COMMISSION STAFF WORKING DOCUMENT DETAILED EXPLANATION OF THE PROPOSAL BY CHAPTERS AND ARTICLES Accompanying the document Proposal for a Regulation of the European Parliament and of the Council establishing a Registered Traveller Programme /* SWD/2013/052 final */
COMMISSION STAFF WORKING DOCUMENT DETAILED EXPLANATION OF THE PROPOSAL BY
CHAPTERS AND ARTICLES Accompanying the document Proposal for a Regulation of the
European Parliament and of the Council establishing a Registered
Traveller Programme · Detailed explanation of the proposal by Chapters and main Articles Chapter One lays down the subject matter of
the Regulation, the set-up of the RTP and the token-repository and definitions. Chapter Two details the procedures and
conditions for lodging an application including biometric data (fingerprints),
the authorities responsible for examining and deciding on an application and
the fee. Chapter Three is dedicated to the
examination of and decision on an application, whereas Chapter Four lays down
the rules for granting, extending, refusing and revoking access to the RTP by
the competent authorities. Chapter Five contains provisions on the
administration and organisation of the RTP. Chapter Six defines the technical
architecture, the categories of data and general rules and principles on access
to the token-Central Repository. It also specifies the data to be entered upon
registration of the application and those to be added when a decision has been
taken to grant, refuse, revoke or extend access to the RTP. Chapter Seven specifies the conditions and
procedures for the use of data by the competent authorities. It also includes
provisions on the use of data for reporting and statistics. Chapter Eight lays
down the rules for the retention and amendment of the data recorded in the
Central Repository. It also covers the rules on lost and stolen tokens. Chapter Nine contains provisions on the
adoption of implementing measures by the Commission and to delegate the power
to the Commission to adopt acts in accordance with Article 290 of the Treaty on
the Functioning of the European Union and lays down the responsibilities for
the token-repository, including the development and operational management
thereof, for the use of data and data security, and rules on the keeping of
records and penalties. Chapter Ten concerns data protection rights
and supervision. Whereas Directive 95/46/EC and Regulation (EC) No 45/2001
fully apply for this Regulation, the provisions of this chapter clarify certain
points related to the safeguard of the rights of data subjects and the roles of
the national supervisory authorities and the European Data Protection
Supervisor. The final chapter covers the start of
transmission and operation, the setting up of a Committee to assist the
Commission when adopting implementing measures, the exercise of the delegation,
notification, advisory group, training, monitoring and evaluation, the entry
into force and the applicability of this Regulation. Chapter I: General provisions Article 1 defines
the objective of the Regulation. Article 2 establishes
the token-Central Repository as a system for the storage of RTP data, which
shall enable competent national authorities to enter and update RT data and to
consult these data electronically. It also gives the Agency the mandate for developing
and operationally managing the Central Repository and to define technical
specifications for a token. The definitions in Article 3 refer
to the EU legislation on visa policy or the Schengen acquis, except for the
terms ‛Registered Traveller Programme’, ‛registered traveller’,
‛Central Repository’, ‛token’, ‛application form’, ‘Competent
authorities’, ‘Member State responsible’, ‘National System’ which are defined
specifically for the purposes of this Regulation. The definitions listed in the
Regulation correspond to the definitions used in the Schengen Borders Code, the
VIS Regulation, the Community Code on visas and Regulation establishing a
European Agency for the operational management of large-scale IT systems in the
area of freedom, security and justice. Chapter II: Procedures and conditions
for lodging an application for an RTP Article 4 defines
the competent Member States and authorities. To make the examination of an
application workable and as easy as possible for Member States and also
feasible for the applicant in any Member State both visa and border authorities
are competent for examining and deciding on an application for access to the
RTP. Article 5
paragraph 1 follows the same principle as Article 4. To facilitate the lodging
of an application and to avoid causing extra journeys for third-country
travellers, it should be possible to lodge an application at any Member States'
consulate, at any common visa application centre or at any external border
crossing point. This guarantees that visa holders are able to lodge their RTP
application at the same time as the visa application and visa-exempt travellers
do not need to travel to a consulate to lodge an RTP application. Paragraph 2 establishes
the possibility to require applicants to obtain an appointment for the lodging
of application. Paragraphs 3, 4 and 5 are linked to
Article 8 and refer to the general requirement of all first time applicants to
submit their application in person for the purpose of providing their biometric
data and for the interview subject to the exemptions of paragraph 5. If a
