23.7.2005

EN

Official Journal of the European Union

C 181/1

---

Euro exchange rates (1)

22 July 2005

(2005/C 181/01)

1 euro=

	Currency	Exchange rate
USD	US dollar	1,2143
JPY	Japanese yen	134,98
DKK	Danish krone	7,4615
GBP	Pound sterling	0,69510
SEK	Swedish krona	9,4528
CHF	Swiss franc	1,5635
ISK	Iceland króna	78,50
NOK	Norwegian krone	7,9740
BGN	Bulgarian lev	1,9560
CYP	Cyprus pound	0,5738
CZK	Czech koruna	30,208
EEK	Estonian kroon	15,6466
HUF	Hungarian forint	245,73
LTL	Lithuanian litas	3,4528
LVL	Latvian lats	0,6960
MTL	Maltese lira	0,4293
PLN	Polish zloty	4,1145
RON	Romanian leu	3,5515
SIT	Slovenian tolar	239,49
SKK	Slovak koruna	38,900
TRY	Turkish lira	1,6286
AUD	Australian dollar	1,5859
CAD	Canadian dollar	1,4779
HKD	Hong Kong dollar	9,4385
NZD	New Zealand dollar	1,7697
SGD	Singapore dollar	2,0172
KRW	South Korean won	1 236,64
ZAR	South African rand	8,0117
CNY	Chinese yuan renminbi	9,8493
HRK	Croatian kuna	7,3000
IDR	Indonesian rupiah	11 882,53
MYR	Malaysian ringgit	4,590
PHP	Philippine peso	67,788
RUB	Russian rouble	34,7400
THB	Thai baht	50,238

---

(1)  

Source: reference exchange rate published by the ECB.

---

23.7.2005

EN

Official Journal of the European Union

C 181/2

---

Information communicated by Member States regarding State aid granted under Commission Regulation (EC) No 70/2001 of 12 January 2001 on the application of Articles 87 and 88 of the EC Treaty to State aid to small and medium-sized enterprises

(2005/C 181/02)

(Text with EEA relevance)

Aid No: XS 23/03

Member State: Italy

Region: Molise

Title of aid scheme: Measure 4.1.3 of the 2000-06 operational programme for Molise: Contribution to lease payments for the acquisition of premises for productive activities.

Legal basis:

Decisione C(2000) 2371 dell'8.8.2000 della Commissione europea;

regolamento CE n. 70 del 2.1.2001;

decreto legislativo n. 123 del 31.3.1998;

delibera di Giunta della Regione Molise del 5 giugno 2001, n. 653;

delibera di Giunta della Regione Molise del 14 ottobre 2002, n. 1530;

delibera di Giunta della Regione Molise del 14 ottobre 2002, n. 1571.

Annual expenditure planned under the scheme: EUR 14 269 204,00 up to 31 December 2006.

Maximum aid intensity: The maximum aid intensity in the areas eligible for exemption under Article 87(3)(c) of the EC Treaty is 20 % nge plus 10 % gge. In all the other areas which do not qualify under Article 87(3)(c) the aid intensity will be 15 % gge for small enterprises and 7,5 % gge for medium-sized enterprises.

Date of implementation:

Duration of scheme:

Objective of aid: The aid consists in contributions towards lease payments for the acquisition of premises for productive activities.

The maximum eligible investment is EUR 1 549 370,69.

The contributions are to be granted in respect of lease payments made by the assisted firms to leasing companies on the basis of amortisation schedules drawn up under property leasing contracts concluded in respect of existing premises or premises to be built by the leasing companies.

The following types of costs are eligible for aid:

Land, solely in cases where the premises covered by the leasing contract are to be newly built, for a surface area not exceeding the built area plus 30 % and for a value not exceeding 10 % of the sum of the corresponding eligible costs in respect of the building shell and general installations;

Building shell, corresponding to the construction costs or purchase value of the premises covered by the leasing contract;

General installations, namely the plumbing, electric wiring, heating, security, fire protection, waste treatment, air conditioning and/or compressed air systems of the premises concerned by the investment and covered by the leasing contract;

Technical expenditure on design, works supervision, statutory inspections and fees for permits for the premises covered by the leasing contract, up to a maximum of 5 % of the eligible costs under the other headings.

Economic sector(s) concerned: SMEs operating in the extractive and manufacturing industries (Sections C and D in the 1991 Italian Statistical Office (ISTAT) classification of economic activities), with the exclusions and restrictions laid down in the Community rules for the steel, shipbuilding, synthetic fibres, motor vehicle and transport industries.

Firms engaged in the production, processing or marketing of products listed in Annex I to the Treaty are not eligible.

Name and address of granting authority:

Regione Molise

Assessorato alle Attività produttive

Settore Industria

Via Roma 84

86100 Campobasso

Tel. (0874) 42 98 40

Fax (0874) 42 98 54

Other information: The leasing contracts will be concluded with leasing companies approved for the purpose by the Molise region.

The premises concerned by the investment must comply with town-planning regulations.

Aid No: XS 32/03

Member State: Italy

Region: Calabria

Title of aid scheme: Incentives under Article 13a of Regional Law 7/2001, as replaced by Article 10 of Regional Law 36/2001

Legal basis:

—	Decreto Legislativo 31.03.98, n. 112, artt 15 e 19;

—	Decreto Legislativo 31.03.98, n. 123;

—	Regolamento (CE) N. 70/2001 della Commissione del 12.01.2001;

—	Legge Regione Calabria del 2.5.2001, n. 7, art. 31 bis, come sostituito dall'art. 10 della L.R. n. 36/2001 e Delibera Giunta regionale n. 633 del 17/07/2002

Annual expenditure planned: EUR 4 131 655,20

Maximum aid intensity: Interest subsidy, with a maximum aid intensity of 10 % gge

Date of implementation:

Duration of scheme:

Objective of aid: Aid under Articles 3 and 4 of Regulation (EC) No 70/2001.

Economic sector(s) concerned: Craft firms and small and medium-sized businesses, subject to the exclusions and restrictions laid down by Community law.

Name and address of granting authority:

Regione Calabria (sede legale)

Via Massara, n. 2

88100 Catanzaro

Aid No: XS 47/03

Member State: Italy

Region: Veneto

Title of aid scheme: Aid to distributive trades and regeneration in urban centres — Action B

Legal basis:

Decreto legislativo 31 marzo 1998, n. 114 — Legge regionale 9 agosto 1999, n. 37 e successive modificazioni ed integrazioni — Legge 443/85 — Legge regionale n. 67/87 — DPR n. 288/2001.

Annual expenditure planned under the scheme: 2001-02: Objective 2 EUR 857 800 — transitional support EUR 323 800

2003: Objective 2 EUR 407 437 — transitional support EUR 131 023

It is too early to give the budget appropriations for subsequent years.

N.B.: Since measure 1.4 comprises Action A (infrastructure) and Action B (aid scheme), the amounts corresponding to the budget appropriations shown are estimated at 10 % of the overall amounts provided for.

Maximum aid intensity: Up to 15 % on the basis of investment costs — up to 50 % for consultancy services and other services and activities.

Date of implementation: Expenditure incurred as from the day following the application for aid (provided that it is submitted within the time limits laid down in the announcement) will be eligible.

Duration of scheme: 31.12.2006 Objective 2; 31.12.2005 Phasing out.

Objective of aid: The aid is aimed at small commercial businesses, multifunctional businesses (provided that they fall within the definition of ‘small commercial business’) and craft workshops using traditional, typical artistic techniques and providing services to individuals.

The aid is for premises (modernisation, restructuring, extension) and for equipment (purchase, renewal, expansion).

Economic sector(s) concerned: Retail trade and services

Name and address of granting authority:

Regione Veneto

Palazzo Balbi

Dorsoduro 3901, VE

Autorità di gestione

Regione Veneto

Direzione Programmi comunitari

S. Croce 1187, VE

Management and implementation

Regione Veneto

Direzione commercio

Cannaregio 2268, VE

Aid No: XS 68/02

Member State: Spain

Region: Autonomous Community of the Region of Murcia

Title of aid scheme: Aid for improving telecom services and developing existing or new telecoms infrastructures and networks with the aim of ensuring that enterprises located in business parks and zones and in areas of high business concentration enjoy more competitive conditions in which to expand.

Legal basis: Orden de 6 de junio de 2002, de la Consejería de Ciencia, Tecnología, Industria y Comercio, reguladora de las bases y convocatoria de las ayudas para la incorporación de redes y servicios avanzados de telecomunicación a espacios industriales y parques empresariales ubicados en la Región de Murcia.

Resolución por la que se publican los anexos a la Orden de 6 de junio de 2002, de la Consejería de Ciencia, Tecnología, Industria y Comercio, reguladora de las bases y la convocatoria de las ayudas para la incorporación de redes y servicios avanzados de telecomunicación a espacios industriales y parques empresariales ubicados en la región de Murcia

Annual expenditure planned or overall amount of individual aid granted to the company: The total expenditure planned is EUR 600 000.

Maximum aid intensity: For private firms, not more than 40 % gross grant equivalent of eligible costs.

