous annual reports were published as Commission Staff Working Papers with the following references: SEC(2004) 557, SEC(2005) 839, SEC(2006) 1170, SEC (2007) 1184. [4] Report from the Commission to the European Parliament and the Council on the evaluation of the Dublin system, COM (2007) 299 final {SEC(2007) 742}. [5] Proposal for a Regulation of the European Parliament and of the Council establishing 'EURODAC' for the comparison of fingerprints for the effective application of the Dublin Regulation, COM(2008) XXX. [6] The Commission services provided assistance to them to link up with the EURODAC system, including prior operational testing, which involved 69 tests. [7] A general description of the EURODAC Central Unit, as well as the definitions of the different types of transactions processed by the Central Unit and of the hits they can create, can be found in the first annual report on the activities of the EURODAC Central Unit. See Commission Staff Working Paper - First annual report to the council and the European Parliament on the activities of the EURODAC Central Unit, SEC (2004)557, p.6. [8] All EU Member States, as well as Norway and Iceland, apply the Dublin and EURODAC Regulations, therefore the notion "Member States" is used in this Communication to cover the 29 States using the EURODAC database. [9] These services not only include those provided directly by the Central Unit (e.g. matching capacity, storage of data, etc), but cover also communication and security services for the transmission of data between the Central Unit and the National Access Points. [10] The Commission has proposed to add the obligation for Member States to inform about any false hit in the revision of the EURODAC Regulation. [11] "Report on the EURODAC audit", document classified as EU RESTRICTED, short summary available at http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Supervision/Eurodac/07-11-09_Eurodac_audit_summary_EN.pdf [12] Table 2 of the Annex details the successful transactions per Member State, with a breakdown by category, between 1 January 2007 and 31 December 2007. [13] Data of asylum applications . Fingerprints (full 10 print images) of asylum applicants sent for comparison against fingerprints of other asylum applicants who have previously lodged their application in another Member State. The same data will also be compared against the “category 2” data (see below). These data will be kept for 10 years with the exception of some specific cases foreseen in the Regulation (for instance an individual who obtains the nationality of one of the Member States) in which cases the data of the person concerned will be erased. [14] Data of aliens apprehended in connection with the irregular crossing of an external border and who were not turned back . These data (full 10 print images) are sent for storage only, in order to be compared against data of asylum applicants submitted subsequently to the Central Unit. These data will be kept for two years with the exception that cases are deleted promptly when the individual receives a residence permit, leaves the territory of the Member State or obtains the nationality of one of them. [15] And thereby compare the data of third country nationals apprehended when illegally staying on the territory with the previously recorded fingerprints of asylum seekers. [16] Data relating to aliens found illegally present in a Member State . These data, which are not stored, are searched against the data of asylum applicants stored in the central database. The transmission of this category of data is optional for the Member States. [17] The statistics concerning local hits shown in the tables may not necessarily correspond to the hit replies transmitted by the Central Unit and recorded by the Member States. The reason for this is that Member States do not always use the option, provided by Art. 4(4), which requests the Central Unit to search against their own data already stored in the Central database. However, even when Member States do not make use of this option, the Central Unit must, for technical reasons, always perform a comparison against all data (national and foreign) stored in the Central Unit. In these concrete cases, even if there is a match against national data, the Central Unit will simply reply “no hit” because the Member State did not ask for the comparison of the data submitted against its own data. [18] Which respresents a rise of 230% compared to the 2006 statistics (486). Asylum seekers who first applied in Poland seem to move on a large scale also to Belgium. [19] An asylum application overrules an irregular entry, therefore, not necessary to send a 'category 2 transaction' in cases where a person apprehended at the border at the same time also applies for asylum. [20] Yearly average of transmission delay of one category of data of the Member State with the worst record. [21] In the scenario of the so-called " wrong hit ", a third-country national lodges an asylum application in a Member State (A), whose authorities take his/her fingerprints. While those fingerprints are still waiting to be transmitted to the Central Unit (category 1 transaction), the same person could already present him/herself in another Member State (B) and ask again for asylum . If this Member State B sends the fingerprints first, the fingerprints sent by the Member State A would be registered in the Central database later then the fingerprints sent by Member State B and would thus result in a hit from the data sent by Member State B against the data sent by the Member State A. Member State B would thus be determined as being responsible instead of the Member State A where an asylum application had been lodged first. [22] In the scenario of the so-called " missed hit ", a third-country national is apprehended in connection with an irregular border crossing and his/her fingerprints are taken by the authorities of the Member State (A) he/she entered. While those fingerprints are still waiting to be transmitted to the Central Unit (category 2 transaction), the same person could already present him/herself in another Member State (B) and lodge an asylum application . At that occasion, his/her fingerprints are taken by the authorities of Member State (B). If this Member State (B) sends the fingerprints (category 1 transaction) first, the Central Unit would register a category 1 transaction first, and Member State (B) would handle the application instead of Member State A. Indeed, when a category 2 transaction arrives later on, a hit will be missed because category 2 data are not searchable. [23] A “successful transaction” is a transaction which has been correctly processed by the Central Unit, without rejection due to a data validation issue, fingerprint errors or insufficient quality. [24] 16.5958 in 2006. [25] 41.312 in 2006. [26] 63.341 in 2006. [27] 270611 in 2006. [28] Category 9 stands for special searches according the Article 18 of Council Regulation 2725/2000/EC.