52000PC0100

Amended proposal for a COUNCIL REGULATION concerning the establishment of "Eurodac" for the comparison of the fingerprints of applicants for asylum and certain other third-country nationals to facilitate the implementation of the Dublin Convention

EXPLANATORY MEMORANDUM A. The European Parliament's opinion and the Commission's response On 18 November 1999, the European Parliament adopted its opinion on the Commission proposal for a Council Regulation concerning the establishment of "Eurodac" for the comparison of the fingerprints of applicants for asylum and certain other aliens. The Parliament approved the Commission's proposal, subject to a number of amendments. The issues covered by the Parliament's amendments, and the Commission's response in each case, is set out below. The use of the term "alien" (amendment 1). The Parliament considered that the term "alien" has negative connotations, and the term "third-country national" is an adequate substitute. The Commission has accepted this amendment. Whilst the term "alien" is neutral in some languages, it is the case that it has negative connotations in others. The Commission has therefore made the necessary changes throughout the entire text. In addition, a definition of the term "third-country national" has been added, to make it clear that the scope of the instrument includes stateless persons. The title: the exclusive link with the Dublin Convention (amendment 2). The Parliament considered that the title of the Regulation should be amended to insert a reference to the Dublin Convention, to emphasise the fact that Eurodac is concerned exclusively with the implementation of the Dublin Convention. The Commission has accepted this Amendment and changed the title accordingly. The minimum age for fingerprinting (amendments 3, 5, 8 and 10). The Parliament considered that the minimum age for fingerprinting the categories of persons covered by this Regulation should be raised from 14 to 18. The Commission recognises that this is an important issue for the Parliament. The Commission has not, however, accepted this amendment. The Commission recalls that within the Council, the pressure has been for a lower rather than a higher minimum age limit. Migratory movements of people seeking international protection do unfortunately involve children, and the scope of instruments designed to respond to such movements must take account of this fact. It is of course entirely proper that safeguards should be in place to ensure that fingerprinting is carried out in an appropriate fashion, and the Commission's approach involves accepting the Parliament's amendments which make it clear that fingerprinting must be carried out in accordance with the European Convention for the Protection of Human Rights and Fundamental Freedoms and the United Nations Convention on the Rights of the Child. There will be a further opportunity to consider the rules on the transfer of asylum applicants between Member States, their application to children, and the introduction of special safeguards, in the context of forthcoming discussions on the replacement of the Dublin Convention with a Community legal instrument. Erasure of data from the central database (amendments 4, 7, 9 and 11). The Parliament considered that the data of applicants for asylum and of persons apprehended at the external border should be erased from the central database when the persons concerned has been granted refugee status or a subsidiary or complementary form of protection or any other legal status. The Commission has accepted some, but not all, of these amendments. The Commission has accepted the Parliament's amendments relating to data on recognised refugees. Article 12 of the Commission's original proposal was a compromise. Some Member States considered that there was a problem with people who have been recognised as a refugee in one Member State travelling to another Member State and claiming asylum there, and they considered that the Dublin Convention should be applied in such situations. Other Member States did not share this analysis. It was therefore proposed that data on recognised refugees should be blocked in the central unit, so that statistical data should be compiled to measure the scale of the phenomenon. The Commission now proposes to take a different approach to this issue. If some people who have been recognised as refugees in one Member State are travelling to another Member State and seeking asylum there, this is likely to be because refugees to not enjoy a general right to reside in a Member State other than the one in which they were recognised and admitted as a refugee. The Commission considers that this situation should be remedied by including refugees within the scope of an instrument defining the circumstances in which a third-country national who is legally resident in one Member State may reside in another Member State. The Commission has therefore amended its proposal for a Eurodac Regulation by deleting the former Article 12 entirely, and by rewriting Article 7 to make it clear that data on recognised refugees would be deleted. The Commission considers that it would not be appropriate to provide that data on asylum applicants should be erased as soon as they were granted any kind of legal status. If this were to be the case, Eurodac would no longer cover situations where an asylum applicant was granted permission to remain in some other capacity for a short time, and at the end of this period moved to another Member State and claimed asylum there. The Commission would, however, recall that in the Explanatory Memorandum to its original proposal it indicated that it saw a case for considering advance data erasure in relation to asylum applicants who become long-term residents in a Member State. At present, there are no common Community rules on long term residence, but this issue will need to be addressed in the future. In relation to persons apprehended at the external border, the Commission's proposal already provided that data should be erased as soon as the persons concerned were granted a residence permit, which effectively covers the situations mentioned by the Parliament. (The definition of a residence permit which applies in this context, by virtue of what is now Article 2(3) of the Regulation, is the rather broad definition used in the Dublin Convention, i.e. "any authorization issued by the authorities of a Member State authorizing an alien to stay in its territory, with the exception of visas and "stay permits" issued during examination of an application for a residence permit or for asylum). But to make this point clearer on the face of the text, the Commission has amended Article 10(2)(a) of the proposal to introduce a specific reference to people admitted as refugees or under a subsidiary form of protection. Carrying out fingerprinting in accordance with the safeguards laid down in relevant international instruments (amendments 5 and 8). The Parliament approved amendments confirming that the procedure for taking fingerprints should be in accordance with the safeguards laid down in the European Convention on Human Rights and Fundamental Freedoms and the United Nations Convention on the Rights of the Child. The Commission has accepted these amendments, and amended Articles 4(1) and 8(1) accordingly. The need for a clear fingerprint match (amendment 6). Amendment 6 makes it clear that a clear match on identical fingerprints is required, rather than simply the identification of two sets of fingerprints which are similar. The Commission can accept this principle. In the course of discussions in the Council on the Commission's proposal, it was agreed that Article 4(5) should be amended to make it clear that the result which will be sent to a Member State will either be a "hit" relating to a specific individual or else a negative result. The Commission considers that this Amendment takes account of the concerns expressed by the Parliament. The Commission does not consider that the exact wording of the Parliament's amendment is appropriate, which states that in the absence of an exact match, the Member State which asked for the fingerprint comparison shall initiate the asylum procedure. This would override the provisions of the Dublin Convention itself, and in certain circumstances could prevent family reunification from taking place, which certainly does not appear to be the Parliament's intention. Prohibition on the transfer of data to third countries and to other agencies (amendment 12). The Commission understands that this Amendment is designed to limit data transfer in two distinct cases. The first is to prevent data being sent to the authorities of the asylum applicant's country of origin, which could put the applicant at risk. The second is to stop data being passed to other agencies within a Member State which are not concerned with implementation of the Dublin Convention. The Commission agrees with both these objectives. As far as transfer of data to third countries are concerned, this is not envisaged at all under the Regulation and, given the purpose of Eurodac, it is (with one exception mentioned below) very difficult to envisage circumstances in which Eurodac data could be lawfully transmitted to a third country in compliance with applicable Community data protection legislation. The Commission recognises that the previous text did not, however, contain a provision which explicitly prohibited data transfer to third countries, and has remedied this with the addition of a new paragraph 5 to Article 14 (previously Article 15). The addition specifically takes account of one exceptional situation. The Commission has put forward a recommendation for a Council decision with a view to authorising the Commission to open negotiations with the Republic of Iceland and the Kingdom of Norway on an agreement on the criteria and mechanism for examining a request for asylum lodged in any of the Member States of the European Union or in Iceland or Norway. Article 7 of the Agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association with the implementation, application and development of the Schengen acquis specifically envisages such an arrangement, in recognition of the fact that measures on responsibility for asylum application are a flanking measure to accompany the abolition of frontier controls. Since an agreement with Iceland and Norway is likely to imply the extension of Eurodac to these two States, the Commission's amendment to Article 14 of the Eurodac Regulation caters for this situation. As far as data transfer to other agencies within a Member State are concerned, data protection legislation takes a functional rather than institutional approach. That is to say, it specifies the purposes for which data may be used and the conditions under which it may be used, rather than the specific agencies which may use it. The Commission would recall that under applicable Community data protection legislation, data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Article 1(3) of the Eurodac Regulation provides that data may be processed in Eurodac only for the purposes set out in Article 15(1) of the Dublin Convention. These provisions effectively guarantee that Eurodac data could not lawfully be transferred to an authority which had no role in implementing the Dublin Convention, and which for instance dealt exclusively with social security issues. B. Amendments in the light of developments since the Commission's original proposal It has been necessary to make modifications to the Commission's original proposal in two respects to take account of developments which have occurred since the Commission adopted its original proposal for a Eurodac Regulation on 26 May 1999: Committee (Article 21, previously Article 22). Article 22 of the Commission's original proposal was based on the regulatory procedure in Council Decision 87/373/EEC. In the commentary on Article 22 in the Explanatory Memorandum, the Commission stated that it might be necessary to adjust the Article if agreement was reached on revision of the "comitology" decision. On 28 June 1999, the Council duly adopted its decision laying down the procedures for the exercise of implementing powers conferred in the Commission (Council Decision 1999/468/EC). Following this, the Commission decided on 20 July 1999 to modify all legislative proposals pending before the European Parliament and Council which envisaged recourse to a comitology procedure, and to replace the procedure contained in each proposal with the procedure of the same type contained in Decision 1999/468/EC. The Secretary-General of the Commission wrote to the Secretary General of the Council and the Secretary General of the European Parliament on 26 July 1999 to notify them of this Decision. The Article relating to the committee has been amended accordingly. The procedure for the adoption of the main implementing measures under Article 4(7) of the Regulation is the new regulatory procedure. In relation to the compilation of general statistics under Article 3 of the Regulation, this is not a measure of general scope and in addition the main rules on the compilation of statistics have now been written into the Regulation itself in Article 3(3) (see section C (iii) of the Explanatory Memorandum). The implementing power provided for in Article 3(4) is effectively a reserve power. An advisory committee is appropriate in this case. Territorial scope (recitals and Article 24, previously Article 25). The United Kingdom and Ireland have both notified the President of the Council, pursuant to Article 3 of the Protocol on the position of the United Kingdom and Ireland, that they wish to take part in the adoption and application of the Eurodac Regulation. In the interests of transparency, a recital has been added to make it clear that the Regulation applies to these two Member States. An adaptation to Article 24 (previously Article 25) on territorial application has also been included for technical and legal reasons because, at the present juncture, the territorial scope of the Regulation should be fully aligned on that of the Dublin Convention. Whilst the territorial application of the Regulation is in principle governed by Article 299 of the Treaty establishing the European Community, Article 24 provides that the Regulation shall not be applicable to any territory to which the Dublin Convention does not apply. A recital has also been added on the position of Denmark. C. Amendments from Council negotiations accepted by the Commission The revised text includes a number of amendments which have been agreed in the Council, most of which are of a technical nature: Definitions relating to data protection (Article 2). The Commission's original proposal included definitions for the terms "personal data" and "processing of personal data" which were identical to the definitions found in the data protection directive (Directive 95/46/EC). These definition have been replaced by a new paragraph 2 in Article 2 which provides that all terms defined in Article 2 of Directive 95/46/EC shall have the same meaning in the Eurodac Regulation. Use of the terms "transmit" and "communicate". The Eurodac Convention used the term "transmit" in relation to the transfer of data on applicants for asylum, and defined the term "transmission of data" to reflect the specific rules relating to data on asylum applicants. The Eurodac Protocol used the term "communicate" in relation to data on persons apprehended in connection with the irregular crossing of an external border and persons found illegally present on the territory of a Member State, to reflect the fact that different rules applied for the treatment of data on these categories of persons. It has now been possible to agree to use a single term - "transmit" - throughout the text to refer to the transfer of data, and to delete the definition of "transmission of data" which was previously found in Article 2(1)(e). This does not in any way undermine the specific and different rules which apply in relation to each category of persons covered by the Regulation. Statistics (Article 3(3)). Although the Commission would have been content to deal with the statistics which should be compiled by the Central Unit in the context of implementing measures, within the Council, Member States preferred to lay down certain statistical requirements in the Regulation itself. Such statistics will in any case be an important element in implementing Article 22 (previously Article 23) on monitoring and evaluation. Specification of the fingerprints of which fingers are required (Articles 4(1), 8(1) and 11(2)). Whilst the Commission would have been content to deal with this issue in the context of implementing rules, within the Council, Member States expressed a preference to deal with it in the Regulation itself. Articles 4(1) and 8(1) have therefore been amended, and a new Article 11(2) has been introduced. The results of a fingerprint comparison (Article 4(5)). The original text of the Regulation followed the language of the frozen Eurodac Convention text in referring to data which "in the opinion of the Central Unit, are so similar as to be regarded as matching the fingerprints which were transmitted by that Member State." It has now been agreed that technology is sufficiently far advanced for the text to be adapted to refer to a "hit" which is defined in Article 2 as a match or matches relating to data on a single individual. This change is consistent with amendment 6 of the Parliament (see point A (vi)). Cross references in Articles 9(2) and 11(3) to the Article 4 procedure. The Commission has made these cross references more precise. Erasure of data and destruction of data media relating to persons found illegally present in a Member State (Article 11(4)). In the interests of consistency and completeness, the text now deals explicitly both with erasure of data on persons found illegally present on the territory of a Member State and with the destruction of the media used for transmitting such data to the Central Unit. Liability (Article 16(1), previously Article 17(1)). The words "whether physical or moral" have been dropped, since they do not appear in the corresponding provision in Directive 95/46/EC. In the final sentence, the word "may" has been changed to "shall", so that the Regulation establishes a clear rule. Information to the data subject (Article 17(1), previously Article 18(1)). This paragraph has been redrafted in order to align it as closely as possible with the provisions of Articles 10 and 11 of Directive 95/46/EC. Secretariat to the joint supervisory authority (Article 19(7)). On 14 July 1999, the Commission adopted a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data (COM(1999) 337 final). This Regulation, which is based on Article 286 of the Treaty establishing the European Community, will establish a data protection supervisory body for the Community institutions as envisaged by the Treaty. Once this body is established, it will take on the task of supervising the processing of person data in the Eurodac Central Unit. But if Eurodac is operational before that time, a joint supervisory body will be established on an interim basis under Article 19 (previously Article 20) of the Eurodac Regulation. An addition has been made to paragraph 7 of this Article to make provision for a secretariat to the joint supervisory authority. Costs (Article 20, previously Article 21). For the avoidance of doubt, paragraph 1 of the corresponding provision in the frozen convention text has been reinserted. This makes it clear that the costs of the Central Unit will be borne by the budget of the European Communities. Penalties (Article 23, previously 24). Whilst the Commission cannot accept some of the proposed Council amendments to this Article, it can accept that penalties should relate specifically to the use contrary to the purpose of Eurodac of data recorded in the central database. D. Amendments proposed by the Council which are not included in the amended Commission proposal The Commission cannot agree to three amendments which the Council propose to make to the text of the Eurodac Regulation: Deletion of the term "citizenship of the Union" (Articles 7 and 10). The Council has objected to the term "citizenship of the union" and prefers the term "nationality of a Member State", first on the grounds that citizenship of the Union is not a clear legal concept and secondly on the grounds that it undermines the concept of national of a Member State. In response to the first point, the Commission has recalled the provisions of Article 17 of the Treaty establishing the European Community. In response to the second concern, the Commission simply cannot accept that a reference to "citizenship of the Union" in the Eurodac Regulation would in any way undermine the notion of national citizenship. Implementing powers (Article 21, previously Article 22). The Council proposes to reserve the main implementing powers under the Eurodac Regulation to itself rather than to delegate them to the Commission. The Commission considers that the justification given by the Council for this is totally inadequate. The Commission has noted that the retention of implementing powers by the Council would affect the roles of both the Commission and the Parliament. The Parliament would lose its right of information in relation to the implementing measures which it possesses by virtue of Article 7 of the new comitology decision (Council Decision 1999/468/EC). The Commission has also noted that in the nearest comparable case, the Customs Information System, a regulatory committee procedure was used. The Commission has therefore indicated that it will make a declaration to the effect that: "The Commission considers that Article 22, under which nearly all implementing powers are purportedly reserved to itself by the Council rather than conferred on the Commission, has not been properly substantiated as required by Article 1 of Decision 1999/468/EC, and that it is accordingly not consonant with the principles and rules laid down by the Council pursuant to Article 202 of the Treaty establishing the European Community nor with the treatment of comparable cases by the Council in the past. The Commission therefore reserves all its rights under the Treaty establishing the European Community. The Commission further considers that Article 22 represents a substantial change to the Commission's original proposal, and reconsultation of the European Parliament is therefore required." Penalties (Article 23, previously Article 24). The Council proposes to replace this Article with the following wording taken from the frozen Eurodac Convention text: "Member States shall ensure that the use of data recorded in the central database contrary to the purpose of Eurodac as laid down in Article 1(1) shall be subject to appropriate penalties". Whilst the Commission can agree that penalties should relate specifically to the use contrary to the purpose of Eurodac of data recorded in the central database, it has three difficulties with the proposed text. First, the language used is not appropriate in a binding Community regulation. Secondly, it is regrettable that the Council should seek to delete the reference to penalties being effective, proportionate and dissuasive, since the jurisprudence of the Court of Justice is clear on this point. Thirdly, it is regrettable that the Council should seek to remove the duty to notify the Commission of the relevant national rules relating to penalties, given the Commission's role as "guardian of the Treaties". The Commission has therefore indicated that it will make the following declaration: "The Commission reminds the Member States that, according to the well-established jurisprudence of the Court of Justice, the penalties which they are required to impose pursuant to Article 25 must be effective, proportionate and dissuasive. The Commission recalls that under Article 211 of the Treaty establishing the European Community the Commission is charged with ensuring that the provisions of the Treaty and the measures taken by the institutions pursuant thereto are applied and that according to Article 284 of the Treaty it has the right to collect any information required for the tasks entrusted to it. In this context, the Commission considers that the Member States will need to notify the Commission of the procedural and substantive arrangements which they make pursuant to Article 25."