Date of implementation:

Duration of scheme: 15.10.2002.

Objective of aid: To establish the regulatory bases and award grants for improving telecom services and developing existing or new telecoms infrastructures and networks with the aim of ensuring that enterprises located in business parks and zones and in areas of high business concentration enjoy more competitive conditions in which to expand.

Economic sector(s) concerned: Industry

Name and address of the granting authority:

D. Patricio Valverde Megías

Consejero de Ciencia, Tecnología, Industria y Comercio

c/ San Cristóbal, 6

30071 Murcia — España

Aid No: XS 85/03

Member State: United Kingdom

Region: Wales

Title of aid scheme or name of company receiving an individual aid: Wood Energy Business Scheme

Legal basis: 1967 Forestry Act, Section 3.2 and, more specifically, the 1979 Forestry Act, Sections 1.1 and 1.2

Annual expenditure planned under the scheme or overall amount of individual aid granted to the company: The total value of the scheme is GBP 13,239 million, of which GBP 6,04 milion is grant aid that is to be made available over the four years of the project (until end of March 2007).

Annual expenditure is estimated at:

Maximum aid intensity: Gross aid intensity to be within the limits for SMEs as set out in Article 4 — 15 % for small enterprises as defined in Annex I to the Regulation (7,5 % should medium-sized businesses apply) in non-assisted areas. The maximum aid intensity will be 50 % (35 % + 15 %) in Article 87(3)(a) areas and 30 % in Article 87(3)(c) areas (regional aid intensity + 10 %).

Date of implementation: Late August 2003

Duration of scheme or individual aid award: Four years until 31 March 2007

Objective of aid: Diversifying and expanding SME businesses into new wood fuel based renewable energy industry within Wales. The aid will be provided to assist in the purchase of capital equipment for: installation of boilers; building of processing facilities (chipping and drying of wood); installation of wet heat systems in certain instances (maximum grant restricted to 35 %); and construction of combined heat and power (‘CHP’) plants.

Economic sector(s) concerned: Manufacturing (new and existing energy supply companies and heating engineers); forestry (through sale of small-diameter timber); processing (chipping and drying of wood, either trees or sawmill wood residues); haulage and transport.

Name and address of granting authority:

Paul Finch

Forestry Commission

Victoria Terrace

Aberystwyth

Ceredigion, SY23 2DQ

Tel: (01970) 62 58 66

Aid No: XS 92/03

Member State: Germany

Region: Saxony-Anhalt

Title of aid scheme or name of company receiving an individual award: Guideline on the granting of aid to encourage recourse to consultancy services by small and medium-sized enterprises in Saxony-Anhalt — consultancy aid scheme

Legal basis: Mittelstandsfördergesetz des Landes Sachsen-Anhalt, vom 27. Juni 2001 (GVBl. LSA Nr. 27/2001)

Verwaltungsvorschriften zu § 44 der Landeshaushaltsordnung (VV-LHO, RdErl. des MF vom 9.8.1991, MBl. LSA S. 721, zuletzt geändert durch RdErl. des MF vom 1.2.2001, MBl. LSA S. 241)

Annual expenditure planned under the scheme or overall amount of individual aid granted to the company: EUR 2,5 million

Maximum aid intensity: 50 % of eligible expenditure

Duration of scheme or individual aid award: Until 31.12.2006

Objective: The aid relates to specific consultancy services designed to encourage enterprises to expand and improve. It is granted towards the cost of such services.

Economic sector(s) concerned: All economic sectors covered by Article 1(1) of the exemption Regulation.

Name and address of the granting authority:

Ministerium für Wirtschaft und Technologie des Landes Sachsen-Anhalt

Hasselbachstraße 4

D-39104 Magdeburg

Other information: Grant recipients must submit the usual proof of the use of the aid required under the budget law of the Land of Saxony-Anhalt. The annual report must include information on the success of the measures and achievement of the aid objectives.

Aid No: XS 94/03

Member State: Italy

Region: Autonomous Province of Trento

Title of aid scheme: Services for SMEs — Sectoral framework (road transport)

Legal basis:

Legge Provinciale 12 luglio 1993 n. 17 e s.m.; relativo regolamento di attuazione approvata con delibera di Giunta provinciale n. 1664 di data 30 giugno 2000 e s.m., punto 1.1.3 ‘Disciplina settoriale’

Annual expenditure planned under the scheme: Maximum EUR 100 000 (annual budget allocation)

Maximum aid intensity: The sectoral aid scheme, incorporated into aid scheme N 280/98, is an extension of aid N 292/00. The notification procedure was initiated on 10 April 2000, Ref. 580/2000-D304/ES/pc. Authorisation was given by letter dated 25 April 2001, Ref. SG (2001) D/288167. The scheme provides for various types of aid.

Initial assistance services, aimed at giving an overall assessment of the firm, maximum intensity 50 %.

Basic services, providing detailed analysis of one or more business areas, maximum intensity 30 %.

Specialised services, aimed at maximising the development of the firm in terms of market presence, organisation and technology, maximum intensity 40 % of expenditure.

Specific services connected with strategic approaches, aimed at pursuing the objectives set out by the provincial development programme (quality of the firm, new entrepreneurship, integration), with a maximum intensity of 50 % for small firms and 45 % for medium-sized firms.

Investment (Article 4 of Regulation (EC) No 70/2001) carried out by consortia of small and medium-sized firms; for consortia of small firms the maximum intensity is 15 %, for consortia of medium-sized firms 7,5 %.

Date of implementation: 1 January 2004.

Duration of scheme: From 1 January 2004 to 31 December 2006.

Objective of aid: Investment/consultancy aid for SMEs active in road haulage for hire or reward and consortia of SMEs active in road haulage for hire or reward.

Economic sector(s) concerned: Road haulage for hire or reward.

Name and address of granting authority:

Provincia Autonoma di Trento

Piazza Dante 15

38100 Trento — Italia

Tel. (040) 377 24 22

Aid No: XS 95/03

Member State: Italy

Region: Autonomous Province of Trento

Name of company receiving an individual aid: C.T.A. Consorzio Trentino Autonoleggiatori (based in Trento, via Brennero 182).

Legal basis:

Determinazione del Dirigente del Servizio Artigianato n. 313 del 7 agosto 2003 ai sensi della Legge provinciale 13 dicembre 1999, n. 6 ‘Interventi della Provincia autonoma di Trento per il sostegno dell'economia e della nuova imprenditorialità. Disciplina dei patti territoriali in modifica della legge provinciale 8 luglio 1996, n. 4 e disposizioni in materia di commercio’

Total amount of individual aid granted to the company: Total aid of EUR 112 500, to be paid in annual instalments over five years.

Maximum aid intensity:

7,5 % of the cost of eligible investment

planned investment: EUR 1 964 122,04

eligible investment: EUR 1 500 000,00

value of aid: EUR 112 500,00

Date of implementation: The aid was granted by decision of the head of the Servizio Artigianato [craft industry department] No 313, dated 7 August 2003

Duration of individual aid: Date planned for payment of the last instalment: 31 December 2007

Objective of aid: Aid to a consortium of passenger transport companies (car hire companies) for an investment concerning a building.

Economic sector concerned: Transport

Name and address of granting authority:

Provincia Autonoma di Trento

Servizio Artigianato

via Trener, 3

I-38100 Trento

Aid No: XS 97/03

Member State: United Kingdom

Region: North East of England

Title of aid scheme or name of Company receiving individual aid: Widening Business Brokerage in Tyne and Wear: Business Link Tyne and Wear

Legal basis: Single Programme- Regional Development Agencies Act 1998

Business Link — Section 11(1) of the Industrial Development Act 1982

Annual expenditure planned under the Scheme or overall amount of individual Aid granted to the company: Public aid planned under the scheme is

ERDF — 2003 — GBP 1 097 350; 2004 — GBP 4 965 511; 2005 — GBP 4 873 364

Business Link — 2003 — 35 742; 2004 — GBP 584 772; 2005 — GBP 602 328

Single Programme — 2003 — GBP 269 301; 2004 — GBP 543 186; 2005 — GBP 662 857

This project will also comply with the de minimis rule. The funding outlined above refers to the total funding for both exemptions. The de minimis aid will not exceed EUR 100 000 in a three-year period.

Maximum aid intensity: Individual SMEs will receive a grant of up to 50 % of the costs of brokered consultancy support.

Date of implementation:

Duration of scheme or individual aid award: 4 August 2003 — 31 December 2005

Objective of aid: The project will provide grants for new and existing businesses to purchase identified consultancy support. The initial phase of the project is diagnostic support to identify needs (this phase will operate in accordance with the de minimis rule) while the second phase is the delivery of consultancy support to SMEs through the brokerage partnership in Tyne and Wear. This second-phase delivery meets the requirements for aid to SMEs as it is a service delivered by outside consultants and so a maximum of 50 % of the costs of consultancy support is allowed.