Member State accepts and the applicant uses an online application form, the
biometric data need to be captured, the travel document checked and an
interview carried out, if applicable, when the decision is made for the
application and a token issued as stated in paragraph 4. Paragraph 6 sets out the general principles
for the material submission of the application including supporting documents
and is linked to Articles 6-10 and Annex II. As regards the application form Article 6
paragraphs 1 and 2 follow the same rules as the Visa Code. Paragraphs 3 and 4
set out the rules for the languages used in the application form and required
language(s) need to be used when filling in the application form. The
application form is needed for the official languages of neighbouring third
countries especially at the land border crossing points. Article 7 lays
down that the travel document shall be either a Machine Readable Travel
Document (MRTD) or an electronic Machine Readable Travel Document (eMRTD). This
would allow the usage of Automated Border Control systems at the external
borders. The travel document shall be valid at least for the period of access
requested for the RTP. Border check technology and security features of the
travel documents are under constant development. For that reason, the travel
document should not be older than five years which is also the longest period
of access to the RTP without submission of a new application. Article 8 sets out
the requirements for collecting biometric data (fingerprints). Contrary to
other legislation, such as the Visa Code, the article does not allow any
exemption from collecting biometric data from third-country nationals.
Biometric data need to be available from all registered
travellers to allow them to use Automated Border Control
systems. The contents of Article 9, as well as
Annex II, establishing a non-exhaustive list of
possible supporting documents to be submitted by applicants, are the same as in
the Visa Code. Paragraph 2 establishes the specific rule for the family members
of citizens of the Union enjoying the right to free movement. To avoid several
sets of supporting documents to be submitted by the applicant the one and same
supporting documents, if any submitted together with an application for a
multiple-entry visa may be used also for examining an RTP application. Article 10 sets out the rules for the fee to be paid by applicants. The fee is
to cover the administrative costs of processing an RTP application. The fee
shall be revised regularly as stated in paragraph 2. The Commission is
empowered to adopt delegated acts in accordance with article 58 concerning the
fee (amendment of Annex). Paragraph 3 states that a fee is to be charged in EUR
or the currency of the host country where an application is lodged and that the
handling fee is not refundable. Paragraph 4 refers to the management of fees
charged in local currency and paragraph 5 ensures that applicants receive a
receipt for the fee paid. The fee is not refundable although the application
would be withdrawn by the applicant. Chapter III: Examination of and
decision on an application Article 11
ensures that competent authorities verify certain conditions before examining the
application thus guaranteeing that the application is admissible. Paragraph 2
is linked to Article 24 and gives authorities guidance how to continue with the
application when it is admissible whereas paragraph 3 lays down the rules in
case of inadmissible applications. Paragraph 1 of Article
12 gives a mandate for the competent authorities to examine an application
and carry out interviews where appropriate. Paragraph 2 is crucial because it
establishes the basic criteria for examining RTP applications: the two main
issues to be born in mind by consular and border authorities, namely the
migratory and security risks. Furthermore, the applicant shall prove the need
to travel frequently and/or regularly. Paragraph 3
which is linked to paragraph 2(f) makes reference to the means of subsistence
indicating that the assessment shall take into account the reference amounts as
referred to in the Schengen Borders Code as well as the statement on
accommodation/bearing of costs (Annex II). Paragraph 4
establishes the possibility to consult other Member States if there are any
doubts on the applicant, his/her statements made or supporting documents
provided. Additional supporting documents may be asked from the applicant in
justified cases (paragraph 5). Paragraph 6 is meant as a formal guarantee that
each application is assessed on its own merit and that due consideration is
given to the applicant’s situation at the moment of application. A derogation
for the general rule of examination of applications is established in paragraph
7. In order to
enhance the equal treatment of RTP applicants, a maximum decision time has been
introduced in Article 13. Paragraph 2 deals with the different types of
decisions which can be made by the competent authorities. CHAPTER IV: Granting, extending, refusing
and revoking access to the RTP Article 14 paragraph
1 covers the period of access granted for the RTP which is linked to
Article 12 and the validity of the travel document, visa and residence permit,
if applicable. To avoid unnecessary work and cost for the authorities and for
the travellers, the access may be extended twice without a new application.