(presented by the Commission)

Amended proposal for a

COUNCIL REGULATION

concerning the establishment of "Eurodac" for the comparison of the fingerprints of applicants for asylum and certain other third-country nationals to facilitate the implementation of the Dublin Convention

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 63(1)(a) thereof,

Having regard to the proposal from the Commission [1],

[1] OJ C

Having regard to the opinion of the European Parliament [2],

[2] OJ C

Whereas:

(1) Member States have ratified the Geneva Convention of 28 July 1951 relating to the status of refugees, as amended by the New York Protocol of 31 January 1967.

(2) Member States have concluded the Dublin Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed in Dublin on 15 June 1990 [3] (hereinafter referred to as "the Dublin Convention").

[3] OJ C 254, 19.8.1997, p. 1.

(3) For the purposes of applying the Dublin Convention, it is necessary to establish the identity of applicants for asylum and of persons apprehended in connection with the unlawful crossing of the external borders of the Community. It is also desirable in order effectively to apply the Dublin Convention, and in particular points (c) and (e) of Article 10(1) thereof, to allow each Member State to check whether a third-country national found illegally present on its territory has applied for asylum in another Member State.

(4) Fingerprints constitute an important element in establishing the exact identity of such persons; it is necessary to set up a system for the comparison of their fingerprint data.

(5) To this end, it is necessary to set up a system known as "Eurodac", consisting of a Central Unit to be established within the Commission, which will operate a computerized central database of fingerprint data, as well as of the electronic means of transmission between the Member States and the central database.

(6) It is also necessary to require the Member States promptly to take fingerprints of every applicant for asylum and of every third-country national who is apprehended in connection with the irregular crossing of an external border of the Member States, if they are at least 14 years of age.

(7) It is necessary to lay down precise rules on the transmission of such fingerprint data to the Central Unit, the recording of such fingerprint data and other relevant data in the central database, their storage, their comparison with other fingerprint data, the transmission of the results of such comparison and the blocking and erasure of the recorded data; such rules may be different for, and should be specifically adapted to, the situation of different categories of third-country nationals.

(8) Third-country nationals who have requested asylum in one Member State may have the option of requesting asylum in another Member State for many years to come: therefore, the maximum period during which fingerprint data should be kept by the Central Unit should be of considerable length. Given that most third-country nationals who have stayed in the Community for several years will have obtained a settled status or even citizenship of the Union after that period, a period of 10 years should be considered a reasonable period for the conservation of fingerprint data.

(9) The conservation period should be shorter in certain special situations where there is no need to keep fingerprint data for that length of time: fingerprint data should be erased immediately once third-country nationals obtain Union citizenship or are admitted as refugees.