Economic sector(s) concerned: All eligible industry sectors without prejudice to special rules concerning state aid in certain sectors — Article 1(2) of the SME Block Exemption Regulation

Name and address of granting authority:

ERDF Contact — Neil McGuinness

European Programmes Secretariat

Government Office for the North East

Wellbar House

Gallowgate

Newcastle Upon Tyne

Tyne and Wear — NE1 4TD

Sponsor Contact — John Scott

Business Link Tyne and Wear

Business and Innovation Centre

Wearfield

Sunderland Enterprise Park (east)

Sunderland

Tyne and Wear

SR5 2TA

Aid No: XS 101/03

Member State: Italy

Region: Umbria

Title of aid scheme: Support for the buying in of technical services (servizi reali), type A: measures for the certification of systems for the management of quality, environmental protection, safety and ethical conduct.

Legal basis:

Legge regionale 12 novembre 2002, n. 21; DGR 11 giugno 2003, n. 778.

Annual expenditure planned under the scheme: EUR 900 000 a year.

Maximum aid intensity: 50 % of the annual expenditure.

Date of implementation: Date of publication of the notice inviting applications: 9 July 2003. Aid will be granted in response to suitable applications on the part of SMEs operating in industry, crafts, the distributive trades, tourism, services and the cooperative and non-profit sector, exclusively in respect of expenditure incurred after the date of submission of the application.

Duration of scheme: Act No 12/2002 does not set any time-limit for the grant of assistance. In the Objective 2 and transitional areas in Umbria the time-limits laid down in Regulation (EC) No 1260/1999 will apply during the currency of the Objective 2 single programming document (2002-2006).

Objective of aid: Assistance towards the buying in of technical services by SMEs located in Umbria. The aid is intended to facilitate the buying in of services with a view to the introduction or improvement of certified management systems, which may be integrated between themselves, in respect of quality, environmental protection, safety in the workplace and social responsibility.

Economic sector(s) concerned: All sectors, including the cooperative and non-profit sector, with some limitations in the service sector; the following are expressly excluded:

mining of mineral ores (division 13 in the 1991 Italian Statistical Office (ISTAT) classification) and production of steel within the meaning of Annex 1 to the ECSC Treaty

shipbuilding and ship repair

the production of artificial fibres

enterprises in the agro-industrial sectors specified in section D, subsection DA of divisions 15 and 16 in the 1991 ISTAT classification, i.e.:

—	15.1, 15.2, 15.3 and 15.4 — all classes and categories;

—	15.5 — all of class 15.51;

—	15.6 and 15.7 — all classes and categories;

—	15.8 — class 15.83 and category 15.89.3;

—	15.9 — classes 15.91, 15.92, 15.93, 15.94, 15.95 and 15.97;

—	16.0 in its entirety.

Name and address of granting authority:

Regione dell'Umbria — Giunta Regionale

Servizio X Politiche per l'offerta pubblica dei servizi alle imprese e diffusione dell'innovazione e della ricerca

Via Mario Angeloni, 61

06184 Perugia

Tel. (0039) 07 55 04 57 65

Fax (0039) 07 55 04 55 68

E-mail innovazione@regione.umbria.it

Aid No: XS 105/03

Member State: Italy

Region: Autonomous Region of Friuli-Venezia Giulia

Title of aid scheme: Financing of consultancy services to SMEs for projects to develop and promote craft districts.

Legal basis:

Decreto del Presidente della Regione n. 0198/Pres di data 17 giugno 2003.

Annual expenditure planned under the scheme:

2003: EUR 50 000

2004: EUR 100 000

Maximum aid intensity: The aid is in the form of a grant to SMEs of 50 % gge of the costs of consultancy services.

Date of implementation: From the date of publication in the Regional Official Gazette. The first measures will not be carried out before 30 October 2003.

Duration of scheme:

Objective of aid: The aid is intended to upgrade craft districts as centres of economic and employment development, to coordinate local initiatives in the craft sector and to create the conditions for optimum use of human and technical and production resources which are already in existence or which may be found in the district.

Intended recipients: consortia (‘consorzi e società consortili’), including cooperatives, within the definition of small or medium-sized firms laid down in Commission Recommendation No 96/280/EC of 3 April 1996.

Economic sector(s) concerned: All economic sectors, with the exception of activities relating to the production, processing or marketing of the products listed in Annex I to the EC Treaty.

Name and address of granting authority:

Direzione regionale dell'artigianato e della cooperazione

Servizio per lo sviluppo dell'artigianato

Via Giulia, 75/1

34100 Trieste

Tel. (040) 377 48 22

Fax (040) 377 48 10

e.mail: dir.art.coop@regione.fvg.it

Other information: The scheme is in accordance with Regulation (EC) No 70/2001 of 12 January 2001.

The Regional authorities undertake to amend the definition of SMEs with effect from 1 January 2005, as proposed by the Commission in its Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (OJ L 124, 20.5.2003).

Aid No: XS 120/03

Member State: Italy

Region: Piedmont

Title of aid scheme: Automatic fiscal aid measures to support the productive base.

Legal basis:

—	Legge n. 341/95 e s.m. e i. di cui alla legge n. 266/97;

—	Decreto legislativo n. 112/98, art. 19;

—	Decreto legislativo n. 123/98;

—	Regulation (EC) No 70/2001 of 12 January 2001;

—	Delibera di Giunta Regionale n. 109 — 10275 dell'1.8.2003.

Annual expenditure planned under the scheme

2003: EUR 34 500 000

2004: EUR 45 000 000

2005: EUR 45 000 000

2006: EUR 45 000 000

Maximum aid intensity: For tangible and intangible investments and for consultancy

the aid intensity applicable will be 8 % nge + 10 % gge for small firms and 8 % nge + 6 % gge for medium-sized firms, where the production plant is in areas of the region which fall within the scope of Article 87(3)(c);

for small and medium-sized firms with production plant in other areas of the region the aid intensity will be 15 % gge and 7,5 % gge respectively.

In any case no large individual amounts of aid will be granted, in accordance with Article 6 of Regulation (EC) No 70/2001 of 12 January 2001.

Date of implementation: 27 October 2003 (no aid will be granted in any event before this summary has been notified to the Commission).

Duration of scheme:

Objective of aid: The aid in the form of a tax bonus is intended for tangible or intangible fixed assets for measures to set up new plant, and to expand, modernise, restructure, convert, reactivate and relocate production plant in the region.

Economic sector(s) concerned: SMES with production plant in the region operating in the following sectors

mining and quarrying, manufacturing, production and distribution of electricity, gas and water, construction covered by sections C, D, E and F of the ISTAT 1991 classification of economic activities. The sections eligible for aid under subsection DA are: 15.5.2; 15.81.1; 15.81.2; 15.82; 15.85; 15.88; 15.89.1; 15.89.2; 15.96; 15.98; 15.99. Firms operating in the following sectors are also eligible for aid:

telecommunications;

services which could have a positive influence on the development of the above production activities.

The scheme is subject to the exclusions and limitations laid down by the Community rules for the steel industry, shipbuilding, synthetic fibres, motor manufacturing and the transport industry.

Name and address of granting authority:

Regione Piemonte

Direzione Industria

Via Pisano, n. 6

10152 Torino

Other information: The aid scheme does not apply to export-related activities, i.e. aid directly linked to the quantities exported, to the establishment and operation of a distribution network or to other current expenditure linked to the export activity, and aid contingent upon the use of domestic over imported goods.

The scheme does not apply to firms active in the production, marketing or processing of agricultural products, as referred to in Annex 1 to the EC Treaty

Only expenditure incurred since the date on which the aid application was submitted is eligible.

Only consultancy services that are not continuous or regular, or connected with the normal operating expenses of the firm are eligible for aid.

Aid No: XS 131/03

Member State: Italy

Region: Calabria

Title of aid scheme: Aid for existing integrated upgrading projects for tourism capability promoted by small and medium-sized enterprises

Measure 4.4 Action a) Calabria regional operation programme 2000-06

Legal basis:

—	Legge regionale n. 7/2001 art. 31 quater

—	Decisione C.E. dell'8 agosto 2000 n. 2345

—	Deliberazione di Giunta regionale n. 398 del 14.05.2002

Annual expenditure planned:

Total budget of EUR 48 000 000 broken down as follows — type 4.4.a.1 (upgrading of hotels and non-hotel structures): EUR 45 000 000; — type 4.4.a.2 (upgrading of social accommodation ): EUR 3 000 000.

Estimated expenditure 2003: EUR 9 600 000

Estimated expenditure 2004: EUR 12 800 000

Estimated expenditure 2005: EUR 12 800 000

Estimated expenditure 2006: EUR 12 800 000

Maximum aid intensity: Capital contribution amounting to 50 % of eligible expenditure, the maximum grant not exceeding 75 % of the net investment value.

Date of application:

Duration of scheme:

Objective of aid: The aid is intended to upgrade the tourism capability of the Calabria region by improving the quality and the characteristics of the accommodation already present in the region (as well as by setting up additional structures and ancillary services).

Financing is granted to projects aimed at enhancing, upgrading and modernising the structures in the sector.

The projects eligible for aid should consist in organic and operationally independent investment programmes, each one capable of achieving the production, economic and employment targets proposed.

