51999PC0260

Proposal for a COUNCIL REGULATION (EC) concerning the establishment of "Eurodac" for the comparison of the fingerprints of applicants for asylum and certain other aliens

EXPLANATORY MEMORANDUM

CONTENTS

1. GENERAL

1.1. Context

1.2. Negotiations for a Convention and Protocol

2. PROPOSAL FOR COUNCIL REGULATION

2.1 Subject-matter

2.2 Legal basis

3. JUSTIFICATION FOR PROPOSAL IN TERMS OF PROPORTIONALITY AND SUBSIDIARITY PRINCIPLE

4. INDIVIDUAL PROVISIONS

4.1 General objective

4.2 Continuity

4.3 Adaptation

4.4 Concordance table

4.5 Individual Articles

1. GENERAL

1.1 Context

Under Article 2 of the Treaty on European Union, the Member States set themselves the objective of maintaining and developing the Union as an area of freedom, security and justice, in which the free movement of persons is assured in conjunction with appropriate measures with respect to external border controls, asylum, immigration and the prevention and combating of crime.

One way in which the Union is to achieve this aim is through the adoption, within five years after the entry into force of the Treaty of Amsterdam, of measures on asylum, in accordance with the Geneva Convention of 28 July 1951 and other relevant treaties (Article 63(1)). Under Article 61, the Council is also to adopt any necessary directly related flanking measures with respect to, inter alia, asylum. Article 61 refers explicitly to the adoption of flanking measures under Article 63(1)(a), which provides for the adoption of measures on criteria and mechanisms for determining which Member State is responsible for considering an application for asylum submitted by a national of a third country in one of the Member States.

The Dublin Convention of 15 June 1990, to which all Member States are party, provides a mechanism for determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities. The Member States considered that it would, however, be problematic to implement the Convention solely on the basis of the evidence provided by identity cards and passports, since these can easily be disposed of or destroyed. In December 1991, Ministers responsible for immigration meeting in the Hague therefore agreed that a feasibility study for a Community wide fingerprint system for asylum applicants should be undertaken. Work has been ongoing since then to develop a system for the computerized comparison of fingerprints in order to facilitate the application of the relevant rules for determining which Member State is responsible for considering an application for asylum.

1.2 Negotiations for a Convention and Protocol

In March 1996, Member States began negotiations on a Convention to establish a definitive identification system based on the comparison of the fingerprints of asylum seekers. The Eurodac system would function through the collection of fingerprint data by Member States and its transmission to a Central Unit, which would compare individual sets of fingerprints against the data retained in the system at the request of a Member State. The text of a draft Convention under Title VI of the Treaty on European Union was prepared and consensus was reached within the Council (Justice and Home Affairs) in December 1998 to "freeze" the text pending the entry into force of the Treaty of Amsterdam.

In addition, Member States also prepared a draft Protocol, which was intended to further facilitate the application of the Dublin Convention by providing for the collection of fingerprint data relating to persons apprehended in connection with the irregular crossing of an external border. This data would be available for the purposes of comparison with the fingerprints of people who subsequently claimed asylum in one of the Member States. In addition, the Protocol provided a facility to make checks with Eurodac in certain circumstances to determine whether a person found illegally present within a Member State had previously claimed asylum in another Member State. Again, the Council (Justice and Home Affairs) noted consensus on the draft Protocol and agreed, in March 1999, to "freeze" this text also.

The subject matter covered by the frozen texts now falls within the scope of Article 63(1)(a) of the Treaty establishing the European Community. The present draft Eurodac Regulation fulfils the remit given to the Commission by the Council (Justice and Home Affairs) in December 1998 and March 1999 to bring forward after the entry into force of the Treaty of Amsterdam a proposal for a Community instrument incorporating the frozen texts.

2. PROPOSAL FOR COUNCIL REGULATION

Since the acts drawing up the draft Eurodac Convention and draft Eurodac Protocol were not formally adopted and the Convention and Protocol were not signed, their provisions are clearly not applicable. The Council (Justice and Home Affairs) decided at its meetings on 3-4 December 1998 and 12 March 1999 to "freeze" the texts of the Convention and the Protocol, and invited the Commission to put forward a proposal for a Community legal instrument after the entry into force of the Treaty of Amsterdam.

2.1 Subject-matter

This proposal for a Regulation is the first proposal of the Commission in the field of asylum under Title IV of the Treaty establishing the European Community. Its purpose is to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal. The Commission has incorporated the substance of the draft Convention and draft Protocol in its proposal for a Regulation, subject to the adaptation set out in section 4.3 of this explanatory memorandum.

The proposal has been made in order to facilitate the ongoing work of the institutions following the entry into force of the Treaty of Amsterdam. The subject matter should be viewed in the context of the broader work programme set out in new Title IV of the Treaty establishing the European Community, and in particular in Article 63 paragraphs (1) and (2) (1).

(1) A full account of this work programme is contained in section B of the Commission Working Document "Towards common standards on asylum procedures", Brussels, 3.3.1999, SEC(1999) 271 final.

2.2 Legal basis

The subject matter covered by the frozen draft Convention and Protocol is now within the ambit of Article 63(1)(a) of the Treaty. Article 61(a) of the Treaty specifies the need for flanking measures inter alia on asylum in accordance with Article 63(1)(a).

The form chosen for the instrument - a Regulation - is warranted in view of the need to apply strictly defined and harmonised rules in relation to the storage, comparison and erasure of fingerprints, for otherwise the system would not work. These rules constitute a set of precise, unconditional provisions that are directly and uniformly applicable in a mandatory way and, by their very nature, require no action by the Member States to transpose them into national law.

The instrument falls to be adopted by the procedure of Article 67 of the Treaty, which provides that, during a transitional period of five years, the Council is to act unanimously on a proposal from the Commission or on the initiative of a Member State and after consulting the European Parliament.

The new Title IV of the EC Treaty, which applies to the matters covered by this proposal for a Regulation, is not applicable to the United Kingdom and Ireland, unless they "opt in" in the manner provided by the Protocol on the position of the United Kingdom and Ireland which is annexed to the Treaties. At the Council meeting (Justice and Home Affairs) on 12 March 1999, these two Member States announced their intention of being fully associated with Community activities in the field of asylum. It will be for them to embark on the appropriate procedure under the Protocol in due course.

Title IV of the EC Treaty is likewise not applicable to Denmark, by virtue of the Protocol on the position of Denmark which is annexed to the Treaties. Denmark has so far given no notice of an intention to embark on a procedure to participate in the Eurodac system.

The current proposal for a Regulation has been drafted on the basis of the current situation. If the position were to change in relation to one or more of the Member States mentioned above, the requisite adjustments will have to be made.

The Commission is ready, if necessary, to come forward with additional recitals and operative provisions in order to motivate fully the territorial scope of the Regulation.

The Commission notes that according to the terms of Article 7 of the agreement concluded by the Council of the European Union and the Republic of Iceland and the Kingdom of Norway concerning the latters' association to the implementation, application and development of the Schengen acquis (2), it will be necessary to conclude an appropriate arrangement on criteria and mechanisms for establishing the State responsible for considering an application for asylum lodged in one of the Member States of the European Union or in Iceland or Norway, and such an agreement will entail an extension of the Eurodac system to these two States.

(2) Signed on 18 May 1999, but not yet published in the Official Journal of the European Communities.

3. JUSTIFICATION FOR PROPOSAL IN TERMS OF PROPORTIONALITY AND SUBSIDIARITY PRINCIPLE

What are the objectives of the proposal in relation to the obligations imposed on the Community?

The objectives of the measure are to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal. These objectives are consistent with the objective under Title IV of the Treaty establishing the European Community of establishing an area of freedom, security and justice. To establish such an area, the Community is to adopt measures aimed at ensuring the free movement of persons, in conjunction with directly related flanking measures inter alia on asylum under Article 63(1)(a) of the Treaty. Article 63(1)(a) of the Treaty requires the Community to adopt measures on criteria and mechanisms for determining which Member State is responsible for considering an application for asylum submitted by a national of a third country in one of the Member States.

Does the measure satisfy the criteria of subsidiarity?

Its objectives can not be attained by the Member States acting alone and must therefore, by reason of the cross-border impact, be obtained at Community level.

Does the measure satisfy the criteria of proportionality?

The proposed instrument is confined to the minimum needed for the attainment of these objectives and does not exceed what is necessary for that purpose.

The measures proposed in the Regulation are consistent with the aim of facilitating the application of the Dublin Convention in the light of the fact that many applicants for asylum in the European Union are not properly documented, and there is a lack of evidence about their identity, which makes it difficult to establish whether they have previously lodged an application for asylum or how they entered the Union.

Articles 8-10 of the Regulation provide for the comparison of fingerprint data of persons apprehended in connection with the irregular crossing of the external frontier with fingerprint data relating to persons subsequently claiming asylum in one of the Member States. The detection of a match, indicating that an asylum applicant has previously crossed the external border irregularly, facilitates the application of Article 6 of the Dublin Convention, which establishes broadly that the Member State which a person first entered irregularly from a third country is reponsible for considering any subsequent application for asylum.

Article 11 allows a Member State to compare fingerprint data taken from a person found illegally present on its territory against data relating to asylum applicants in order to check whether the person concerned has previously claimed asylum in another Member State. The existence of a match allows the application of Articles 10(1)(c) and 10(1)(e) of the Dublin Convention, which provide for the return of such persons to the Member State in which the asylum claim is being or has been examined.

4. INDIVIDUAL PROVISIONS

4.1 General objective

The objective of Eurodac is to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal. To this end, it provides for the establishment of a Central Unit within the Commission which will be equipped with a computerized central database for comparing the fingerprints of asylum applicants and certain other persons.

The draft regulation provides for the fingerprints of three different groups of people to be transmitted or communicated to the Central Unit and processed within the Central database:

(a) Applicants for asylum (Articles 4 - 7). The Regulation creates an obligation to take the fingerprints of applicants for asylum and transmit them to the Eurodac Central Unit. This data will immediately be compared with fingerprint data on asylum applicants and on people covered by paragraph (b) below which is already stored in the Central Unit. Matches will be transmitted to the Member State of origin for final verification, and the Member States concerned will then use the evidence provided to apply the procedures of the Dublin Convention. Data will normally be stored for ten years, but will be erased in advance if the applicant for asylum obtains citizenship of the Union. (In addition, Article 12 provides that if the person concerned obtains refugee status, their data will be blocked in the central database and statistics will be compiled.)

(b) Persons apprehended in connection with the irregular crossing of an external border (Articles 8 - 10). The Regulation creates an obligation to take the fingerprints of persons apprehended in connection with the irregular crossing of the external border of the European Union and transmit them to the Central Unit. This data is stored in the Central Unit for a maximum of two years. Fingerprint data on asylum applicants which is subsequently transmitted to the Central Unit under paragraph (a) above is also compared against this data. The detection of a match, indicating that an asylum applicant had previously crossed the external border of the Union irregularly and entered a specified Member State, facilitates the application of Article 6 of the Dublin Convention. The data is erased before the expiry of the two year period if the person in question is granted a residence permit, leaves the territory of the Union, or becomes a citizen of the Union.

(c) Persons found illegally present within the territory of a Member State (Article 11). The Regulation allows a Member State, if it has fingerprinted a person found illegally present on its territory, to transmit this data to Eurodac in certain circumstances in order to check whether the person concerned has previously claimed asylum in another Member State. In the event that Eurodac identifies a match, the data is transmitted back to the Member State of origin for final checking. The existence of a match can facilitate the application of Articles 10(1)(c) and 10(1)(e) of the Dublin Convention. Data relating to persons found illegally present in a Member State is destroyed as soon as the comparison within Eurodac has been carried out.

The Regulation contains detailed provisions (Articles 13 - 20) on data use, data protection, responsibility and security to ensure that stringent standards of protection in accordance inter alia with Directive 95/46/EC and Article 286 of the Treaty are applied.

4.2 Continuity

The Commission has incorporated the substance of the frozen draft Convention and draft Protocol to ensure continuity in the results of the negotiations, but has omitted such provisions as would be incompatible with the nature of the proposed legal instrument and the framework for cooperation in the field of asylum established by Title IV of the Treaty establishing the European Community as amended by the Treaty of Amsterdam.

4.3 Adaptation

The obvious differences between a Third Pillar Convention and Protocol on the one hand and a Community Regulation on the other warrants departures from the frozen draft Convention and Protocol texts in a number of respects:

- Jurisdiction of the Court of Justice: unlike Article 17 of the Convention, the Regulation does not need to confer jurisdiction on the Court of Justice, given the provisions of Article 68 and other normally applicable provisions of the Treaty;

- Implementing provisions: Article 18 of the draft Convention foresees supervision of implementation and application by the Council, and the adoption of implementing measures by the Council. The first aspect will automatically fall to the Commission under Articles 211 and 226 of the Treaty. As far as the second aspect is concerned, the Regulation confers on the Commission powers of implementation to adopt provisions to give effect to it, with the assistance of a regulatory committee (Procedure III(a) of the "comitology" decision), in accordance with Articles 202 and 211 of the Treaty.

- Formal provisions: Articles 19 (reservations), 22 (accession) and 23 (depositary) of the frozen draft Convention, and the corresponding provisions in the frozen draft Protocol (Articles 9, 11 and 12) would be out of place in a Community instrument.

- Entry into force and applicability: in relation to entry into force (Article 20 of the frozen draft Convention and Article 10 of the frozen draft Protocol), Article 249 and 254 of the Treaty are applicable to the entry into force of the Regulation. In addition Article 26 of the Regulation contains a new provision, which takes account of the fact that there will no longer be a ratification period during which Member States and the Commission will be able to make the necessary technical arrangements by introducing a two stage approach to entry into force and applicability.

- Territorial scope: Article 21 of the frozen draft Convention makes provision in relation to the United Kingdom, but no corresponding provision appears in the Regulation. As explained in section 2.2 above, the proposal has been drafted on the basis of the current legal situation under new Title IV of the EC Treaty and the Protocol on the position of the United Kingdom and Ireland which is annexed to the Treaties. If the United Kingdom applies the procedure of Article 3 of the Protocol, appropriate adjustments will have to be made in the text of the Regulation. It is, however, necessary to make provision in the Regulation (see Article 25) to ensure that the territorial scope of the Eurodac Regulation is aligned with the territorial scope of the Dublin Convention which it is implementing. The normal scope of application in accordance with Article 299 of the Treaty has therefore been limited.

- Monitoring and evaluation: a new Article has been included in the Regulation (Article 23) on monitoring and evaluation in the context of Sound and Efficient Management 2000, underpinned by Article 2 of the Financial Regulation ((EEC) No 1231/77).

- Integration into a single legal instrument: the technique of negotiating a draft Convention and a draft Protocol in parallel was unorthodox, even under the previous Title VI of the Treaty on European Union. For reasons of legislative orthodoxy, the Commission has integrated the frozen draft Convention and Protocol texts into a single legal instrument. This entails the suppression of Articles 2 and 8 of the Protocol, and numerous consequential changes throughout the text of the Regulation.