(10) It is necessary to lay down clearly the respective responsibilities of the Commission, in respect of the Central Unit, and of the Member States, as regards data use, data security, access to and correction of recorded data.

(11) While the non-contractual liability of the Community in connection with the operation of the Eurodac system will be governed by the relevant provisions of the Treaty, it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

(12) In accordance with the principles of subsidiarity and proportionality as set out in Article 5 of the Treaty, the objective of the proposed measures, namely the creation within the Commission of a system for the comparison of fingerprint data to assist the implementation of the Community's asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Community: this Regulation confines itself to the minimum required in order to achieve those objectives and does not go beyond what is necessary for that purpose.

(13) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [4] applies to the processing of personal data by the Member States within the framework of the Eurodac system.

[4] OJ L 281, 23.11.1995, p. 31.

(14) By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to the Community institutions and bodies: the Central Unit being established within the Commission, that Directive applies to the processing of personal data by that Unit.

(15) The principles set out in Directive 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to privacy with regard to the processing of personal data, should be supplemented or clarified, in particular as far as certain sectors are concerned.

(16) Since the measures necessary for the implementation of Article 4(7) of this Regulation are measures of general scope within the meaning of Article 2 of Council Decision 1999/468/EC of 28 June 1999 laying down the procedures for the exercise of implementing powers conferred on the Commission [5], they should be adopted by use of the regulatory procedure provided for in Article 5 of that Decision.

[5] OJ L 184, 17.7.1999, p. 23.

(17) In accordance with Article 2 of Decision 1999/468/EC, measures for the implementation of Article 3(4) of this Regulation should be adopted by use of the advisory procedure provided for in Article 3 of that Decision.

(18) It is appropriate to monitor and evaluate the performance of Eurodac.

(19) Member States should provide for a system of sanctions for infringements of this Regulation.

(20) This Regulation applies to the United Kingdom and to Ireland by virtue of the notifications which they have communicated in accordance with Article 3 of the Protocol on the position of the United Kingdom and Ireland annexed to the Treaty on European Union and the Treaty establishing the European Community.

(21) Denmark, in accordance with Articles 1 and 2 of the Protocol on the position of Denmark annexed to the Treaty on European Union and the Treaty establishing the European Community, is not participating in the adoption of this Regulation and is therefore not bound by it nor subject to its application.

(22) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of the Dublin Convention.

(23) This Regulation should enter into force on the day of its publication in the Official Journal of the European Communities in order to serve as legal basis for the implementing rules which, with a view to its rapid application, are required for the establishment of the necessary technical arrangements by the Member States and the Commission; the Commission should therefore be charged with verifying that those conditions are fulfilled.

HAS ADOPTED THIS REGULATION:

Chapter I - General provisions

Article 1

Purpose of "Eurodac"

1. A system known as "Eurodac" is hereby established, the purpose of which shall be to assist in determining which Member State is to be responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State, and otherwise to facilitate the application of the Dublin Convention under the conditions set out in this Regulation.

2. Eurodac shall consist of:

(a) the Central Unit referred to in Article 3,

(b) a computerized central database in which the data referred to in Article 5(1), Article 8(2) and Article 11(2) are processed for the purpose of comparing the fingerprint data of applicants for asylum and of the categories of third-country nationals referred to in Article 8(1) and Article 11(1),

(c) means of data transmission between the Member States and the central database.

The rules governing Eurodac shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit until use is made of the results of the comparison.

3. Without prejudice to the use of data intended for Eurodac by the Member State of origin in databases set up under the latter's national law, fingerprint data and other personal data may be processed in Eurodac only for the purposes set out in Article 15(1) of the Dublin Convention.

Article 2

Definitions

1. For the purposes of this Regulation:

(a) "the Dublin Convention" means the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990.

(b) an "applicant for asylum" means a third-country national who has made an application for asylum or on whose behalf such an application has been made.

(c) "Member State of origin" means:

(i) in relation to an applicant for asylum or a person covered by Article 11, the Member State which transmits the personal data to the Central Unit and receives the results of the comparison;

(ii) in relation to a person covered by Article 8, the Member State which transmits such data to the Central Unit.

(d) "third-country national" means any person who is not a Union citizen within the meaning of Article 17(1) of the Treaty, regardless of whether that person is a citizen of a third country or a stateless person.

(e) "refugee" means a person who has been recognised as a refugee in accordance with the Geneva Convention of 28 July 1951 relating to the status of refugees, as amended by the New York Protocol of 31 January 1967.

(f) "hit" means the existence of a match or matches established by the Central Unit by comparison between fingerprint data recorded in the computerized central database and those transmitted by the Member State with regard to any one person, subject to the requirement that the Member States shall immediately check the results of the comparison.

2. The terms defined in Article 2 of Directive 95/46/EC shall have the same meaning in this Regulation.

3. Unless stated otherwise, the terms defined in Article 1 of the Dublin Convention shall have the same meaning in this Regulation.

Article 3

Central Unit

1. A Central Unit shall be established within the Commission which shall be responsible for operating the central database referred to in Article 1(2)(b) on behalf of the Member States. The Central Unit shall be equipped with a computerized fingerprint recognition system.

2. Data on applicants for asylum, persons covered by Article 8 and persons covered by Article 11 which are processed at the Central Unit shall be processed on behalf of the Member State of origin.

3. The Central Unit shall draw up statistics on its work every quarter, indicating:

(a) the number of data sets transmitted on asylum applicants and the persons referred to in Articles 8(1) and 11(1);

(b) the number of hits for asylum applicants who have lodged an asylum application in another Member State;

(c) the number of hits for persons referred to in Article 8(1) who have subsequently lodged an asylum application;

(d) the number of hits for persons referred to Article 11(1) who had previously lodged an asylum application in another Member State;

(e) the number of fingerprint data which the Central Unit had to request a second time from the Member States of origin because the fingerprint data originally transmitted did not lend themselves to comparison using the computerized fingerprint recognition system.

At the end of each year statistical data shall be prepared in the form of a compilation of the quarterly statistics drawn up since the beginning of Eurodac's activities, including an indication of the number of persons for whom hits have been recorded under (b), (c) and (d) of the first subparagraph.

The statistics shall contain a breakdown of data for each Member State.

4. Pursuant to the procedure referred to in Article 21(4), the Central Unit may be charged with carrying out certain other statistical tasks on the basis of the data processed at the Unit.

Chapter II - Applicants for asylum

Article 4

Collection, transmission and comparison of fingerprints

1. Each Member State shall promptly take the fingerprints of all fingers of every applicant for asylum of at least 14 years of age and shall promptly transmit the data referred to in points (a) to (f) of Article 5(1) to the Central Unit.

The procedure for taking fingerprints shall be determined in accordance with the national practice of the Member State concerned and in accordance with the safeguards laid down in the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the United Nations Convention on the Rights of the Child.