Economic sectors concerned: Tourism, with the exception of measures in the farm and rural tourism sectors financed by the EAGGF.

Name and address of the granting authority:

Regione Calabria (sede legale)

Via Massara, n. 2

88100 Catanzaro

---

23.7.2005

EN

Official Journal of the European Union

C 181/10

---

Non-opposition to a notified concentration

(Case COMP/M.3762 — Apax/Travelex)

(2005/C 181/03)

(Text with EEA relevance)

On 16 June 2005, the Commission decided not to oppose the above notified concentration and to declare it compatible with the common market. This decision is based on Article 6(1)(b) of Council Regulation (EC) No 139/2004. The full text of the decision is available only in English and will be made public after it is cleared of any business secrets it may contain. It will be available:

—	from the Europa competition web site (http://europa.eu.int/comm/competition/mergers/cases/). This web site provides various facilities to help locate individual merger decisions, including company, case number, date and sectoral indexes,

—	in electronic form on the EUR-Lex website under document number 32005M3762. EUR-Lex is the on-line access to European law. (http://europa.eu.int/eur-lex/lex)

---

23.7.2005

EN

Official Journal of the European Union

C 181/11

---

Non-opposition to a notified concentration

(Case COMP/M.3764 — Belgacom/Swisscom/JV)

(2005/C 181/04)

(Text with EEA relevance)

On 19 May 2005, the Commission decided not to oppose the above notified concentration and to declare it compatible with the common market. This decision is based on Article 6(1)(b) of Council Regulation (EC) No 139/2004. The full text of the decision is available only in English and will be made public after it is cleared of any business secrets it may contain. It will be available:

—	from the Europa competition web site (http://europa.eu.int/comm/competition/mergers/cases/). This web site provides various facilities to help locate individual merger decisions, including company, case number, date and sectoral indexes,

—	in electronic form on the EUR-Lex website under document number 32005M3764. EUR-Lex is the on-line access to European law. (http://europa.eu.int/eur-lex/lex)

---

23.7.2005

EN

Official Journal of the European Union

C 181/12

---

Non-opposition to a notified concentration

(Case COMP/M.3783 — TPG/British Vita)

(2005/C 181/05)

(Text with EEA relevance)

On 6 June 2005, the Commission decided not to oppose the above notified concentration and to declare it compatible with the common market. This decision is based on Article 6(1)(b) of Council Regulation (EC) No 139/2004. The full text of the decision is available only in English and will be made public after it is cleared of any business secrets it may contain. It will be available:

—	from the Europa competition web site (http://europa.eu.int/comm/competition/mergers/cases/). This web site provides various facilities to help locate individual merger decisions, including company, case number, date and sectoral indexes,

—	in electronic form on the EUR-Lex website under document number 32005M3783. EUR-Lex is the on-line access to European law. (http://europa.eu.int/eur-lex/lex)

---

23.7.2005

EN

Official Journal of the European Union

C 181/13

---

Opinion of the European Data Protection Supervisor on the Proposal for a Regulation of the European Parliament and of the Council concerning the Visa Information System (VIS) and the exchange of data between Member States on short stay-visas (COM(2004)835 final)

(2005/C 181/06)

THE EUROPEAN DATA PROTECTION SUPERVISOR,

Having regard to the Treaty establishing the European Community, and in particular its Article 286,

Having regard to the Charter of Fundamental Rights of the European Union, and in particular its Article 8,

Having regard to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data,

Having regard to Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, and in particular its Article 41,

Having regard to the request for an opinion in accordance with Article 28(2) of Regulation (EC) No 45/2001 received on 25 January 2005 from the Commission,

HAS ADOPTED THE FOLLOWING OPINION:

1.   INTRODUCTION

1.1.   Preliminary remarks

The setting up of the Visa Information System (VIS) constitutes an important part of the EU common visa policy and has been the subject of several instruments which are intertwined.

—	In April 2003, a feasibility study (1) on the VIS commissioned by the Commission was produced.

—	In September 2003, the Commission proposed an amendment (2) of a previous Regulation laying down a uniform format for visas. The main goal was to introduce biometric data (facial image and two fingerprints) in this new visa format. These biometric data would be stored on a microchip.

—

In June 2004, a Council decision (3) launched the building process of the Visa Information System providing the legal basis for its inclusion in the budget of the EU. This decision proposed a central database comprising information related to the visa application, and envisaged a ‘comitology’ process in order to manage the technical development of the VIS.

In December 2004, the Commission adopted a proposal for a Regulation concerning the VIS and the exchange of data between Member States on short stay-visas (4) (hereinafter: ‘the proposal’) which is the subject of this opinion. A study for the Extended Impact Assessment (5) (hereinafter: ‘EIA’) is attached to the proposal.

However, as it is stated in its explanatory memorandum, further legal instruments will be needed to complement this regulation, in particular for:

—	amending the Common Consular Instructions on visas for the diplomatic missions and consular posts of the Contracting Parties to the Schengen Convention (hereinafter, ‘Common Consular Instructions’), related to the introduction of biometric data in the procedures;

—	the development of a new mechanism for the exchange of data with Ireland and the United Kingdom;

—	the exchange of data on long stay-visas.

As decided by the Justice and Home Affairs Council of 5-6 June 2003 and described in Article 1(2) of the June 2004 Council decision mentioned above, the VIS will be based on a centralised architecture comprising a database where the visa application files will be stored: the Central Visa Information System (CS-VIS), and a National Interface (NI-VIS) located in the Member States. The Member States will designate (6) a central national authority connected to the National Interface and through which their respective competent authorities will have access to the CS-VIS.

1.2.   Main elements of the proposal from the perspective of data protection

The proposal aims at improving the administration of the common visa policy by facilitating the exchange of data between Member States with the setting up of a central database. The regulation envisages to introduce biometric data (photograph and fingerprint) during the application procedure, and to store them in the central database.

Biometric data might also be used in the visa sticker, as it has been foreseen in an amending regulation proposed by the Commission on the uniform format of visa with the introduction of photograph and fingerprint, stored in a microchip (still pending to Council decision based on the results of ongoing analysis).

The proposal describes in detail the different operations performed on data (entering, amending, deleting and consulting) and the different data to be added in the VIS depending on the situation of the application (acceptance, refusal, etc.).

The proposal provides for a retention period of five years for data concerning each application.

The proposal lists restrictively the competent authorities other than visa authorities, which will have access to the VIS and defines the access rights to be granted to them:

—	the competent authorities for carrying out visa checks at external borders and within the territory of the Member State,

—	the competent immigration authorities,

—	the competent asylum authorities.

In the description of the operation of the VIS and the related responsibilities, the proposal underlines that the Commission processes the data of the VIS on behalf of the Member states. It describes the need for using the data processing records in order to ensure the security of data, and details the respective responsibilities to ensure this security level.

The proposal contains a chapter on data protection in which the roles of national authorities as well as the European Data Protection Supervisor (hereinafter: ‘EDPS’) are detailed.

The proposal entrusts the technical implementation of the VIS and the selection of the required technologies to a committee set up by Article 5(1) of Regulation (EC) No 2424/2001 on the development of the second generation Schengen Information System (SIS II).

An extended impact assessment of the VIS commissioned by the Commission and conducted by EPEC is annexed to the proposal. It concludes that the option of a VIS supported by the use of biometrics is the best available solution for improving the common visa policy.

2.   RELEVANT FRAMEWORK

The proposal will have a major impact on the privacy and other fundamental rights of individuals; therefore it is subject to a check against the data protection principles. The main points of reference for our examination are the following.

—

Respect for private life has been ensured in Europe since the adoption in 1950 of the Convention for the Protection of Human Rights and Fundamental Freedoms (hereinafter: ‘ECHR’) by the Council of Europe. Article 8 ECHR stipulates ‘the right to respect for private and family life’. According to Article 8(2) any interference by a public authority with the exercise of this right is only allowed, if it is ‘in accordance with the law’ and is ‘necessary in a democratic society’ for the protection of important interests. In the case law of the European Court of Human Rights, these conditions have led to additional requirements as to the quality of the legal basis for interference, the proportionality of any measure, and the need for appropriate safeguards against abuse. Basic principles for the protection of individuals with regard to the processing of personal data have been developed in the Convention on Data Protection, prepared by the Council of Europe and adopted in 1981.

—

The right to respect for private life and the protection of personal data have been laid down more recently in Article 7 and 8 of the Charter of the Fundamental Rights of the European Union, which has been integrated in Part II of the new EU Constitution. According to Article 52 of the Charter, it is recognized that these rights may be subjected to limitations, provided that similar conditions are fulfilled as apply under Article 8 ECHR. These conditions have to be considered whenever a proposal for a possible interference is evaluated.

Today, in EU legislation, the basic rules on data protection are laid down in:

—

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ L 281, p. 31). This directive will be referred to as ‘Directive 95/46/EC’. The Directive provides for the detailed principles against which the proposal will be checked to the extent in which it is to apply to the Member States. This is the more relevant since the proposal will apply together with the national legislation giving effect to the directive. The effectiveness of the proposed provisions and safeguards will thus depend on the effectiveness of that combination in every individual case.