After five years, the traveller is obliged to submit a new application. Paragraph 2 deals with the holders of
multiple-entry visas, residence permits and residence cards[1]. The criteria for granting
access to the RTP and for issuing a multiple-entry visa are basically the same
thus there is no need to make a similar assessment twice. On the other hand,
holders of residence permits and residence cards enjoy the right of free
movement under Union law and are only partly subject to thorough border checks.
These categories of travellers' access can be granted to the RTP almost
"automatically" if they submit an application. Paragraphs 3, 4 and 5 oblige the competent
authorities to enter necessary data in the token-Central Repository when
granting or extending access to the RTP. Paragraph 1 of Article
15 lists a number of precise criteria for refusing access to the RTP, which
is in line with the Schengen Borders Code. Paragraph 2 specifies that refusals
must be notified in writing by means of the form set out in Annex IV. Paragraph
3 makes clear that appeals against RTP refusals remain within the Member
States' competence. However, the applicant shall have the right to review the
refusal for challenging or correcting potential errors in accordance with the
right to effective remedy (Article 47(1) of the Charter of Fundamental Rights
of the EU). Paragraph 4 obliges the competent authorities to enter necessary
data in the Central Repository when refusing access to the RTP. This paragraph
is linked to Article 28. Article 16
lists three different types of cases when access to the RTP shall be revoked by
the competent visa or border authorities. Any Member State's visa or border
authority shall be competent to revoke access to the RTP if the condition(s) of
Article 16(1) is/are met. Authorities other than the competent authorities have
no access to the Central Repository thus paragraph 3 deals with the situation
where some other authorities have evidence to suggest that access to the RTP
should be revoked. Paragraph 4 specifies that revocations must be notified in
writing by means of the form set out in Annex IV. Paragraph 5 makes clear that
appeals against RTP refusals remain within the Member States' competence.
Paragraph 6 obliges the competent authorities to enter necessary data in the
Central Repository when revoking access to the RTP. This paragraph is linked to
Article 29. Registered travellers shall have the right to ask immediate
deletion of his/her data as laid down in paragraph 7. CHAPTER V: Administrative management
and organisation Article 17
deals with the archives of applications. Member State's competent authorities
are responsible for archiving applications. Archives may be kept in an
electronic form. Article 18
corresponds to articles on the same issue in the Schengen Borders Code and in
the Visa Code. In addition to that, this article obliges Member States to
compile annual statistics on the RTP. Based on the statistics Member States
will know at all times the number of registered travellers to support the
assessment of whether to install Automated Border Control facilities at their
border crossing points or not. Article 19 has been introduced in order to ensure that the competent
authorities respect the European Charter of Fundamental Rights when dealing
with RTP applicants and applications. It is essential
that applicants are well informed of the criteria and procedures for applying
for access to an RTP. For that purposes, Article 20 is introduced.