2. The data referred to in Article 5(1) shall be immediately recorded in the central database by the Central Unit, or, provided that the technical conditions for such purposes are met, by the Member State of origin direct.

3. Fingerprint data within the meaning of point (b) of Article 5(1), transmitted by any Member State, shall be compared by the Central Unit with the fingerprint data transmitted by other Member States and already stored in the central database.

4. The Central Unit shall ensure, on the request of a Member State, that the comparison referred to in paragraph 3 covers the fingerprint data previously transmitted by that Member State, in addition to the data from other Member States.

5. The Central Unit shall forthwith transmit the hit or the negative result of the comparison to the Member State of origin. Where there is a hit it shall transmit, for all data sets corresponding to the hit, the data referred to in Article 5(1), although in the case of the data referred to in Article 5(1)(b), only in so far as they were the basis for the hit.

Direct transmission to the Member State of origin of the results of the comparison shall be permissible where the technical conditions for such purpose are met.

6. The results of the comparison shall be immediately checked in the Member State of origin. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 15 of the Dublin Convention.

Information received from the Central Unit relating to data found to be unreliable shall be erased or destroyed by the Member State of origin as soon as the mismatch or unreliability of the data is established.

7. The implementing rules setting out the procedures necessary for the application of paragraphs 1 to 6 shall be adopted in accordance with the procedure referred to in Article 21(2).

Article 5

Recording of data

1. Only the following data shall be recorded in the central database:

(a) Member State of origin, place and date of the application for asylum;

(b) fingerprint data;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit;

(g) date on which the data were entered in the central database;

(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.

Article 6

Data storage

Each set of data as referred to in Article 5(1) shall be stored in the central database for ten years from the date on which the fingerprints were taken.

Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

Article 7

Advance data erasure

Data relating to an applicant for asylum shall be erased from the central database in accordance with Article 14(3) immediately, if the Member State of origin becomes aware of either of the following circumstances before the ten-year period mentioned in Article 6 has expired:

(a) that the applicant for asylum has acquired citizenship of the Union;

(b) that the applicant for asylum has been recognised and admitted as a refugee in a Member State.

Chapter III - Third-country nationals apprehended in connection with the irregular crossing of an external border

Article 8

Collection and transmission of fingerprint data

1. Each Member State shall promptly take, in accordance with the safeguards laid down in the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the United Nations Convention on the Rights of the Child, the fingerprints of all fingers of every third-country national of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back.

2. The Member State concerned shall promptly transmit to the Central Unit the following data in relation to any third-country national as referred to in paragraph 1:

(a) Member State of origin;

(b) fingerprint data;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit.

Article 9

Recording of data

1. The data referred to in Article 8(2) shall be recorded in the central database together with the date on which the data were entered.

Without prejudice to Article 3(3), data transmitted to the Central Unit pursuant to Article 8(2) shall be recorded for the sole purpose of comparison with data on applicants for asylum transmitted subsequently to the Central Unit.

The Central Unit shall not compare data transmitted to it pursuant to Article 8(2) with any data previously recorded in the central database, nor with data subsequently transmitted to the Central Unit pursuant to Article 8(2).

2. The procedures provided for in Article 4(1) second subparagraph, Article 4(2) and Article 5(2) as well as the provisions laid down pursuant to Article 4(7) are applicable. As regards the comparison of data on applicants for asylum subsequently transmitted to the Central Unit with the data referred to in paragraph 1, the procedures provided for in Article 4(3), (5) and (6) shall apply.

Article 10

Storage of data

1. Each set of data relating to a third-country national as referred to in Article 8(1) shall be stored in the central database for two years from the date on which the fingerprints of the third-country national were taken. Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

2. The data relating to a third-country national as referred to in Article 8(1) shall be erased from the central database in accordance with Article 14(3) immediately, if the Member State of origin becomes aware of one of the following circumstances before the two-year period mentioned in paragraph 1 has expired:

(a) that the third-country national has been issued with a residence permit, including a residence permit issued pursuant to recognition as a refugee or the granting of a subsidiary or complementary form of protection;

(b) that the third-country national has left the territory of the Member States;

(c) that the third-country national has acquired citizenship of the Union.

Chapter IV - Third-country nationals found illegally present in a Member State

Article 11

Comparison of fingerprint data

1. With a view to checking whether a third-country national found illegally present within its territory has previously lodged an application for asylum in another Member State, each Member State may transmit to the Central Unit any fingerprint data relating to fingerprints which it may have taken of any such third-country national of at least 14 years of age together with the reference number used by that Member State.

As a general rule there are grounds for checking whether the third-country national has previously lodged an application for asylum in another Member State where:

(a) the third-country national declares that he/she has lodged an application for asylum but without indicating the Member State in which he/she made the application;

(b) the third-country national does not request asylum but objects to being returned to his/her country of origin, by claiming that he/she would be in danger, or

(c) the third-country national otherwise seeks to prevent his/her removal by refusing to cooperate in establishing his/her identity, in particular by showing no, or false, identity papers.

2. Where Member States take part in the procedure referred to in paragraph 1, they shall transmit to the Central Unit the fingerprint data relating to all or at least the index fingers, and if those are missing, the prints of all other fingers, of third-country nationals referred to in paragraph 1.

3. The fingerprint data of a third-country national as referred to in paragraph 1 shall be transmitted to the Central Unit solely for the purpose of comparison with the fingerprint data of applicants for asylum transmitted by other Member States and already recorded in the central database.

The fingerprint data of such a third-country national shall not be recorded in the central database, nor shall they be compared with the data transmitted to the Central Unit pursuant to Article 8(2).

4. As regards the comparison of fingerprint data transmitted under this Article with the fingerprint data of applicants for asylum transmitted by other Member States which have already been stored in the Central Unit, the procedures provided for Article 4(3), (5) and (6) as well as the provisions laid down pursuant to Article 4(7) shall apply.

5. Once the results of the comparison have been transmitted to the Member State of origin, the Central Unit shall forthwith:

(a) erase the fingerprint data and other data transmitted to it under paragraph 1; and

(b) destroy the media used by the Member State of origin for transmitting the data to the Central Unit, unless the Member State of origin has requested their return.

Chapter V - Data use, data protection, security and liability

Article 12

Responsibility for data use

1. The Member State of origin shall be responsible for ensuring that:

(a) fingerprints are taken lawfully;

(b) fingerprint data and the other data referred to in Article 5(1), Article 8(2) and Article 11(2) are lawfully transmitted to the Central Unit;

(c) data are accurate and up-to-date when they are transmitted to the Central Unit;

(d) without prejudice to the responsibilities of the Commission, data in the central database are lawfully recorded, stored, corrected and erased;

(e) the results of fingerprint comparisons transmitted by the Central Unit are lawfully used.

2. In accordance with Article 13, the Member State of origin shall ensure the security of these data before and during transmission to the Central Unit as well as the security of the data it receives from the Central Unit.