- Alignment with the data protection regime established under the Treaty establishing the European Community: Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data applies to the processing of personal data in the course of activities which fall within the scope of Community law. Since the Eurodac system is set up on the basis of Title IV of the Treaty (Visas, asylum, immigration and other policies related to free movement of persons), the processing of personal data carried out by the Member States within the context of the Eurodac system is subject to the principles laid down by Directive 95/46/EC. In addition, the national data protection supervisory authorities established under the Directive are responsible for monitoring the processing of personal data by the Member States in the framework of Eurodac. By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to the processing of personal data by the Central Unit, since the Central Unit will be established within the Commission. The Central Unit will be subject to the Regulation which the Commission will propose under Article 286 of the Treaty, and to supervision by the independent supervisory body referred to in Article 286. Articles 13 to 20 of this Regulation clarify and specify some of the principles laid down in Directive 95/46/EC in relation to the specific situation of Eurodac. Amendments have been made to the frozen Convention text to ensure that the Regulation is consistent with the requirements laid down in Directive 95/46/EC. Article 6 of the frozen Protocol text, which restricted the right of access of persons apprehended in connection with the irregular crossing of an external border, has not been incorporated in the Regulation, since it is incompatible with Directive 95/46/EC.

4.4 Concordance table

>TABLE>

4.5 Individual Articles

CHAPTER I - GENERAL PROVISIONS

Article 1 - Purpose of "Eurodac"

This Article sets out the nature and purpose of the Eurodac system. Paragraph 1 establishes a direct and exclusive link with the Convention determining the State responsible for examining an application for asylum lodged in one of the Member States of the European Communities (the "Dublin Convention").

Paragraph 2 provides that Eurodac consists of the Central Unit, a computerised central database for recording and storing fingerprints, and the means of transmission between the Member States and the central database. This paragraph also specifies that Eurodac's rules shall apply to operations carried out in the Member State from the point when data is transmitted to the Central Unit until the point where use is made of the results of the comparison.

Paragraph 3 provides that processing of fingerprints and other data in Eurodac may only be for the purposes set out in Article 15(1) of the Dublin Convention. These purposes are: determining the Member State which is responsible for examining the application for asylum; examining the application for asylum; and implementing any obligation arising under the Dublin Convention. Under paragraph 3, the fingerprints which a Member State takes and communicates to the Eurodac central unit may also be used in databases set up under that Member State's national law for another purpose.

Article 2 - Definitions

This Article defines terms used in the Regulation. In general, terms defined in Article 1 of the Dublin Convention have the same meaning in the Eurodac Regulation (paragraph 2). The definition of "applicant for asylum" for the purpose of Eurodac does, however, specify that it covers persons on whose behalf an asylum application has been made. This is designed in particular to cover minors aged between 14 and 18, on whose behalf an application may be lodged by a guardian or legal representative.

The definition of "personal data" is slightly different from the one in the Convention text which was frozen by the Council. In addition, a definition of "processing of personal data" has been added. These changes are designed to bring the text fully in line with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

The definition of "transmission of data" covers both the communication of data to the Central Unit for recording in the central database and the communication of the results of the comparison back to the relevant Member State. The second indent of the definition is designed to cover situations where the available technology permits a Member State to record data directly in the central database.

The definition of "Member State of origin" is slightly different for asylum applicants and persons found illegally present within the territory of a Member State on the one hand and for persons apprehended in connection with the irregular crossing of an external border on the other hand. The difference simply reflects the fact that for the latter category there is no immediate comparison, so there are no results to communicate to the Member State in question. Point (f) effectively incorporates Article 4, paragraph 2, of the frozen Eurodac Protocol text.

Article 3 - Central Unit

Article 3 deals with arrangements for the Central Unit. It provides that this will be located within the Commission. The Article provides in effect that the Member States are controllers of the data which they communicate to the Central Unit, and the Commission is the processor. The computerised fingerprint recognition system which will compare the fingerprints will be located in the Central Unit.

Paragraph 3 provides for the adoption of implementing rules relating to the compilation of statistical data by the Central Unit. Such statistical data will clearly be valuable since it would otherwise be impossible to evaluate the effectiveness of the Eurodac system. There is no corresponding provision in the frozen Convention text, but it is essential that the performance and utility of Eurodac can be properly monitored. The Council has of its own initiative prepared draft implementing rules on this point.

CHAPTER II - APPLICANTS FOR ASYLUM

Article 4 - Collection, transmission and comparison of fingerprints

This Article deals with the procedure for taking, transmitting, storing and comparing the fingerprints of asylum applicants.

Paragraph 1 creates an obligation for each Member State to fingerprint every asylum applicant aged at least 14 years of age. The procedure for taking the fingerprints is, however, left to the national practice of the Member State concerned (although the Member States do of course have obligations under the European Convention for the Protection of Human Rights and Fundamental Freedoms, with which they will have to comply). The fingerprint data must be transmitted to the Central Unit together with other data specified in Article 5. A reference in the corresponding article of the frozen Convention text to informing the applicant of the reasons why his fingerprints have been taken has been removed. The issue of providing information to the applicant is dealt with fully in Article 18(1) of the Regulation, and in addition Article 10 of Directive 95/46/EC is applicable in the context of the Regulation.

Paragraph 2 provides for the immediate recording in the central database of the data transmitted to it under paragraph 1.

Paragraph 3 provides that each new set of fingerprints of an asylum applicant which is received by the Central Unit must be compared against the fingerprint data on asylum applicants which has been supplied by other Member States and already been stored in the central database. This procedure is designed to ensure that all multiple asylum applications within the territory of the Member States can be detected.

Paragraph 4 allows a Member State to request that the fingerprints of asylum applicants which it transmits to the Central Unit are also compared with the fingerprint data on asylum applicants which it has itself previously transmitted to the Central Unit. This facility means that a Member State would not necessarily need to have a separate system for comparing the fingerprints of asylum applicants at the national level.

Paragraphs 5 and 6 set out the procedure in relation to the results of the comparison. If the Central Unit does not detect a match, it simply communicates this result to the Member State of origin. If the Central Unit does detect an apparent match, it must communicate this fact together with the data listed in Article 5(1) relating to the matching fingerprints to the Member State of origin. The Member State of origin nevertheless remains responsible for checking the comparison. That Member State and the other Member States concerned must then apply the procedures set out in the Dublin Convention in order to determine which state is responsible for considering the asylum application and whether the asylum applicant can be transferred. Paragraph 6 also provides that if checking and verification at the national level shows that the apparent match detected by the Central Unit is not in fact a genuine match or that the data is otherwise unreliable, the Member State of origin shall erase the data as soon as this is established.

Paragraph 7 provides for the adoption of implementing rules setting out the detailed procedures necessary for the application of this Article. The frozen Convention text envisaged that the Council would adopt implementing measures, and that this would be done by two-thirds majority. This has been amended in the light of the communitarisation of asylum policy. The paragraph now envisages delegation of this implementing power to the Commission in accordance with Article 202 of the Treaty establishing the European Community. The comitology procedure selected and set out in Article 22 of this Regulation is Procedure III(a) in Council Decision 87/373/EEC of 13 July 1987 laying down the procedures for the exercise of implementing powers conferred on the Commission.

Article 5 - Recording of data

Article 5 relates to the recording of data. Paragraph 1 provides an exhaustive list of the data which must be recorded in the central database. Paragraph 2 provides, in the interests of data protection and security, for the destruction of the media used for transmitting fingerprint data to the Central Unit unless the Member State of origin has requested their return.

Article 6 - Data storage

This Article sets out a maximum period for which data on asylum applicants may be stored in Eurodac. This is set at 10 years from the date on which the fingerprints were taken, after which the Central Unit is required to erase the data automatically from the central database.

In this Article, the frozen Convention text has been amended very slightly. The Convention text referred to a storage period of 10 years from the date on which fingerprints were last taken, implying that fingerprints could be stored for longer than 10 years if the individual to whom they related subsequently had their fingerprints recorded in the Eurodac central database a second time. In the current proposal, the word "last" has been deleted, to ensure that there are no circumstances where fingerprint data could be kept for longer than 10 years.

The Commission's text reflects the fact that in negotiations on the draft Convention the Council agreed on a storage period of 10 years. Article 6(1)(e) of Directive 95/46/EC of the European Parliament and the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data establishes the principle that data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. A similar principle is contained in the Council of Europe Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (Strasbourg, 1981). The Commission strongly recommends that the Council should examine again whether it is necessary to conserve data relating to asylum applicants for a 10-year period except in the one case where provision is made for advance data erasure by Article 7.

Article 7 - Advance data erasure

Makes provision for data relating to asylum applicants to be erased from the central database before the expiry of the 10 year storage period set out in Article 6 in cases where the person concerned acquires citizenship of the Union. This provision for advance data erasure also applies, by virtue of a reference in Article 10 of the draft regulation, to fingerprint data relating to persons apprehended in connection with the irregular crossing of an external border. The Dublin Convention is not applicable to citizens of the Union, so there can be no possible justification for storing fingerprint data on such persons within Eurodac.

The comments made by the Commission under Article 6 above - in relation to data erasure in accordance with principle that data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed - are equally applicable in relation to this Article. In particular, the Commission considers that the Council should seriously consider whether it is now able to agree on the immediate erasure of data relating to a person who is recognised as a refugee and admitted in a Member State, in which case Article 12 below could be deleted. The Commission also recommends that the Council consider whether there are circumstances in which data relating to an asylum applicant who is no longer present on the territory of the Member States should be erased in advance. It would also be appropriate to consider provision for advance data erasure in relation to asylum applicants who become long-term residents in a Member State.

CHAPTER III - ALIENS APPREHENDED IN CONNECTION WITH THE IRREGULAR CROSSING OF AN EXTERNAL BORDER

Article 8 - Collection and communication of fingerprint data

Paragraph 1 creates an obligation for each Member State to take the fingerprints of any third country national or stateless person aged fourteen years or over who is apprehended in connection with the irregular crossing of the border of that Member State with a third country. Paragraph 2 requires the Member State concerned to communicate to the Central Unit the fingerprints together with data on the Member State of origin, the gender of the person concerned, the applicable reference number, the date on which the fingerprints were taken and the date on which the fingerprints were transmitted to the Central Unit.

This Article corresponds to Article 3 of the frozen draft Eurodac Protocol text, although the general reference in paragraph 2 of the draft Protocol text to "other relevant data" has been replaced with a specific reference cataloguing the relevant data. Articles 8 - 10 of the Regulation are designed to facilitate the implementation of Article 6 of the Dublin Convention, which provides that "when it can be proved that an applicant for asylum has irregularly crossed the border into a Member State by land, sea or air, having come from a non-member State of the European Communities, the Member State thus entered shall be responsible for examining the application for asylum". The purpose of Articles 8 - 10 of the Regulation is to build up a record of people apprehended in connection with the irregular crossing of the external border against which the fingerprints of people who subsequently claim asylum in the European Union can be checked.

In addition to freezing the text of the draft Protocol, the Council also agreed on the following draft statement for the Council minutes:

"The Member States declare that the obligation to take fingerprints of aliens apprehended "in connection with the irregular crossing of an external border" is not limited to the situation where an alien is apprehended at or close to the external border itself. This provision also covers cases where an alien is apprehended beyond the external border, where he/she is still en route and there is no doubt that he/she crossed the external border irregularly. This could be the case, for example, where, subsequently to the crossing of the external border, an alien on board a (high speed) train is detected during on board checks, or where an alien transported in a sealed commercial vehicle is apprehended at the moment of disembarkation from the vehicle."

In the context of the current proposal for a Regulation, the Council will need to reflect on whether it wishes to agree on and publish a similar statement.

Article 9 - Recording of data

Article 9 sets out rules on the recording and comparison of fingerprint data on persons apprehended in connection with the irregular crossing of the external border. Article 9 provides that the data transmitted to the Central Unit under Article 8 must be recorded in the central database, and specifies clear limitation on the use of this data. It may be compared only with data on asylum applicants which is subsequently transmitted to the Central Unit. This is consistent with the purpose of facilitating the implementation of Article 6 of the Dublin Convention. This means that it may not be compared with any data - whether on asylum applicants or on other people apprehended in connection with the irregular crossing of the external border - which was previously transmitted to the Central Unit. Nor may it be compared with data on persons apprehended in connection with the irregular crossing of the external border which is subsequently transmitted to the Central Unit. (The Commission notes that the final sentence of the first alinea is technically redundant.)

As far as the comparison which is permitted is concerned, the provisions set out in Article 4 of the Regulation apply.

Article 9 corresponds closely to Article 4 of the frozen draft Protocol text. Paragraph 2 of the frozen text has, however, been moved and included in the definition of "Member State of origin" in Article 2 of the Regulation. The new reference in the text to the provisions laid down pursuant to Article 4 preserves the effect of Article 8 of the frozen Protocol text, which applied the provisions of the draft Eurodac Convention mutatis mutandis to the draft Eurodac Protocol.

Article 10 - Storage of data

Article 10 sets out the rules for storage and erasure of data relating to persons apprehended in connection with the irregular crossing of the external border of the European Union. Paragraph 1 provides that such data shall be stored for a maximum of two years, at the end of which the Central Unit shall automatically erase the data. Paragraph 2 sets out rules for advance data erasure before the expiry of the two-year period. There are three situations in which advanced erasure must be carried out.

The first is when the person concerned has been issued with a residence permit. In this context, it should be noted that the applicable definition of "residence permit" is contained in Article 1(1)(e) of the Dublin Convention. If a person were to be issued with a residence permit, responsibility for any subsequent asylum application would in principle be governed by Article 5 rather than Article 6 of the Dublin Convention. In other words, the fact that the person has irregularly crossed an external border of the Union ceases to be a relevant factor in determining responsibility for any subsequent asylum claim, and so the corresponding data must be erased.

The second situation in which advance data erasure must take place is if the person has left the territory of the Member States. As soon as a person departs from the territory of the Member States, the fact that they previously crossed the external border irregularly ceases to be of relevance in determining responsibility for any future claim for asylum. If the person in question later returns to the territory of the Member States and claims asylum, the relevant factor in determining responsibility for considering their asylum application would in principle be which Member State was responsible for their presence on the territory of the Member States on that second occasion.

The third situation in which advance data erasure must take place is if the person in question acquires citizenship of the Union. The reasons for deleting data in these circumstances are set out in the explanatory note on Article 7.

The Article requires that erasure must be carried out as soon as the Member State of origin becomes aware that one of the three situations set out above has occurred.

Article 10 of the Regulation corresponds to Article 5 of the frozen Protocol text, with a small addition to make it clear that the rules on erasure of data on persons who have acquired citizenship also apply in this case. (This is in line with Article 8 of the frozen draft Protocol, which effectively applied Article 7 of the frozen Convention to data on persons apprehended in connection with the irregular crossing of the external border.)