Efforts must be made to ensure that applicants are well informed about the
criteria for lodging an application and where and how to submit their
applications. CHAPTER VI: Technical architecture of
the token-Central Repository, categories of data and entry of data by the
competent authorities Article 21 establishes
the technical architecture of the token-Central Repository which shall consist
of the Central Repository, a Uniform Interface in each Member State, the
Network Entry Points and the communication infrastructure between the Central
Repository, and the Network Entry Points and a token (unique identifier). Article 22
sets out the categories of data to be recorded in the token-Central Repository:
unique identifier number, alphanumeric data and fingerprint data, which are
detailed in Articles 8 and 25 to 30. The categories of data are almost the same
as with the VIS. This is done to guarantee synergies between the systems,
maintain congruence at the EU level and to make the use of the systems as
similar and easy as possible for the competent authorities. Article 23 paragraph
1 provides the basic rules for the access to the data: Access for entering,
amending, deleting, searching or consulting the data shall be reserved only to
duly authorised staff of the competent authorities, limited to the extent as
needed for the performance of the tasks. The competent authorities shall be
designated and communicated by each Member State to the Agency, which shall
publish these lists in the Official Journal of the European Union as stated in
paragraph 3. Article 24
determines the procedures for entering data, when an RTP application is found
admissible: The competent visa authority shall create an application file by
entering the data referred to in Article 25 into the Central Repository.
Paragraph 2 lays down specific rules for the data which is not required. Article 25 details
the data to be entered when creating the application file: The unique application
number (same as a unique identifier number recorded in a token), the status
information and the authority to which the application has been lodged are
needed to identify the set of data on the application and the competent
authority. The source for the alphanumeric data listed under paragraph 4 is the
harmonised application form (Annex I). These data are required for the
assessment of the application. The inclusion of data on persons and companies
issuing invitations will help to identify those persons and companies which
make fraudulent invitations. This constitutes important information in the
fight against RTP fraud, irregular migration and human trafficking. Paragraph 5 is linked to Article 8 and
determines biometrics which shall be entered in the Central Repository. The
fingerprint data are essential to ensure exact verification of the registered
traveller at the external border crossing points. It is not possible to
identify persons with alphanumeric data alone. Even for low-risk travellers the
spelling of the same name can be different from one country to another, many
instances of the same name exist and in some countries dates of births are not
completely known. Article 26
creates the obligation for the competent authorities to add to the application
file the data when the decision has been taken to grant access to the RTP.
Paragraph 2 covers the case that the application is withdrawn by the applicant
before a decision has been taken. Article 27 covers
the data to be entered in the token when the decision has been taken to grant
access to the RTP. The token shall be given for the applicant as mentioned in
paragraph 2. Article 28
concerns the data to be added when access to the RTP is refused. The grounds
for refusing access to the RTP are based upon the conditions laid down in
Article 15. The ground(s) for refusing access to the RTP shall be mentioned in
the application file as mentioned in paragraph 2. Article 29
covers the data to be added when the decision is taken to revoke access to the
RTP. The grounds for revoking access to the RTP are based upon the conditions
laid down in Article 16. The ground(s) for revoking access to the RTP shall be
mentioned in the application file as indicated in paragraph 2. The applicant
can also ask for the revocation. Article 30
concerns the data to be added when access to the RTP is extended. The grounds
for extending access to the RTP are based upon the conditions laid down in
Article 14(1). CHAPTER VII: Use of the data for
examining applications Article 31
covers the obligations of the competent authorities to use the Central
Repository for examining registered traveller applications, for the examination
whether to revoke or extend access granted to the RTP, in case of lost or
stolen token and if any problems occur with facilitating registered traveller's
border crossing. Since for these purposes all information stored in the Central
Repository may be relevant, the competent visa and border authority shall have
access either to the complete application file including biometric data of the
applicant or only to the separate section of Central Repository containing
alphanumeric data. For extending access to the RTP and if any problems occur
with facilitating registered traveller's border crossing the separate section
of Central Repository containing biometric data shall not be accessible for the
competent authorities without presenting fingerprints and a token at the same
time as stated in paragraph 4. Central Repository may be searched with the
biometric data alone only for the examination of applications, revoking access
to the RTP and in case the token is lost or stolen as mentioned in paragraph 5.