3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6).

4. The Commission shall ensure that the Central Unit is operated in accordance with the provisions of this Regulation and its implementing rules. In particular, the Commission shall:

(a) adopt measures ensuring that persons working in the Central Unit use the data recorded in the central database only in accordance with the purpose of Eurodac as laid down in Article 1(1);

(b) ensure that persons working in the Central Unit comply with all requests from Member States made pursuant to this Regulation in relation to recording, comparison, correction and erasure of data for which they are responsible;

(c) take the necessary measures to ensure the security of the Central Unit in accordance with Article 13;

(d) ensure that only persons authorised to work in the Central Unit shall have access to data recorded in the central database, without prejudice to Article 19 and the powers of the independent supervisory body which will be established under Article 286 (2) of the Treaty.

The Commission shall inform the European Parliament and the Council of the measures it takes pursuant to the first subparagraph.

Article 13

Security

1. The Member State of origin shall take the necessary measures to:

(a) prevent any unauthorized person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac;

(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorized persons;

(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac, when and by whom;

(d) prevent the unauthorized recording of data in Eurodac and any unauthorized modification or erasure of data recorded in Eurodac;

(e) guarantee that, in using Eurodac, authorized persons have access only to data which are within their competence;

(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment;

(g) prevent the unauthorized reading, copying, modification or erasure of data during both the direct transmission of data to or from the central database and the transport of data media to or from the Central Unit.

2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the measures mentioned under paragraph 1.

Article 14

Access to and correction or erasure of data recorded in Eurodac

1. The Member State of origin shall have access to data which it has transmitted and which are recorded in the central database in accordance with the provisions of this Regulation.

No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5).

2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database shall be those designated by each Member State. Each Member State shall communicate to the Commission a list of those authorities.

3. Only the Member State of origin shall have the right to amend the data which it has transmitted to the Central Unit by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in pursuance of Article 6 or Article 10(1).

Where the Member State of origin records data directly in the central database, it may amend or erase the data directly.

Where the Member State of origin does not record data directly in the central database, the Central Unit shall alter or erase the data at the request of that Member State.

4. If a Member State or the Central Unit has evidence to suggest that data recorded in the central database are factually inaccurate, it shall advise the Member State of origin as soon as possible.

If a Member State has evidence to suggest that data were recorded in the central database contrary to this Regulation, it shall similarly advise the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase them without delay.

5. The Central Unit shall not transfer or make available to the authorities of any third country data recorded in the central database, unless it is specifically authorized to do so in the framework of a Community agreement on the criteria and mechanisms for determining the State responsible for examining an application for asylum.

Article 15

Keeping of records by the Central Unit

1. The Central Unit shall keep records of all data-processing operations within the Central Unit. These records shall show the purpose of access, the date and time, the data transmitted, the data used for interrogation and the name of both the unit putting in or retrieving the data and the persons responsible.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security pursuant to Article 13. The records must be protected by appropriate measures against unauthorised access and erased after a period of one year, if they are not required for monitoring procedures which have already begun.

Article 16

Liability

1. Any person who, or Member State which, has suffered damage as a result of an unlawful processing operation or any act incompatible with the provisions laid down in this Regulation shall be entitled to receive compensation from the Member State responsible for the damage suffered. That State shall be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the central database, that Member State shall be held liable for such damage, unless and in so far as the Commission has failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 17

Rights of the data subject

1. A person covered by this Regulation shall be informed by the Member State of origin of the following:

(a) the identity of the controller and of his representative, if any;

(b) the purpose for which the data will be processed within Eurodac;

(c) the recipients of the data;

(d) in relation to a person covered by Article 4 or Article 8, the obligation to have his/her fingerprints taken;

(e) the existence of the right of access to and the right to rectify data concerning him/her.

In relation to a person covered by Article 4 or Article 8, the information referred to in the first subparagraph shall be provided when his/her fingerprints are taken.

In relation to a person covered by Article 11, the information referred to in the first subparagraph shall be provided no later than the time when the data relating to the person are transmitted to the Central Unit. This obligation shall not apply when the provision of such information proves impossible or would involve a disproportionate effort.

2. In each Member State any data subject may, in accordance with the laws, regulations and procedures of that State, exercise the rights provided for in Article 12 of Directive 95/46/EC.

Without prejudice to the obligation to provide other information in accordance with point (a) of Article 12 of Directive 95/46/EC, the person shall have the right to obtain communication of the data relating to him/her recorded in the central database and of the Member State which transmitted them to the Central Unit. Such access to data may be granted only by a Member State.

3. In each Member State, any person may request that data which are factually inaccurate be corrected or that data recorded unlawfully be erased. The correction and erasure shall be carried out without excessive delay by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.

4. If the rights of correction and erasure are exercised in a Member State other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State, or States, in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database.

5. If it emerges that data recorded in the central database are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 14(3). That Member State shall confirm in writing to the data subject without excessive delay that it has taken action to correct or erase data relating to him/her.

6. If the Member State which transmitted the data does not agree that data recorded in the central database are factually inaccurate or have been recorded unlawfully, it shall explain in writing to the data subject without excessive delay why it is not prepared to correct or erase the data.

That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information about how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to permit the exercise of the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.

8. The competent authorities of the Member States shall cooperate actively to enforce promptly the rights laid down in paragraphs 3, 4 and 5.

9. In each Member State, the national supervisory authority shall assist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.

10. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the data subject is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both national supervisory authorities shall cooperate to this end. Requests for such assistance may be made to the national supervisory authority of the Member State in which the data subject is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up in Article 19.

11. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.

12. Any person may, in accordance with the laws, regulations and procedures of the Member State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the data subject, in accordance with paragraph 10, shall subsist throughout the proceedings.

Article 18

National supervisory authority

1. Each Member State shall provide that the national supervisory authority or authorities designated pursuant to Article 28(1) of Directive 95/46/EC shall monitor independently, in accordance with its national law, the lawfulness of the processing, in accordance with the provisions of this regulation, of personal data by the Member State in question, including their transmission to the Central Unit.

2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.

Article 19

Joint supervisory authority

1. An independent joint supervisory authority shall be set up, consisting of a maximum of two representatives from the supervisory authorities of each Member State. Each delegation shall have one vote.

2. The joint supervisory authority shall have the task of monitoring the activities of the Central Unit to ensure that the rights of data subjects are not violated by the processing or use of the data held by the Central Unit. In addition, it shall monitor the lawfulness of the transmission of personal data to the Member States by the Central Unit.

3. The joint supervisory authority shall be responsible for the examination of implementation problems in connection with the operation of Eurodac, for the examination of possible difficulties during checks by the national supervisory authorities and for drawing up recommendations for common solutions to existing problems.

4. In the performance of its duties, the joint supervisory authority shall, if necessary, be actively supported by the national supervisory authorities.

5. The joint supervisory authority shall have access to advice from persons with sufficient knowledge of fingerprint data.