The Commission repeats its comments on the need to examine whether additional provision can be made for advance data erasure. In particular, the Commission considers that the Council should consider whether provision could be made for fingerprint data relating to a person apprehended in connection with the irregular crossing of an external border to be erased from the central database if that person subsequently claims asylum in a Member State and one of the Member States accepts responsibility for considering the person's asylum application. In such cases, the fingerprint data taken in connection with the irregular crossing of the external border could be considered to have served its purpose.

CHAPTER IV - ALIENS FOUND ILLEGALLY PRESENT IN A MEMBER STATE

Article 11 - Comparison of fingerprints

Article 11 is concerned with facilitating the implementation of Articles 10(1)(c) and 10(1)(e) of the Dublin Convention. Article 10(1)(c) provides that the Member State responsible for considering an asylum application under the criteria set out in the Dublin Convention shall be obliged to readmit or take back an applicant whose application is under examination and who is irregularly in another Member State. Article 10(1)(e) provides that the Member State responsible for considering an asylum application under the criteria set out in the Dublin Convention shall be obliged to take back a person whose application it had rejected and who is illegally in another Member State.

Article 11 does not create an obligation or a power in Community legislation for a Member State to fingerprint persons found illegally present within its territory. The Member State in question can only take the fingerprints of the person in question if it is permitted to do so under its national law. The provisions of Article 11 on persons found illegally present within the territory of a Member State differ in this important respect from the provisions of Article 4 on applicants for asylum and the provisions of Article 8 on persons apprehended in connection with the irregular crossing of the external border.

Article 11 creates a facility for Member States to use Eurodac if they wish to do so to check whether a person found illegally present on its territory has previously claimed asylum in another Member State. Paragraph 1 sets out the circumstances in which, as a general rule, there are grounds for carrying out such checks. Three sets of circumstances are specified.

Paragraph 2 sets out the rules for the communication and comparison of fingerprint data relating to persons found illegally present within the territory of a Member State. The data in question can only be compared against data on applicants for asylum which has previously been transmitted to the Central Unit by other Member States and recorded in the central database. The data may not be compared with data on persons apprehended in connection with the irregular crossing of the external border communicated to the Central Unit under Article 8. Nor may the data be stored in the central database. Paragraph 4 provides that the Central Unit must destroy the fingerprints communicated to it under this Article as soon as the results of the comparison have been communicated to the Member State of origin.

Article 11 corresponds to Article 7 of the frozen Protocol text. The use of permissive language in places in the frozen text is, in the Commission's view, unorthodox in relation to a Community Regulation. Adaptation of the text into language which is legally more appropriate language would, however, appear to be incompatible with the compromise found in the Council on this point.

CHAPTER V - RECOGNISED REFUGEES

Article 12 - Blocking of data

This Article makes provision on how data relating to persons recognised as refugees should be treated. Paragraph 1 provides that data on such people will be blocked in the central database. For five years, the data would be used only for the purpose of compiling statistics on persons who have already been recognised as a refugee in one Member State but nevertheless go on to claim asylum in another Member State. During this period, Member States would not be informed of matches identified by the Central Unit relating to persons who have been recognised as a refugee.

Paragraph 2 provides that five years after Eurodac starts operations, a decision would be taken on whether data relating to persons who have been recognised as refugees but subsequently claimed asylum in another Member State should (a) be treated in the same way as data relating to any other asylum applicant, or (b) be erased in advance as soon as the person has been recognised and admitted as a refugee. In each case, the Article makes provision for the appropriate changes in the procedure for handling such data to be made.

Although Article 12 corresponds broadly to Article 8 of the frozen Convention text, three changes have been introduced in paragraph 2. First, a reference has been introduced to the new arrangements for Eurodac to start operations which are set out in Article 26 of the Regulation. Secondly, the provisions relating to the procedure for the decision which will be made after five years have been brought into line with the Treaty establishing the European Community. An explicit reference to Article 67 TEC has been introduced. The Article no longer refers to a decision by the Council, because it is possible that, by the time the decision is taken on what to do with data relating to refugees, the appropriate procedure under Article 67 will be the co-decision procedure set out in Article 251 of the TEC. The third change to paragraph 2 is the insertion in the third subparagraph, point (b), of a full statement of the applicable arrangements for erasure.

Paragraph 3 provides for the adoption of implementing rules concerning the compilation of statistics on people who have been recognised as refugees in one Member State but who have subsequently applied for asylum in another Member State. The frozen Convention text envisaged that these implementing rules would be adopted by the Council by two-thirds majority. This has been amended in the light of the communitarisation of asylum policy. The paragraph now envisages delegation of this implementing power to the Commission in accordance with Article 202 of the Treaty establishing the European Community. The comitology procedure selected and set out in Article 22 of this Regulation is Procedure III(a) in Council Decision 87/373/EEC of 13 July 1987 laying down the procedures for the exercise of implementing powers conferred on the Commission.

The comments made under Article 7 above are again applicable. The Commission recommends that the case for immediate deletion of data relating to recognised refugees should be re-examined. If the Council were able to agree on such a solution, Article 12 could be deleted and provision could be made in Article 7 for advance erasure of the relevant data.

CHAPTER VI - DATA USE, DATA PROTECTION, SECURITY AND LIABILITY

Article 13 - Responsibility for data use

Within the context of the Eurodac system, the Member States act as controllers, i.e. the entities which determine the purposes and the means of the processing of personal data. The Central Unit processes personal data on behalf of the Member States (see Article 3) and as such is a processor. Most obligations of Directive 95/46/EC are addressed to the controller. The responsibilities of the processor are more specific and it must act only on instructions from the controller.

Paragraphs 1 to 3 of Article 13 specify the responsibilities of the Member State of origin, acting as a controller at the moment of collection, transmission and reception of personal data. Paragraph 4 specifies the requirements for the processor with regard to confidentiality and security (Articles 16 and 17 of Directive 95/46/EC) and explicitly determines that the Central Unit acts on instruction of the Member States.

Article 14 - Security

Article 14 is an application of Article 17 of Directive 95/46/EC and determines which measures have to be implemented to ensure the security of processing. Paragraph 1 is addressed to the controller and paragraph 2, in line with Article 17(3) 2nd indent, to the processor. The wording of paragraph 2 has been slightly adapted from the wording of the frozen Convention text for reasons of legislative technique.

Article 15 - Access to and correction or erasure of data recorded in Eurodac

Access to and correction or erasure of personal data recorded in the central database is reserved to the Member State of origin, except in cases where the Central Unit is required to erase data automatically at a certain point or is instructed to amend or erase data by the Member State of origin. This is in line with and complementary to the responsibilities of the Member State of origin defined in Articles 13 and 14 and serves to prevent unauthorised access to and unauthorised correction or erasure of personal data.

Article 16 - Keeping of records by the Central Unit

This provision is designed to ensure that the Central Unit keeps complete records of data processing operations within the Central Unit for the purpose of data protection monitoring and security. For these purposes, records may be kept for a maximum period of one year. Although there was no corresponding provision in the draft Convention, the Commission considers that this safeguard which has been developed subsequently in the Council in the course of work on draft implementing rules merits inclusion in the Regulation.

Article 17 - Liability

This Article sets out the applicable rules on liability for damage caused in the context of Eurodac. The text of paragraph 1 is based on Article 23 of Directive 95/46/EC. The text in the draft Convention was limited to one particular case of unlawful processing, which is a restriction of the rules laid down in Directive 95/46/EC. In principle, the controller (the Member State responsible) will be held liable for any damage caused by any unlawful processing operation or any act incompatible with the provisions of the Regulation. The Member State in question may be exempted if it can prove that is not responsible for the event giving rise to the damage. If for instance the processor, i.e. the Central Unit is responsible for causing the damage the Member State concerned is exempted.

Paragraph 2 sets out the rules on liability of a Member State in relation to damage to the central database.

The provisions in the frozen text relating to the liability of the Community have not been incorporated in the Regulation, since the non-contractual liability of the Community in connection with the operation of the Eurodac system will be governed by the relevant provisions in the Treaty establishing the European Community.

Article 18 - Rights of the data subject

This Article sets out the rights of the data subject, and must be read in conjunction with Directive 95/46/EC.

The original text of paragraph 1 was too limited and has been replaced by a text which is in conformity with Article 10 of Directive 95/46/EC and which contains a list of items the data subject has to be informed about. In addition, the moment when the information has to be provided to the data subject is explicitly specified.

Paragraph 2 has been amended to adapt the text to the requirements laid down in Article 12 of Directive 95/46/EC.

Paragraph 3 has been amended to specify that the data subject can require correction and erasure in any Member State. If this is not the Member State which transmitted the data, paragraph 4 provides that the Member State which transmitted the data shall be contacted by the Member State where correction or erasure has been requested.

Paragraphs 5 and 6 specify Article 12 of Directive 95/46/EC. In order to guarantee an effective exercise of his rights the data subject has the right to receive written reactions to his requests without excessive delay.

Paragraph 7 makes provision to give practical effect to paragraphs 2 and 3.

Paragraph 8 lays down an obligation for the competent authorities of the Member States to ensure the proper operation of the mechanism provided for in paragraph 4.

In paragraph 9, a reference to Article 28(4) of Directive 95/46/EC has been included. This provision lays down an obligation to hear claims lodged by any person concerning the protecting of (all) rights and freedoms with regard to the processing of personal data.

Paragraph 10 specifies the obligations laid down in Article 28(4) and (6), 2nd paragraph of Directive 95/46/EC. It offers the data subject the possibility to turn to the supervisory authority of the Member State where he is present. This supervisory authority subsequently has the obligation to contact the supervisory authority of the Member State which transmitted the data. In addition, the data subject can also apply to the joint supervisory authority. The reference to the 1981 Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data has been deleted, because the data protection regime is no longer based on this Convention, but on Directive 95/46/EC.

Paragraph 11 implements the Articles 22 and 28(4) of Directive 95/46/EC by guaranteeing the data subject the right to apply to a supervisory authority or a court if he/she is refused the access provided for in paragraph 2.

Paragraph 12 also implements the Articles 22 and 28(4) of Directive 95/46/EC by guaranteeing the data subject the right to apply to a supervisory authority or a court if he/she wants to have his/her data corrected or erased.

It should be noted that Article 6 of the Protocol has not been incorporated in the Regulation, because its provisions did not comply with Article 12 of Directive 95/46/EC. Article 18 applies to all data subjects, irrespective of their legal status.

Article 19 - National supervisory authority

This Article makes an explicit reference to Article 28 of Directive 95/46/EC, leaving no doubt that the national supervisory authorities have the competence to review the legality of all processing operations carried out by the Member States. The fairly substantial modifications which have been made to the frozen Convention text are a consequence of the application of Directive 95/46/EC.

Article 20 - Joint supervisory authority

Paragraphs 1 to 10 make provision for an independent joint supervisory authority to be established on an interim basis to monitor the processing of personal data by the Central Unit until the supervisory body referred to in Article 286 of the Treaty has been established. A number of minor amendments to the frozen text of paragraphs 1 to 10 have been made to take account of the communitarisation of asylum. In practice, the independent supervisory authority referred to in Article 286 of the Treaty may be in place before Eurodac begins operations.

The last sentence of paragraph 11 of the corresponding frozen text has been deleted since it would be inappropriate for one body to operate under two different names. Paragraph 12 of the frozen text, which would have allowed the Council to adopt such supplementary measures as it considered necessary to enable the independent supervisory authority to perform its duties, has been deleted since such a provision can not be included in a Regulation which has its legal basis in Title IV of the Treaty establishing the European Community. Article 286 of the Treaty determines that the Council, acting in accordance with the procedure referred to in Article 251, shall adopt any other relevant provisions as appropriate. Any other arrangement for the adoption of supplementary measures would be a violation of Article 286 of the Treaty.

CHAPTER VII - FINAL PROVISIONS

Article 21 - Costs

This Article provides that costs relating to national units and their connection to the Central Unit should be met by each Member State concerned. Similarly, data communication and transmission costs (for flows of data in both directions) are to be met by Member States. This Article is designed to reflect the agreement reached in the context of the draft Convention on financing arrangements. Only those costs which are not to be charged to the Community budget need to be specifically outlined in a Community instrument. The Regulation does not, therefore, need to specify that the costs relating to the establishment and operation of the Central Unit should be borne by the Community budget.

Article 22 - Committee

The purpose of this Article is to subject the exercise of the powers delegated to the Commission under Articles 3, 4 and 12 to a regulatory procedure in conformity with decision 87/373 EEC of the Council of 13 July 1987 laying down the procedures for the exercise of implementing powers conferred on the Commission. The provisions in this Article may need to be adjusted if agreement is reached on a revision of the "comitology" decision.

Article 23 - Annual Report: Monitoring and evaluation

In the interests of transparency, this Article provides that the Commission must present an annual report to the European Parliament and the Council on the activities of the Central Unit.

Furthermore, this Article spells out monitoring and evaluation requirements in the context of Sound and Efficient Management 2000, underpinned by Article 2 of the Financial Regulation ((EEC) No 1231/77). It reflects the recommendations of the Commission's recent Communication, Spending more wisely: implementation of the Commission's evaluation policy (SEC(1999) 69/4). The Communication stated: "All departments should make efforts to develop indicators and to put in place efficient monitoring systems to collect data on relevant indicators from the outset of programmes and actions in order to ensure the validity and analytical quality of evaluations; where existing regulations do not provide for adequate monitoring, their revision should be considered." Following this Communication, the Commission is seeking a consistent approach to the provision in regulations for evaluation and monitoring. The common practice of including explicit provisions covering the type of monitoring, and the timing and purpose of major evaluations, is being applied generally. The Commission envisages that the objectives referred to would relate to such matters as the time it takes for the Central Unit to respond to a request from a Member State, security requirements and the accuracy of comparisons performed within the Central Unit in the light of final verification by the Member States.

Article 24 - Penalties

This Article obliges Member States to provide in their national law appropriate, proportionate, effective and dissuasive penalties to be applied in cases of abuse of data recorded in the central database. This provision, which is an essential complement to the data protection and security arrangements, is an adaptation of Article 9(5) of the "frozen" draft Convention text.