—

Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ L 8, p.1). This regulation will be referred to as ‘Regulation 45/2001’. It provides similar principles as Directive 95/46/EC and is relevant in this context to the extent in which the proposal is to apply to the activities of the Commission, along with the provisions of the Regulation. This combination therefore also deserves some attention.

Directive 95/46/EC and Regulation 45/2001 must be read jointly with other instruments. In other words, the directive and the regulation, in so far as they deal with processing of personal data liable to infringe fundamental freedoms, in particular the right to privacy, must be interpreted in the light of fundamental rights. This also follows from the case law of the European Court of Justice (7).

—

Finally the EDPS will also include in his analysis the Opinion No 7/2004 of 11 August 2004 of the Article 29 Data Protection Working Party (8), ‘on the inclusion of biometric elements in residence permits and visas taking into account the establishment of the European information system on visas (VIS)’. In this opinion, the Working Party expressed concerns about several elements of the proposal. The EDPS intends to verify whether and how the proposal has taken these concerns into account.

3.   ANALYSIS OF THE PROPOSAL

3.1.   General

The EDPS recognises that the further development of a common visa policy requires an efficient exchange of relevant data. One of the mechanisms that can ensure a smooth flow of information is the VIS. However, such a new instrument should be limited to the collection and exchange of data, as far as such a collection or exchange is necessary for the development of a common visa policy and is proportionate to this goal.

The establishment of the VIS may have positive consequences for other legitimate public interests, but this does not alter the purpose of the VIS. The limited purpose of the system plays a major role in determining the legitimate content and use of the system and therefore also in granting a right of access to the VIS (or to parts of its data) to authorities of the Member States, for legitimate public interests.

Moreover, the proposal introduces the use of biometrics in the VIS. The EDPS recognises the advantages of the use of biometrics, but stresses the major impact of the use of such data and suggests the insertion of stringent safeguards for the use of biometric data.

This opinion has to be read in the light of these main considerations. It is noted that the present opinion should be mentioned in the preamble of the Regulation before the recitals (‘Having regard to the opinion …’).

3.2.   Purpose

The purpose of the VIS is of crucial importance, both in the light of Article 8 ECHR and of the general data protection framework. According to Article 6 of Directive 95/46/EC, personal data must be ‘collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes’. Only a clear definition of purposes will allow a correct assessment of the proportionality and adequacy of the processing of personal data, which is critical because of the nature of the data (including biometrics) and the scale of the envisaged processing operation.

The purpose of the VIS is clearly stated in Article 1(2) of the proposal:

Therefore all the elements of the VIS must be necessary and proportional instruments to reach this policy goal in the interest of the common visa policy.

Article 1(2) of the proposal also lists additional benefits of the improvement of the visa policy such as:

(a)	preventing threats to internal security,

(b)	facilitating the fight against fraud,

(c)	facilitate checks at external border checkpoints.

The EDPS considers these elements as examples of positive consequences of the setting up of the VIS and of the improvement of the common visa policy, but not as autonomous purposes in themselves.

This brings two main consequences at this stage:

—

The EDPS is aware that the law enforcement agencies are interested in being granted access to the VIS; Council Conclusions in this sense have been adopted on 7 March 2005. As the purpose of the VIS is the improvement of the common visa policy, it should be noted that routine access by law enforcement authorities would not be in accordance with this purpose. While, according to Article 13 of Directive 95/46/EC, such an access could be granted on an ad hoc basis, in specific circumstances and subject to the appropriate safeguards, a systematic access cannot be allowed. More generally speaking, an assessment on proportionality and necessity is crucial if decisions are taken in the future on whether to allow certain other authorities access to the VIS. The tasks for which access is granted must be consistent with the purposes of the VIS.

—

The explicit mention of the ‘prevention of threats to internal security of any of the Member States’ in (a) is unfortunate. The main benefits of the VIS will be the prevention of fraud and visa shopping (the fight against fraud is also the main reason for the inclusion of biometrics in the system) (9). The prevention of threats to security should therefore be seen as a ‘secondary’ although very welcome benefit. The EDPS recommends that this distinction between ‘purpose’ and ‘benefits’ is made more explicit in the text of Article 1(2), for instance as follows: ‘The VIS has the purpose to improve the administration of the common visa policy, consular cooperation and consultation between central consular authorities by facilitating the exchange of data between Member States on applications and on the decisions thereto. In doing so it shall also contribute …’ It is also worth noting in this regard, that the ‘Guidelines for the introduction of a common system for an exchange of visa data’ adopted by the JHA Council on 13 June 2002 (10) placed the prevention of threats to internal security at the end of the list. It would also be possible and much more consistent with the purpose of the VIS.

3.3.   Data quality

According to Article 6 of Directive 95/46/EC, personal data must also be ‘adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed’. This relates to the proportionality of the VIS in itself, but also to the data that are to be collected and stored in the VIS and to their further use, as well as to the additional safeguards applying in that context. These elements are equally essential for the evaluation of the proposal in the light of Article 8 ECHR.

The setting up of the VIS represents undoubtedly an important interference with the exercise of the right to privacy, if only for its scale and the categories of personal data processed. Therefore the Article 29 Working Party asked in its Opinion No 7/2004 to know ‘what studies of the scale and seriousness of these phenomena revealed compelling reasons of public safety or public order that would justify such an approach’.

The EDPS has carefully taken note of the evidence presented in the EIA. Although this evidence is not fully conclusive, there appear to be sufficient reasons to justify the setting up of the VIS with the purpose of improving the common visa policy.

Within this context, it would seem to be within the margin of appreciation of the legislature to decide on the establishment of the VIS as an instrument to improve the conditions for issuing visas by Member States. Such a system could in itself well fit in and corroborate the progressive establishment of an area of freedom, security and justice as envisaged in the EC Treaty.

However, the establishment and use of the VIS could never have as an effect that a high level of protection of personal data can no longer be assured in this domain. It belongs to the advisory task of the EDPS to examine to what extent the VIS will affect the existing level of data protection of the data subjects involved.

Against this background, the EDPS will focus in this opinion on the following issues:

—	the proportionality and adequacy of the data and the use thereof (e.g. categories of data, access to data for each authority concerned, and retention period);

—	the operation of the system (e.g. responsibilities and security);

—	the rights of the data subjects (e.g. information, possibility to correct or erase inaccurate or irrelevant data);

—	the monitoring and supervision of the system.

Apart from the following paragraphs, the proposal does not give rise to important comments as to the categories of data to be included in the VIS and their use. The relevant provisions have been drafted with due care and seem to be consistent and adequate as a whole.

3.4.   Biometrics

3.4.1.   Impact of the use of biometrics

Using biometrics in information systems is never an insignificant choice, especially when the system in question concerns such a huge number of individuals. Biometrics are not just another information technology. They change irrevocably the relation between body and identity, in that they make the characteristics of the human body ‘machine-readable’ and subject to further use. Even if the biometric characteristics are not readable by the human eye, they can be read and used by appropriate tools, forever, wherever the person goes.

However useful biometrics may be for certain purposes, their widespread use will have a major impact on society, and should be subject to a wide and open debate. The EDPS must state that this debate has not really taken place before the development of the proposal. This underscores even more the need for stringent safeguards for the use of biometric data and for a careful reflection and debate in the course of the legislative process.

3.4.2.   Specific nature of biometrics

As already underlined in several opinions of the Article 29 Working Party (11), the introduction and processing of biometric data for identity related documents need to be supported by particularly consistent and serious safeguards. Indeed biometric data are highly sensitive, due to some specific characteristics.

It is true that the loss of biometric data is almost impossible for person concerned, contrary to a password or a key. They offer a quasi-absolute distinctiveness, i.e. each individual possesses unique biometrics. They almost never change throughout a person's life which provides permanency to these characteristics. Everybody have the same physical ‘elements’ which also gives to biometrics a dimension of universality.

However, revocation of biometric data is almost impossible: a finger or a face is difficult to change. This positive characteristic from a number of perspectives leads to a major downside in case of identity theft: the storage of fingerprints and photograph in a database linked with a stolen ID could lead to major and permanent problems for the real owner of this identity. Moreover, by their very nature, biometric data are not secret and can even leave traces (fingerprints, DNA) which allow for collection of these data without their owner being aware of this.

Because of these risks which are inherent to the nature of biometrics, important safeguards will need to be implemented (especially in terms of respect of the purpose limitation principle, restriction of access, and security measures).

3.4.3.   Technical imperfection of fingerprints

The main advantages of biometrics as described above (data universality, distinctiveness, permanence, usability, etc) are never absolute. This has a direct impact on the efficiency of the biometric enrolment and verification procedures planned in the regulation.

Up to 5 % of people are estimated (12) not to be able to enrol (because they have no readable fingerprints or no fingerprints at all). The EIA annexed to the proposal has foreseen around 20 millions visa applicants in 2007, which means that up to 1 million persons will not be able to follow the ‘normal’ enrolment process, with obvious consequences for the visa application and at the border checking.