6. The Commission shall assist the joint supervisory authority in the performance of its tasks. In particular, it shall supply information requested by the joint supervisory body, give it access to all documents and paper files as well as access to the data stored in the system and allow it access to all its premises, at all times.

7. The joint supervisory authority shall unanimously adopt its rules of procedure. It shall be assisted by a secretariat, the tasks of which shall be defined in the rules of procedure.

8. Reports drawn up by the joint supervisory authority shall be made public and shall be forwarded to the bodies to which the national supervisory authorities submit their reports, as well as to the European Parliament, the Council and the Commission for information. In addition, the joint supervisory authority may submit comments or proposals for improvement regarding its remit to the European Parliament, the Council and the Commission at any time.

9. In the performance of their duties, the members of the joint supervisory authority shall not receive instructions from any government or body.

10. The joint supervisory authority shall be consulted on that part of the draft operating budget of the Eurodac Central Unit which concerns it. Its opinion shall be annexed to the draft budget in question.

11. The joint supervisory authority shall be disbanded upon the establishment of the independent supervisory body referred to in Article 286(2) of the Treaty. The independent supervisory body shall replace the joint supervisory authority and shall exercise all the powers conferred on it by virtue of the act under which that body is established.

Chapter VI - Final provisions

Article 20

Costs

1. The costs incurred in connection with the establishment and operation of the Central Unit shall be borne by the budget of the European Communities.

2. The costs incurred by national units and the costs for their connection to the central database shall be borne by each Member State.

3. The costs of transmission of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.

Article 21

Committee

1. The Commission shall be assisted by a committee composed of representatives of the Member States and chaired by the representative of the Commission.

2. Where reference is made to this paragraph, the regulatory procedure laid down in Article 5 of Decision 1999/468/EC shall apply, in compliance with Article 7(3) thereof.

3. The period provided for in Article 5(6) of Decision 1999/468/EC shall be three months.

4. Where reference is made to this paragraph, the advisory procedure laid down in Article 3 of Decision 1999/468/EC shall apply, in compliance with Article 7(3) thereof

Article 22

Annual Report: Monitoring and evaluation

1. The Commission shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit. The annual report shall include information on the management and performance of the system against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. The Commission shall ensure that systems are in place to monitor the functioning of the Central Unit against objectives, in terms of outputs, cost-effectiveness and quality of service.

3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively, and with a view to providing guidelines for improving the efficiency of future operations.

4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.

5. Three years after Eurodac starts operations and every six years thereafter, the Commission shall produce an overall evaluation of Eurodac, examining results achieved against objectives and assessing the continuing validity of the underlying rationale and any implications for future operations.

Article 23

Penalties

Member States shall lay down the rules on penalties applicable to the use of data recorded in the central database contrary to the purpose of Eurodac as laid down in Article 1 and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive. Member States shall notify those provisions to the Commission by [...] at the latest and shall notify it without delay of any subsequent amendment affecting them.

Article 24

Territorial scope

The provisions of this Regulation shall not be applicable to any territory to which the Dublin Convention does not apply.

Article 25

Entry into force and applicability

1. This Regulation shall enter into force on the day of its publication in the Official Journal of the European Communities.

2. This Regulation shall apply, and Eurodac shall start operations, from the date which the Commission shall publish in the Official Journal of the European Communities, when the following conditions are met:

(a) each Member State has notified the Commission that it has made the necessary technical arrangements to transmit data to the Central Unit in accordance with the implementing measures adopted under Article 4(7); and

(b) the Commission has made the necessary technical arrangements for the Central Unit to begin operations in accordance with the implementing measures adopted under Article 4(7).

This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaty establishing the European Community.

Done at Brussels,

For the Council

The President

FINANCIAL STATEMENT

1. TITLE OF OPERATION

Council Regulation (EC) No [ / ] of [ ] concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum and certain other aliens

2. BUDGET HEADING INVOLVED

B5-801: Eurodac

3. LEGAL BASIS

Article 63(1)(a) EC

4. DESCRIPTION OF OPERATION

4.1. General objective

The objective of Eurodac is to assist in determining the Member State which is responsible pursuant to the Dublin Convention of 15 June 1990 for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal.

These measures are meant to avoid any situations arising which will result in applicants for asylum being left in doubt too long as to the likely outcome of their application, to provide all applicants for asylum with a guarantee that their applications will be examined by one of the Member States and to ensure that applicants for asylum are not referred successively from one Member State to another without any of these states aknowledging itself to be competent to examine the application for asylum.

Moreover, it is intended to further facilitate the application of the Dublin Convention by providing for the collection of data relating to persons apprehended in connection with the irregular crossing of an external border. In addition, a facility is provided to make checks in certain circumstances to determine whether a person found illegaly present within a Member State had previously claimed asylum in another Member State.

The Regulation provides therefore for the fingerprints of three different groups of people to be transmitted or communicated to the Central Unit and processed within the central database: applicants for asylum; persons apprehended in connection with the irregular crossing of an external border and persons found illegaly present within the territory of a Member State. Differing provisions are foreseen for the processing of the data related to each of these categories.

4.2. Period covered

Indefinite

5. CLASSIFICATION OF EXPENDITURE

5.1 Compulsory/Non-compulsory expenditure

Non-compulsory

5.2 Differentiated/Non-differentiated appropriations

Differentiated

5.3 Type of revenue involved

Not applicable

6. TYPE OF EXPENDITURE

100%

7. FINANCIAL IMPACT

7.1 Method of calculating total cost of the operation

Capital investment for the central system (2000): EURO 8.5 million

A precise calculation of unit cost per activity or investment item is made extremely difficult by the innovative nature of this initiative and the constantly shifting technological and commercial developments affecting it.

A number of options are however available. These are based on studies carried out in 1997/98 by Bossard Consultants, because neither the Commission nor the Member States were in a position to provide all technical and cost estimates needed. The study was discussed with national AFIS (automated finger print recognition system) experts and was approved by the Member States through the Council.

The approach of the Bossard study is to provide a range of technical options which vary according to the operating and search criteria that will be imposed on the system, its size, techniques used, etc.

The three main options are differentiated in terms of transmission techniques of data between the central unit and the Member States.

These are:

- Option 1: 100% of fingerprints transmitted electronically ; four workstations, eight staff ;

- Option 2: 75% of fingerprints transmitted electronically with mail being used for the remaining 25% ; seven workstations ; ten staff ;

- Option 3: 25% of fingerprints transmitted electronically with mail being used for the remaining 75% ; 11 workstations; 17 staff.

Criteria used for this estimate

- In terms of hardware and communication methods, the Commission opts for the system whereby all fingerprints are transmitted electronically between workstations, i.e. nothing is sent by post except as a back-up measure ("option 1" ). The Commission's current costings do not include provisions for using paper forms in an emergency. This will need to be reviewed with the Member States in due course. Other options would require more staff and involve varying levels of sending data by fax or post. This is not considered acceptable on grounds of either security or efficiency. The option selected also involves the use of a more limited number of workstations (five as opposed to six or ten respectively, under other options). Option 1, in other words, is the most cost-effective.