Article 25 - Territorial scope

The purpose of this Article is to align the scope of the Regulation with the scope of the Dublin Convention of 15 June 1990, where the normal territorial scope of the Treaty is broader than that set out in Article 19 of the Dublin Convention. Application to the French Republic is therefore limited to the European territory of the French Republic, so as to exclude the Overseas Departments which would normally be included in First Pillar legislation under Article 299(2)TEC. The draft Regulation does not contain a provision on territorial application in relation to the United Kingdom, despite the fact that the "frozen" draft Convention text did contain a provision, for the reasons set out in sections 2.2 and 4.3 of this Explanatory Memorandum

Article 26 - Entry into force and applicability

This Article provides for the Regulation to enter into force on the day of its publication in the Official Journal of the European Communities, from which date Member States will be required to implement it. Due to the technical requirements involved in establishing the Eurodac system, it is not possible to provide for simultaneous entry into force and applicability of the Regulation. This requires specific provision in the Regulation, whereas such explicit provision was not necessary in the "frozen" draft Convention text because it was envisaged that technical preparations would be undertaken between the signing of the Convention and the completion of its ratification by Member States. The present Article therefore provides for a notification mechanism under which the Commission will publish in the Official Journal the date on which Eurodac will apply at the point at which each Member State has notified the Commission that it has made the necessary technical arrangements and the Central Unit is in a position to begin operations.

Proposal for a COUNCIL REGULATION (EC) concerning the establishment of "Eurodac" for the comparison of the fingerprints of applicants for asylum and certain other aliens

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty establishing the European Community, and in particular Article 63(1)(a) thereof,

Having regard to the proposal from the Commission (3),

(3) OJ C

Having regard to the opinion of the European Parliament (4),

(4) OJ C

Whereas:

(1) Member States have concluded the Dublin Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed in Dublin on 15 June 1990 (hereinafter referred to as "the Dublin Convention") (5).

(5) OJ C 254, 19.8.1997, p. 1.

(2) For the purposes of applying the Dublin Convention, it is necessary to establish the identity of applicants for asylum and of persons apprehended in connection with the unlawful crossing of the external borders of the Community. It is also desirable in order to effectively apply the Dublin Convention, and in particular points (c) and (e) of Article 10(1) thereof, to allow each Member State to check whether an alien found illegally present on its territory has applied for asylum in another Member State.

(3) Fingerprints constitute an important element in establishing the exact identity of such persons; whereas it is necessary to set up a system for the comparison of their fingerprints.

(4) To this end, it is necessary to set up a system known as "Eurodac", consisting of a Central Unit, to be established within the Commission and which will operate a computerized central database of fingerprints, as well as of the electronic means of transmission between the Member States and the central database.

(5) It is also necessary to require the Member States promptly to take fingerprints of every applicant for asylum and of every alien who is apprehended in connection with the irregular crossing of an external Community border, if they are at least 14 years of age.

(6) It is necessary to lay down precise rules on the transmission of such fingerprint data to the Central Unit, the recording of such fingerprint data and other relevant data in the central database, their storage, their comparison with other fingerprint data, the transmission of the results of such comparison and the blocking and erasure of the recorded data; such rules may be different for, and should be specifically adapted to, the situation of different categories of aliens.

(7) Aliens who have requested asylum in one Member State may have the option of requesting asylum in another Member State for many years to come; whereas, therefore, the maximum period during which fingerprint data should be kept by the Central Unit should be of considerable length; whereas, given that most aliens who have stayed in the Community for several years will have obtained a settled status or even citizenship of the Union after that period, a period of 10 years should be considered a reasonable period for the conservation of fingerprint data.

(8) The conservation period should be shorter in certain special situations where there is no need to keep fingerprint data for that length of time: fingerprint data should be erased immediately once aliens obtain Union citizenship.

(9) It is necessary to lay down clearly the respective responsibilities of the Commission, in respect of the Central Unit, and of the Member States, as regards data use, data security, access to and correction of recorded data.

(10) While the non-contractual liability of the Community in connection with the operation of the Eurodac system will be governed by the relevant provisions of the Treaty, it is necessary to lay down specific rules for the non-contractual liability of the Member States in connection with the operation of the system.

(11) Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (6) applies to the processing of personal data by the Member States within the framework of the Eurodac system.

(6) OJ L 281, 23.11.1995, p. 31.

(12) In accordance with the principles of subsidiarity and proportionality as set out in Article 5 of the Treaty, the objective of the proposed measures, namely the creation within the Commission of a system for the comparison of fingerprints to assist the implementation of the Community's asylum policy, cannot, by its very nature, be sufficiently achieved by the Member States and can therefore be better achieved by the Community: this Regulation confines itself to the minimum required in order to achieve those objectives and does not go beyond what is necessary for that purpose.

(13) By virtue of Article 286 of the Treaty, Directive 95/46/EC also applies to the Community institutions and bodies; whereas, the Central Unit being established within the Commission, that Directive applies to the processing of personal data by that Unit.

(14) The principles set out in Directive 95/46/EC regarding the protection of the rights and freedoms of individuals, notably their right to privacy, with regard to the processing of personal data should be supplemented or clarified, in particular as far as certain sectors are concerned.

(15) It is appropriate to monitor and evaluate the performance of Eurodac.

(16) Member States should provide for a system of sanctions for infringements of this Regualtion.

(17) It is appropriate to restrict the territorial scope of this Regulation so as to align it on the territorial scope of the Dublin Convention.

(18) This Regulation should enter into force on the day of its publication in the Official Journal of the European Communities in order to serve as legal basis for the implementing rules which, with a view to its rapid application, are required for the establishment of the necessary technical arrangements by the Member States and the Commission; the Commission should therefore be charged with verifying that those conditions are fulfilled.

HAS ADOPTED THIS REGULATION:

Chapter I - General provisions

Article 1

Purpose of "Eurodac"

1. A system known as "Eurodac" is hereby established, the purpose of which shall be to assist in determining which Member State is to be responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State, and otherwise to facilitate the application of the Dublin Convention under the conditions set out in this Regulation.

2. Eurodac shall consist of:

(a) the Central Unit referred to in Article 3,

(b) a computerized central database in which the data referred to in Article 5(1), Article 8(2) and Article 11(2) are processed for the purpose of comparing the fingerprints of applicants for asylum and certain other aliens,

(c) means of data transmission between the Member States and the central database.

The rules governing Eurodac shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit until use is made of the results of the comparison.

3. Without prejudice to the use of data intended for Eurodac by the Member State of origin in databases set up under the latter's national law, fingerprints and other personal data may be processed in Eurodac only for the purposes set out in Article 15(1) of the Dublin Convention.

Article 2

Definitions

1. For the purposes of this Regulation:

(a) "The Dublin Convention" means the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990.

(b) An "applicant for asylum" means an alien who has made an application for asylum or on whose behalf such an application has been made.

(c) "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.

(d) "Processing of personal data" ("processing") means any operation or set of operations which is performed on personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

(e) "Transmission of data" means:

(i) communication of personal data from Member States to the Central Unit for recording in the central database and communication to Member States of the results of the comparison made by the Central Unit; and

(ii) recording of personal data directly by Member States in the central database and direct communication of the results of the comparison to such Member States.

(f) "Member State of origin" means:

(i) in relation to an applicant for asylum or a person covered by Article 11, the Member State which transmits the personal data to the Central Unit and receives the results of the comparison;

(ii) in relation to a person covered by Article 8, the Member State which communicates such data to the Central Unit.

(g) "Refugee" means a person who has been recognised as a refugree in accordance with the Geneva Convention on Refugees of 28 July 1951, as amended by the New York Protocol of 31 January 1967.

2. Unless stated otherwise, the terms defined in Article 1 of the Dublin Convention shall have the same meaning in this Regulation.

Article 3

Central Unit

1. A Central Unit shall be established within the Commission which shall be responsible for operating the central database of fingerprints on behalf of the Member States. The Central Unit shall be equipped with a computerized fingerprint recognition system.

2. Data on applicants for asylum, persons covered by Article 8 and persons covered by Article 11 which are processed at the Central Unit shall be processed on behalf of the Member State of origin.

3. Pursuant to the procedure laid down in Article 22, the Central Unit may be charged with carrying out certain statistical tasks on the basis of the data processed at the Unit.

Chapter II - Applicants for asylum

Article 4

Collection, transmission and comparison of fingerprints

1. Each Member State shall promptly take the fingerprints of every applicant for asylum of at least 14 years of age and shall promptly transmit the data referred to in points (a) to (f) of Article 5(1) to the Central Unit. The procedure for taking fingerprints shall be determined in accordance with the national practice of the Member State concerned.

2. The data referred to in Article 5(1) shall be immediately recorded in the central database by the Central Unit, or, provided that the technical conditions for such purposes are met, directly by the Member State of origin.

3. Fingerprint data within the meaning of point (b) of Article 5(1), transmitted by any Member State, shall be compared by the Central Unit with the fingerprint data transmitted by other Member States and already stored in the central database.

4. The Central Unit shall ensure, on the request of a Member State, that the comparison referred to in paragraph 3 covers the fingerprint data previously transmitted by that Member State, in addition to the data from other Member States.

5. The Central Unit shall forthwith communicate the results of the comparison to the Member State of origin, together with the data referred to in Article 5(1) relating to those fingerprints which, in the opinion of the Central Unit, are so similar as to be regarded as matching the fingerprints which were transmitted by that Member State.

Direct transmission to the Member State of origin of the results of the comparison shall be permissible where the technical conditions for such purpose are met.

6. The results of the comparison shall be immediately checked in the Member State of origin. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 15 of the Dublin Convention.

Information received from the Central Unit relating to any data mismatch or other data found to be unreliable shall be erased by the Member State of origin as soon as the mismatch or unreliability of the data is established.

7. The implementing rules setting out the procedures necessary for the application of paragraphs 1 to 6 shall be adopted in accordance with the procedure laid down in Article 22.

Article 5

Recording of data

1. Only the following data shall be recorded in the central database:

(a) Member State of origin, place and date of the application for asylum;

(b) fingerprints;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were transmitted to the Central Unit;

(g) date on which the data were entered in the central database;

(h) details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.

Article 6

Data storage

Each set of data, as referred to in Article 5 (1), shall be stored in the central database for ten years from the date on which the fingerprints were taken.

Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

Article 7

Advance data erasure

Data relating to a person who has acquired citizenship of the Union before expiry of the period referred to in Article 6 shall be erased from the central database, in accordance with Article 15(3) as soon as the Member State of origin becomes aware that the person has acquired citizenship of the Union.

Chapter III - Aliens apprehended in connection with the irregular crossing of an external border

Article 8

Collection and communication of fingerprint data

1. Each Member State shall promptly take the fingerprints of every alien of at least 14 years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back

2. The Member State concerned shall promptly communicate to the Central Unit the following data in relation to any alien as referred to in paragraph 1:

(a) Member State of origin;

(b) fingerprints;

(c) sex;

(d) reference number used by the Member State of origin;

(e) date on which the fingerprints were taken;

(f) date on which the data were communicated to the Central Unit.

Article 9

Recording of data

1. The data referred to in point (g) of Article 5(1) and in Article 8(2) shall be recorded in the central database.

Without prejudice to Article 3(3), data communicated to the Central Unit pursuant to Article 8(2) shall be recorded for the sole purpose of comparison with data on applicants for asylum transmitted subsequently to the Central Unit.

The Central Unit shall not compare data communicated to it pursuant to Article 8(2) with any data previously recorded in the central database, nor with data subsequently communicated to the Central Unit pursuant to Article 8(2).

2. The procedures provided for in Article 4(1) to (6) and Article 5(2) as well as the provisions laid down pursuant to Article 4(7) are applicable.

Article 10

Storage of data

1. Each set of data relating to an alien as referred to in Article 8(1) shall be stored in the central database for two years from the date on which the fingerprints of the alien were taken. Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

2. The data relating to an alien as referred to in Article 8(1) shall be erased from the central database in accordance with Article 15(3) immediately, if the Member State of origin becomes aware of one of the following circumstances before the two-year period mentioned in paragraph 1 has expired:

(a) the alien has been issued with a residence permit;

(b) the alien has left the territory of the Member States;

(c) the alien has acquired citizenship of the Union.

CHAPTER IV - Aliens found illegally present in a Member State

Article 11

Comparison of fingerprints

1. With a view to checking whether an alien found illegally present within its territory has previously lodged an application for asylum in another Member State, each Member State may communicate to the Central Unit any fingerprints which it may have taken of any such alien of at least 14 years of age together with the reference number used by that Member State.

As a general rule there are grounds for checking whether the alien has previously lodged an application for asylum in another Member State where:

(a) the alien declares that he/she has lodged an application for asylum but without indicating the Member State in which he/she made the application;

(b) the alien does not request asylum but objects to being returned to his/her country of origin by claiming that he/she would be in danger, or

(c) the alien otherwise seeks to prevent his/her removal by refusing to cooperate in establishing his/her identity, in particular by showing no, or false, identity papers.

2. The fingerprints of an alien as referred to in paragraph 1 shall be communicated to the Central Unit solely for the purpose of comparison with the fingerprints of applicants for asylum transmitted by other Member States and already recorded in the central database.

The fingerprints of such an alien shall not be stored in the central database, nor shall they be compared with the data communicated to the Central Unit pursuant to Article 8(2).

3. The procedures provided for Article 4(1) to (6) as well as the provisions laid down pursuant to Article 4(7) are applicable.

4. The Central Unit shall destroy the fingerprints communicated to it under paragraph 1 forthwith, once the results of the comparison have been communicated to the Member State of origin.

Chapter V - Recognised refugees

Article 12

Blocking of data

1. Data relating to a person who has been recognised and admitted as a refugee in a Member State shall be blocked in the central database. Such blocking shall be carried out by the Central Unit on the instructions of the Member State of origin.

2. Five years after Eurodac starts operations, and on the basis of reliable statistics compiled by the Central Unit on persons who have lodged an application for asylum in a Member State after having been recognised and admitted as refugees in another Member State, a decision shall be taken in accordance with the procedure referred to in Article 67 of the Treaty, as to whether the data relating to persons who have been recognised and admitted as refugees in a Member State should:

(a) be stored in accordance with Article 6 for the purpose of the comparison provided for in Article 4(3); or

(b) be erased in advance once a person has been recognised and admitted as a refugee.

In the case of point (a) of the first subparagraph, the data blocked pursuant to paragraph 1 shall be unblocked and the procedure referred to in that pargraph shall no longer apply.

In the case of point (b) of the first subparagraph:

(a) data which have been blocked in accordance with paragraph 1 shall be erased immediately by the Central Unit; and

(b) data relating to persons who are subsequently recognised and admitted as refugees shall be erased in accordance with Article 15(3), as soon as the Member State of origin becomes aware that the person has been recognised and admitted as a refugee in a Member State.

3. The implementing rules concerning the compilation of the statistics referred to in paragraph 2 shall be adopted in accordance with the procedure laid down in Article 22.

Chapter VI - Data use, data protection, security and liability

Article 13

Responsibility for data use

1. The Member State of origin shall be responsible for ensuring that:

(a) fingerprints are taken lawfully;

(b) fingerprints and the other data referred to in Article 5(1), Article 8(2) and Article 11(2) are lawfully transmitted to the Central Unit;

(c) data are accurate and up-to-date when they are transmitted to the Central Unit;

(d) without prejudice to the responsibilities of the Commission, data in the central database are lawfully recorded, stored, corrected and erased;

(e) the results of fingerprint comparisons transmitted by the Central Unit are lawfully used.

