53 Amendments of Morten PETERSEN related to 2017/0352(COD)
Amendment 213 #
Proposal for a regulation
Recital 12 a (new)
Recital 12 a (new)
(12a) Children and vulnerable persons merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. The interoperability components should pay particular attention to the protection of children and ensure that their rights and integrity are being fully respected.
Amendment 259 #
Proposal for a regulation
Recital 27 a (new)
Recital 27 a (new)
(27a) In order to identify unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident, Member States should be allowed to query the CIR with the biometric data of those persons.
Amendment 321 #
Proposal for a regulation
Recital 55
Recital 55
(55) To support the purposes of statistics and reporting, it is necessary to grant access to authorised staff of the competent authorities, institutions and bodies identified in this Regulation and the integration of the existing national systems and infrastructures with those components to consult certain data related to certain interoperability components without enabling individual identification.
Amendment 328 #
Proposal for a regulation
Recital 57 a (new)
Recital 57 a (new)
(57a) It would be appropriate that, during the development phase of the interoperability components, the Commission assess the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. Those recommendations should also include an impact assessment and an assessment on their cost for the EU budget.
Amendment 344 #
Proposal for a regulation
Article 1 – paragraph 1
Article 1 – paragraph 1
1. This Regulation, together with [Regulation 2018/xx on interoperability borders and visa], establishes a framework to ensure the interoperability between the Entry/Exit System (EES), the Visa Information System (VIS), [the European Travel Information and Authorisation System (ETIAS)], Eurodac, the Schengen Information System (SIS), and [the European Criminal Records Information System for third-country nationals (ECRIS-TCN)] in order for those systems and data contained in those systems to supplement each other.
Amendment 377 #
Proposal for a regulation
Article 2 – paragraph 2 – point c a (new)
Article 2 – paragraph 2 – point c a (new)
(ca) improving judicial cooperation in the areas of freedom, security and justice;
Amendment 383 #
Proposal for a regulation
Article 2 – paragraph 2 – point e a (new)
Article 2 – paragraph 2 – point e a (new)
(ea) contribute to the prevention, detection and investigation of terrorist offences or of other serious criminal offences.
Amendment 416 #
Proposal for a regulation
Article 5 – title
Article 5 – title
5 Non-discrimination and fundamental rights
Amendment 429 #
Proposal for a regulation
Article 6 – paragraph 1
Article 6 – paragraph 1
1. A European search portal (ESP) is established for the purposes of ensuring that Member State authorities and EU bodies have fast, seamless, efficient, systematic and controlled access to the EU information systems, the Europol data and the Interpol databases that they need to perform their tasks in accordance with their access rights and of supporting the objectives of the EES, the VIS, [the ETIAS], Eurodac, the SIS, [the ECRIS- TCN system] and the Europol data, while fully respecting the principles of necessity and proportionality.
Amendment 464 #
6. The reply to the user of the ESP shall be unique and shall contain all the data to which the user has access under Union law. Where necessary, the reply provided by the ESP shall indicate to which information system or database the data belongs.
Amendment 469 #
Proposal for a regulation
Article 10 – paragraph 1 – point a
Article 10 – paragraph 1 – point a
(a) the Member State authority or EU bodies and the individual user of the ESP, including the ESP profile used as referred to in Article 8;
Amendment 474 #
Proposal for a regulation
Article 10 – paragraph 1 a (new)
Article 10 – paragraph 1 a (new)
1a. Each Member State and EU body shall keep logs of queries of the authority and the staff duly authorised to use the ESP.
Amendment 478 #
Proposal for a regulation
Article 10 – paragraph 2
Article 10 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
Amendment 482 #
Proposal for a regulation
Article 11 – paragraph 1
Article 11 – paragraph 1
1. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the ESP, the users of the ESP shall immediately be notified by eu-LISA.
Amendment 485 #
Proposal for a regulation
Article 11 – paragraph 2
Article 11 – paragraph 2
2. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the national infrastructure in a Member State, that Member State's competent authority shall immediately notify eu-LISA and the Commission.
Amendment 486 #
Proposal for a regulation
Article 11 – paragraph 2 a (new)
Article 11 – paragraph 2 a (new)
2a. Where it is technically impossible to use the ESP to query one or several EU information systems referred to in Article 9(1) or the CIR, because of a failure of the infrastructure of an EU body, that EU body shall immediately notify eu-LISA and the Commission.