The access shall be given in two steps: If the search with data listed in
paragraphs 2, 4 or 5 indicates that data on the applicant are recorded in the Central
Repository, in a second step access shall be given to the data of the relevant
part of the application file(s) (i.e. alpahanumeric data, biometric data or
both). Access to the biometric data shall be given only if the search is
carried out in conformity with paragraphs 4 and 5. Article 32 covers
the use of data for border checks at external borders: Paragraph 1 defines this
purpose as well as the data to be searched with. Paragraph 2 specifies to which
data access shall be given, if the search mentioned above indicates that data
on the applicant are recorded in the Central Repository. In case a manual
border check is carried out without automation there is no need to verify the
registered traveller's identity by using the fingerprints as laid down in
paragraph 3. Article 33
specifies the use of data for reporting and statistics by the competent
authorities. The nature of the data referred to in this provision do not allow
identifying individual applicants. CHAPTER VIII: Retention period, amendment
of data and lost or stolen token Article 34
sets out a retention period of five years for each application file. For the
determination of this retention period it has been taken into account that for
reasons of data protection, personal data should be kept no longer than it is
necessary for the purposes of the RTP[2].
The retention period determined is the same as for the VIS and is in line with
the maximum length of a multiple-entry visa. This retention period is necessary
to meet the objectives of the RTP, e.g. the assessment of the applicant’s good
faith or detect continued practices of fraud applications for the RTP over
years. If personal data would be retained only for the period of access granted
for the RTP, the contribution to these purposes would be very limited. This
retention period would also allow speeding up of subsequent applications
especially as it would be possible to copy fingerprints from the first entry
into the Central Repository within a period of 59 months. This Article specifies
when the retention period shall start. Paragraph 2 creates the obligation to
carry out automatically the deletion of the application. Article 35
provides that only the Member State responsible i.e. the Member State which has
entered the data in the Central Repository shall have the right, and is also
responsible, to amend the data by deleting or correcting it. Paragraph 3
creates the obligation for each Member State to inform this Member State if
there is evidence that data are inaccurate or were processed contrary to this
Regulation. Paragraph 4 ensures the deletion of data of applicants who have acquired
the nationality of a Member State before expiry of the retention period.
However, if a third country national becomes a family member of a citizen of
the Union without acquiring the nationality of a Member State, this will not
affect the storage of his/her data in the Central Repository. In such case, a
third country national can still have access to the RTP. Paragraph 5 provides that
the data listed in Article 28 are deleted and the application re-examined if
the refusal of access to the RTP has been cancelled by a court or an appeal
board. CHAPTER IX: Development, operation
and responsibilities Article 37 provides
for the implementation measures to be adopted by the Commission prior to
development. The measures necessary for the development and technical
implementation shall be adopted by the Commission in accordance with the
relevant provisions of Regulation (EU) No 182/2011 of the European Parliament
and of the Council of 16 February 2011 laying down the rules and general
principles concerning mechanisms for control by Member States of the
Commission's exercise of implementing powers assisted by the Committee referred
to in Article 57. Article 38
clarifies that the Agency shall be responsible for the development and
operational management (24/7) of the Central Repository, the Back-up Central
Repository and the Uniform Interfaces and for defining the technical
specifications for a token as soon as possible after entry into force of this
Regulation and adoption of the implementation measures. Paragraph 3 highlights
the importance of a short interrogation time. Article 39
creates in paragraphs 1 to 3 the obligation for each Member State to connect
the Central Repository to each National System , to designate a national
authority to provide the access for the competent authorities and to observe
automated procedures for processing the data. Furthermore, the competences of
each Member State for its National System is clarified. Paragraph 4 emphasizes
the need for training the staff before being authorised to process data stored
in the Central Repository. Paragraph 5 clarifies the burden for the related
costs. Article 40 sets
out in paragraph 1 the responsibilities of the Member States for the use of the
data, acting as a controller at the moment of collection, transmission and
reception of personal data. Paragraph 2 creates obligations for the Agency as
processor with regard to confidentiality and security, pursuant to Articles 16
and 17 of Directive 95/46/EC and Articles 21 and 22 of Regulation (EC) No
45/2001. Paragraph 3 guarantees that the Parliament is informed. Article 41 ensures
that a Member State may keep the alphanumeric data in its national files which
that Member State entered in the Central Repository at their own cost, risk and
with their own technical means. This would be congruent with Article 30(2) of
the VIS Regulation[3]
and Article 32(2) of the SISII Regulation[4]
and also in line with Article 17 of this Regulation. CHAPTER X: Rights and supervision on
data protection For the protection of personal data, the
relevant Community’s legislation, Directive 95/46/EC and Regulation (EC)
45/2001, fully apply for this instrument. The provisions in this chapter
clarify certain points in respect of safeguarding the rights of the persons
concerned and of the supervision on data protection. Article 48 covers
the right of information of the applicants, but also of persons issuing
invitations or liable to pay the costs of living during the stay, whose data
shall be stored in the Central Repository pursuant to Article 25(4)(f).