2. In accordance with Article 14, the Member State of origin shall ensure the security of these data before and during transmission to the Central Unit as well as the security of the data it receives from the Central Unit.

3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6).

4. The Commission shall ensure that the Central Unit is operated in accordance with the provisions of this Regulation and its implementing rules. In particular, the Commission shall:

(a) adopt measures ensuring that persons working in the Central Unit use the data recorded in the central database only in accordance with the purpose of Eurodac as laid down in Article 1(1);

(b) ensure that persons working in the Central Unit comply with all requests from Member States made pursuant to this Regulation in relation to recording, comparison, correction and erasure of data for which they are responsible;

(c) take the necessary measures to ensure the security of the Central Unit in accordance with Article 14;

(d) ensure that only persons authorised to work in the Central Unit shall have access to data recorded in the central database, without prejudice to Article 20 and the powers of the independent supervisory body which will be established under Article 286 (2) of the Treaty.

The Commission shall inform the European Parliament and the Council of the measures it takes pursuant to the firs subparagraph.

Article 14

Security

1. The Member State of origin shall take the necessary measures to:

(a) prevent any unauthorized person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac;

(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorized persons;

(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac, when and by whom;

(d) prevent the unauthorized recording of data in Eurodac and any unauthorized modification or erasure of data recorded in Eurodac;

(e) guarantee that, in using Eurodac, authorized persons have access only to data which are within their competence;

(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment;

(g) prevent the unauthorized reading, copying, modification or erasure of data during both the direct transmission of data to or from the central database and the transport of data media to or from the Central Unit.

2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the measures mentioned under paragraph 1.

Article 15

Access to and correction or erasure of data recorded in Eurodac

1. The Member State of origin shall have access to data which it has transmitted or communicated and which are recorded in the central database in accordance with the provisions of this Regulation.

No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5).

2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database shall be those designated by each Member State. Each Member State shall communicate to the Commission a list of those authorities.

3. Only the Member State of origin shall have the right to amend the data which it has transmitted to the Central Unit by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in pursuance of Article 6, Article 10(1) or point (a) of the third subparagraph of Article 12(2)(b).

Where the Member State of origin records data directly in the central database, it may amend or erase the data directly.

Where the Member State of origin does not record data directly in the central database, the Central Unit shall alter or erase the data at the request of that Member State.

4. If a Member State or the Central Unit has evidence to suggest that data recorded in the central database are factually inaccurate, it shall advise the Member State of origin as soon as possible.

If a Member State has evidence to suggest that data were recorded in the central database contrary to this Regulation, it shall similarly advise the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase them without delay.

Article 16

Keeping of records by the Central Unit

1. The Central Unit shall keep records of all data processing operations within the Central Unit. These records shall show the purpose of access, the date and time, the data transmitted, the data used for interrogation and the name of both the unit putting in or retrieving the data and the persons responsible.

2. Such records may be used only for the data-protection monitoring of the admissibility of data processing as well as to ensure data security pursuant to Article 14. The records must be protected by appropriate measures against unauthorised access and erased after a period of one year, if they are not required for monitoring procedures which have already begun.

Article 17

Liability

1. Any person who, or Member State which, has suffered damage, whether physical or moral, as a result of an unlawful processing operation or any act incompatible with the provisions laid down in this Regulation shall be entitled to receive compensation from the Member State responsible for the damage suffered. That State may be exempted from its liability, in whole or in part, if it proves that it is not responsible for the event giving rise to the damage.

2. If failure of a Member State to comply with its obligations under this Regulation causes damage to the central database, that Member State shall be held liable for such damage, unless and insofar as the Commission failed to take reasonable steps to prevent the damage from occurring or to minimise its impact.

3. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 2 shall be governed by the provisions of national law of the defendant Member State.

Article 18

Rights of the data subject

1. A person covered by this Regulation shall be informed by the Member State of origin of the following when his/her fingerprints are taken:

(a) the purpose of taking his/her fingerprints;

(b) the transmission or communication to the Central Unit of data referred to in Article 5(1), Article 8(2) or Article 11(2);

(c) the obligation to have his/her fingerprints taken, where applicable;

(d) the existence of the right of access to data concerning him/her and the right to rectify such data.

2. In each Member State any data subject may, in accordance with the laws, regulations and procedures of that State, exercise the rights provided for in Article 12 of Directive 95/46/EC.

Without prejudice to the obligation to provide other information in accordance with point (a) of Article 12 of Directive 95/46/EC, the person shall obtain communication of the data relating to him/her recorded in the central database and of the Member State which transmitted them to the Central Unit. Such access to data may be granted only by a Member State.

3. In each Member State, any person may request that data which are factually inaccurate be corrected or that data recorded unlawfully be erased. The correction and erasure shall be carried out by the Member State which transmitted the data, in accordance with its laws, regulations and procedures.

4. If the rights of correction and erasure are exercised in a Member State, or States, other than that, or those, which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State, or States, in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database.

5. If it emerges that data recorded in the central database are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 15(3). That Member State shall confirm in writing to the data subject without excessive delay that it has taken action to correct or erase data relating to him/her.

6. If the Member State which transmitted the data does not agree that data recorded in the central database are factually inaccurate or have been recorded unlawfully, it shall explain in writing to the data subject without excessive delay why it is not prepared to correct or erase the data.

That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information about how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to permit the exercise of the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.

8. The competent authorities of the Member States shall cooperate actively to enforce promptly the rights laid down in paragraphs 3, 4 and 5.

9. In each Member State, the national supervisory authority shall assist the data subject in accordance with Article 28(4) of Directive 95/46/EC in exercising his/her rights.

10. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the data subject is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both national supervisory authorities shall cooperate to this end. Requests for such assistance may be made to the national supervisory authority of the Member State in which the data subject is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up in Article 20.

11. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.

12. Any person may, in accordance with the laws, regulations and procedures of the Member State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the data subject, in accordance with paragraph 10, shall subsist throughout the proceedings.

Article 19

National supervisory authority

1. Each Member State shall provide that the national supervisory authority or authorities designated pursuant to Article 28(1) of Directive 95/46/EC shall monitor independently, in accordance with its respective national law, the lawfulness of the processing, in accordance with the provisions of this regulation, of personal data by the Member State in question, including their transmission to the Central Unit.

2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.

Article 20

Joint supervisory authority

1. An independent joint supervisory authority shall be set up, consisting of a maximum of two representatives from the supervisory authorities of each Member State. Each delegation shall have one vote.

2. The joint supervisory authority shall have the task of monitoring the activities of the Central Unit to ensure that the rights of data subjects are not violated by the processing or use of the data held by the Central Unit. In addition, it shall monitor the lawfulness of the transmission of personal data to the Member States by the Central Unit.

3. The joint supervisory authority shall be responsible for the examination of implementation problems in connection with the operation of Eurodac, for the examination of possible difficulties during checks by the national supervisory authorities and for drawing up recommendations for common solutions to existing problems.

4. In the performance of its duties, the joint supervisory authority shall, if necessary, be actively supported by the national supervisory authorities.

5. The joint supervisory authority shall have access to advice from persons with sufficient knowledge of fingerprint data.

6. The Commission shall assist the joint supervisory authority in the performance of its tasks. In particular, it shall supply information requested by the joint supervisory body, give it access to all documents and paper files as well as access to the data stored in the system and allow it access to all its premises, at all times.

7. The joint supervisory authority shall unanimously adopt its rules of procedure.

8. Reports drawn up by the joint supervisory authority shall be made public and shall be forwarded to the bodies to which the national supervisory authorities submit their reports, as well as to the European Parliament, the Council and the Commission for information. In addition, the joint supervisory authority may submit comments or proposals for improvement regarding its remit to the European Parliament, the Council and the Commission at any time.

9. In the performance of their duties, the members of the joint supervisory authority shall not receive instructions from any government or body.

10. The joint supervisory authority shall be consulted on that part of the draft operating budget of the Eurodac Central Unit which concerns it. Its opinion shall be annexed to the draft budget in question.

11. The joint supervisory authority shall be disbanded upon the establishment of the independent supervisory body referred to in Article 286(2) of the Treaty. The independent supervisory body shall replace the joint supervisory authority and shall exercise all the powers conferred on it by virtue of the act under which that body is established.

Chapter VII - Final provisions

Article 21

Costs

1. The costs incurred by national units and the costs for their connection to the central database shall be borne by each Member State.

2. The costs of transmission or communication of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.

Article 22

Committee

The Commission shall be assisted by a committee composed of the representatives of the Member States and chaired by the representative of the Commission.

The representative of the Commission shall submit to the committee a draft of the measures to be taken. The committee shall deliver its opinion on the draft within a time limit which the chairman may lay down according to the urgency of the matter. The opinion shall be delivered by the majority laid down in Article 205(2) of the Treaty in the case of decisions which the Council is required to adopt on a proposal from the Commission. The votes of the representatives of the Member States within the committee shall be weighted in the manner set out in that Article. The chairman shall not vote.

The Commission shall adopt the measures envisaged if they are in accordance with the opinion of the committee.

If the measures envisaged are not in accordance with the opinion of the committee, or if no opinion is delivered, the Commission shall, without delay, submit to the Council a proposal relating to the measures to be taken. The Council shall act by a qualified majority.

If, on the expiry of a period of three months from the date of referral to the Council, the Council has not acted, the proposed measures shall be adopted by the Commission.

Article 23

Annual Report: Monitoring and evaluation

1. The Commission shall submit to the European Parliament and the Council an annual report on the activities of the Central Unit. The annual report shall include information on the management and performance of the system against pre-defined quantitative indicators for the objectives referred to in paragraph 2.

2. The Commission shall ensure that systems are in place to monitor the functioning of the Central Unit against objectives, in terms of outputs, cost-effectiveness and quality of service.

3. The Commission shall regularly evaluate the operation of the Central Unit in order to establish whether its objectives have been attained cost-effectively and with a view to providing guidelines for improving the efficiency of future operations.

4. One year after Eurodac starts operations, the Commission shall produce an evaluation report on the Central Unit, focusing on the level of demand compared with expectation and on operational and management issues in the light of experience, with a view to identifying possible short-term improvements to operational practice.

5. Three years after Eurodac starts operations and every six years thereafter, the Commission shall produce an overall evaluation of Eurodac, examining results achieved against objectives and assessing the continuing validity of the underlying rationale and any implications for future operations.

Article 24

Penalties

Member States shall lay down the rules on penalties applicable to infringements of the provisions of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for must be effective, proportionate and dissuasive. Member States shall notify those provisions to the Commission by [...] at the latest and shall notify it without delay of any subsequent amendment affecting them.

Article 25

Territorial scope

As regards the French Republic, the provisions of this Regulation shall apply only to the European territory of the French Republic.

Article 26

Entry into force and applicability

1. This Regulation shall enter into force on the day of its publication in the Official Journal of the European Communities.

2. This Regulation shall apply, and Eurodac shall start operations, from the date which the Commission shall publish in the Official Journal of the European Communities, when the following conditions are met:

(a) each Member State has notified the Commission that it has made the necessary technical arrangements to transmit or communicate data to the Central Unit in accordance with the implementing measures adopted under Article 4(7); and

(b) the Commission has made the necessary technical arrangements for the Central Unit to begin operations in accordance with the implementing measures adopted under Article 4(7).

This Regulation shall be binding in its entirety and directly applicable in all Member States.

Done at Brussels,

For the Council

The President

FINANCIAL STATEMENT

1. TITLE OF OPERATION

Council Regulation (EC) No [ / ] of [ ] concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum and certain other aliens

2. BUDGET HEADING INVOLVED

B5-801: Eurodac

3. LEGAL BASIS

Article 63(1)(a) EC

4. DESCRIPTION OF OPERATION

4.1. General objective

The objective of Eurodac is to assist in determining the Member State which is responsible pursuant to the Dublin Convention of 15 June 1990 for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal.

These measures are meant to avoid any situations arising which will result in applicants for asylum being left in doubt too long as to the likely outcome of their application, to provide all applicants for asylum with a guarantee that their applications will be examined by one of the Member States and to ensure that applicants for asylum are not referred successively from one Member State to another without any of these states aknowledging itself to be competent to examine the application for asylum.

Moreover, it is intended to further facilitate the application of the Dublin Convention by providing for the collection of data relating to persons apprehended in connection with the irregular crossing of an external border. In addition, a facility is provided to make checks in certain circumstances to determine whether a person found illegaly present within a Member State had previously claimed asylum in another Member State.

The Regulation provides therefore for the fingerprints of three different groups of people to be transmitted or communicated to the Central Unit and processed within the central database: applicants for asylum; persons apprehended in connection with the irregular crossing of an external border and persons found illegaly present within the territory of a Member State. Differing provisions are foreseen for the processing of the data related to each of these categories.

4.2. Period covered

Indefinite

5. CLASSIFICATION OF EXPENDITURE

5.1 Compulsory/Non-compulsory expenditure

Non-compulsory

5.2 Differentiated/Non-differentiated appropriations

Differentiated

5.3 Type of revenue involved

Not applicable

6. TYPE OF EXPENDITURE

100%

7. FINANCIAL IMPACT

7.1 Method of calculating total cost of the operation

Capital investment for the central system (2000): EURO 8.5 million

A precise calculation of unit cost per activity or investment item is made extremely difficult by the innovative nature of this initiative and the constantly shifting technological and commercial developments affecting it.

A number of options are however available. These are based on studies carried out in 1997/98 by Bossard Consultants, because neither the Commission nor the Member States were in a position to provide all technical and cost estimates needed. The study was discussed with national AFIS (automated finger print recognition system) experts and was approved by the Member States through the Council.

The approach of the Bossard study is to provide a range of technical options which vary according to the operating and search criteria that will be imposed on the system, its size, techniques used, etc.

The three main options are differentiated in terms of transmission techniques of data between the central unit and the Member States.

These are:

- Option 1: 100% of fingerprints transmitted electronically ; four workstations, eight staff ;

- Option 2: 75% of fingerprints transmitted electronically with mail being used for the remaining 25% ; seven workstations ; ten staff ;

- Option 3: 25% of fingerprints transmitted electronically with mail being used for the remaining 75% ; 11 workstations; 17 staff.

Criteria used for this estimate

- In terms of hardware and communication methods, the Commission opts for the system whereby all fingerprints are transmitted electronically between workstations, i.e. nothing is sent by post except as a back-up measure ("option 1" ). The Commission's current costings do not include provisions for using paper forms in an emergency. This will need to be reviewed with the Member States in due course. Other options would require more staff and involve varying levels of sending data by fax or post. This is not considered acceptable on grounds of either security or efficiency. The option selected also involves the use of a more limited number of workstations (five as opposed to six or ten respectively, under other options). Option 1, in other words, is the most cost-effective.