Amendment 493 #
Proposal for a regulation
Article 12 – paragraph 1
Article 12 – paragraph 1
1. A shared biometric matching service (shared BMS) storing biometric templates and enabling querying with biometric data across several EU information systems is established for the purposes of supporting the CIR and the multiple-identity detector and the objectives of the EES, the VIS, Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 506 #
Proposal for a regulation
Article 13 – paragraph 1 – point d
Article 13 – paragraph 1 – point d
Amendment 532 #
Proposal for a regulation
Article 16 – paragraph 2
Article 16 – paragraph 2
2. The logs may be used only for data protection monitoring, including checking the admissibility of a query and the lawfulness of data processing, and for ensuring data security pursuant to Article 42. Those logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs referred to in paragraph 1(a) shall be erased once the data is erased.
Amendment 538 #
Proposal for a regulation
Article 17 – paragraph 1
Article 17 – paragraph 1
1. A common identity repository (CIR), creating an individual file for each person that is recorded in the EES, the VIS, [the ETIAS], Eurodac or [the ECRIS-TCN system] containing the data referred to in Article 18, is established for the purpose of facilitating and assisting the correct identification of persons registered in the EES, the VIS, [the ETIAS], the Eurodac and [the ECRIS-TCN system], of supporting the functioning of the multiple- identity detector and of facilitating and streamlining access by law enforcement authorities to non-law enforcement information systems at EU level, where necessary for the prevention, investigation, detection or prosecution of serious crime, while fully respecting the principles of necessity and proportionality.
Amendment 539 #
Proposal for a regulation
Article 17 – paragraph 3 a (new)
Article 17 – paragraph 3 a (new)
3a. Where it is technically impossible to query the CIR for the purpose of identifying a person pursuant Article 20, for the detection of multiple identities pursuant Article 21 or for law enforcement purposes pursuant Article 22, because of a failure of the CIR, the users of the CIR shall be immediately notified by eu-LISA.
Amendment 553 #
Proposal for a regulation
Article 20 – paragraph 1 – subparagraph 1
Article 20 – paragraph 1 – subparagraph 1
Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying a person, query the CIR with the biometric data of that person taken during an identity check. Such query may be carried out in principle in the presence of the person, solely where a Member State police authority was unable to identify a person on the basis of a travel document or with the identity data provided by that person following rules and procedures provided for in national law or where there are doubts as to the authenticity of the travel document or the identity of its holder or where the person is unable or refuse to cooperate, or where there are reasonable grounds to believe that the person is not telling the truth about his or her identity. Such query shall not be allowed against minors under the age of 12 years old.
Amendment 559 #
Proposal for a regulation
Article 20 – paragraph 1 a (new)
Article 20 – paragraph 1 a (new)
1a. Where a Member State police authority has been so empowered by national legislative measures as referred to in paragraph 2, it may, solely for the purpose of identifying unknown persons who are not able to identify themselves or unidentified human remains, in the event of a disaster or an accident query the CIR with the biometric data of those persons.
Amendment 588 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point a
Article 24 – paragraph 4 – subparagraph 1 – point a
(a) the national file referencreference to the national investigation or case;
Amendment 591 #
Proposal for a regulation
Article 24 – paragraph 4 – subparagraph 1 – point e
Article 24 – paragraph 4 – subparagraph 1 – point e
(e) the name of the authorityindividual and unique user identifiers of both the competent authority and the person consulting the CIR;
Amendment 592 #
Proposal for a regulation
Article 24 – paragraph 5 a (new)
Article 24 – paragraph 5 a (new)
5a. Europol shall keep logs of queries of the staff duly authorised to use the CIR pursuant to Article 22.
Amendment 593 #
Proposal for a regulation
Article 24 – paragraph 6
Article 24 – paragraph 6
6. The logs referred to in paragraphs 1, 5 and 5a may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. They shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun.
Amendment 594 #
Proposal for a regulation
Article 24 – paragraph 7 a (new)
Article 24 – paragraph 7 a (new)
7a. The competent national authorities in charge of checking whether or not access is lawful, monitoring the lawfulness of data processing, self- monitoring and ensuring the proper functioning, data integrity and security, shall have access, within the limits of their competence and at their request, to these logs for the purpose of fulfilling their duties.
Amendment 595 #
Proposal for a regulation
Article 24 – paragraph 7 b (new)
Article 24 – paragraph 7 b (new)
7b. For the purposes of self- monitoring and ensuring the proper functioning of the CIR, data integrity and security, the EU-Lisa shall have access, within the limits of its competence, to those logs.