Paragraph 1 contains in conformity with Article 10 of Directive 95/46/EC a list
of items the person concerned has to be informed about. Paragraph 2 specifies
that the information shall be provided in writing. Paragraph 3 refers to the form
mentioned in Article 9(5). Article 49 provides
in paragraphs 1 and 2 any person the right to access, correction and deletion
of data relating to him which are inaccurate or recorded unlawfully, and
clarifies in paragraph 3 that the related request may be lodged in any Member
State. Paragraphs 4 to 6 specify the requirements according to Article 12 of
Directive 95/46/EC. Article 50 lays
down an obligation for the competent authorities to ensure the proper operation
of the mechanism laid down in Article 48 and the assistance and advice by the National
Supervisory Authority, specifying the obligations laid down in Article 28(4)
and (6) of Directive 95/46/EC. Article 51 clarifies
pursuant to Article 22 of Directive 95/46/EC the right of any person to
remedies before the courts of each Member State if the rights of access to or
correction or deletion of data relating to him/her is refused. Article 52 clarifies
the competence of the National Supervisory Authorities to review the lawfulness
of all the processing operations carried out by the Member States. It lays down
rules on audit and obliges Member States to designate a controller. Furthermore,
it specifies the information which shall be supplied to National Supervisory
Authorities. Article 53 provides
that the European Data Protection Supervisor as established by Article 41(1) of
Regulation (EC) No 45/2001 shall monitor the activities of the Agency related
to the processing of personal data covered by this Regulation. Paragraph 2
specifies the European Data Protection Supervisor's role on the Agency's audit
which shall be carried out at least every four years. Paragraph 3 creates
obligations to support this audit and monitoring. Article 54
creates obligations for the National Supervisory Authorities and the European
Data Protection Supervisor to co-operate. They shall meet at least twice a year
and send a joint report of activities to the European Parliament, the Council,
the Commission and the Agency every two years. CHAPTER XI: Final provisions Article 55 connects
the start of transmission of data to the notification of each Member State to
the Commission that it has made the necessary technical and legal arrangements
for the transmission of data to the Central Repository and that the Agency has
made necessary technical arrangements. Article 63 creates
the obligation for the Agency to monitor and evaluate the operation of the
Central Repository and produce monitoring and evaluation reports, to be
submitted to the European Parliament, the Council and the Commission.
Furthermore, Article 63 creates the obligation for the Commission to produce an
overall evaluation of the RTP. Paragraphs 4 and 5 oblige Member States and the
Agency to provide necessary information to produce the evaluation. Article 64 concerns
the entry into force and applicability. Due to the technical requirements
involved in establishing the RTP, it is not possible to provide for
simultaneous entry into force and applicability of the Regulation. [1] Directive 2004/38/EC of the European Parliament and
of the Council, of 29 April 2004, on the right of citizens of the Union and
their family members to move and reside freely within the territory of the
Member States. [2] Directive
95/46/EC, Article 6(1)(e). [3] OJ L 218, 13.8.2008. [4] OJ L 381, 28.12.2006.