- The population base has been taken as 900 000, including asylum seekers and persons apprehended in connection with the irregular crossing of an external border, as well as persons found illegally present within the territory of a Member State. The latter two categories are estimated at 500 000, but current figures are unreliable and should be viewed with caution in the absence of further work on this point. They will only be covered by the system in so far as they need to be matched against asylum seekers.

- The cost of initial capital investment varies according to other criteria, such as whether classification is used. This is a technical procedure which may be too complex for the first generation of Eurodac system and has therefore not been included in the Commission's estimate.

- The use of gender as a search criteria has been included (see Article 5).

- All estimates are based on searches and comparisons taking place on the basis of two fingerprints. This reduces comparison costs even if a higher number of fingers might yield more accurate results.

The original estimate for capital investment given by the consultant chosen by the Member States under the option 1 was EURO 5.2 million for a system using gender as a search criteria, based on two-finger searches and not using classification. Precise figures for the other two options are not provided by the study. A range is given however, from EURO 5.4 million to EURO 9.1 million, based on manufacturers' quoted prices.

It should be noted that the estimates given by the study relate to a system designed to perform a more limited role than the objectives that have since emerged.

Costs arising from the increased population to be covered by the system as a consequence of its extension to certain categories of alien were not taken into account. This increase in population has a direct effect on the number of print entries or cards stored, raising it from EURO 1.6 million to EURO 2.6 million over the first two years. This will require not only increased storage capacity but will have a knock-on effect on all other capacities required from the system, and therefore on costs.

Moreover, provision has to be made for problems of technical compatibility between national systems which will arise. This issue is being addressed but precise cost implications will not become clear until technical specifications have been worked out by an independent consultant (through public tendering) in 1999.

7.2 Itemised breakdown of costs

The Commission's estimate is based on the report of a consultant chosen by the Member States. It is clear that this report requires updating and will be more sharply focused by a further study of a similar nature to be completed in 1999. The results of this study should provide the Commission with precise technical and cost specifications.

It is equally clear that the implementation of the proposed Council Regulation will in itself be a process that will bring more clarification regarding costs and optimal or realistic technical solutions.

The additional cost factors outlined above were and not included in the original study and were therefore not taken into account for Bossard's estimate of EURO 5.2 million given as a minimum option. Until the results of the new study are available these additional cost factors cannot be quantified with a high degree of precision. It is nonetheless obvious that additional resources will be required for building the Central Unit.

The Commission's current proposal of EURO 8.5 million is therefore an estimated projection based on:

- A significant increase in the target population and the increased capacity this requires;

- the cost of making the central system compatible with all national systems (integration costs);

- greater emphasis on staff training to handle the particular problems of operating in a multi-national and in a politically sensitive environment;

- a comparison made with the EURO 2 million acquisition cost of an existing national AFIS system with a capacity of less than 25% of that required from Eurodac and without the integrator or safety features required for Eurodac.

A breakdown of the Commission's estimate is given below:

>TABLE>

Central system running costs (from 2001): EURO 0.800 million/year

The Commission is proceeding on the basis that the system should be operational by 2001. The expenditure estimated for capital cost will therefore be charged in its entirety to the 2000 budget. Once the system is operational, administrative costs will be a significant part of expenditure (see item 10) since, in view of the sensitive nature of the work, all staff will have to be Commission officials. The Eurodac system will be operated within and under the direct authority of the Commission, and will be located on its premises. The system will be operational round the clock, 365 days/year. The number of permanent posts required specifically (and exclusively) for Eurodac reflects this: eight persons to man five workstations on a continuous basis.

Annual running costs from 2001 are estimated at EURO 0.800 million/year.

>TABLE>

8. FRAUD PREVENTION MEASURES

Internal Commission procurement procedures, which ensure compliance with Community legislation on public procurement, will be strictly applied. The Member States will be kept fully briefed of the public tender procedure and will be able to comment on the final draft.

9. ELEMENTS OF COST-EFFECTIVENESS ANALYSIS

9.1. Target population

The measure targets asylum seekers (which are estimated at 350 000 - 400 000 per year for the European Union), persons apprehended in connection with the irregular crossing of external borders and persons found illegally present within the territory of a Member State. The latter two categories are estimated at up to 500 000/year in the European Union).

9.2. Justification of the action

The objectives of the measure are to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State and otherwise to facilitate the application of the Dublin Convention under the conditions set out in the proposal. These objectives are consistent with the objective under Title IV of the Treaty establishing the European Community of establishing an area of freedom, security and justice. To establish such an area, the Community is to adopt measures aimed at ensuring the free movement of persons, in conjunction with directly related flanking measures inter alia on asylum under Article 63(1)(a) of the Treaty. Article 63(1)(a) of the Treaty requires the Community to adopt measures on criteria and mechanisms for determining which Member State is responsible for considering an application for asylum submitted by a national of a third country in one of the Member States.

9.3. Monitoring and evaluation of the operation

The Regulation contains detailed provisions on data use, data protection, responsibility and security to ensure that stringent standards of protection in accordance inter alia with Directive 95/46/EC and Article 286 of the Treaty are applied. These provisions cover in particular responsibility for data use, security arrangements and liability for damages costs in the context of Eurodac.

The operations following from the Regulation and concerning the Central Unit will be under the direct control of statutory Commission staff. Compliance with the data protection requirements will be supervised by an independent supervising body.

The Commission will carry out regular evaluation and monitoring of the functioning and performance of the Central Unit to ensure that it corresponds to the objectives and requirement set by the Regulation and to the specifications set out in Articles 3(3) and 4(7) of the Implementing Rules.

Such evaluation will seek to provide quantitative and qualitative information serving as a basis for possible further development. At the end of each financial year, the Commission will report to the European Parliament and to the Council on the outcome of this evaluation and, if necessary, propose re-orientations or adaptations of the functioning of the system.

10. ADMINISTRATIVE EXPENDITURE (section iii of the general budget)

The administrative ressources required will be mobilised via the annual Commission decision allocating resources, having regard among other things to the additional staff and financial ressources granted by the budgetary authority.

10.1 Impact on number of posts

>TABLE>

10.2 Overall financial impact of additional human resources

>TABLE>

10.3 Increase in other administrative expenditure resulting from operation

(EURO million)

>TABLE>

ANNEX

EUROPEAN UNION Brussels, 26 February 1999

THE COUNCIL

6324/99

LIMITE

EURODAC 4

INTRODUCTORY NOTE

from: General Secretariat

to: Permanent Representatives Committee/Council

No. prev. doc.: 6094/99 EURODAC 3

Subject: Draft Council Act drawing up a Protocol extending the scope ratione personae of the Convention concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum

1. At its session on 3/4 December 1998, the (Justice and Home Affairs) Council recorded agreement, subject to parliamentary scrutiny reservations from the Danish, Italian and United Kingdom delegations, on the content of the draft Eurodac Convention which was to be "frozen" pending the entry into force of the Treaty of Amsterdam. The Council noted that once that treaty entered into force, the Commission would put forward a proposal for a Community legal instrument incorporating the content of the draft convention.

2. With regard to the draft Protocol to the draft Eurodac Convention (extending the scope ratione personae of the draft Convention), the Council, on the one hand, agreed to forward the text as set out in 12298/98 to the European Parliament for opinion and, on the other hand, invited the Permanent Representatives Committee to continue examination of the outstanding questions on the text with a view to enabling the Council, in the light of the European Parliament's opinion, to reach agreement on the draft Protocol at its next session.

3. The Eurodac Working Party has devoted several meetings to the examination of the draft Protocol and, at its meeting on 16/17 February 1999 reached broad agreement on the text set out in the Annex hereto.

4. On 23 February 1999, the K4 Committee confirmed the agreement (7)in the Working Party.

(7) italian and United Kingdom delegations maintained parliamentary scrutiny reservations. everal delegations maintained linguistic reservations.

5. The Permanent Representatives Committee is invited to suggest that the Council

- record agreement on the content of the draft Protocol to the draft Eurodac Convention as set out in the Annex;

- decide to "freeze" the text of the draft Protocol pending the entry into force of the Treaty of Amsterdam;

- note that the Commission will, upon entry into force of that Treaty, put forward a proposal for a Community instrument incorporating the content of the draft Protocol taking account of the Opinion which the European Parliament is expected to deliver shortly.

ANNEX

DRAFT

COUNCIL ACT

of

drawing up a Protocol

extending the scope ratione personae

of the Convention concerning the establishment of "Eurodac"

for the comparison of fingerprints of applicants for asylum

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on European Union, and in particular Article K.3(2)(c) thereof,

Whereas asylum policy is regarded as a matter of common interest for the Member States under Article K.1(1) of the Treaty;

Whereas the Council has drawn up a Convention concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum (the "Eurodac Convention"), for the purposes of applying the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990 (8) particular Article 15 thereof;

(8) , 19.8.1997, p. 1.

Whereas it is also necessary, in order effectively to apply the Dublin Convention, and in particular Article 6 thereof, to make provision for communicating to "Eurodac" the fingerprints of persons apprehended in connection with the irregular crossing of the external border of a Member State;

Whereas it is also desirable in order effectively to apply the Dublin Convention, and in particular Article 10, paragraph 1 (c) and (e) thereof, to allow for each Member State to check whether an alien found illegally present on its territory has applied for asylum in another Member State.

Having decided that a Protocol supplementing the Eurodac Convention to that effect, the text of which is given in the Annex and which has been signed today by the Representatives of the Governments of the Member States, is hereby drawn up;

Having examined the views of the European Parliament, following the consultation conducted by the Presidency in accordance with Article K.6 of the Treaty on European Union;

RECOMMENDS that it be adopted by the Member States in accordance with their respective constitutional requirements and in such manner that it will enter into force at the same time as the Eurodac Convention.

Done at .........................., For the Council

The President

Annex to ANNEX

PROTOCOL

drawn up on the basis of Article K.3 of the Treaty on European Union,

extending the scope ratione personae

of the Convention concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum

THE HIGH CONTRACTING PARTIES to this Protocol, Member States of the European Union,

REFERRING to the Act of the Council of the European Union of .......................,

RECOGNISING that the Convention signed at Dublin on 15 June 1990, determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, is a measure relating to the free movement of persons in accordance with the objective set out in Article 7a of the Treaty establishing the European Community;

RECALLING that for the purposes of applying the Dublin Convention, and in particular Article 15 thereof, the Council has drawn up a Convention concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum ;

WHEREAS it is also necessary in order effectively to apply the Dublin Convention, and in particular Article 6 thereof, to make provision for communicating to "Eurodac" the fingerprints of persons apprehended in connection with the irregular crossing of the external border of a Member State;

WHEREAS it is also desirable in order effectively to apply the Dublin Convention, and in particular Article 10, paragraph 1 (c) and (e) thereof, to allow for each Member State to use "Eurodac" for checking whether an alien found illegally present on its territory has applied for asylum in another Member State.

HAVE AGREED ON THE FOLLOWING PROVISIONS :

Article 1

Extension of "Eurodac"

The provisions of the Convention concerning the establishment of "Eurodac" for the comparison of fingerprints of applicants for asylum, hereinafter referred to as "the Eurodac Convention", shall be extended, subject to the provisions of this Protocol, to fingerprint data on certain other aliens, for the purpose of assisting in determining the Member State which is responsible under the Dublin Convention of 15 June 1990 for examining an application for asylum lodged in a Member State, as well as for the purpose of otherwise facilitating the application of the latter Convention.

Article 2

Definitions

Unless otherwise stated, the terms defined in Article 2 of the Eurodac Convention and in Article 1 of the Dublin Convention of 15 June 1990 shall have the same meaning in this Protocol.

Article 3

Collection and communication of fingerprint data on aliens who irregularly

cross an external border

1. Each Member State shall promptly take the fingerprints of every alien of at least fourteen years of age who is apprehended by the competent control authorities in connection with the irregular crossing by land, sea or air of the border of that Member State having come from a third country and who is not turned back.

2. The Member State concerned shall promptly communicate the fingerprints of any alien as referred to in paragraph 1 above to the Eurodac Central Unit, together with the other relevant data referred to in Article 5 (1) of the Eurodac Convention.

Article 4

Recording of data on aliens who irregularly cross an external border

1. Data communicated to the Central Unit pursuant to Article 3 of this Protocol shall be recorded in the central database for the sole purpose of comparison with data on applicants for asylum transmitted subsequently to the Central Unit. The Central Unit shall therefore not compare data communicated to it pursuant to Article 3 with any data previously recorded in the central database, nor with data subsequently communicated to the Central Unit pursuant to Article 3.

2. In so far as the provisions of the Eurodac Convention apply to data on an alien as referred to in Article 3 of this Protocol, references to the "Member State of origin" shall be taken as meaning the Member State which communicates such data to the Central Unit.

Article 5

Storage of data on aliens who irregularly cross an external border

1. Each set of data relating to an alien as referred to in Article 3 of this Protocol shall be stored in the Eurodac central database for two years from the date on which the fingerprints of the alien were taken. Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

2. Notwithstanding the provisions of paragraph 1 above, the data relating to an alien as referred to in Article 3 shall be erased from the central database immediately when the Member State of origin becomes aware of either of the following circumstances before the two-year period mentioned in paragraph 1 has expired :

(a) the alien has been issued with a residence permit; or

(b) the alien has left the territory of the Member States.

Article 6

Rights of the data subject

The right of any alien as referred to in Article 3 to have access to data concerning him/her in the central database shall be exercised in accordance with the law of the Member State before which he/she invokes that right. If the national law so provides, the national supervisory authority provided for in Article 14 of the Eurodac Convention shall decide whether information shall be communicated and by what procedures. In the case referred to in the previous sentence, a Member State which did not transmit the data may communicate information concerning such data only if it has previously given the Member State of origin an opportunity to state its position.

Article 7

Comparison of fingerprints of aliens found illegally present

in a Member State

1. With a view to checking whether an alien found illegally present within its territory has previously lodged an application for asylum in another Member State, each Member State may communicate to the Central Unit fingerprints it may have taken of any such alien of at least fourteen years of age. As a general rule there are grounds for checking whether the alien has previously lodged an application for asylum in another Member State where:

- the alien declares that he/she has lodged an application for asylum but without indicating the Member State in which he/she made the application;

- the alien does not request asylum but objects to being returned to his/her country of origin by claiming that he/she would be in danger, or

- the alien otherwise seeks to prevent his/her removal by refusing to cooperate in order to establish his/her identity, in particular by showing no or false identity papers.

2. The fingerprints of an alien as referred to in paragraph 1 shall be communicated to the Central Unit solely for the purpose of comparison with the fingerprints of applicants for asylum transmitted by other Member States and already recorded in the central database. The fingerprints of such an alien shall not be stored in the central database, nor shall they be compared with the data communicated to the Central Unit pursuant to Article 3 of this Protocol.

3. The Central Unit shall destroy the fingerprints communicated to it under paragraph 1 above forthwith, once the results of the comparison have been communicated to the Member State of origin.