Amendment 596 #
Proposal for a regulation
Article 24 – paragraph 7 c (new)
Article 24 – paragraph 7 c (new)
7c. The European Data Protection Supervisor shall have access, within the limits of its competence and at its request, to those logs for the purpose of fulfilling its tasks.
Amendment 600 #
Proposal for a regulation
Article 25 – paragraph 1
Article 25 – paragraph 1
1. A multiple-identity detector (MID) creating and storing links between data in the EU information systems included in the common identity repository (CIR) and the SIS and as a consequence detecting multiple identities, with the dual purpose of facilitating identity checks and combating identity fraud, is established for the purpose of supporting the functioning of the CIR and the objectives of the EES, the VIS, the ETIAS], Eurodac, the SIS and [the ECRIS-TCN system], while fully respecting the principles of necessity and proportionality.
Amendment 673 #
Proposal for a regulation
Article 36 – paragraph 2 a (new)
Article 36 – paragraph 2 a (new)
2a. Each EU body shall keep logs of queries of the authority and the staff duly authorised to use the MID.
Amendment 674 #
Proposal for a regulation
Article 36 – paragraph 3
Article 36 – paragraph 3
3. The logs may be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring datafor self- monitoring, and for ensuring the proper functioning and the data integrity and security pursuant to Article 42. The logs shall be protected by appropriate measures against unauthorised access and erased onetwo years after their creation, unless they are required for monitoring procedures that have already begun. The logs related to the history of the identity confirmation file shall be erased once the data in the identity confirmation file is erased.
Amendment 721 #
Proposal for a regulation
Article 44 – paragraph 3
Article 44 – paragraph 3
3. Without prejudice to the notification and communication of a personal data breach pursuant to Article 33 of Regulation (EU) 2016/679, Article 30 of Directive (EU) 2016/680, or both, Member States shall notify the Commission, eu- LISA, the national supervisory authorities and the European Data Protection Supervisor of security incidents. In the event of a security incident in relation to the central infrastructure of the interoperability components, eu-LISA shall notify the Commission and the European Data Protection Supervisor.
Amendment 727 #
Proposal for a regulation
Article 44 – paragraph 5 a (new)
Article 44 – paragraph 5 a (new)
5a. The European Commission shall carry out annual evaluations to ensure that Member States are in full compliance with the obligations under each respective IT-systems. The concrete findings of the evaluations shall be communicated to the European Parliament and the Council, and in case of a breach, appropriate measures shall be taken thereafter.
Amendment 735 #
Proposal for a regulation
Article 46 – paragraph 1
Article 46 – paragraph 1
1. Without prejudice to the right of information referred to in Articles 11 and 12 of Regulation (EC) 45/2001 and Articles 13 and 14 of Regulation (EU) 2016/679, persons whose data are stored in the shared biometric matching service, the common identity repository or the multiple-identity detector shall be informed by the authority collecting their data, at the time their data are collected, about the processing of personal data for the purposes of this Regulation, including about identity and contact details of the respective data controllers, and about the procedures for exercising their rights of access, rectification and erasure, as well as about the contact details of the European Data Protection Supervisor and of the national supervisory authority of the Member State responsible for the collection of the data. Persons whose data is stored should also be informed of retention periods, automated decision- making and the fact that personal data is not transferred or made available to third countries, international organisations of private parties, with the exception of transfers to Interpol.
Amendment 755 #
Proposal for a regulation
Article 47 – paragraph 2
Article 47 – paragraph 2
2. The Member State responsible for the manual verification of different identities as referred to in Article 29 or the Member State to which the request has been made shall reply to such requests within 45 days ofout undue delay and no longer than 45 days within the receipt of the request.
Amendment 766 #
Proposal for a regulation
Article 47 – paragraph 4 a (new)
Article 47 – paragraph 4 a (new)
4a. Any person shall have the right to lodge a complaint and the right to a legal remedy in the Member State which refused the right of access to or the right of correction or deletion of data relating to him or her, in accordance with national or Union law;
Amendment 778 #
Proposal for a regulation
Article 48 – paragraph 1
Article 48 – paragraph 1
Personal data stored in or accessed by the interoperability components shall not be transferred or made available to any third country, to any international organisation or to any private party. Any breach to this shall be considered a serious security incident and shall be immediately reported and addressed in accordance with Article 44.