Biometric identification is also by definition a statistical process. An error rate of 0,5 to 1 % is normal (13), which means that the check system at external borders will have a False Rejection Rate (FRR) between 0,5 and 1 %. This rate is tuned by a threshold based on the risk policy of the competent authorities (it corresponds to a balance established between the number of persons wrongly rejected and those wrongly accepted). Therefore, it is overstated to consider that these technologies will offer an ‘exact identification’ of the data subject as stated in the 9th Recital of the proposed Regulation.

According to a recent prospective study (14) commissioned by the LIBE committee of the European Parliament, fallback procedures should be available to constitute essential safeguards for the introduction of biometrics as they are neither accessible to all nor completely accurate. Such procedures should be implemented and used in order to respect the dignity of persons who could not follow successfully the enrolment process and to avoid transferring onto them the burden of the system imperfections (15).

The EDPS therefore recommends that fallback procedures are developed and included in the proposal. These procedures should neither decrease the security level of the visa policy nor stigmatize the individual with unreadable fingerprints.

3.5.   Special categories of data

Some categories of data (in addition to the biometric data) call for special consideration: data concerning the grounds for refusal of visa (3.4.1), and data related to other members of a group (3.4.2).

3.5.1.   Grounds for refusal of visa

Article 10(2) of the proposal provides for the processing of data concerning the grounds for refusal, when a decision has been taken to refuse a visa. These grounds for refusal are fully standardised.

—	The first two grounds in subparagraphs (a) and (b) are of a rather administrative nature: failure to submit a valid travel document, or valid documents proving the purpose and conditions of the intended stay.

—	Subparagraph (c) mentions ‘an alert on the applicant for the purposes to refuse entry’, which implies a consultation of the SIS database.

—	Finally, subparagraph (d) mentions as a reason to refuse a visa the fact that the applicant ‘constitutes a threat to public policy, internal security, public health or the international relations of any of the Member States’.

All grounds for refusal must be applied with great caution, because of the consequences they entail for the individual. Moreover, some of them, those in subparagraphs (c) and (d), will lead to the processing of ‘sensitive data’ in the sense of Article 8 of Directive 95/46/EC.

The EDPS would like to draw the attention more specifically to the condition related to public health, which seems vague and entails the processing of very sensitive data. According to the Commentary on the Articles annexed to the proposal, the reference to the threat to public health is based on the ‘proposal for a Council Regulation establishing a Community Code on the rules governing the movement of persons across borders’ (COM (2004)391 final).

The EDPS is aware that a ‘public health’ criterion is widely used in Community legislation on the free movement of persons and is applied very strictly, as shown by Directive 2004/58/EC of the European Parliament and of the Council of 29 April 2004 on the right of citizens of the Union and their family members to move and reside freely within the territory of the Member States. Article 29 of this Directive lays down the conditions for taking into account a threat to public health: ‘The only diseases justifying measures restricting freedom of movement shall be the diseases with epidemic potential as defined by the relevant instruments of the World Health Organisation and other infectious diseases or contagious parasitic diseases if they are the subject of protection provisions applying to nationals of the host Member State.’

—	Nevertheless, it should be noted that the proposal referred to before is, to date, only a proposal, and that the inclusion of the condition of not representing a threat to public health in the VIS Regulation is subject to the adoption of the Community Code.

—	Furthermore, if it is adopted, this ground for refusing entry should be read restrictively. Indeed, the proposal for a Community Code is, in turn, based on Directive 2004/58/EC just mentioned.

The EDPS therefore recommends that a reference to Article 29 of Directive 2004/58/EC is included in text of the proposal in order to make sure that ‘threat to public health’ is understood in the light of that provision. In any case, considering the sensitivity of the data, they should only be processed if the threat to public health is genuine, present and sufficiently serious.

3.5.2.   Data on other members of a group

Article 2(7) defines ‘group members’ as ‘other applicants with whom the applicant is travelling together, including the spouse and the children accompanying the applicant’. The Commentary on the Articles mentions that the definitions in Article 2 of the proposal refer to the Treaty or the Schengen Acquis on visa policy, except for some terms, including ‘group members’, which are defined specifically for the purposes of this Regulation. Therefore, it can be assumed that this definition does not refer to the definition of ‘group visa’ as given in Article 2.1.4 of the Common Consular Instructions. The Commentary on the Articles refers to ‘applicants travelling in a group with other applicants, e.g. in the framework of an ADS agreement, or together with family members’.

The EDPS stresses that a precise and comprehensive definition of ‘group members’ should be given in the Regulation. In the current proposal, for lack of a precise reference to the Treaty, or to the Schengen Acquis, the EDPS must observe that the definition is too vague. According to this wording, ‘group members’ could include colleagues, other clients from the same travel agency taking part in an organized tour, etc. The consequences are indeed very important:

according to Article 5 of the draft Regulation, the application file for an applicant will be linked to the application files of the other group members.

3.6.   Retention of data

Article 20 of the draft Regulation provides for a five years retention period for each application file. It is a policy choice for the Community legislature to provide for a reasonable time limit.

There is no evidence — particularly not in the light of the reasons mentioned in the Commentary on the Articles — to suggest that the policy choice made in this proposal is unreasonable or would have unacceptable consequences, provided that all appropriate correction mechanisms are put into place. This means that correction or deletion of data must be ensured when the data are no longer accurate, and in particular when a person has obtained the nationality of a Member State, or has acquired a status that does not require his inclusion in the system.

Moreover, when the data are still present in the system, they can in no way prejudice a new decision. Some grounds for refusal (alert on the applicant for the purpose to refuse entry, threat to public health in particular) have a limited validity in time. The fact that they have been valid reasons to refuse entry at one moment should not influence a new decision. The situation must be entirely re-assessed for each new visa application and this should be made explicit in the Regulation where appropriate.

3.7.   Access and use of data

3.7.1.   Preliminary observations

As a preliminary remark, the EDPS recognizes the care which has obviously been devoted to the regulatory system of access and use of the VIS data. Each authority has access to different data for different purposes. This is an appropriate approach that the EDPS can only encourage. The following observations aim at applying this approach to the fullest extent.

3.7.2.   Checks on visas at external border checkpoints and within the territory

In the case of visa checks at external borders, Article 16 of the proposed Regulation enounces clearly the two exact purposes:

—	‘verifying the identity of the person’, which means according to the given definition, a ‘one to one’ comparison;

—	‘verifying the authenticity of the visa’. As proposed by the ICAO standards, the microchip of the visa could use a public/private key system (PKI) in order to conduct this authentication process.

These two purposes can properly be reached with the sole access to the protected microchip by the competent authorities for carrying out checks on visas. An access to the central database of the VIS would therefore be disproportionate in this specific case. This latter option would involve more authorities connected to the VIS, which might increase the risk of misuse. It might also be a more expensive option as the number of secure and controlled access to the VIS, and the need for specific training related to this access will significantly increase as well.

Furthermore, there are doubts as to the adequacy of the access to the data as foreseen in the second point of Article 16. Indeed, paragraph (2)(a) states that if, after a first query, it appears that data on the applicant is recorded in the VIS (which should be the case in principle), the competent authority can consult other data, still for the purpose of verifying the identity. These data concern all information related to the application, photographs, fingerprints, as well as any visa previously issued, annulled, revoked or extended.

If the verification of identity has succeeded, it is not clear at all for what reason the rest of these data are still needed. They should actually only be made accessible, under restrictive conditions, if the verification procedures have failed. In this case, the data mentioned in Article 16(2) would appropriately contribute to a fallback procedure helping to ascertain the identity of the person. They should then not be accessible to each border checkpoint staff, but only more restrictively to officials in charge of difficult cases.

Finally, the definition of the authorities having access should be more precise. In particular, it is not clear what the ‘competent authorities for carrying checks within the territory of the Member State’ are. The EDPS assumes it concerns the competent authorities for carrying out checks on visas, and Article 16 should be amended in this sense.

3.7.3.   Use of data for identification and return of illegal immigrants, and for asylum procedures

In the cases described by Articles 17, 18 and 19 (return of illegal immigrants and asylum procedure), the VIS is used for the purpose of identification. Among the data which can be used for identification purposes are the photographs. However, in the current state of the technology related to automated facial recognition for such large scale IT systems, photographs cannot be used for identification (one-to-many); they cannot provide for a reliable result. They are therefore not to be considered as data adequate for the purpose of identification.

Consequently, the EDPS strongly suggests that the ‘photographs’ be removed from the first part of these articles and maintained in the second part (photographs can be used as a tool for verifying someone's identity, but not to identify in a large scale database).

An other option would be to amend Article 36 in the sense that the functionalities for processing photographs for identification purposes will only be implemented when this technology is considered reliable (possibly after advice from the technical committee).

3.7.4.   Publication of the authorities having access

Article 4 of the draft Regulation provides for a publication in the Official Journal of the European Union of the competent authorities designated in each Member State to have access to the VIS. This publication should be made on a regular (annual) basis, in order to inform about the changes in national situations. The EDPS stresses the importance of this publication as an indispensable tool for control, at a European as well as at national or local level.