Article 8

Application of provisions of the Eurodac Convention

Unless otherwise stated in this Protocol or unless a different intention appears from the context, all the provisions of the Eurodac Convention shall apply mutatis mutandis to this Protocol.

Article 9

Reservations

This Protocol shall not be subject to any reservations.

Article 10

Entry into force

1. This Protocol shall be subject to adoption by the Member States in accordance with their respective constitutional requirements.

2. Member States shall notify the Secretary-General of the Council of the European Union of the completion of the procedures necessary under their constitutional requirements for adopting this Protocol.

3. This Protocol shall enter into force on the first day of the third month after the notification referred to in paragraph 2 by the State which, being a member of the European Union on the date of adoption by the Council of the Act drawing up this Protocol, is the last to complete that formality, provided that the Eurodac Convention enters into force on the same date as this Protocol.

Article 11

Accession

1. This Protocol shall be open to accession by any State that becomes a member of the European Union.

2. The text of this Protocol in the language of the acceding Member State, drawn up by the Council of the European Union, shall be authentic.

3. Instruments of accession shall be deposited with the depositary.

4. This Protocol shall enter into force with respect to the acceding Member State on the first day of the third month after the deposit of its instrument of accession or on the date of entry into force of this Protocol if it has not already entered into force at the time of expiry of the aforesaid period, provided that the Eurodac Convention enters into force with respect to the acceding Member State on the same date as this Protocol.

Article 12

Depositary

1. The Secretary-General of the Council of the European Union shall act as depositary of this Protocol.

2. The depositary shall publish in the Official Journal of the European Communities information on the progress of adoptions and accessions, together with declarations and any other notification concerning this Protocol.

IN WITNESS WHEREOF, the undersigned Plenipotentiaries have hereunto set their hands.

......... (etc.) (in all the languages) .......

Done at ........................... this .............. day of ........ in a single original, in the Danish, Dutch, English, Finnish, French, German, Greek, Irish, Italian, Portuguese, Spanish and Swedish languages, all texts being equally authentic, such original being deposited in the archives of the General Secretariat of the Council of the European Union.

.......... (etc.) (in all the languages) ......

For the Government of the Kingdom of Belgium

.......... (etc.) (all the Member States) .....

EUROPEAN UNION Brussels, 17 November 1998

THE COUNCIL

12942/98

LIMITE

ASIM 236

EURODAC 11

DRAFT

COUNCIL ACT

of ....

drawing up the Convention concerning the establishment of "Eurodac"for the comparison of fingerprints of applicants for asylum

THE COUNCIL OF THE EUROPEAN UNION,

Having regard to the Treaty on European Union, and in particular Article K.3(2)(c) thereof,

whereas asylum policy is regarded as a matter of common interest for the Member States under Article K.1(1) of the Treaty; whereas it is necessary to set up a computerized system for comparison of fingerprints of persons seeking asylum in a Member State in order effectively to apply the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities (signed at Dublin on 15 June 1990) (9), and in particular Article 15 thereof;

(9) OJ C 254, 19.8.1997, p. 1.

having decided that the Convention, the text of which is given in the Annex and which has been signed today by the Representatives of the Governments of the Member States, is hereby drawn up;

having examined the views of the European Parliament, following the consultation conducted by the Presidency in accordance with Article K.6 of the Treaty on European Union;

RECOMMENDS that it be adopted by the Member States in accordance with their respective constitutional requirements and in such manner that it will enter into force at the same time as a Protocol extending the scope ratione personae of this Convention for the purpose of further facilitating the application of the Dublin Convention.

Done at ..........................,

For the Council

The President

ANNEX

CONVENTION

drawn up on the basis of Article K.3 of the Treaty on European Unionconcerning the establishment of "Eurodac"for the comparison of fingerprintsof applicants for asylum

THE HIGH CONTRACTING PARTIES to this Convention, Member States of the European Union,

REFERRING to the Act of the Council of the European Union of .......................,

RECALLING the objective of harmonization of the Member States' asylum policies, set by the Strasbourg European Council on 8 and 9 December 1989 and further developed by the Maastricht European Council on 9 and 10 December 1991 and the Brussels European Council on 10 and 11 December 1993 as well as in the Commission communication on 23 February 1994 on immigration and asylum policies;

DETERMINED, in keeping with their common humanitarian tradition, to guarantee adequate protection to refugees in accordance with the terms of the Geneva Convention of 28 July 1951, as amended by the New York Protocol of 31 January 1967, relating to the Status of Refugees, and to continue the dialogue begun with the United Nations High Commissioner for Refugees on any issues relating to application of this Convention;

CONSIDERING the joint objective of an area without internal frontiers in which the free movement of persons is ensured, in accordance with Article 7a of the Treaty establishing the European Community;

AWARE of the need, in pursuit of this objective, to take measures to avoid any situations arising which would result in applicants for asylum being left in doubt for too long as to the likely outcome of their applications and concerned to provide all applicants for asylum with a guarantee that their applications will be examined by one of the Member States and to ensure that applicants for asylum are not referred successively from one Member State to another without any of these States acknowledging itself to be competent to examine the application for asylum;

CONSIDERING that the specific aim of the Dublin Convention of 15 June 1990 determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities (10) is to meet that concern;

(10) OJ C 254, 19.8.1997, p. 1.

CONSIDERING that for the purposes of applying the Dublin Convention it is necessary to establish the identity of applicants for asylum;

CONSIDERING that fingerprints constitute an important element in establishing the exact identity of such persons and considering that it is necessary to set up a system for the comparison of their fingerprints;

WHEREAS the provisions of this Convention may only be applied in compliance with the European Convention for the Protection of Human Rights and Fundamental Freedoms, signed in Rome on 4 November 1950;

CONSIDERING that the processing of such data must observe the strictest standards of confidentiality and is only possible with due regard for the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed at Strasbourg on 28 January 1981,

HAVE AGREED ON THE FOLLOWING PROVISIONS:

Article 1

Purpose of "Eurodac"

1. A system known as "Eurodac" is hereby established, the sole purpose of which shall be to assist in determining the Member State which is responsible pursuant to the Dublin Convention for examining an application for asylum lodged in a Member State.

2. To that end, Eurodac shall consist of:

- the Central Unit referred to in Article 3,

- a computerized central database in which the data referred to in Article 5(1) are recorded and stored for the purpose of comparing the fingerprints of applicants for asylum,

- means of transmission between the Member States and the central database.

The rules governing Eurodac shall also apply to operations effected by the Member States as from the transmission of data to the Central Unit until use is made of the results of the comparison.

3. Without prejudice to the use of data intended for Eurodac by the Member State of origin in databases set up under the latter's national law, fingerprints and other personal data may be processed in Eurodac only for the purposes set out in Article 15(1) of the Dublin Convention.

Article 2

Definitions

For the purposes of this Convention:

1. "The Dublin Convention" shall mean the Convention determining the State responsible for examining applications for asylum lodged in one of the Member States of the European Communities, signed at Dublin on 15 June 1990.

2. Unless stated otherwise, the terms defined in Article 1 of the Dublin Convention shall have the same meaning in this Convention.

3. An "applicant for asylum" shall mean an alien who has made an application for asylum or on whose behalf such an application has been made.

4. "Transmission of data" shall mean:

- communication of personal data from Member States to the Central Unit for recording in the central database and communication to Member States of the results of the comparison made by the Central Unit, and

- recording of personal data directly by Member States in the central database and direct communication of the results of the comparison to such Member States.

5. "Personal data" shall mean any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical identity.

6. "Member State of origin" shall mean the Member State which transmits the personal data to the Central Unit and receives the results of the comparison.

Article 3

Central Unit

1. A Central Unit shall be established within the Commission which shall be responsible for operating the central database of fingerprints of applicants for asylum on behalf of the Member States. The Central Unit shall be equipped with a computerized fingerprint recognition system.

2. Data on applicants for asylum which are processed at the Central Unit shall be processed on behalf of the Member State of origin.

3. The Commission shall submit to the Council and the European Parliament an annual report on the activities of the Central Unit.

Article 4

Procedure

1. Each Member State shall promptly take the fingerprints of every applicant for asylum of at least 14 years of age and shall promptly transmit the data referred to in Article 5(1), points 1 to 6, to the Central Unit. The procedure for taking fingerprints shall be determined in accordance with the national practice of the Member State concerned. The applicant for asylum shall be informed of the purpose of taking his/her fingerprints as provided for in Article 13(1).

2. The data referred to in Article 5(1) shall be immediately recorded in the central database:

(i) by the Central Unit or,

(ii) insofar as the technical conditions for such purposes are met, directly by the Member State of origin.

3. Fingerprint data within the meaning of point 2 of Article 5(1) transmitted by any Member State shall be compared by the Central Unit with the fingerprint data transmitted by other Member States and already recorded in the central database.

4. Any Member State may request that the comparison referred to in paragraph 3 should cover the fingerprint data previously transmitted by it, in addition to the data from other Member States.

5. The Central Unit shall forthwith communicate the results of the comparison to the Member State of origin, together with the data referred to in Article 5(1), relating to those fingerprints which, in the opinion of the Central Unit, are so similar as to be considered as matching with the fingerprints which were transmitted by that Member State. Direct transmission to the Member State of origin of the results of the comparison shall be permissible where the technical conditions for such purpose are met.

6. The results of the comparison shall be immediately checked in the Member State of origin. Final identification shall be made by the Member State of origin in cooperation with the Member States concerned, pursuant to Article 15 of the Dublin Convention. Information received from the Central Unit relating to any data mismatch or other data found to be unreliable shall be erased by the Member State of origin as soon as the mismatch or unreliability of the data is established.

7. The Council shall adopt the implementing rules which are necessary to give effect to the procedures provided for in this Article.

Article 5

Recording of data

1. Only the following data shall be recorded in the central database:

1. Member State of origin, place and date of the application for asylum;

2. fingerprints (11) pursuant to the rules for implementing this Convention adopted by he Council;

(11) "Fingerprints" here refers to both the prints themselves and data relating to them.

3. sex;

4. reference number used by the Member State of origin;

5. date on which the fingerprints were taken;

6. date on which the data were transmitted to the Central Unit;

7. date on which the data were entered in the central database;

8. details in respect of the recipient(s) of the data transmitted and the date(s) of transmission(s).

2. After recording the data in the central database, the Central Unit shall destroy the media used for transmitting the data, unless the Member State of origin has requested their return.

Article 6

Data storage

Each set of data, as referred to in Article 5 (1), shall be stored in the central database for ten years from the date on which the fingerprints were last taken. Upon expiry of this period, the Central Unit shall automatically erase the data from the central database.

Article 7

Advance data erasure

Notwithstanding the provisions of Article 6, data relating to a person who has acquired citizenship of a Member State shall be erased from the central database. In conformity with Article 11(3), such erasure shall be carried out by the Member State of origin either directly or, at the request of the latter, by the Central Unit, as soon as that Member State becomes aware that the person has acquired citizenship of a Member State.

Article 8

Blocking of data

1. Notwithstanding the provisions of Article 6, data relating to a person who in accordance with the Geneva Convention of 28 July 1951, as amended by the New York Protocol of 31 January 1967, has been recognised and admitted as a refugee in a Member State shall be blocked in the central database. Such blocking shall be carried out by the Central Unit on the instructions of the Member State of origin.

2. Five years after Eurodac begins its activities, the Council shall, on the basis of reliable statistics compiled by the Central Unit on persons who have lodged an application for asylum in a Member State after having been recognised and admitted as refugees as defined in paragraph 1 in another Member State, unanimously adopt a procedure enabling it to decide whether the data relating to persons who have been recognised and admitted as refugees in a Member State should either:

(a) be unblocked and be stored in accordance with Article 6 for the purpose of the comparison provided for in Article 4(3). In such case, the procedure mentioned in paragraph 1 shall no longer apply; or

(b) be erased in advance once a person has been recognised and admitted as a refugee. In such case:

- data which have been blocked in accordance with paragraph 1 shall be erased immediately by the Central Unit; and

- with regard to data relating to persons who are subsequently recognised and admitted as refugees, the last sentence of Article 7 shall apply mutatis mutandis.

3. The Council shall adopt implementing rules concerning compilation of the statistics referred to in paragraph 2.

Article 9

Responsibility for data use

1. The Member State of origin shall be responsible for ensuring that:

(a) fingerprints are taken lawfully;

(b) fingerprints and the other data referred to in Article 5(1) are lawfully transmitted (12) to the Central Unit;

(12) Transmission pursuant to the second indent of Article 2(4) already includes recording.

(c) data are accurate and up-to-date when they are transmitted to the Central Unit;

(d) without prejudice to the responsibilities of the Commission, data in the central database are lawfully recorded (1), stored, corrected and erased;

(e) the results of fingerprint comparisons transmitted by the Central Unit are lawfully used.

2. In accordance with Article 10, the Member State of origin shall ensure the security of these data before and during transmission to the Central Unit as well as the security of the data it receives from the Central Unit.

3. The Member State of origin shall be responsible for the final identification of the data pursuant to Article 4(6).

4. The Commission shall ensure that the Central Unit is operated in accordance with the provisions of the Convention and with the implementing rules adopted by the Council. In particular, the Commission shall:

(a) adopt measures ensuring that persons working in the Central Unit do not use the data recorded in the central database in a way contrary to the purpose of Eurodac as laid down in Article 1(1).

(b) ensure that persons working in the Central Unit comply with all requests from Member States made pursuant to the Convention in relation to recording, comparison, correction and erasure of data for which they are responsible;

(c) take the necessary measures to ensure the security of the Central Unit in accordance with Article 10.

(d) ensure that only persons authorised to work in the Central Unit shall have access to data recorded in the central database, without prejudice to Article 15.

5. Member States shall ensure that use of data recorded in the central database contrary to the purpose of Eurodac as laid down in Article 1(1) shall be subject to appropriate penalties.

Article 10

Security

1. The Member State of origin shall take the necessary measures to:

(a) prevent any unauthorized person from having access to national installations in which the Member State carries out operations in accordance with the aim of Eurodac (checks at the entrance to the installation);

(b) prevent data and data media in Eurodac from being read, copied, modified or erased by unauthorized persons (control of data media);

(c) guarantee that it is possible to check and establish a posteriori what data have been recorded in Eurodac, when and by whom, (control of data recording);

(d) prevent the unauthorized recording of data in Eurodac and any unauthorized modification or erasure of data recorded in Eurodac (control of data entry);

(e) guarantee that, for the use of Eurodac, authorized persons have access only to data which are within their competence (control of access) (13);

(13) The possibility of recording unauthorized attempts at access to data should be spelt out either in the implementing rules, or when drawing up the specifications.

(f) guarantee that it is possible to check and establish to which authorities data recorded in Eurodac may be transmitted by data transmission equipment (control of transmission);

(g) prevent the unauthorized reading, copying, modification or erasure of data during both the direct transmission of data to the central database and vice versa and the transport of data media to the Central Unit and vice versa (control of transport).