- The population base has been taken as 900 000, including asylum seekers and persons apprehended in connection with the irregular crossing of an external border, as well as persons found illegally present within the territory of a Member State. The latter two categories are estimated at 500 000, but current figures are unreliable and should be viewed with caution in the absence of further work on this point. They will only be covered by the system in so far as they need to be matched against asylum seekers.

- The cost of initial capital investment varies according to other criteria, such as whether classification is used. This is a technical procedure which may be too complex for the first generation of Eurodac system and has therefore not been included in the Commission's estimate.

- The use of gender as a search criteria has been included (see Article 5).

- All estimates are based on searches and comparisons taking place on the basis of two fingerprints. This reduces comparison costs even if a higher number of fingers might yield more accurate results.

The original estimate for capital investment given by the consultant chosen by the Member States under the option 1 was EURO 5.2 million for a system using gender as a search criteria, based on two-finger searches and not using classification. Precise figures for the other two options are not provided by the study. A range is given however, from EURO 5.4 million to EURO 9.1 million, based on manufacturers' quoted prices.

It should be noted that the estimates given by the study relate to a system designed to perform a more limited role than the objectives that have since emerged.

Costs arising from the increased population to be covered by the system as a consequence of its extension to certain categories of alien were not taken into account. This increase in population has a direct effect on the number of print entries or cards stored, raising it from EURO 1.6 million to EURO 2.6 million over the first two years. This will require not only increased storage capacity but will have a knock-on effect on all other capacities required from the system, and therefore on costs.

Moreover, provision has to be made for problems of technical compatibility between national systems which will arise. This issue is being addressed but precise cost implications will not become clear until technical specifications have been worked out by an independent consultant (through public tendering) in 1999.

7.2 Itemised breakdown of costs

The Commission's estimate is based on the report of a consultant chosen by the Member States. It is clear that this report requires updating and will be more sharply focused by a further study of a similar nature to be completed in 1999. The results of this study should provide the Commission with precise technical and cost specifications.

It is equally clear that the implementation of the proposed Council Regulation will in itself be a process that will bring more clarification regarding costs and optimal or realistic technical solutions.

The additional cost factors outlined above were and not included in the original study and were therefore not taken into account for Bossard's estimate of EURO 5.2 million given as a minimum option. Until the results of the new study are available these additional cost factors cannot be quantified with a high degree of precision. It is nonetheless obvious that additional resources will be required for building the Central Unit.

The Commission's current proposal of EURO 8.5 million is therefore an estimated projection based on:

- A significant increase in the target population and the increased capacity this requires;

- the cost of making the central system compatible with all national systems (integration costs);

- greater emphasis on staff training to handle the particular problems of operating in a multi-national and in a politically sensitive environment;

- a comparison made with the EURO 2 million acquisition cost of an existing national AFIS system with a capacity of less than 25% of that required from Eurodac and without the integrator or safety features required for Eurodac.

A breakdown of the Commission's estimate is given below:

EURO million

Breakdown // 2000

Construction of the central unit // 7.250

Security installation (5% of acquisition value) // 0.350

Systems maintenance (5% of acquisition value) // 0.350

Other overheads (7% of acquisition value) // 0.500

In-service training // 0.050

Unforeseen (7% of running cost) // -

TOTAL // 8.500

Central system running costs (from 2001): EURO 0.800 million/year

The Commission is proceeding on the basis that the system should be operational by 2001. The expenditure estimated for capital cost will therefore be charged in its entirety to the 2000 budget. Once the system is operational, administrative costs will be a significant part of expenditure (see item 10) since, in view of the sensitive nature of the work, all staff will have to be Commission officials. The Eurodac system will be operated within and under the direct authority of the Commission, and will be located on its premises. The system will be operational round the clock, 365 days/year. The number of permanent posts required specifically (and exclusively) for Eurodac reflects this: eight persons to man five workstations on a continuous basis.

Annual running costs from 2001 are estimated at EURO 0.800 million/year.

EURO million

Annual running costs // 2001

Systems maintenance (10% of acquisition value) // 0.710

In-service training // 0.040

Unforeseen (7% of running cost) // 0.050

TOTAL // 0.800

8. FRAUD PREVENTION MEASURES

Internal Commission procurement procedures, which ensure compliance with Community legislation on public procurement, will be strictly applied. The Member States will be kept fully briefed of the public tender procedure and will be able to comment on the final draft.

9. ELEMENTS OF COST-EFFECTIVENESS ANALYSIS

9.1. Target population

The measure targets asylum seekers (which are estimated at 350 000 - 400 000 per year for the European Union), persons apprehended in connection with the irregular crossing of external borders and persons found illegally present within the territory of a Member State. The latter two categories are estimated at up to 500 000/year in the European Union).

9.2. Justification of the action

The objectives of the measure are to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal. These objectives are consistent with the objective under Title IV of the Treaty establishing the European Community of establishing an area of freedom, security and justice. To establish such an area, the Community is to adopt measures aimed at ensuring the free movement of persons, in conjunction with directly related flanking measures inter alia on asylum under Article 63(1)(a) of the Treaty. Article 63(1)(a) of the Treaty requires the Community to adopt measures on criteria and mechanisms for determining which Member State is responsible for considering an application for asylum submitted by a national of a third country in one of the Member States.

9.3. Monitoring and evaluation of the operation

The Regulation contains detailed provisions on data use, data protection, responsibility and security to ensure that stringent standards of protection in accordance inter alia with Directive 95/46/EC and Article 286 of the Treaty are applied. These provisions cover in particular responsibility for data use, security arrangements and liability for damages costs in the context of Eurodac.

The operations following from the Regulation and concerning the Central Unit will be under the direct control of statutory Commission staff. Compliance with the data protection requirements will be supervised by an independent supervising body.

The Commission will carry out regular evaluation and monitoring of the functioning and performance of the Central Unit to ensure that it corresponds to the objectives and requirement set by the Regulation and to the specifications set out in Articles 3(3) and 4(7) of the Implementing Rules.

Such evaluation will seek to provide quantitative and qualitative information serving as a basis for possible further development. At the end of each financial year, the Commission will report to the European Parliament and to the Council on the outcome of this evaluation and, if necessary, propose re-orientations or adaptations of the functioning of the system.

10. ADMINISTRATIVE EXPENDITURE (section iii of the general budget)

The administrative ressources required will be mobilised via the annual Commission decision allocating resources, having regard among other things to the additional staff and financial ressources granted by the budgetary authority.

10.1 Impact on number of posts

>TABLE POSITION>

10.2 Overall financial impact of additional human resources

>TABLE POSITION>

10.3 Increase in other administrative expenditure resulting from operation

(EURO million)

>TABLE POSITION>