3.8.   Responsibilities

It is recalled here that the VIS will be based on a centralised architecture with a central database where all information on visa will be stored and national interfaces located in the Member States allowing their competent authorities to access the central system. According the recitals 14 and 15 of the draft Regulation, Directive 95/46/EC will apply to the processing of personal data by the Member States in application of the Regulation, and Regulation 45/2001 will apply to the activities of the Commission in relation to the protection of personal data. As mentioned in these recitals in this context, the proposal aims to clarify certain points, inter alia, in respect of the responsibility for the use of the data and of the supervision on data protection.

In fact, these points would seem to relate to some crucial details without which the system of safeguards in Directive 95/46/EC and Regulation 45/2001 would not apply or would not be fully consistent with the proposal. The applicability of national law under the Directive normally assumes a controller which is established in that Member State (Article 4), whereas the applicability of the Regulation depends on the processing of personal data by a Community institution or body in the exercise of activities all or part of which fall within the scope of Community law (Article 3).

According to Article 23(2) of the draft Regulation, the data shall be ‘processed by the VIS on behalf of the Member States’. According to Article 23(3) the Member States shall designate the authority considered as controller in accordance with Article 2(d) of Directive 95/46/EC. This seems to suggest that, according to the system of the Directive, the Commission should be regarded as a processor. This is confirmed by the Explanation of the Articles (16).

This language tends to understate the very important and in fact crucial role of the Commission, both in the development phase of the system and in the course of its normal operation. It is difficult to link exactly the Commission's role to the concept of controller or processor; it is either a processor with unusual powers (among others in designing the system), or a controller with restrictions (since the data are entered and used by Member States). The Commission really has what must be recognized as a sui generis role (17) in the VIS.

This significant role should be recognized through a comprehensive description of the Commission's tasks, rather than through a wording that does not quite correspond to the reality, because it is too restrictive, does not change anything in the operation of the VIS and only leads to confusion. This is also important with a view to a consistent and effective supervision of the VIS (see also paragraph 3.11). Therefore, the EDPS recommends to delete Article 23(2).

The EDPS would like to emphasize that a complete description of the tasks of the Commission with regard to the VIS is all the more important, if the Commission envisages entrusting the management tasks to another body. The ‘Fiche Financière’ annexed to the proposal mentions the possibility to transfer these tasks to the external border agency. In this context, it is crucial that the Commission does not leave any uncertainty as to the scope of its competences, in order for its successor to know the boundaries within which he can act.

3.9.   Security

The management and respect of an optimal security level for the VIS constitutes a precondition for ensuring the required protection of personal data stored in its database. In order to obtain this satisfactory level of protection, proper safeguards have to be implemented for handling the potential risks related to the infrastructure of the system and to the persons involved. This subject is now discussed in various parts of the proposal and deserves some improvement.

Articles 25 and 26 of the proposal contain various measures for data security and specify the kind of misuses that need to be prevented. These provisions could, however, be usefully complemented by measures to systematically monitor and report on the effectiveness of the security measures that have already been mentioned. The EDPS recommends more specifically that provisions on systematic (self-)auditing of security measures are added to these articles.

This is linked to Article 40 of the proposal, which provides for monitoring and evaluation. This should not only concern the aspects of output, cost-effectiveness and quality of services, but also compliance with legal requirements, especially in the field of data protection. The EDPS therefore recommends that the scope of Article 40 is extended to monitoring and reporting on the lawfulness of processing.

Moreover, in complement to Article 24(4)(c) or Article 26(2)(e) concerning the duly authorised staff which has access to the data, it should be added that Member States should ensure that precise user profiles are available (that should be kept at the disposal of the national supervisory authorities for checks). In addition to these user profiles, a complete list of user identities has to be made and kept permanently up-to-date by Member States. The same applies to the Commission: Article 25(2)(b) should therefore be complemented in the same sense.

These security measures are completed by monitoring and organisational safeguards. Article 28 of the proposal describes the conditions and the purposes for which records of all data processing operations have to be kept. These records shall not only be stored for monitoring data protection and ensuring data security but also for conducting regular self-auditing of the VIS. The self-auditing reports will contribute to the effective execution of the tasks of the supervisory authorities that will be able to identify the weakest spots and to focus on them during their own auditing procedure.

3.10.   Rights of the data subject

3.10.1.   Information of the data subject

Providing information to the data subject to ensure fair processing is of the greatest importance. It constitutes an indispensable safeguard for the rights of the individual. Article 30 of the proposal now basically follows Article 10 of Directive 95/46/EC for that purpose.

This provision could, however, benefit from some amendments in order to make it better fit into the framework of the VIS. The Directive provides indeed for certain information to be given, but allows for more information to be given if appropriate (18). Consequently, Article 30 should be amended in order to include the following points:

—	Data subjects should also be informed about the retention period applying to their data.

—

Article 30(1)(e) concerns ‘the right of access to, and the right to rectify the data’. It would be more accurate to mention ‘the right to access, and the right to request rectification or deletion of the data’. In this regard, data subjects should be informed of the possibility to apply for advice or assistance to the relevant supervisory authorities.

—	Finally, Article 30(1)(a) mentions the information about the identity of the controller, and of his representative, if any. The controller being always installed on the territory of the European Union, there is no need to foresee this latter possibility.

3.10.2.   Rights of access, correction and deletion

Article 31(1) last sentence states that ‘such access to data may be granted only by a Member State’. It can be assumed that this means that access to (or communication of) the data cannot be granted by the Central Unit, but by any Member State. The EDPS recommends that it is made explicit that such communication can be requested in any Member State.

Moreover, the drafting of this provision also seems to imply that access cannot be denied, and will be given without authorization of the Member State responsible. That would explain why national authorities have to cooperate to enforce the rights laid down in Article 31(2), (3) and (4) but not in Article 31(1) (19).

3.10.3.   Assistance by supervisory authorities

Article 33.2 lays down that the obligation of the national supervisory authorities to assist and advise the person concerned subsists throughout proceedings (before a court). The meaning of this paragraph is not clear. The national supervisory authorities have different attitudes towards their role during court proceedings. This sounds as if they have to play the role of the counsel of the complainant in court, which is not possible in many countries.

3.11.   Supervision

The proposal shares out the supervisory task between national supervisory authorities and the EDPS. This is consistent with the approach of the proposal to applicable law and responsibilities for the operation and use of the VIS, and with the need for an effective supervision. The EDPS therefore welcomes this approach in Articles 34 and 35.

The national supervisory authorities monitor the lawfulness of the processing of personal data by the Member States, including their transmission to and from the VIS. The EDPS monitors the activities of the Commission (…) including that the personal data is transmitted lawfully between the National Interfaces and the Central Visa Information System. This might result in overlapping, as both the national supervisory authority and the EDPS are at the same time responsible for monitoring the lawfulness of transmission of data between the National Interfaces and the Central Visa Information System.

The EDPS therefore suggests an amendment of Article 34 in order to clarify that the national supervisory authorities monitor the lawfulness of the processing of personal data by the Member State, including their transmission to and from the National Interface of the VIS.

As to the supervision of the VIS, it is also important to underline that the supervision activities of the national supervisory authorities and the EDPS should be coordinated to a certain extent, in order to ensure a sufficient level of consistency and overall effectiveness. Indeed, there is a need for a harmonized implementation of the Regulation, and for working towards a common approach of common problems. Moreover, as security is concerned, it can be added that the security level of the VIS will — ultimately — be defined by the security level of its weakest link. In this regard also the cooperation between the EDPS and the national authorities needs to be structured and enhanced. Article 35 should thus contain a provision to that effect setting out that the EDPS shall convene a meeting with all national supervisory authorities, at least once a year.

3.12.   Implementation

Article 36(2) of the proposal provides: ‘The measures necessary for the technical implementation of the functionalities referred to in paragraph 1 shall be adopted in accordance with the procedure referred to in Article 39(2).’ Article 39 refers to a committee for assisting the Commission which was created in December 2001 (20) and has been used in several instruments.

The technical implementation of the VIS functionalities (interactions with the competent authorities and the uniform format of visa) presents a number of potential critical impacts on data protection. For instance, the choices to embed a microchip or not in the visa which will have an impact on the way the central database will be used, as well as the standard of the format used to exchange biometric data will drive or design the related data protection policy (21).

This selection of technologies will have a determinant impact on the proper implementation of the principles of purpose and proportionality, and should consequently be supervised. Therefore, technological choices with a substantial impact on data protection should preferably be made by way of Regulation, in accordance with the co-decision procedure. Only then, the necessary political control can be given. In all other cases with an impact on data protection, the EDPS should be given the possibility to advise on the choices made by this committee.

3.13.   Interoperability

Interoperability is a critical and vital precondition for the efficiency or large scale IT systems as the VIS. It offers the possibility to reduce the overall cost in a consistent manner and to avoid natural redundancies of heterogeneous elements. Interoperability can also make a contribution to the objective of a common visa policy by implementing the same procedural standard to all the constitutive elements of this policy. However, it is crucial to distinguish between two levels of interoperability:

—	Interoperability between EU member states is highly desirable; indeed the visa applications sent by one Member State's authorities have to be interoperable with the ones sent by any other Member State's authorities.