Amendment 786 #
Proposal for a regulation
Article 49 – paragraph 1 a (new)
Article 49 – paragraph 1 a (new)
Amendment 793 #
Proposal for a regulation
Article 50 – paragraph 1 a (new)
Article 50 – paragraph 1 a (new)
The European Commission, the European Parliament and Member States shall ensure that the European Data Protection Supervisor has sufficient resources to fulfil the tasks entrusted to it under this Regulation.
Amendment 820 #
Proposal for a regulation
Article 54 – paragraph 1 – point h a (new)
Article 54 – paragraph 1 – point h a (new)
(h a) reporting any security incidents involving personal data to the Commission, eu-LISA, the national supervisory authorities and the European Data Protection Supervisor
Amendment 824 #
Proposal for a regulation
Article 55 a (new)
Article 55 a (new)
Article 55 a Penalties Member States shall lay down the rules on penalties applicable to infringements of this Regulation and shall take all measures necessary to ensure that they are implemented. The penalties provided for shall be effective, proportionate and dissuasive.
Amendment 901 #
Proposal for a regulation
Article 66 – paragraph 1 a (new)
Article 66 – paragraph 1 a (new)
Member States and EU bodies shall organise for their staff authorised to process data from the interoperability components, appropriate training programme about data security, data quality, data protection rules and the procedures of the data processing.
Amendment 902 #
Proposal for a regulation
Article 66 – paragraph 1 b (new)
Article 66 – paragraph 1 b (new)
Common training courses about data security, data quality, data protection rules and the procedures of the data processing shall be organised at EU level at least once a year to enhance cooperation and exchange of best practices between staff of Member States and EU bodies authorised to process data from the interoperability components.
Amendment 904 #
Proposal for a regulation
Article 68 – paragraph 1
Article 68 – paragraph 1
1. eu-LISA shall ensure that procedures are in place to monitor the development of the interoperability components and the integration of the existing national infrastructures and the connection to the national uniform interface in light of objectives relating to planning and costs and to monitor the functioning of the interoperability components in light of objectives relating to the technical output, cost-effectiveness, security and quality of service.
Amendment 907 #
Proposal for a regulation
Article 68 – paragraph 2 a (new)
Article 68 – paragraph 2 a (new)
2 a. Six months after the start of the operations of each interoperability component, eu-LISA shall submit a report to the European Parliament and the Council on the state of play of the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 908 #
Proposal for a regulation
Article 68 – paragraph 2 b (new)
Article 68 – paragraph 2 b (new)
2 b. During the development phase of the interoperability components, the Commission shall evaluate the necessity of further harmonisation of national systems and infrastructures of Member States at external borders. The Commission shall transmit the evaluation report to the European Parliament and the Council. These evaluation reports shall include recommandations, an impact assessment and an assessment on their cost for the EU budget.
Amendment 912 #
Proposal for a regulation
Article 68 – paragraph 4
Article 68 – paragraph 4
4. FourTwo years after the start of operations of each interoperability component and every four years thereafter, eu-LISA shall submit to the European Parliament, the Council and the Commission a report on the connection of Member States to the communication infrastructure of the ESP and the CIR and the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR, as well as on the technical functioning of the interoperability components, including the security thereof.
Amendment 914 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – introductory part
Article 68 – paragraph 5 – subparagraph 1 – introductory part
In addition, one year after each report from eu-LISAeach year, the Commission shall produce an overall evaluation of the components, including:
Amendment 916 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point b
Article 68 – paragraph 5 – subparagraph 1 – point b
(b) an examination of the results achieved against objectives and the impact on fundamental rights, particularly the use of CIR with biometric data taken during an identity check;
Amendment 918 #
Proposal for a regulation
Article 68 – paragraph 5 – subparagraph 1 – point d a (new)
Article 68 – paragraph 5 – subparagraph 1 – point d a (new)
(d a) an assessment of the security of the connection of Member States to the communication infrastructure of the ESP and the CIR and the security of the integration of the existing national systems and infrastructures with the ESP, shared BMS, MID and the CIR.
Amendment 926 #
Proposal for a regulation
Article 68 – paragraph 8 a (new)
Article 68 – paragraph 8 a (new)
8 a. While respecting the provisions of national law on the publication of sensitive information, each Member State shall prepare annual reports containing information and statistics on the access to data stored in the common identity repository for identification pursuant to Article 20.