2. As regards the operation of the Central Unit, the Commission shall be responsible for applying the abovementioned measures.

Article 11

Access to and correction or erasure of data recorded in Eurodac

1. The Member State of origin shall have access to data which it has transmitted and which are recorded in the central database in accordance with the provisions of this Convention. No Member State may conduct searches in the data transmitted by another Member State, nor may it receive such data apart from data resulting from the comparison referred to in Article 4(5).

2. The authorities of Member States which, pursuant to paragraph 1, have access to data recorded in the central database shall be those designated by each Member State. Each Member State shall communicate to the depositary a list of these authorities.

3. Only the Member State of origin shall have the right to amend the data it has transmitted to the Central Unit by correcting or supplementing such data, or to erase them, without prejudice to erasure carried out in application of Article 6. Where the Member State of origin records data directly in the central database, it shall amend or erase the data directly, if appropriate. Where the Member State of origin does not record data directly in the central database, the Central Unit shall alter or erase the data at the request of that Member State.

4. If a Member State or the Central Unit has evidence to suggest that data recorded in the central database are factually inaccurate, it shall advise the Member State of origin as soon as possible. In addition, if a Member State has evidence to suggest that data were recorded in the central database contrary to this Convention, it shall similarly advise the Member State of origin as soon as possible. The latter shall check the data concerned and, if necessary, amend or erase without delay.

Article 12

Damages

1. The Member State of origin shall, in accordance with its national law, be liable for any damage caused to persons or other Member States resulting from the illegal use of the results of the fingerprint comparisons transmitted by the Central Unit.

2. The European Community shall be liable, in accordance with Article 215, second paragraph, of the Treaty establishing the European Community, for any damage caused to persons or Member States through the fault of persons working in the Central Unit in breach of their duties under this Convention. Article 178 of the Treaty establishing the European Community shall be applicable.

3. The European Community shall likewise be liable for damage to the central database. However, if the damage is due to the failure of a Member State to comply with its obligations under this Convention, that Member State shall be liable, unless the Commission failed to take reasonable steps to prevent the damage from happening or to minimise its impact.

4. Claims for compensation against a Member State for the damage referred to in paragraphs 1 and 3 shall be governed by the provisions of national law of the defendant Member State.

Article 13

Rights of the data subject

1. Member States shall inform the applicant for asylum, when taking his/her fingerprints, of the purpose, as defined in Article 1(1), of taking the prints and of his/her rights under this Article and their procedural practices.

2. In each Member State any person may, in accordance with the laws, regulations and procedures of the State, exercise a right of access to data concerning him/her recorded in the central database. Such access to data may be granted only by a Member State. The person will be informed of the data relating to him/her recorded in the central database and of the Member State which transmitted them to the Central Unit.

3. If the person contests the accuracy of the data or the lawfulness of recording them in the central database, he/she may ask for data which are factually inaccurate to be corrected or for data recorded unlawfully to be erased. The correction and erasure shall be carried out by the Member State which transmitted the data in accordance with its laws, regulations and procedures.

4. If the rights of correction and erasure are exercised in a Member State other than that (those) which transmitted the data, the authorities of that Member State shall contact the authorities of the Member State(s) in question so that the latter may check the accuracy of the data and the lawfulness of their transmission and recording in the central database.

5. If it emerges that data recorded in the central database are factually inaccurate or have been recorded unlawfully, the Member State which transmitted them shall correct or erase the data in accordance with Article 11(3). That Member State shall confirm in writing to the data subject that it has taken action to correct or erase data relating to him/her.

6. If the Member State which transmitted the data does not accept that data recorded in the central database are factually inaccurate or have been recorded unlawfully it shall explain in writing to the data subject why it is not prepared to correct or erase the data. That Member State shall also provide the data subject with information explaining the steps which he/she can take if he/she does not accept the explanation provided. This shall include information about how to bring an action or, if appropriate, a complaint before the competent authorities or courts of that Member State and any financial or other assistance that is available in accordance with the laws, regulations and procedures of that Member State.

7. Any request under paragraphs 2 and 3 shall contain all the necessary particulars to identify the data subject, including fingerprints. Such data shall be used exclusively to exercise the rights referred to in paragraphs 2 and 3 and shall be destroyed immediately afterwards.

8. Member States shall undertake to ensure that their competent authorities cooperate actively to enforce promptly the rights to correct and erase data laid down in paragraphs 3 to 5.

9. In each Member State, the national supervisory authority shall, in accordance with Article 14(3), assist the data subject in exercising his/her right of access to data.

10. The national supervisory authority of the Member State which transmitted the data shall assist any person resident in another Member State to exercise his/her right to correct or erase data. Such assistance shall be granted in accordance with its laws, regulations and procedures giving effect to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed at Strasbourg on 28 January 1981. Requests for such assistance may be made to the national supervisory authority of the Member State of residence, which shall transmit the requests to the authority of the Member State which transmitted the data. Alternatively, the data subject may apply for assistance directly to the joint supervisory authority set up in Article 15.

11. In each Member State any person may, in accordance with the laws, regulations and procedures of that State, bring an action or, if appropriate, a complaint before the competent authorities or courts of the State if he/she is refused the right of access provided for in paragraph 2.

12. Any person may, in accordance with the laws, regulations and procedures of the State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database, in order to exercise his/her rights under paragraph 3.

Article 14

National supervisory authority

1. Each Member State shall designate a national supervisory authority or authorities responsible for personal data protection in that Member State. The task of the national supervisory authority shall be to monitor independently, in accordance with its respective national law, the lawfulness of the processing, in accordance with the provisions of this Convention, of personal data by the Member State in question, as well as of their transmission to the Central Unit, and to examine whether this violates the rights of the data subject. For this purpose, the supervisory authority shall have access to the data processed by the Member State concerned. The Member State shall also make available to the national supervisory authority any information which it requests and allow it access to all documents and files, as well as all premises, at all times.

2. Each Member State shall ensure that its national supervisory authority has access to advice from persons with sufficient knowledge of fingerprint data.

3. Any person may ask the national supervisory authority to ensure that the recording and transmission of data concerning him/her to the Central Unit and the retrieval and use of such data by the Member State in question are lawful. This right shall be exercised in accordance with the national law applicable to the national supervisory body of which the request is made.

Article 15

Joint supervisory authority

1. An independent joint supervisory authority shall be set up, consisting of a maximum of two representatives from the supervisory authorities of each Member State. Each delegation shall have one vote.

2. The joint supervisory authority shall have the task of monitoring the activities of the Central Unit to ensure that the rights of data subjects are not violated by the processing or use of the data held by the Central Unit. In addition, it shall monitor the lawfulness of the transmission of personal data to the Member States by the Central Unit.

3. The joint supervisory authority shall also be competent for the examination of implementation or interpretation problems in connection with the operation of Eurodac, for the examination of possible difficulties during checks by the national supervisory authorities and for drawing up proposals for common solutions to existing problems.

4. In the performance of its duties, the joint supervisory authority shall, if necessary, be actively supported by the national supervisory authorities.

5. The joint supervisory authority shall have access to advice from persons with sufficient knowledge of fingerprint data.

6. The Commission shall assist the joint supervisory authority in the performance of its tasks. In particular, it shall supply information requested by the joint supervisory body, give it access to all documents and paper files as well as access to the data stored in the system and allow it access to all its premises, at all times.

7. The joint supervisory authority shall unanimously adopt its rules of procedure.

8. Reports drawn up by the joint supervisory authority shall be forwarded to the bodies to which the national supervisory authorities submit their reports, as well as to the Council for information. In addition, the joint supervisory authority may submit comments or proposals for improvement regarding its remit to the Council at any time.

9. In the performance of their duties, the members of the joint supervisory authority shall not receive instructions from any government or body.

10. The joint supervisory authority shall be consulted on that part of the draft operating budget of the Eurodac Central Unit which concerns it. Its opinion shall be annexed to the draft budget in question.

11. The joint supervisory authority shall be disbanded upon the establishment of the Central Unit supervisory authority under Article 286(2) of the EC Treaty as inserted by the Treaty of Amsterdam. The independent supervisory authority shall take over the tasks of the joint supervisory authority and shall exercise for the purposes of the supervision of the Central Unit all the powers attributed to it by virtue of the act under which the independent supervisory authority is established. For the purpose of this Convention, the independent supervisory authority shall be referred to as the "Central Unit supervisory authority".

12. The Council may adopt such supplementary measures as it considers necessary to enable the Central Unit supervisory authority to perform its duties.

Article 16

Costs

1. The costs incurred in connection with the establishment and operation of the Central Unit shall be borne by the budget of the European Communities.

2. The costs incurred by national units and for their connection to the central database shall be borne by each Member State.

3. The costs of transmission of data from the Member State of origin and of the findings of the comparison to that State shall be borne by the State in question.

Article 17

Jurisdiction of the Court of Justice

1. The Court of Justice shall have jurisdiction to rule on any dispute between Member States regarding the interpretation or the application of this Convention whenever such dispute cannot be settled by the Council within six months of its being referred to the Council by one of its members.

2. The Court of Justice shall have jurisdiction to rule on any dispute between one or more Member States and the Commission of the European Communities regarding the interpretation or the application of this Convention whenever such dispute cannot be settled through negotiation.

3. Any court in a Member State may ask the Court of Justice to give a preliminary ruling on a matter concerning the interpretation of this Convention.

4. The competence of the Court of Justice provided for in paragraph 3 shall be subject to its acceptance by the Member State concerned in a declaration to that effect made at the time of the notification referred to in Article 20(2) or at any subsequent time.

5. A Member State making a declaration under paragraph 4 may restrict the possibility of asking the Court of Justice to give a preliminary ruling to those of its courts against the decisions of which there is no judicial remedy under national law.

6. (a) The Statute of the Court of Justice of the European Community and its Rules of Procedure shall apply.

(b) In accordance with that Statute, any Member State, whether or not it has made a declaration under paragraph 4, shall be entitled to submit statements of case or written observations to the Court of Justice in cases which arise under paragraph 3.

7. After the entry into force of the Treaty of Amsterdam amending the Treaty on European Union, the Treaties establishing the European Communities and certain related acts:

- paragraphs 1 to 5 and paragraph 6(b) of this Article shall cease to apply; and

- all the relevant provisions of the Treaty establishing the European Community as amended by the Treaty of Amsterdam, concerning the powers of the Court of Justice, including Article 68, shall apply mutatis mutandis and for such purposes, references to "this Treaty" in the said provisions or in provisions to which they refer, and references to "this Title" in the case of Article 68, shall be taken as meaning references to "this Convention".

Article 18

Supervision of implementation

The Council shall supervise the implementation and application of the provisions of this Convention to ensure that Eurodac operates effectively. To this end, the Commission shall inform the Council of measures taken under Article 9(4) of this Convention and of the practical arrangements adopted for the technical management of the Central Unit.

The Council, acting by a two-thirds majority of the High Contracting Parties, shall adopt the necessary implementing rules.

Article 19

Reservations

This Convention shall not be subject to any reservations.

Article 20

Entry into force

1. This Convention shall be subject to adoption by the Member States in accordance with their respective constitutional requirements.

2. Member States shall notify the Secretary-General of the Council of the European Union of the completion of the procedures necessary under their constitutional requirements for adopting this Convention.

3. Article 4(7) and Article 8(3) of this Convention shall enter into force on the day following the notification referred to in paragraph 2 by the State which, being a member of the European Union on the date of adoption by the Council of the Act drawing up this Convention, is the last to complete that formality. The other provisions of this Convention shall enter into force on the first day of the third month after that notification, provided that a Protocol extending the scope ratione personae of this Convention for the purpose of further facilitating the application of the Dublin Convention, enters into force on the same date.

4. Without prejudice to paragraph 3, Eurodac shall not begin its activities pursuant to this Convention until the implementing rules referred to in Articles 4(7) and 8(3) have been adopted.

Article 21

Territorial scope

As regards the United Kingdom, the provisions of this Convention shall apply only to the United Kingdom of Great Britain and Northern Ireland.

Article 22

Accession

1. This Convention shall be open to accession by any State that becomes a member of the European Union.

2. The text of this Convention in the language of the acceding Member State, drawn up by the Council of the European Union, shall be authentic.

3. Instruments of accession shall be deposited with the depositary.

4. This Convention shall enter into force with respect to the acceding Member State on the first day of the third month after the deposit of its instrument of accession or on the date of entry into force of the Convention if it has not already entered into force at the time of expiry of the aforesaid period, provided that a protocol extending the scope ratione personae of this Convention for the purpose of further facilitating the application of the Dublin Convention, enters into force with respect to the acceding Member State on the same date.

Article 23

Depositary

1. The Secretary-General of the Council of the European Union shall act as depositary of this Convention.

2. The depositary shall publish in the Official Journal of the European Communities information on the progress of adoptions and accessions, together with declarations and any other notification concerning this Convention.

IN WITNESS WHEREOF, the undersigned Plenipotentiaries have hereunto set their hands.

......... (etc.) (in all the languages) .......

Done at ........................... this .............. day of ........ in a single original, in the Danish, Dutch, English, Finnish, French, German, Greek, Irish, Italian, Portuguese, Spanish and Swedish languages, all texts being equally authentic, such original being deposited in the archives of the General Secretariat of the Council of the European Union.

.......... (etc.) (in all the languages) ......

For the Government of the Kingdom of Belgium

.......... (etc.) (all the Member States) .....

EUROPEAN UNION Brussels, 26 November 1998

THE COUNCIL

12942/98

COR 1

LIMITE

ASIM 236

EURODAC 11

CORRIGENDUM

DRAFT

COUNCIL ACT

of ....

drawing up the Convention concerning the establishment of "Eurodac"for the comparison of fingerprints of applicants for asylum

Page 16, read Article 13 (10) and (12) as follows:

"10. The national supervisory authority of the Member State which transmitted the data and the national supervisory authority of the Member State in which the person is present shall assist and, where requested, advise him/her in exercising his/her right to correct or erase data. Both the national supervisory authorities shall cooperate to this end. Such assistance shall be granted in accordance with the laws, regulations and procedures of the Member States concerned, giving effect to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed at Strasbourg on 28 January 1981. Requests for such assistance may be made to the national supervisory authority of the Member State in which the person is present, which shall transmit the requests to the authority of the Member State which transmitted the data. The data subject may also apply for assistance and advice to the joint supervisory authority set up in Article 15."

"12. Any person may, in accordance with the laws, regulations and procedures of the State which transmitted the data, bring an action or, if appropriate, a complaint before the competent authorities or courts of that State concerning the data relating to him/her recorded in the central database, in order to exercise his/her rights under paragraph 3. The obligation of the national supervisory authorities to assist and, where requested, advise the person, in accordance with paragraph 10, shall subsist throughout these proceedings."