—	Interoperability between systems built for different purposes or with third country systems is far more questionable.

Among the available safeguards used to limit the purpose of the system and prevent ‘function creep’, the use of different technological standards can contribute to this limitation. Moreover, any form of interaction between two different systems should be thoroughly documented. Interoperability should never lead to a situation where an authority, not entitled to access or use certain data, can obtain this access via another information system.

In this context, the EDPS would like to refer to the Declaration of the Council of 25 March 2004 on Combating Terrorism, in which the Commission is asked to present proposals in order to enhance interoperability and synergies between information systems (SIS, VIS and Eurodac).

He would also like to refer to the ongoing discussion as to which body could be entrusted with the management of the different large scale systems in the future (see also paragraph 3.8 of this opinion).

The EDPS wants to stress again that interoperability of the systems can not be implemented in violation of the purpose limitation principle, and that any proposal in this matter should be submitted to him.

4.   CONCLUSIONS

4.1.   General points

1.

The EDPS recognises that the further development of a common visa policy requires an efficient exchange of relevant data. One of the mechanisms that can ensure a smooth flow of information is the VIS. The EDPS has carefully taken note of the evidence presented in the EIA. Although this evidence is not fully conclusive, there appear to be sufficient reasons to justify the setting up of the VIS with the purpose of improving the common visa policy. However, this new instrument should be limited to the collection and exchange of data, as far as such a collection or exchange is necessary for the development of a common visa policy and is proportionate to this goal.

2.

The establishment of the VIS may have positive consequences for other legitimate public interests, but this does not alter the purpose of the VIS. Therefore all the elements of the VIS must be necessary and proportional instruments to reach the policy goal, mentioned above. Moreover: — Routine access by law enforcement authorities would not be in accordance with this purpose. — The EDPS recommends that this distinction between ‘purpose’ and ‘benefits’ is made more explicit in the text of Article 1(2). — Interoperability with other systems can not be implemented in violation of the purpose limitation principle.

3.

The EDPS recognises the advantages of the use of biometrics, but stresses the major impact of the use of such data and suggests the insertion of stringent safeguards for the use of biometric data. Moreover, the technical imperfection of fingerprints requires that fallback procedures are developed and included in the proposal.

4.	The present opinion should be mentioned in the preamble of the Regulation before the recitals (‘Having regard to the opinion …’.).

4.2.   Other points

5.	Concerning the grounds for refusal of visa: a reference to Article 29 of Directive 2004/58/EC should be included in the text of the proposal in order to make sure that ‘threat to public health’ is understood in the light of that provision.

6.	Data on members of a group have a special meaning in the proposal: therefore a precise and comprehensive definition of ‘group members’ should be given.

7.

There is no evidence that the policy choice made in this proposal on the delay on the retention of data is unreasonable or would have unacceptable consequences, provided that all appropriate correction mechanisms are put into place. Moreover, it should be made explicit in the proposal that personal data must be entirely re-assessed for each new visa application.

8.

Concerning visa checks at external borders: Article 16 of the proposal should be amended since an access to the central database of the VIS would be in those cases disproportionate. A sole access to the protected microchip by the competent authorities for carrying out checks on visas is sufficient. Moreover, if the verification of identity has succeeded, it is not clear at all for what reason the rest of these data are still needed.

9.	Concerning the use of data for identification and return of illegal immigrants, and for asylum procedures: ‘photographs’ should be removed from the first part of the Articles 17, 18 and 19 and maintained in the second part.

10.	Concerning the responsibilities of the Commission and the Member States: Article 23(2) should be deleted.

11.

Provisions on systematic (self-)auditing of security measures should be added to the proposal. The scope of Article 40 must be extended to monitoring and reporting on the lawfulness of processing. Moreover: — a complete list of user identities has to be made and kept permanently up-to-date by Member States. The same applies to the Commission: Article 25(2)(b) should therefore be complemented in the same sense. — Article 28 of the proposal describes the conditions and the purposes for which records of all data processing operations have to be kept. These records shall not only be stored for monitoring data protection and ensuring data security but also for conducting regular self-auditing of the VIS.

12.

Concerning the rights of the Data Subject: — Article 30 should be amended in order to assure that Data subjects should also be informed about the retention period applying to their data. — Article 30(1)(e) should mention ‘the right to access, and the right to request rectification or deletion of the data’. — Article 31(1) must make explicit that certain communications can be requested in any Member State.

13.

Concerning supervision: — Article 34 should be amended in order to clarify that the national supervisory authorities monitor the lawfulness of the processing of personal data by the Member State, including their transmission to and from the National Interface of the VIS. — Article 35 should thus contain a provision setting out that the EDPS shall convene a meeting with all national supervisory authorities, at least once a year.

14.

Concerning implementation: — Technological choices with a substantial impact on data protection should preferably be made by way of Regulation, in accordance with the co-decision procedure. — In other cases, the EDPS should be given the possibility to give advice on the choices made by the committee foreseen by the proposal.

---

(1)  Visa Information System, final report, commissioned by the EC and conducted by Trasys, April 2003.

(2)  COM(2003)558 final with 2003/0217 (CNS) and 2003/0218 (CNS).

(3)  2004/512/EC, OJ L 213, 15.6.2004, p. 5.

(4)  COM(2004)835 final with 2004/0287 (COD).

(5)  Study for the Extended Impact Assessment of the Visa Information System, EPEC Final Report, December 2004.

(6)  Article 24(2) of the proposal.

(7)  It is useful in this context to refer to the judgment of the Court of Justice in Österreichischer Rundfunk and Others (Joined Cases C-465/00, C-138/01 and C-139/01, Judgment of 20 May 2003, Full Court, (2003) ECR I-4989). The Court dealt with an Austrian law providing for the transfer of salary details on public sector employees to the Austrian Court of Auditors and their subsequent publication. In its judgment the Court lays down a number of criteria drawn from Article 8 of the European Convention on Human Rights, which should be used when applying Directive 95/46/EC in so far as this directive allows for certain restrictions to the right to privacy.

(8)  This is an independent advisory group, composed of representatives of the data protection authorities of the Member States, the EDPS and the Commission, which was set up by Directive 95/46/EC.

(9)  The EIA states this very clearly (p.6, §2.7).: ‘the inefficiencies in combating visa shopping, fraud, and in conducting checks are causing also inefficiencies in relation to internal security of the Member States’. This implies that the threats to security are due partly to inefficient visa policy. The first thing to do in this regard is to improve the visa policy, mostly by combating fraud and perform better checks. The improvement in security will result from improvement in the visa policy.

(10)  ‘Council Framework Decision of 13 June 2002 on combating terrorism (2002/475/JHA)’ (OJ L 164, 22.6.2002, p. 3).

(11)  Opinion No 7/2004 on the inclusion of biometric elements in residence permits and visas taking account of the establishment of the European information system on visas (VIS) (Markt/11487/04/EN - WP 96) and Working document on biometrics (MARKT/10595/03/EN - WP 80).

(12)  A. Sasse, Cybertrust and Crime Prevention: Usability and Trust in Information Systems, in‘Foresight cybertrust and crime prevention project’. 04/1151, 10 June 2004, p.7, and Technology Assessment, ‘Using Biometrics for Border Security’, United States General Accounting Office, GAO-03-174, November 2002.

(13)  A. K. Jain et al., Biometrics: A grand Challenge, Proceedings of International Conference on Pattern Recognition, Cambridge, UK., August 2004

Biometric	Face	Finger	Iris
FTE % Failure To Enrol	n/a	4	7
FNMR % rejection rates	4	2,5	6
FMR1 % verification match error rate	10	< 0,01	< 0,001
FMR2 % identification error rates for dB size > 1 m	40	0,1	N/A
FMR3 % screening match error rate for dB sizes = 500	12	< 1	N/A

Biometrics: A grand Challenge

(14)  Biometrics at the frontiers: assessing the impact on Society, February 2005, Institute for Prospective Technological Studies, DG Joint Research Centre, EC.

(15)  Progress report on the application of the principles of Convention 108 to the collection and processing of biometric data, Council of Europe, 2005, page 11.

(16)  See page 37 of the proposal.

(17)  Although the definition of controller in Directive 95/46/EC and Regulation 45/2001 also provides for the possibility of more controllers with different responsibilities.

(18)  It mentions ‘any further information (…) insofar as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject’.

(19)  Consequently, Article 31(3) concerning cooperation between national authorities in the exercise of the rights of correction or deletion could be amended in this sense, for more clarity: ‘if the request as mentioned in 31(2)’ The requests as mentioned in 31(1) (access) do not involve cooperation between authorities.

(20)  Council Regulation (EC) No 2424/2001 of 6 December 2001 on the development of the second generation Schengen Information System (SIS II).

(21)  The proposal for a Council regulation amending (EC) No 1683/95 (uniform format for VISA) in September 2003 included also a similar article.

---